1

Topic: Sending mails from applications on other servers through iRedmail

==== Required information ====
- iRedMail version: 0.8.4
- Store mail accounts in which backend: LDAP
- Linux/BSD distribution name and version: CentOS 6.4
- Related log if you're reporting an issue:  No entries found
====

I was running 0.7 on CentOS 5.8 and this was working. But on the new system new versions of everything are installed, so I may have some configuration problems.

iptables is disabled on both machines
one machine runs iRedMail  (IP 10.2.1.195)
another machine runs a PHP Web Application  (IP 10.2.1.198) using swiftmailer php library

It is not possible to send mails from any other machine than 10.2.1.195. They get 'permission denied' errors. In the maillog I cannot find any entries.  SwiftMailer generates for example:

++ Log level changed to 4
++ Forcing ESMTP mode.  HELO is EHLO.
++ Forcing ESMTP mode.  HELO is EHLO.
++ Trying to connect...
++ Trying to connect to SMTP server at 'tls://mail.datacave.ch:587
!! The SMTP connection failed to start [tls://mail.datacave.ch:587]: fsockopen returned Error Number 13 and Error String 'Permission denied'

I tried as well port 25 without any encryption, SSL and TLS, none work.....

I have in my main.cf the following configuration:

[root@mail1 log]# postconf -n | grep mynet
mynetworks = 127.0.0.0/8, 10.2.1.193/32, 10.2.1.194/32, 10.2.1.195/32, 10.2.1.196/32, 10.2.1.197/32, 10.2.1.198/32, 10.2.1.199/32, 10.2.1.65/32, 10.2.1.66/32, 10.2.1.67/32
mynetworks_style = subnet

and

[root@mail1 log]# postconf -n | grep perm
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_policy_service inet:127.0.0.1:10031
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated


So if I understand things right, all servers under mynetworks should be able to send emails.


Could anybody give me a hint, where to search further?

Many Thanks

Tom

2

Re: Sending mails from applications on other servers through iRedmail

What is in mail.log on the iRedMail server?
Possibly you can increase logging verbosity by putting

debug_peer_level = 2
debug_peer_list = X.X.X.X

in the /etc/postfix/main.cf and restart postfix. (replace X.X.X.X with IP of your CLIENT trying to send emails via the iRedMail server)

3

Re: Sending mails from applications on other servers through iRedmail

I tried this, but it does not write anything to the log.....

Any other suggestions?

4

Re: Sending mails from applications on other servers through iRedmail

If there are no entries in mail.log, there is no connection from your PHP box happening.

Test first with eg. telnet to the port 25 of the iRM - you should see postfix banner (and even this attempt gets logged)... possibly the PHP box got banned by fail2ban? Doublecheck the iptables

5

Re: Sending mails from applications on other servers through iRedmail

Ok, thanks for these hints.

Telnet seems to work:
[root@alfresco1 ~]# telnet 10.2.1.195 25
Trying 10.2.1.195...
Connected to 10.2.1.195.
Escape character is '^]'.
220 mail1.blabla.blah ESMTP Postfix

and in the maillog the following lines are written:

Jun  5 20:53:19 mail1 postfix/smtpd[36866]: > unknown[10.2.1.198]: 220 mail1.datacave.ch ESMTP Postfix
Jun  5 20:53:19 mail1 postfix/smtpd[36866]: xsasl_dovecot_server_create: SASL service=smtp, realm=(null)
Jun  5 20:53:19 mail1 postfix/smtpd[36866]: name_mask: noanonymous
Jun  5 20:53:19 mail1 postfix/smtpd[36866]: xsasl_dovecot_server_connect: Connecting
Jun  5 20:53:19 mail1 postfix/smtpd[36866]: xsasl_dovecot_server_connect: auth reply: VERSION?1?1
Jun  5 20:53:19 mail1 postfix/smtpd[36866]: xsasl_dovecot_server_connect: auth reply: MECH?PLAIN?plaintext
Jun  5 20:53:19 mail1 postfix/smtpd[36866]: name_mask: plaintext
Jun  5 20:53:19 mail1 postfix/smtpd[36866]: xsasl_dovecot_server_connect: auth reply: MECH?LOGIN?plaintext
Jun  5 20:53:19 mail1 postfix/smtpd[36866]: name_mask: plaintext
Jun  5 20:53:19 mail1 postfix/smtpd[36866]: xsasl_dovecot_server_connect: auth reply: SPID?36733
Jun  5 20:53:19 mail1 postfix/smtpd[36866]: xsasl_dovecot_server_connect: auth reply: CUID?4
Jun  5 20:53:19 mail1 postfix/smtpd[36866]: xsasl_dovecot_server_connect: auth reply: COOKIE?379b061dbad47940d769862db9b0c809
Jun  5 20:53:19 mail1 postfix/smtpd[36866]: xsasl_dovecot_server_connect: auth reply: DONE
Jun  5 20:53:19 mail1 postfix/smtpd[36866]: xsasl_dovecot_server_mech_filter: keep mechanism: PLAIN
Jun  5 20:53:19 mail1 postfix/smtpd[36866]: xsasl_dovecot_server_mech_filter: keep mechanism: LOGIN
Jun  5 20:53:19 mail1 postfix/smtpd[36866]: watchdog_pat: 0x7fc02f6c4180
Jun  5 20:53:53 mail1 postfix/smtpd[36801]: disconnect from unknown[10.2.1.194]

The disconnect comes directly after entering 'quit' in the telnet session. I do not really understand what is going on there, I am not a postfix expert, but maybe somebody else can read and understand it. I still cannot send a mail from any server other the postfix server itself.

6

Re: Sending mails from applications on other servers through iRedmail

You really need to catch the connection attempts from your PHP box in the mail.log on iRedMail server. If you don't see any entries, your application is not connecting to the iRedMail server and the problem is in config of your application and/or network layer...

7

Re: Sending mails from applications on other servers through iRedmail

Interesting news: I am able to send a simple email from telnet on port 25. It gets correctly delivered and I can read it in Webmail or Thunderbird. So the problem must be the PHP mailer or java mailers.......

8

Re: Sending mails from applications on other servers through iRedmail

I am still stuck with this! I can connect with telnet, but when using any web applications such as dokuwiki, vtiger etc. I cannot send mail. They use different smtp libraries but none can send mail through my iRedmail server.

On the mail server there is no sign that a connection takes place, at least the logs don't show anything.

On the web server I currently have SELinux off, iptables is off as well.

Anybody here with an idea what the problem could be??

Tom

9

Re: Sending mails from applications on other servers through iRedmail

No log on your mail server at all? that means your applications didn't connect to your server at all.

10

Re: Sending mails from applications on other servers through iRedmail

ZhangHuangbin wrote:

No log on your mail server at all? that means your applications didn't connect to your server at all.

Yes exactly. And this happens from several web servers no matter whether they run wordpress, vTiger, Joomly, dokuwiki etc. And the error is exactly the same on all machines: permission denied!

I do not understand this!

11

Re: Sending mails from applications on other servers through iRedmail

*) Turn on debug mode on your client, so that you can know what happened during smtp session. If you cannot do this, try to telnet your mail server with port 25, then perform SMTP auth to get detailed log. If you don't know how to perform SMTP auth with telnet, Google first.

*) Check whether Postfix logged something in its log file /var/log/maillog.

We cannot help without detailed log. Sorry about this.

12

Re: Sending mails from applications on other servers through iRedmail

OK, I got a step further. I saw that i used the external machine names (server.somedomain.com) instead of the internal names (server.somedomain.local). Also on one server selinux was on. I changed it to permissive mode. These boxes work now. There is still one box causing a problem:

On the client it return the very meaningful error message:
'There was an unexpected problem with sending the email: The sender parameter must either be a valid string email address or an instance of Swift_Address.'

In the maillog we can read:
---
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: connect from unknown[10.2.1.198]
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostname: unknown ~? 127.0.0.0/8
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostaddr: 10.2.1.198 ~? 127.0.0.0/8
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostname: unknown ~? 10.2.1.193/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostaddr: 10.2.1.198 ~? 10.2.1.193/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostname: unknown ~? 10.2.1.194/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostaddr: 10.2.1.198 ~? 10.2.1.194/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostname: unknown ~? 10.2.1.195/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostaddr: 10.2.1.198 ~? 10.2.1.195/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostname: unknown ~? 10.2.1.196/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostaddr: 10.2.1.198 ~? 10.2.1.196/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostname: unknown ~? 10.2.1.197/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostaddr: 10.2.1.198 ~? 10.2.1.197/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostname: unknown ~? 10.2.1.198/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostaddr: 10.2.1.198 ~? 10.2.1.198/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: > unknown[10.2.1.198]: 220 mail1.somedomain.com ESMTP Postfix
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: xsasl_dovecot_server_create: SASL service=smtp, realm=(null)
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: name_mask: noanonymous
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: xsasl_dovecot_server_connect: Connecting
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: xsasl_dovecot_server_connect: auth reply: VERSION?1?1
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: xsasl_dovecot_server_connect: auth reply: MECH?PLAIN?plaintext
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: name_mask: plaintext
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: xsasl_dovecot_server_connect: auth reply: MECH?LOGIN?plaintext
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: name_mask: plaintext
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: xsasl_dovecot_server_connect: auth reply: SPID?7869
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: xsasl_dovecot_server_connect: auth reply: CUID?1
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: xsasl_dovecot_server_connect: auth reply: COOKIE?1d66640022b13972be6c0c83b520c519
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: xsasl_dovecot_server_connect: auth reply: DONE
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: xsasl_dovecot_server_mech_filter: keep mechanism: PLAIN
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: xsasl_dovecot_server_mech_filter: keep mechanism: LOGIN
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: watchdog_pat: 0x7f67acc8b180
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: < unknown[10.2.1.198]: EHLO web2.datacave.local
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: > unknown[10.2.1.198]: 250-mail1.somedomain.com
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: > unknown[10.2.1.198]: 250-PIPELINING
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: > unknown[10.2.1.198]: 250-SIZE 15728640
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: > unknown[10.2.1.198]: 250-ETRN
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: > unknown[10.2.1.198]: 250-STARTTLS
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: > unknown[10.2.1.198]: 250-AUTH PLAIN LOGIN
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_list_match: unknown: no match
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_list_match: 10.2.1.198: no match
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: > unknown[10.2.1.198]: 250-AUTH=PLAIN LOGIN
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: > unknown[10.2.1.198]: 250-ENHANCEDSTATUSCODES
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: > unknown[10.2.1.198]: 250-8BITMIME
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: > unknown[10.2.1.198]: 250 DSN
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: watchdog_pat: 0x7f67acc8b180
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: < unknown[10.2.1.198]: AUTH PLAIN <deleted pwd>
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: xsasl_dovecot_server_first: sasl_method PLAIN, init_response <deleted pwd>
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: xsasl_dovecot_handle_reply: auth reply: OK?1?user=domainadmin@somedomain.com
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: > unknown[10.2.1.198]: 235 2.7.0 Authentication successful
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: watchdog_pat: 0x7f67acc8b180
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: smtp_get: EOF
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostname: unknown ~? 127.0.0.0/8
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostaddr: 10.2.1.198 ~? 127.0.0.0/8
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostname: unknown ~? 10.2.1.193/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostaddr: 10.2.1.198 ~? 10.2.1.193/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostname: unknown ~? 10.2.1.194/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostaddr: 10.2.1.198 ~? 10.2.1.194/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostname: unknown ~? 10.2.1.195/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostaddr: 10.2.1.198 ~? 10.2.1.195/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostname: unknown ~? 10.2.1.196/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostaddr: 10.2.1.198 ~? 10.2.1.196/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostname: unknown ~? 10.2.1.197/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostaddr: 10.2.1.198 ~? 10.2.1.197/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostname: unknown ~? 10.2.1.198/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: match_hostaddr: 10.2.1.198 ~? 10.2.1.198/32
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: lost connection after AUTH from unknown[10.2.1.198]
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: disconnect from unknown[10.2.1.198]
---

Interesting is the second last line 'lost connection after AUTH from unknown....

No idea why!

Tom

13

Re: Sending mails from applications on other servers through iRedmail

tomb wrote:

Jun 13 15:33:42 mail1 postfix/smtpd[7867]: xsasl_dovecot_server_first: sasl_method PLAIN, init_response <deleted pwd>
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: xsasl_dovecot_handle_reply: auth reply: OK?1?user=domainadmin@somedomain.com
Jun 13 15:33:42 mail1 postfix/smtpd[7867]: > unknown[10.2.1.198]: 235 2.7.0 Authentication successful

SMTP authentication is ok.

Any related log in Dovecot log file? Maybe you need to turn on debug mode in Dovecot to track it.