2

I am setting up an email server with Postfix and Dovecot. Remote email clients can read email, but cannot reply to it or send new messages. (Email clients local to the server receive and send email just fine.) For example, Alpine tries until told to give up, when it says "Error sending: SMTP greeting failure 421 SMTP connection went away".

When I run alpine -d 4, the debug output shows:

=== sending:
Sending mail...
call_mailer: via TCP
IMAP 11:34:01 9/14 mm_log babble: Try IP address [xx.xx.xxx.xxx]
IMAP DEBUG 11:34:02 9/14: * OK Dovecot ready
tcptimeout: waited 15 seconds
tcptimeout: waited 30 seconds
. . . .

To me, that suggests a problem on the server b/w Dovecot and Postfix. But I can't figure out how to diagnose it.

The server's syslog shows a successful imap-login, but none of the logs (remote or client) seem to have any information about the failure to send the message.

Odds are very good that I've screwed up something in the Postfix or Dovecot configuration (SSL / TLS? SASL?) I'd like to trouble-shoot this without guessing endlessly. So, please: What is a good process to debug this?
How can I test the interactions among the various processes so I can find the one that is failing?
Is there a way to increase the debugging / logging output of Postfix and Dovecot?
Is there a way to emulate the Dovecot / Postix interaction, and / or the remote client / IMAP server connection, so I can see if these are proceeding as required?

Thanks.

chernevik
  • 725
  • 3
  • 10
  • 19

4 Answers4

2

I would also suggest that this is a postfix issue, what is the output of:

postconf -n

and 

tail -n 50 /var/log/maillog (mail.log on ubuntu boxes)
Greeblesnort
  • 1,759
  • 8
  • 10
1

Are you sure you have an SMTP mailer running, i.e. telnet into your mail server on port 25 and get a response?

Bart Silverstrim
  • 31,172
  • 9
  • 67
  • 87
  • Sorry, are you running both SSL and plain sending? Either way, you can try running tcplist/sockstat/netstat to find out what programs are listening to what ports to make sure postfix is listening to the port you're trying to send out on. – Bart Silverstrim Sep 14 '09 at 15:50
  • Yes. $ telnet mail.example.net 25 -> 220 mail.example.net ESMTP Postfix (Debian/GNU) – chernevik Sep 14 '09 at 15:52
  • The clients, how are they configured to send mail? Plain SMTP? – Bart Silverstrim Sep 14 '09 at 15:53
  • Haven't run netstat b/c I thought the IMAP login log messages indicated a connection. – chernevik Sep 14 '09 at 15:56
  • IMAP shouldn't handle outgoing mail. Postfix does. Still need a daemon monitoring incoming connections. – Bart Silverstrim Sep 14 '09 at 15:58
  • Alpine's SMTP server setting is mail.example.net:993/ssl/user=ME/novalidate-cert – chernevik Sep 14 '09 at 16:07
  • If you're not intending to use SSL, you can tell alpine to use plain 25 to see if that's working. If you are using SSL, you need to verify that postfix is listening to the proper port and has the proper cert installed. – Bart Silverstrim Sep 14 '09 at 16:09
  • netstat -untap shows dovecot listening on 993, 995, 110 and 143. – chernevik Sep 14 '09 at 16:09
  • Are you connecting with some form of secure IMAP? It almost sounds like you can't have mail sent on the SSL port if you're getting mail on that port already on that server. Try sending on plaintext port 25 SMTP and see if the clients work there first. – Bart Silverstrim Sep 14 '09 at 16:11
  • Well, I'm trying to use SSL / TLS. I've just tried commenting out "smtpd_use_tls = yes" in postix/main.cf, but this doesn't change the behavior of the remote clients. – chernevik Sep 14 '09 at 16:24
  • There are SSL configurations in dovecot.conf, but this doesn't seem to be the problem. – chernevik Sep 14 '09 at 16:25
  • If they're both trying to use the SSL port you'll have issues. Another thing to look in is the /var/log/mail (or postfix, if there's a dir for that) to look for postfix's logs and see what it says. It may report conflicts with opening a port if something else is stealing it. After commenting out the smtpd line in postfix, you restarted postfix? – Bart Silverstrim Sep 14 '09 at 16:29
  • I've configured Postfix to use SASL, but remote clients can read mail so that didn't seem to be the problem. – chernevik Sep 14 '09 at 16:29
  • Postfix doesn't handle *reading* mail. Your IMAP server dovecot does. Postfix handle SMTP/Sending mail. Two different services. – Bart Silverstrim Sep 14 '09 at 16:30
  • I used "postfix reload" after making the changes. No errors reported in syslog, mail.log, or mail.warn. – chernevik Sep 14 '09 at 16:32
  • Okay, now what does your netstat say smtpd is listening to? If it's port 25, you need to tell your client program to use plain SMTP to try sending email through your mail server. – Bart Silverstrim Sep 14 '09 at 16:33
  • netstat doesn't have an smtp (nor smtpd) listening to anything. – chernevik Sep 14 '09 at 16:36
  • There is a process 'master' listening to port 25. – chernevik Sep 14 '09 at 16:37
  • That may be postfix's daemon. Try sending through plain SMTP on the client, see what happens. – Bart Silverstrim Sep 14 '09 at 16:37
  • Via telnet on port 25 -- ME> EHLO [servername] SERVER> [stuff, looks okay] ME>MAIL FROM: me@servername SERVER>250 2.1.0 Ok ME>RCPT TO: me@gmail.com SERVER> 554 5.7.1 : Relay access denied – chernevik Sep 14 '09 at 16:42
  • Is that saying the server isn't setting up to relay email from a remote client? – chernevik Sep 14 '09 at 16:43
  • Yes. You need to go through postfix's file and tell it what networks and clients it is authorized to send mail for. – Bart Silverstrim Sep 14 '09 at 16:45
  • Thank you. I'll have to go research that configuration. Thanks very much for your time. – chernevik Sep 14 '09 at 16:48
0

First of all, I would start with splitting this into 2 issues. IMAP is handles by Dovecot. If you are able to receive your messages from the server, then Dovecot isn't the issue, it is doing its job.

Sending the mail is done with Postfix. You said "mail clients local to the server receive and send email just fine." - this indicated to me that your mail clients may not be authenticating to the Postfix server on port 25, or it is not listening on your external interfaces on port 25. As Bart mentioned, try to telnet to port 25 and see if you get the Postfix banner. If you do, make sure your clients are authenticating (and you've set up Postfix to allow authentication) so that they can send mail through your server.

Dave Drager
  • 8,375
  • 29
  • 45
  • I do get a Postfix banner when I telnet to port 25. netstat shows some process "master" listening to that port. – chernevik Sep 14 '09 at 16:11
  • "Make sure your clients are authenticating" -- how do I do this? I don't see any authentication failures in the server logs. I do get these when I run Alpine and give a bad server account password. – chernevik Sep 14 '09 at 16:16
  • You get these when checking mail though, right? Alpine can access both imap and smtp. I would turn off any SSL you have set up and then troubleshoot using telnet to port 25, see if you are getting the banner, and send a message from there (either using AUTH or not) – Dave Drager Sep 14 '09 at 16:39
0

You can pretend to be a client by reading the relevant RFC (particularly around section 4) and pretending to be a mail client. Turn off all SSL/TLS configurations first to see if you are able to send mail properly. Then, turn them on and use telnet-ssl or openssl client to connect to the SSL ports instead.

Also, you need to be clear on whether there are problems with local or external mail delivery. If it is local delivery, you need to check how this is done by postfix. A common way would be to pipe local mail delivery over to procmail but it is also possible to pipe it over to dovecot and you need to make sure that the piping is working correctly. Check the logs.

sybreon
  • 7,405
  • 1
  • 21
  • 20