Server :: Postfix Rejecting Self-signed Cert On Remote Smtp Server?
Jun 24, 2011
I've got an uber simple test mail script in php on my awesome new dev machine running Ubuntu:
PHP Code:
Unfortunately, something is preventing mail delivery. I can't tell from this error log whether it's the remote machine rejecting me or whether it's my machine rejecting the self-signed cert on the remote machine:
Code:
I'm wondering what I could change in my postfix configuration to remedy this problem.
I tried setting smtp_tls_security_level = may = may but this did not change anything.
Try as I might I cant get postfix to send emails through an external email server (I can succesfully get client software to do it no trouble) After following the howto at:
alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no
[code]...
I get basically the same error no matter what smtpserver/username/password combination I use leading me to believe its my setup and not my username/password
Try as I might I cant get postfix to send emails through an external email server (I can succesfully get client software to do it no trouble) After following the howto at: [URL] I get 5.0.0 errors re:
I've enabled popb4smtp in my mail server. Is this because of the IP 117.58.246.10 don't have a dns record? How can I sending email from this type of Ip which don't have dns entry?. But if I enable SMTP auth I can send email form this same ip. Another thing is I can connect to port 587 from the email client to send email but can't connect to port 25.
I have enforced to use the Linux /etc/passwd file to authenticate myself from Outlook, Postfix will accept mail from any IPs. However, I'm not able to send mails from my Outlook via my mail server to someone else on the Internet. Am seeing the following in Postfix's log.
Code: Mar 11 21:07:39 production postfix/smtpd[16366]: connect from pcdxxxxx.netvigator.com[203.218.211.256] Mar 11 21:07:39 production postfix/smtpd[16366]: NOQUEUE: reject: RCPT from pcdxxxxx.netvigator.com[203.218.211.256]: 554 5.7.1 <someone@hotmail.com>: Relay access denied; from=<mate@mydomain.com> to=<someone@hotmail.com> proto=ESMTP helo=<Windows> Mar 11 21:07:42 production postfix/smtpd[16366]: disconnect from pcdxxxxx.netvigator.com[203.218.211.256] Here are my Postfix settings.
I have an ubuntu server running postfix 2.6.5 (configured using DTC). If a user tries to send an email to more than one recipient, and one recipient address is bad, then the server returns an error and no mail is sent (even to the good addresses), rather than letting the good ones through. Error displayed by thunderbird is
Code:
"An error occurred while sending mail. The mail server responded: 5.1.1 [URL]: Recipient address rejected: User unknown in virtual mailbox table. Please check the message recipient noreply@domain.com.au and try again." and mail.log shows ...
Code:
Oct 6 20:35:08 www1 postfix/smtpd[22716]: connect from xxxxxx [xxx.xxx.xxx.xxx] Oct 6 20:35:08 www1 postfix/smtpd[22716]: B62F92A44: client=xxxxxx [xxx.xxx.xxx.xxx], sasl_method=PLAIN, sasl_username=blake@domain.com.au
I have this strange error - I switched from postfix 2.6.5 to 2.8.2 and I some mailservers cannot send mail to me. One of them was some sendmail server. I have virtual alias maps in mysql. It works fine for almost all server that are sending mail to me, but some of them seems to send mails as user@FQDN instead of user@virtualdomain my machine name is x49.tvujweb.cz, and mz email is kamil.horky@servis-it.net but in server logs is that user kamil.horky@x49.tvujweb.cz cannot be found in virtual alias maps.
I've recently followed a guide I found online [1] and installed Postfix and Courier on my server machine. I can send emails from the server to any email address but unfortunately I can only receive emails sent from the server - it's only accepting emails sent locally from the host.
This seems like a relatively simple question, but I haven't been able to figure it out from the documentation after a couple of hours of searching. I'm running postfix on my mail server, and the vast majority of my spam has the sender address spoofed to match the recipient address. I've got spamassassin up and running, and very little gets through that, so it's not a serious problem, but if possible I would like to be able to reject the mail before it arrives to reduce the system load.
Mail is sent locally via webmail, relaying is denied, so the only way that mail should be sent from the domain is via a connection from localhost. The basic idea I'm thinking of is if the MAIL FROM sender claims to be an address at the receiving domain, but is connected from a remote IP, the mail should be rejected.
so i set out to change the default smtp port the server uses because my ISP blocks port 25 and i need the email to work in outlook. this morning i could receive email, but not send it. so i did some research and thought that i needed to edit the master.cf file in /etc/postfix/ by commenting out this line: smtp inet n - n - - smtpd -oand replace it with587 inet n - n - - smtpd (587 being the port i want to use)somewhere along the lines postfix server stopped running and now i cannot get it to start.if i try using SSH it crashes immediately and if i restart it in simple control panel nothing happens
my postfix to send and recive external emails, but many recive in trash folder.Other programer say me that is need some configurations in postfix with and dovecot to work, but i dont know what!This is my first time configuring a linux server at this week.
my main.conf sample_directory = /usr/share/doc/postfix-2.3.3/samples readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
The rsa was generated from example.com server using example.com as CN Common name.
GoDaddy's website adds the extra names to a CSR you provide, does the checks and grants the cert.
My problem is that whilst the certificate works fine on the server example.com (from which the csr was created), it comes up with two errors when restarting apache on remote servers.
1>> Certificate common name does not match server name 2>> SSL Library error - check private key:key missmatch.
I donn't understand how these keys could ever work as no reference to the private keys of the remote servers is ever used in creating the UCC certificate.
I'm trying to configure Postfix with a mail server that I programmed in C. The main.cf is set in this way :
Code: relayhost = [myMailServer.localhost] smtp_sasl_auth_enable = no smtp_use_tls = no disable_dns_lookups=yes smtp_never_send_ehlo = yes code....
I don't know why it doesn't receive response after HELO. In fact if I debug my mail server with gdb, I can see it sends a 250 response code. Moreover, I've tested my server both with traditional mail clients, as Thunderbird, and through telnet session and it works very well.
Updating my install of OpenSUSE from 11.0 to 11.3 and notice that the Nagios network monitor can no longer probe servers with self signed certs.It appears to be any monitor that used openssl 1.0.0 has an issue. If I install the openssl 0.9.8 libraries and use old plugins linked against it, they work fine.
When I do a "openssl x509 -in server1.pem -issuer -noout" after I've supposedly signed it with the CA, the issuer is, for some reason, the DN string of server1. If server1 generated the CSR, and it is coming up as issued by server1, doesn't that indicate a self signed cert? How could the CA be producing a cert that has an issuer of another server? Am I just completely off base? Sorry, I'm a bit of a newb with the SSL pieces.
I hope this is the right place for this, but I'm having some difficulty using the java keytool and OpenSSL tool on a Solaris system.
I have a server (CA server) with OpenSSL installed that I would like to use as a Certificate Authority. The second server (server1) is a WebLogic server with JDK 1.6.0_21. I'm trying to configure it to use a certificate that has been signed by server1.
For some reason it keeps giving me this error when I try to import the signed SSL certificate: keytool error: java.lang.Exception: Public keys in reply and keystore don't match
Am I doing something wrong in this whole process?
1) Generate the Private Key for the CA server openssl genrsa -out CA.key -des 2048
2) Generate the CSR on the CA openssl req -new -key CA.key -out CA.csr
3) Sign the new CSR so that it can be used as the root certificate openssl x509 -extensions v3_ca -trustout -signkey CA.key -days 730 -req -in CA.csr -out CA.pem -extfile /usr/local/ssl/openssl.cnf
4) On server1, create Server Private Key KeyStore keytool -genkey -alias server1 -keysize 2048 -keyalg RSA keystore server1.jks -dname "CN=server1.domain.com,OU=Organization,O=Company,L=City,ST=State,C=US"
5) On server1, create a CSR from the recently created Private Key keytool -certreq -alias server1 -sigalg SHA1WithRSA -keystore server1.jks -file server1.csr
6) Transfer the CSR over to the CA (server1) so that it can be signed openssl x509 -extensions v3_ca -trustout -signkey CA.key -days 365 -req -in server1.csr -out server1.pem -extfile /usr/local/ssl/openssl.cnf
7) Transfer CA Public Cert to server1 and Import into keytool keytool -import -trustcacerts -alias CA_Public -file CA.pem -keystore server1.jks
8) Import recently signed CSR to app server keystore (This is where I receive the error) keytool -import -trustcacerts -alias server1 -file server1.pem -keystore server1.jks
I have searched through piles of postfix and sendmail documentation but I'm not sure of the terminology to describe what I want to do so I'm never sure what solutions are workable. Null client, relay hosts. What I have already is a RHEL postfix server which sends and receives email. What I want to do is add a second postfix server to the network. The second server should accept only ssl smtp mail and forward it on to the main postfix server. Users shouldn't use it for normal internal sending/receiving. It's only to allow me to support ssl smtp from people working out of the office without messing about with the main postfix server. I thought a Null Client sounded likely but I don't think it will accept mail. Is it a relay host I'm trying to configure? Any pointers on configuring something to just accept secure smtp and forward?
I am using the Postfix SMTP server for sending emails. However I just did a default installation and subsequently someone is sending spam using my SMTP server. I would like some help on securing my Postfix server and to block these mischievous emails being sent from my server.
I am looking at setting up a multiple postfix SMTP servers for a single domain. Below is my requirement, I would appreciate if someone out there could guide me to achieve this using postfix..
1. Want to setup 2 postfix SMTP Server with 1 POP3 Server.
2. Server1 will host POP3 & SMTP services for domain "metallica.one".(IP: 1.1.1.1, MX: mx1.metallica.one)
3. Server2 will host only SMTP services for domain "metallica.one" (IP: 1.1.1.2, MX: mx2.metallica.one)
4. Server1 & Server2 will be used as load balancing for sending mails. (either manual settings in email client, or auto-loadbalancing is still preferred).
5. Mail received for domain metallica.one on Server2 should be pushed/forwarded/relayed to Server1 where POP3 services are running.
6. Outgoing mails for other domains from Server2 should be sent directly to the other-domain-recipients without relaying to Server1.
I'm hoping someone here can help, as I've been beating my head on the wall for a week now with little advancement. I've found a number of tutorials on setting this up, however none of them have gotten me 100% of the way there. Here's my situation: home-based Fedora server (Core 8), running sendmail 8.14.2-1. Connecting to hosting company's smtp server over port 587, to bypass Verizon's blocking of port 25.
My /etc/mail/sendmail.mc file looks like this (comment lines removed):Quote:
I'm trying to set up my postfix server to relay mail (via a php cms) using Gmail's smtp on my account, but for some reason, Gmail returns an error code that StartTLS must be sent first, my postfix main.cnf file can be found at pastebin, because of this forum's text length I cannot paste my postfix main.cnf file as can be seen I have everything set and configured for Gmail, but postfix (for some unseen reason) can not send StartTLS. [URL].
This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
xx@xx.com SMTP error from remote mail server after initial connection: host [URL] [ip address]: 550 Access denied...
But I fully have my server and everything up, MySQL, PHP5, Apache2, Postfix, Courier, SQMail, can't remember what else atm.
I installed mailx and used the mail command to send an email to my external email address, worked just fine. sent it to another email, worked as well.
But the problem is, I do 'telnet localhost 25' to test it like they say, it connects. I run 'ehlo localhost' Nothing happens.
I've tried setting it up with Thunderbird on my home pc and it connects to the IMAP & POP servers just fine, but it cannot establish a connection with SMTP, I've tried changing the SMTP port to other ones, still no luck.
I'm trying to set up a basic smtp server on my local computer that I can send basic, unencrypted email through on port 25. I installed postfix, and I chose the following options:
Internet Site, System Mail Name: localhost Root and postmaster mail recipient: I left this blank For other domains to accept mail, I entered : NONE, localhost No force synchronous mail updates Local networks: 127.0.0.0/8
I followed this How To (https://help.ubuntu.com/community/Postfix) in order to add smtp authentication to my Postfix installation used as spam filter for my exhange server, and it'seem all ok; the only thing that I don't understand is where I list all the users (with passwords) that I authorize to send mail through my server...
This is a transcript I get emailed at least once every day, usually about 3 to 10 a day recently.
Transcript of session follows. SMTP server: errors from unknown[ip address] <boring stuff snipped> In: RCPT TO: <server@my domain> Out: 550 5.1.1 <server@my domain>: Recipient address rejected: User unknown in local recipient table
Session aborted, reason: lost connection Now I cannot seem to find anything via Google, as when I put "server@" anywhere in the string, I just get web hosting or other kroomst. The emails usually come from legit places, usually hotels. Does this mean they are sending bad emails, i.e. they have a Trojan/worm, or is this a live hack attempt?. I believe the later, as I might get upto 3 domains from the one ip address, which is always, NOT associated with the listed domain. Not causing me any issues, except I have been getting a lot recently.
Is it possible to somehow setup an ssh server that doesn't require a username,password or cert to login?I wish to provide shell access to a console program, which will prompt for a username and password.Encryption is essential though, and users must not be able to snoop in on each other
