Sorry for this very basic question: How do I setup SMTP on the server - in webmin?
I have a VPS with a few domains. I run Postfix.
From the PC I use my ISPs SMTP. But from the phone it doesn't work because of different network. I don't want to try the phones settings because then I guess I guess it will not work when on WiFi, or out of phone companies reach.
I am not sure if my ISP/phone company block Port25 - how can I test that?
I believe my domain has a (one) domain entry (mx.mydomain.com) that functions as pop and smtp.
What I like it:
• Send my email via mx.mydomain.com • Have it setup that only mail with **@mydomain.com is accepted • Have some sort of security so people can't spoof **@mydomain.com as sender and use my MX to SPAM.
Any advise will be appreciated greatly!
Are you using Virtualmin? If not, I'd highly recommend to do that if you intend to do any kind of hosting (be it web or email, for customers or yourself). It will spare you a lot of trouble trying to set stuff up manually - especially if you are a newbie (considering you posted in the "Home for newbies" board :) ). Trying to set up Postfix for production use manually (you'll probably also want spam and virus filtering, for which you need things like Procmail, SpamAssassin and ClamAV) is definitely something I'd suggest newbies should not do, and helping with that is surely beyond the scope of this forum.
So the recommended course of action would be installing Virtualmin on a fresh (i.e. newly set up) OS. Don't install any hosting packages, only SSH. The Virtualmin installer will configure everything for you.
Webmin is running with a few domains already.
When I type 'top' in Putty I see 'sshd' running, so I guess SSH is installed and running.
I created all domains with the Virtualmin automatic setup.
pop and smtp are pointing at the same name, is that normal? POP works fine.
How do I test if the SMTP accepts mails? And how to test if my ISP blocks port25 ?
# telnet domain.com
Trying 000.000.000.000...
telnet: connect to address 000.000.000.000...: Connection refused
telnet smtp.domain.com 25
Trying 000.000.000.000...
Connected to smtp.domain.com.
Escape character is '^]'.
220 vps-0000000host.com ESMTP Postfix
Looks like Port25 is open..... (465 is OK too, 587 is not working)
(a few hours later......................)
I can send emails now, but I am not happy with the settings:
Port 25 Authentication method: Password, transmitted insecurely Connection Security: None
At least I got a basic functionality - but how can I make safe?
You mentioned that port 465 is open -- are you able to send email using that port? The protocol used by that port would keep authentication secure.
-Eric
Eric, I tried 465 with all settings (in Thunderbird) and didn't manage to send any mail. I am not sure if 465 is open, but it seems I can make a telnet connection to that port. On Putty it looks the same as with port 25.
There is a possibility that I did made some errors in my setup a long while ago. If somebody could point me how to setup a secure SMTP I would be happy.
"didn't manage to send any mail": What error messages do you get in Thunderbird and in the server's mail log?
What exactly happens when you connect to port 25 and 465 via Putty?
"Setting up SMTP": So did you install Virtualmin using its installer script on a fresh OS back then? If so, it will have set up Postfix (including SMTP) automatically for you. If you set it up manually, there can be any number of things wrong, too much for guessing remotely what it could be.
Taking a look at your system directly (via Teamviewer and instant messenger/voice chat) and doing tests would be the only feasible thing to offer from my end. If more than say half an hour for that is required, I'd have to charge a fee though (need to make a living ;) ).
"Setting up SMTP": So did you install Virtualmin using its installer script on a fresh OS back then? If so, it will have set up Postfix (including SMTP) automatically for you. If you set it up manually, there can be any number of things wrong, too much for guessing remotely what it could be.
I used the Virtualmin installer script. But a long while ago I wanted to setup the SMTP server and get around the then port 25 blocking of my ISP, maybe I did break something then in webmin.
And if it's a webmin change I am afraid it will effect all domains (some domains have no mail account at all).
When I do the putte telnet test on the ports it simply connects. Otherwise I don't know how to test if ports are open or not. But some random ports did gave me an error message.
Where would I look to fix it - or make it work? In Webmin>Postfix I guess... and then?
Take a look at
/etc/postfix/master.cf
, the port numbers Postfix listens on for various services should be noted there.Howdy,
It's normal for telnet to just connect to port 465, it doesn't generate other output by default.
If you look in the mail logs, do you see any errors?
Also, as Locutus mentioned, the master.cf file is what controls those ports, and whether they're enabled... you're welcome to post the contents of that file, though it does sound like port 465 is enabled.
-Eric
I don't see any port number in master.cf
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# =============================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# =============================================================
smtp inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes
# was 2500 inet n - n - - smtpd
2500 inet n - n - - smtpd
#submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_tls_wrappermode=yes
###
smtps inet n - n - - smtpd
###
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# =============================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# =============================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus unix - n n - - pipe
user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
PS: I am now at home and use a different ISP. Port 25 seems definitely blocked from here. 465 I can connect to, 587 not. I did a Windows > Run > CMD > telnet smtp.mydomain.com 25
Howdy,
My suggestion would be to make sure all these lines near the top of your file are uncommented:
#submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_tls_wrappermode=yes
###
smtps inet n - n - - smtpd
###
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
And then after that, restart Postfix.
-Eric
I removed the four #.... and restarted, no change....
(after a recheck - aren't the commented lines not doubles anyway? - I put them back to comment)
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_tls_wrappermode=yes
###
smtps inet n - n - - smtpd
###
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
...and the mail log from the last few minutes (some SPAM lines removed)
Dec 13 21:47:51 vps-1007777-888 postfix/qmgr[27996]: DEA88505004E: removed
Dec 13 21:48:02 vps-1007777-888 postfix/smtpd[28136]: connect from unknown[144.90.37.255]
Dec 13 21:48:03 vps-1007777-888 postfix/smtpd[28136]: 8FAA0505004E: client=unknown[144.90.37.255]
Dec 13 21:48:04 vps-1007777-888 postfix/cleanup[11689]: 8FAA0505004E: message-id=<20131214034803.8FAA0505004E@vps-100.vpshost.com>
Dec 13 21:48:04 vps-1007777-888 postfix/smtpd[28136]: disconnect from unknown[144.90.37.255]
Dec 13 21:48:13 vps-1007777-888 postfix/smtpd[28136]: connect from localhost.localdomain[127.0.0.1]
Dec 13 21:48:13 vps-1007777-888 postfix/smtpd[28136]: disconnect from localhost.localdomain[127.0.0.1]
Dec 13 21:48:18 vps-1007777-888 postfix/local[11694]: 8FAA0505004E: to=<admin.mydomain@vps-100.vpshost.com>, orig_to=<info@mydomain.com>, relay=local, delay=16, delays=1.4/0/0/14, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Dec 13 21:48:18 vps-1007777-888 postfix/qmgr[27996]: 8FAA0505004E: removed
Dec 13 21:48:30 vps-1007777-888 postfix/smtpd[14038]: fatal: No server certs available. TLS can't be enabled
Dec 13 21:48:31 vps-1007777-888 postfix/master[27994]: warning: process /usr/libexec/postfix/smtpd pid 14038 exit status 1
Dec 13 21:48:31 vps-1007777-888 postfix/master[27994]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
Dec 13 21:48:45 vps-1007777-888 postfix/cleanup[11689]: 7EC90505004E: message-id=<F69A548F-8449-4076-89C8-A106657E9251@ymail.com>
Dec 13 21:48:54 vps-1007777-888 postfix/local[11694]: 7EC90505004E: to=<other.mydomain@vps-100.vpshost.com>, orig_to=<other@mydomain.com>, relay=local, delay=9.5, delays=0.38/0/0/9.2, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Dec 13 21:48:54 vps-1007777-888 postfix/qmgr[27996]: 7EC90505004E: removed
I think this lookst like a hint: fatal: No server certs available. TLS can't be enabled
Howdy,
Once uncommented, you may then need to copy out SSL certificates into Postfix.
To do that, go into Virtualmin, and enable SSL for one of your domains (if you haven't already), in Edit Virtual Server -> Enabled Features -> "SSL Website".
Then, go into Server Configuration -> Manage SSL Certificates, and click the "Copy to Postfix" button". You may need to restart Postfix after that.
Once you do that, try accessing port 465 and/or 587 again, and see if that does the trick for you.
-Eric
@andreychek Thank you! That helped a lot!
I managed to send mail on port 465! Mail setting in Thunderbird is SSL/TSL and 'normal password'.
Thanks again!
...let me use the edit function now.... I got now this problem while trying the same for another domain on the same IP/VPS::
The following potential problems were detected with the modification of this virtual server :
SSL cannot be enabled for more than one domain on the IP address 111.111.111.111 unless a virtual IP interface or private port is enabled, or the certificate can be used for this domain. The current certificate is only valid for : *.mydomain.com, and it is being used by mydomain.com
Are you sure you want to continue?
Can I continue safely and then use the SMTP on both domain?
I should mention that the VPS is for my own use and I am not a reseller.
You can use the same cert on as many domains as you like, but if they don't match (i.e. the cert is for "domain1.tld" and you're editing "domain2.tld"), browsers/email programs will show a warning about an untrusted certificate. If it's just for you, that should be no issue, since you usually can add a security exception to your software.
The proper way to go would be creating a multi-domain certificate with an official CA like StartSSL.
done, and it works fine on two domains.
Thunderbird setting is incoming:
• port 995 • SLS/TLS • Normal password
Outgoing:
• port 465 • SLS/TLS (except all certificates) • Normal password
Last question: is the password encrypted or not? Or in other words, can it be 'seen' in real characters when i.e. the WiFi connection get logged?
When using port 465 or 587, the connection is encrypted. It won't be seen over wifi.
-Eric
As far as I know, 587 is not necessarily encrypted, but uses explicit SSL (startssl) when requested. 465 is always encrypted (implicit SSL).
You can test that by telnetting to the port. If it connects but doesn't output anything, it's encrypted. If it shows the 220 greeting line, it's explicit SSL.
My MX SMTP is suddenly not working after working flawless for a few month. I wonder what happened and hope somebody can give me some hints.
The mail log:
Apr 4 07:27:59 vps-1066128-323 postfix/smtpd[16161]: warning: SASL authentication failure: Password verification failed
Apr 4 07:27:59 vps-1066128-323 postfix/smtpd[16161]: warning: n1164836033.myisp.com[220.100.88.99]: SASL PLAIN authentication failed: generic failure
Apr 4 07:28:00 vps-1066128-323 postfix/smtpd[16161]: lost connection after AUTH from n1164836033.myisp.com[220.100.88.99]
Apr 4 07:28:00 vps-1066128-323 postfix/smtpd[16161]: disconnect from n1164836033.myisp.com[220.100.88.99]
Apr 4 07:28:00 vps-1066128-323 postfix/smtpd[16161]: connect from n1164836033.myisp.com[220.100.88.99]
Apr 4 07:28:02 vps-1066128-323 postfix/smtpd[16161]: warning: SASL authentication failure: cannot connect to saslauthd server: Connection refused
Apr 4 07:28:02 vps-1066128-323 postfix/smtpd[16161]: warning: SASL authentication failure: Password verification failed
Apr 4 07:28:02 vps-1066128-323 postfix/smtpd[16161]: warning: n1164836033.myisp.com[220.100.88.99]: SASL PLAIN authentication failed: generic failure
Apr 4 07:28:02 vps-1066128-323 postfix/smtpd[16161]: lost connection after AUTH from n1164836033.myisp.com[220.100.88.99]
Apr 4 07:28:02 vps-1066128-323 postfix/smtpd[16161]: disconnect from n1164836033.myisp.com[220.100.88.99]
Apr 4 07:28:02 vps-1066128-323 postfix/smtpd[16161]: connect from n1164836033.myisp.com[220.100.88.99]
Apr 4 07:28:04 vps-1066128-323 postfix/smtpd[16161]: warning: SASL authentication failure: cannot connect to saslauthd server: Connection refused
Apr 4 07:28:04 vps-1066128-323 postfix/smtpd[16161]: warning: SASL authentication failure: Password verification failed
Apr 4 07:28:04 vps-1066128-323 postfix/smtpd[16161]: warning: n1164836033.myisp.com[220.100.88.99]: SASL PLAIN authentication failed: generic failure
Apr 4 07:28:05 vps-1066128-323 postfix/smtpd[16161]: lost connection after AUTH from n1164836033.myisp.com[220.100.88.99]
Apr 4 07:28:05 vps-1066128-323 postfix/smtpd[16161]: disconnect from n1164836033.myisp.com[220.100.88.99]
Apr 4 07:28:05 vps-1066128-323 postfix/smtpd[16161]: connect from n1164836033.myisp.com[220.100.88.99]
Apr 4 07:28:07 vps-1066128-323 postfix/smtpd[16161]: warning: SASL authentication failure: cannot connect to saslauthd server: Connection refused
Apr 4 07:28:07 vps-1066128-323 postfix/smtpd[16161]: warning: SASL authentication failure: Password verification failed
Apr 4 07:28:07 vps-1066128-323 postfix/smtpd[16161]: warning: n1164836033.myisp.com[220.100.88.99]: SASL PLAIN authentication failed: generic failure
Update: saslauthd was probably down. This did the trick:
/etc/init.d/saslauthd restart
SMTP works again!