sunnuntai 14. maaliskuuta 2010

Authenticated smtp using postfix

I was in a need of virtual email hosting platform, something simple I thought. MySQL for users, postfix for MTA, courier for imap, basic stuff. I have setup similar environment few times already. But the thing that has always bothered me is that I have always failed to configure SASL smtp properly. I have usually tried to fix it few times. But then after a while of going nowhere I have decided to quit. Today I decided once again that I need it, and this time I have even made some progress.

First I somehow found that I need to enable smtps from master.cf:

smtps     inet  n       -       n       -       -       smtpd

Logically I then decided to add "smtpd_tls_wrappermode = yes" into main.cf. After this everything seemed working. I configured thunderbird to use ssl imap and SSL SMTP on port 465 and tried sending mail and fetching my (ahem old) emails. All was nice! I even decided to send an email to my client confirming that everything is now working and we can start creating accounts.

After this I decided okay, let's test that everything does really work. First receiving emails.. I logged in into my gmail and sent a test email. Of course it didn't come through..

Log showed me this:
 
Mar 14 21:33:07 [postfix/smtpd] sql_select option missing
Mar 14 21:33:07 [postfix/smtpd] auxpropfunc error no mechanism available_
Mar 14 21:33:07 [postfix/smtpd] initializing the server-side TLS engine
Mar 14 21:33:07 [postfix/smtpd] connect from mail-ww0-f54.google.com[74.125.82.54]
Mar 14 21:33:07 [postfix/smtpd] setting up TLS connection from mail-ww0-f54.google.com[74.125.82.54]
Mar 14 21:33:07 [postfix/smtpd] mail-ww0-f54.google.com[74.125.82.54]: TLS cipher list "ALL:!EXPORT:!LOW:+RC4:@STRENGTH"
Mar 14 21:33:07 [postfix/smtpd] SSL_accept:before/accept initialization
Mar 14 21:33:07 [postfix/smtpd] read from 080C7C18 [080D2A48] (11 bytes => -1 (0xFFFFFFFF))
Mar 14 21:36:15 [postfix/smtpd] SSL_accept error from mail-wy0-f173.google.com[74.125.82.173]: -1
Mar 14 21:36:15 [postfix/smtpd] lost connection after CONNECT from mail-wy0-f173.google.com[74.125.82.173]
Mar 14 21:36:15 [postfix/smtpd] disconnect from mail-wy0-f173.google.com[74.125.82.173]


I then fiddled with all the configurations, disabling stuff, modifying stuff, removing stuff, adding stuff. But alas once again it was evident that SASL had bitten me.. I googled and googled but I found nothing relevant. But then (from totally unrelated issue) someone suggested this: "openssl s_client -connect HOSTNAME:25 -starttls smtp" which then failed to connect. And the issue was clear at last. Postfix was serving ssl connections in port 25. Incoming mails were totally blocked. Of course now everything was easy...

I removed this "smtpd_tls_wrappermode = yes" into main.cf and put it into master.cf like so

smtps     inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes

And now it seems everything is working perfectly. Next time this should be easy(tm). Now just the last few modifications to the configuration (should not break anything) and I'm done!
Lähettänyt klo Ei kommentteja:
Tilaa: Blogitekstit (Atom)