Results 1 to 3 of 3

Thread: postfix + google = headache. your help needed

  1. #1
    Junior Member
    Join Date
    Apr 2007
    Posts
    13
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default postfix + google = headache. your help needed

    Hi all,

    I installed recently Postfix + Dovecot (yum) on a CentOS 5.1 test box. The configuration went OK, I can telnet on port 25, 587 and 465 with no problems.

    Code:
    # hostname -f
    localhost.localdomain
    
    #openssl s_client -connect localhost:465
    CONNECTED(00000003)
    depth=0 /C=CA/ST=Quebec/L=Montreal/O=Axivo Inc./CN=localhost/emailAddress=webmaster@localhost
    verify error:num=18:self signed certificate
    verify return:1
    depth=0 /C=CA/ST=Quebec/L=Montreal/O=Axivo Inc./CN=localhost/emailAddress=webmaster@localhost
    verify return:1
    [more certificate code here ...]
    ---
    220 localhost.localdomain ESMTP Postfix
    ehlo localhost
    250-localhost.localdomain
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-AUTH LOGIN PLAIN
    250-AUTH=LOGIN PLAIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    
    # telnet localhost 587
    Trying 127.0.0.1...
    Connected to localhost.localdomain (127.0.0.1).
    Escape character is '^]'.
    220 localhost.localdomain ESMTP Postfix
    ehlo localhost
    250-localhost.localdomain
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH LOGIN PLAIN
    250-AUTH=LOGIN PLAIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    Now, if I want to send a test email using a PHP script (I tried in vBulletin), I get this message in maillog:
    Code:
    Feb 24 23:21:08 localhost postfix/smtp[4148]: connect to ALT1.ASPMX.L.GOOGLE.com[209.85.133.114]: Connection timed out (port 25)
    The email I send out to is set on a Gmail for my domain host. In other words, mail.domain.com is CNAMEed to Google servers.
    I was wondering if you could look at my setup and let me know if I missed something.

    main.cf
    Code:
    queue_directory = /var/spool/postfix
    command_directory = /usr/sbin
    daemon_directory = /usr/libexec/postfix
    mail_owner = postfix
    default_privs = nobody
    inet_interfaces = all
    mydestination = $myhostname, localhost.$mydomain, localhost
    unknown_local_recipient_reject_code = 550
    mynetworks = 192.168.1.0/24, 127.0.0.0/8
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    home_mailbox = Maildir/
    mail_spool_directory = /var/spool/mail
    mailbox_command = /usr/bin/procmail
    local_destination_concurrency_limit = 2
    default_destination_concurrency_limit = 20
    debug_peer_level = 1
    debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5
    sendmail_path = /usr/sbin/sendmail.postfix
    newaliases_path = /usr/bin/newaliases.postfix
    mailq_path = /usr/bin/mailq.postfix
    setgid_group = postdrop
    html_directory = no
    manpage_directory = /usr/share/man
    sample_directory = /usr/share/doc/postfix-2.3.3/samples
    readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
    
    smtp_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain =
    smtpd_sasl_security_options = noanonymous
    smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination
    smtpd_delay_reject = yes
    broken_sasl_auth_clients = yes
    smtpd_use_tls = yes
    smtpd_tls_auth_only = no
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_smtp_use_tls = yes
    tls_random_exchange_name = /etc/postfix/prng_exch
    tls_random_source = dev:/dev/urandom
    master.cf (with some verbose turned on)
    Code:
    smtp      inet  n       -       n       -       -       smtpd -v
    submission inet n       -       n       -       -       smtpd -v
      -o smtpd_enforce_tls=no
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    smtps     inet  n       -       n       -       -       smtpd -v
      -o smtpd_tls_wrappermode=yes
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    ...
    the rest is unchanged as default conf
    I also set the mta to sendmail.postfix.
    Code:
    # alternatives --config mta
    
    $ ls -l /usr/sbin/sendmail
    lrwxrwxrwx 1 root root 21 Dec 14 23:13 /usr/sbin/sendmail -> /etc/alternatives/mta
    
    $ ls -l /etc/alternatives/mta
    lrwxrwxrwx 1 root root 26 Feb 23 23:16 /etc/alternatives/mta -> /usr/sbin/sendmail.postfix
    I also added the certificates into Dovecot.

    Code:
    # vi /etc/dovecot.conf
    ssl_cert_file = /etc/postfix/ssl/smtpd.crt
    ssl_key_file = /etc/postfix/ssl/smtpd.key
    ssl_key_password = challenged_password
    To generate the certificates, I used:

    Code:
    # mkdir /etc/postfix/ssl
    # cd /etc/postfix/ssl
    # openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
    # chmod 600 smtpd.key
    # openssl req -new -key smtpd.key -out smtpd.csr
    # openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
    # openssl rsa -in smtpd.key -out smtpd.key.unencrypted
    # mv -f smtpd.key.unencrypted smtpd.key
    # openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
    Any help is appreciated. Thank you for taking the time to read this thread.
    yqed.com (why queued) - my blog

  2. #2
    Junior Member
    Join Date
    Apr 2007
    Posts
    13
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default

    Hmm, the only server I can connect through telnet is localhost, anything else will timeout.

    Code:
    # telnet ALT2.ASPMX.L.GOOGLE.com 25
    Trying 64.233.183.114...
    telnet: connect to address 64.233.183.114: Connection timed out
    Trying 64.233.183.27...
    telnet: connect to address 64.233.183.27: Connection timed out
    telnet: Unable to connect to remote host: Connection timed out
    In iptables, I have the line:
    Code:
    -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 -j ACCEPT
    What should I look for? It does not look like being a postfix issue.
    yqed.com (why queued) - my blog

  3. #3
    Member
    Join Date
    Jul 2005
    Posts
    89
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Default

    I don't know much about the postfix configuration, but I think it is due to the smtp port being blocked on your side.

    First of all, let us know how are you connected to the net. Is it thru a firewall/proxy or is the local email server connected directly to the net.

    It looks to me like that Firewall is blocking SMTP port connections to the outside world.

    Check whether you can connect to Google SMTP from another system on your network. If it can, it means there is something blocking the connection on your localserver. If it also cannot, it means that the firewall is blocking the connection.

    ricc

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Google Earth Linux 4.0 Best Program to Download
    By sweta in forum Linux software
    Replies: 0
    Last Post: 4th May 2007, 12:29 AM
  2. Guidance needed
    By jithendra in forum Linux software
    Replies: 2
    Last Post: 7th November 2006, 09:26 AM
  3. Help needed regarding bash scripting of a webpage
    By chris411 in forum Shell scripting
    Replies: 2
    Last Post: 7th September 2006, 10:40 AM
  4. using sed to delete everything except needed patterns
    By guest in forum Shell scripting
    Replies: 8
    Last Post: 12th September 2005, 02:57 AM
  5. Google India announces topcoder competition
    By vivek in forum The Hangout
    Replies: 0
    Last Post: 8th February 2005, 07:31 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •