How do I setup SMTP on (the) server/Webmin?

19 posts / 0 new
Last post
#1 Wed, 12/11/2013 - 00:44
flameproof

How do I setup SMTP on (the) server/Webmin?

Sorry for this very basic question: How do I setup SMTP on the server - in webmin?

I have a VPS with a few domains. I run Postfix.

From the PC I use my ISPs SMTP. But from the phone it doesn't work because of different network. I don't want to try the phones settings because then I guess I guess it will not work when on WiFi, or out of phone companies reach.

I am not sure if my ISP/phone company block Port25 - how can I test that?

I believe my domain has a (one) domain entry (mx.mydomain.com) that functions as pop and smtp.

What I like it:

• Send my email via mx.mydomain.com • Have it setup that only mail with **@mydomain.com is accepted • Have some sort of security so people can't spoof **@mydomain.com as sender and use my MX to SPAM.

Any advise will be appreciated greatly!

Wed, 12/11/2013 - 06:06
Locutus

Are you using Virtualmin? If not, I'd highly recommend to do that if you intend to do any kind of hosting (be it web or email, for customers or yourself). It will spare you a lot of trouble trying to set stuff up manually - especially if you are a newbie (considering you posted in the "Home for newbies" board :) ). Trying to set up Postfix for production use manually (you'll probably also want spam and virus filtering, for which you need things like Procmail, SpamAssassin and ClamAV) is definitely something I'd suggest newbies should not do, and helping with that is surely beyond the scope of this forum.

So the recommended course of action would be installing Virtualmin on a fresh (i.e. newly set up) OS. Don't install any hosting packages, only SSH. The Virtualmin installer will configure everything for you.

Thu, 12/12/2013 - 01:39
flameproof

Webmin is running with a few domains already.

When I type 'top' in Putty I see 'sshd' running, so I guess SSH is installed and running.

I created all domains with the Virtualmin automatic setup.

pop and smtp are pointing at the same name, is that normal? POP works fine.

How do I test if the SMTP accepts mails? And how to test if my ISP blocks port25 ?

# telnet domain.com
Trying 000.000.000.000...
telnet: connect to address 000.000.000.000...: Connection refused

telnet smtp.domain.com 25
Trying 000.000.000.000...
Connected to smtp.domain.com.
Escape character is '^]'.
220 vps-0000000host.com ESMTP Postfix

Looks like Port25 is open..... (465 is OK too, 587 is not working)

(a few hours later......................)

I can send emails now, but I am not happy with the settings:

Port 25 Authentication method: Password, transmitted insecurely Connection Security: None

At least I got a basic functionality - but how can I make safe?

Thu, 12/12/2013 - 07:34
andreychek

You mentioned that port 465 is open -- are you able to send email using that port? The protocol used by that port would keep authentication secure.

-Eric

Fri, 12/13/2013 - 01:27
flameproof

Eric, I tried 465 with all settings (in Thunderbird) and didn't manage to send any mail. I am not sure if 465 is open, but it seems I can make a telnet connection to that port. On Putty it looks the same as with port 25.

There is a possibility that I did made some errors in my setup a long while ago. If somebody could point me how to setup a secure SMTP I would be happy.

Fri, 12/13/2013 - 03:33
Locutus

"didn't manage to send any mail": What error messages do you get in Thunderbird and in the server's mail log?

What exactly happens when you connect to port 25 and 465 via Putty?

"Setting up SMTP": So did you install Virtualmin using its installer script on a fresh OS back then? If so, it will have set up Postfix (including SMTP) automatically for you. If you set it up manually, there can be any number of things wrong, too much for guessing remotely what it could be.

Taking a look at your system directly (via Teamviewer and instant messenger/voice chat) and doing tests would be the only feasible thing to offer from my end. If more than say half an hour for that is required, I'd have to charge a fee though (need to make a living ;) ).

Fri, 12/13/2013 - 04:28 (Reply to #6)
flameproof

"Setting up SMTP": So did you install Virtualmin using its installer script on a fresh OS back then? If so, it will have set up Postfix (including SMTP) automatically for you. If you set it up manually, there can be any number of things wrong, too much for guessing remotely what it could be.

I used the Virtualmin installer script. But a long while ago I wanted to setup the SMTP server and get around the then port 25 blocking of my ISP, maybe I did break something then in webmin.

And if it's a webmin change I am afraid it will effect all domains (some domains have no mail account at all).

When I do the putte telnet test on the ports it simply connects. Otherwise I don't know how to test if ports are open or not. But some random ports did gave me an error message.

Where would I look to fix it - or make it work? In Webmin>Postfix I guess... and then?

Fri, 12/13/2013 - 05:05
Locutus

Take a look at /etc/postfix/master.cf, the port numbers Postfix listens on for various services should be noted there.

Fri, 12/13/2013 - 08:10
andreychek

Howdy,

It's normal for telnet to just connect to port 465, it doesn't generate other output by default.

If you look in the mail logs, do you see any errors?

Also, as Locutus mentioned, the master.cf file is what controls those ports, and whether they're enabled... you're welcome to post the contents of that file, though it does sound like port 465 is enabled.

-Eric

Fri, 12/13/2013 - 20:21
flameproof

I don't see any port number in master.cf

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# =============================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# =============================================================
smtp inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes
# was 2500 inet n - n - - smtpd

2500 inet n - n - - smtpd

#submission inet n       -       n       -       -       smtpd

-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_tls_wrappermode=yes



###
smtps     inet  n       -       n       -       -       smtpd
###

#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       n       -       -       smtp
-o fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache   unix - - n - 1 scache
#
# =============================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# =============================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

PS: I am now at home and use a different ISP. Port 25 seems definitely blocked from here. 465 I can connect to, 587 not. I did a Windows > Run > CMD > telnet smtp.mydomain.com 25

Fri, 12/13/2013 - 20:46
andreychek

Howdy,

My suggestion would be to make sure all these lines near the top of your file are uncommented:

#submission inet n       -       n       -       -       smtpd

-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_tls_wrappermode=yes



###
smtps     inet  n       -       n       -       -       smtpd
###

#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

And then after that, restart Postfix.

-Eric

Fri, 12/13/2013 - 22:26
flameproof

I removed the four #.... and restarted, no change....

(after a recheck - aren't the commented lines not doubles anyway? - I put them back to comment)

submission inet n       -       n       -       -       smtpd

-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_tls_wrappermode=yes

###
smtps     inet  n       -       n       -       -       smtpd
###

  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

...and the mail log from the last few minutes (some SPAM lines removed)

Dec 13 21:47:51 vps-1007777-888 postfix/qmgr[27996]: DEA88505004E: removed
Dec 13 21:48:02 vps-1007777-888 postfix/smtpd[28136]: connect from unknown[144.90.37.255]
Dec 13 21:48:03 vps-1007777-888 postfix/smtpd[28136]: 8FAA0505004E: client=unknown[144.90.37.255]
Dec 13 21:48:04 vps-1007777-888 postfix/cleanup[11689]: 8FAA0505004E: message-id=<20131214034803.8FAA0505004E@vps-100.vpshost.com>
Dec 13 21:48:04 vps-1007777-888 postfix/smtpd[28136]: disconnect from unknown[144.90.37.255]
Dec 13 21:48:13 vps-1007777-888 postfix/smtpd[28136]: connect from localhost.localdomain[127.0.0.1]
Dec 13 21:48:13 vps-1007777-888 postfix/smtpd[28136]: disconnect from localhost.localdomain[127.0.0.1]
Dec 13 21:48:18 vps-1007777-888 postfix/local[11694]: 8FAA0505004E: to=<admin.mydomain@vps-100.vpshost.com>, orig_to=<info@mydomain.com>, relay=local, delay=16, delays=1.4/0/0/14, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Dec 13 21:48:18 vps-1007777-888 postfix/qmgr[27996]: 8FAA0505004E: removed
Dec 13 21:48:30 vps-1007777-888 postfix/smtpd[14038]: fatal: No server certs available. TLS can't be enabled
Dec 13 21:48:31 vps-1007777-888 postfix/master[27994]: warning: process /usr/libexec/postfix/smtpd pid 14038 exit status 1
Dec 13 21:48:31 vps-1007777-888 postfix/master[27994]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling
Dec 13 21:48:45 vps-1007777-888 postfix/cleanup[11689]: 7EC90505004E: message-id=<F69A548F-8449-4076-89C8-A106657E9251@ymail.com>
Dec 13 21:48:54 vps-1007777-888 postfix/local[11694]: 7EC90505004E: to=<other.mydomain@vps-100.vpshost.com>, orig_to=<other@mydomain.com>, relay=local, delay=9.5, delays=0.38/0/0/9.2, dsn=2.0.0, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Dec 13 21:48:54 vps-1007777-888 postfix/qmgr[27996]: 7EC90505004E: removed

I think this lookst like a hint: fatal: No server certs available. TLS can't be enabled

Sat, 12/14/2013 - 23:48
andreychek

Howdy,

Once uncommented, you may then need to copy out SSL certificates into Postfix.

To do that, go into Virtualmin, and enable SSL for one of your domains (if you haven't already), in Edit Virtual Server -> Enabled Features -> "SSL Website".

Then, go into Server Configuration -> Manage SSL Certificates, and click the "Copy to Postfix" button". You may need to restart Postfix after that.

Once you do that, try accessing port 465 and/or 587 again, and see if that does the trick for you.

-Eric

Sun, 12/15/2013 - 02:31
flameproof

@andreychek Thank you! That helped a lot!

I managed to send mail on port 465! Mail setting in Thunderbird is SSL/TSL and 'normal password'.

Thanks again!

...let me use the edit function now.... I got now this problem while trying the same for another domain on the same IP/VPS::

The following potential problems were detected with the modification of this virtual server :

SSL cannot be enabled for more than one domain on the IP address 111.111.111.111 unless a virtual IP interface or private port is enabled, or the certificate can be used for this domain. The current certificate is only valid for : *.mydomain.com, and it is being used by mydomain.com

Are you sure you want to continue?

Can I continue safely and then use the SMTP on both domain?

I should mention that the VPS is for my own use and I am not a reseller.

Sun, 12/15/2013 - 04:09
Locutus

You can use the same cert on as many domains as you like, but if they don't match (i.e. the cert is for "domain1.tld" and you're editing "domain2.tld"), browsers/email programs will show a warning about an untrusted certificate. If it's just for you, that should be no issue, since you usually can add a security exception to your software.

The proper way to go would be creating a multi-domain certificate with an official CA like StartSSL.

Sun, 12/15/2013 - 21:33
flameproof

done, and it works fine on two domains.

Thunderbird setting is incoming:

• port 995 • SLS/TLS • Normal password

Outgoing:

• port 465 • SLS/TLS (except all certificates) • Normal password

Last question: is the password encrypted or not? Or in other words, can it be 'seen' in real characters when i.e. the WiFi connection get logged?

Sun, 12/15/2013 - 23:08
andreychek

When using port 465 or 587, the connection is encrypted. It won't be seen over wifi.

-Eric

Mon, 12/16/2013 - 02:28
Locutus

As far as I know, 587 is not necessarily encrypted, but uses explicit SSL (startssl) when requested. 465 is always encrypted (implicit SSL).

You can test that by telnetting to the port. If it connects but doesn't output anything, it's encrypted. If it shows the 220 greeting line, it's explicit SSL.

Fri, 04/04/2014 - 08:48
flameproof

My MX SMTP is suddenly not working after working flawless for a few month. I wonder what happened and hope somebody can give me some hints.

The mail log:

Apr  4 07:27:59 vps-1066128-323 postfix/smtpd[16161]: warning: SASL authentication failure: Password verification failed
Apr  4 07:27:59 vps-1066128-323 postfix/smtpd[16161]: warning: n1164836033.myisp.com[220.100.88.99]: SASL PLAIN authentication failed: generic failure
Apr  4 07:28:00 vps-1066128-323 postfix/smtpd[16161]: lost connection after AUTH from n1164836033.myisp.com[220.100.88.99]
Apr  4 07:28:00 vps-1066128-323 postfix/smtpd[16161]: disconnect from n1164836033.myisp.com[220.100.88.99]
Apr  4 07:28:00 vps-1066128-323 postfix/smtpd[16161]: connect from n1164836033.myisp.com[220.100.88.99]
Apr  4 07:28:02 vps-1066128-323 postfix/smtpd[16161]: warning: SASL authentication failure: cannot connect to saslauthd server: Connection refused
Apr  4 07:28:02 vps-1066128-323 postfix/smtpd[16161]: warning: SASL authentication failure: Password verification failed
Apr  4 07:28:02 vps-1066128-323 postfix/smtpd[16161]: warning: n1164836033.myisp.com[220.100.88.99]: SASL PLAIN authentication failed: generic failure
Apr  4 07:28:02 vps-1066128-323 postfix/smtpd[16161]: lost connection after AUTH from n1164836033.myisp.com[220.100.88.99]
Apr  4 07:28:02 vps-1066128-323 postfix/smtpd[16161]: disconnect from n1164836033.myisp.com[220.100.88.99]
Apr  4 07:28:02 vps-1066128-323 postfix/smtpd[16161]: connect from n1164836033.myisp.com[220.100.88.99]
Apr  4 07:28:04 vps-1066128-323 postfix/smtpd[16161]: warning: SASL authentication failure: cannot connect to saslauthd server: Connection refused
Apr  4 07:28:04 vps-1066128-323 postfix/smtpd[16161]: warning: SASL authentication failure: Password verification failed
Apr  4 07:28:04 vps-1066128-323 postfix/smtpd[16161]: warning: n1164836033.myisp.com[220.100.88.99]: SASL PLAIN authentication failed: generic failure
Apr  4 07:28:05 vps-1066128-323 postfix/smtpd[16161]: lost connection after AUTH from n1164836033.myisp.com[220.100.88.99]
Apr  4 07:28:05 vps-1066128-323 postfix/smtpd[16161]: disconnect from n1164836033.myisp.com[220.100.88.99]
Apr  4 07:28:05 vps-1066128-323 postfix/smtpd[16161]: connect from n1164836033.myisp.com[220.100.88.99]
Apr  4 07:28:07 vps-1066128-323 postfix/smtpd[16161]: warning: SASL authentication failure: cannot connect to saslauthd server: Connection refused
Apr  4 07:28:07 vps-1066128-323 postfix/smtpd[16161]: warning: SASL authentication failure: Password verification failed
Apr  4 07:28:07 vps-1066128-323 postfix/smtpd[16161]: warning: n1164836033.myisp.com[220.100.88.99]: SASL PLAIN authentication failed: generic failure

Update: saslauthd was probably down. This did the trick:

/etc/init.d/saslauthd restart

SMTP works again!

Topic locked