For some reason my mail client cannot connect to newly built FreeBSD mail server to send emails - connection refused. Originally I was intending to build secure connection using SASL2 and TLS/SSL but like I said I experience difficulties connecting to SMTP server.
My observations:
1. Receiving of emails works fine via Courier IMAP (993)
2. Squirrelmail installed on the system DOES allow to send with SMTP Authentication set to 'none' and TLS set to 'false'. So far this is the only way of responding to emails.
3. Posffix was compiled with SASL2 (see below):
4. SMTP is set to listen to the outside world:
5. I can telnet localhost 25 and openssl localhost:25 during my ssh session.
6. Here's the output of postconf -n
7. I tried connecting to SMTP with "no authentication" and "no SSL" set in mail client (as in case with Squirrelmail) but all I get is email back with "Relay access denied" in tail -f /var/log/maillog:
8. If I set mail client to authenticate and use SSL result in log is as follows:
Not sure why this is happening. Help please!
My observations:
1. Receiving of emails works fine via Courier IMAP (993)
2. Squirrelmail installed on the system DOES allow to send with SMTP Authentication set to 'none' and TLS set to 'false'. So far this is the only way of responding to emails.
3. Posffix was compiled with SASL2 (see below):
Code:
one# make showconfig
===> The following configuration options are available for postfix-2.6.1,1:
PCRE=on "Perl Compatible Regular Expressions"
SASL2=on "Cyrus SASLv2 (Simple Auth. and Sec. Layer)"
DOVECOT=off "Dovecot SASL authentication method"
SASLKRB=off "If your SASL req. Kerberos select this option"
SASLKRB5=off "If your SASL req. Kerberos5 select this option"
SASLKMIT=off "If your SASL req. MIT Kerberos5 select this option"
TLS=on "Enable SSL and TLS support"
BDB=off "Berkeley DB (choose version with WITH_BDB_VER)"
MYSQL=off "MySQL maps (choose version with WITH_MYSQL_VER)"
PGSQL=off "PostgreSQL maps (choose with DEFAULT_PGSQL_VER)"
OPENLDAP=off "OpenLDAP maps (choose ver. with WITH_OPENLDAP_VER)"
CDB=off "CDB maps lookups"
NIS=off "NIS maps lookups"
VDA=off "VDA (Virtual Delivery Agent)"
TEST=off "SMTP/LMTP test server and generator"
===> Use 'make config' to modify these settings
4. SMTP is set to listen to the outside world:
Code:
one# netstat -a | grep 'smtp'
tcp4 0 0 *.smtp *.* LISTEN
ffffff0001b348b8 stream 0 0 ffffff0001ceb3f0 0 0 0 private/smtp
5. I can telnet localhost 25 and openssl localhost:25 during my ssh session.
6. Here's the output of postconf -n
Code:
broken_sasl_auth_clients = yes
canonical_maps = hash:/usr/local/etc/postfix/canonical
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
home_mailbox = Maildir/
html_directory = /usr/local/share/doc/postfix
mail_owner = postfix
mailbox_command = /usr/local/bin/procmail
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
sample_directory = /usr/local/share/examples/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/usr/local/etc/sasldb2
smtp_tls_CAfile = /usr/local/openssl/certs/mailexpeditor.com-CAcert.pem
smtp_tls_cert_file = /usr/local/openssl/certs/one.mailexpeditor.com-cert.pem
smtp_tls_key_file = /usr/local/openssl/certs/one.mailexpeditor.com-unencrypted-key.pem
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:/var/run/smtp_tls_session_cache
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /usr/local/openssl/certs/mailexpeditor.com-CAcert.pem
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /usr/local/openssl/certs/one.mailexpeditor.com-cert.pem
smtpd_tls_key_file = /usr/local/openssl/certs/one.mailexpeditor.com-unencrypted-key.pem
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/run/smtpd_tls_session_cache
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_domains = domain1.co.uk, domain2.com
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual
7. I tried connecting to SMTP with "no authentication" and "no SSL" set in mail client (as in case with Squirrelmail) but all I get is email back with "Relay access denied" in tail -f /var/log/maillog:
Code:
Jun 30 16:41:41 one postfix/smtpd[23319]: NOQUEUE: reject: RCPT from host86-165-212-234.range86-165.btcentralplus.com[86.165.212.234]: 554 5.7.1 <sometestaccount@gmail.com>: Relay access denied; from=<myemail@domain1.co.uk> to=<sometestaccount@gmail.com> proto=ESMTP helo=<gnrPC>
8. If I set mail client to authenticate and use SSL result in log is as follows:
Code:
Jun 30 16:47:16 one postfix/smtpd[23346]: connect from host86-165-212-234.range86-165.btcentralplus.com[86.165.212.234]
Jun 30 16:47:16 one postfix/smtpd[23346]: lost connection after UNKNOWN from host86-165-212-234.range86-165.btcentralplus.com[86.165.212.234]
Jun 30 16:47:16 one postfix/smtpd[23346]: disconnect from host86-165-212-234.range86-165.btcentralplus.com[86.165.212.234]
Not sure why this is happening. Help please!