11 posts / 0 new
Last post
#1 Fri, 04/03/2009 - 02:45
toothandnail

Email Woes

I've started using Webmin and Virtualmin recently for the first time after several years of using Plesk and cPanel. Overall I'm extremely impressed.

For a while I thought I was able to get a good IMAP connection, but now I can't get Dovecot to launch, even on restart. I've been able to get it to launch via SSH, but then it shows as not running in Webmin. I don't even know where to begin with this one, when I check the mail error logs they're blank.

I haven't had much with SMTP either. I believe my ISP is blocking port 25, so I need to open an alternate port. Every solution I've found for this seems to be a solution specific to an individual domain, but I'd really like to find a solution that will open the alternate port for every domain I choose to open on the server.

Any suggestions?

Fri, 04/03/2009 - 05:25
andreychek

Howdy,

For Dovecot -- if it's not starting up, you may want to look in the email logs (/var/log/maillog or /var/log/mail.log) for the reason why -- if it doesn't make any sense, just paste the error in the forum here.

For ISP's blocking port 25 -- are you saying that your ISP is blocking incoming connections to port 25 on your server (meaning you're running this on perhaps a home connection or so), or do you have a server at a data center, and your ISP is preventing you from reaching port 25 on the server in the datacenter?

There's different solutions, depending on which of those it is ;-)

Have a good one,
-Eric

Fri, 04/03/2009 - 11:11 (Reply to #2)
toothandnail

Sure, there's not much exciting happening on the server right now anyway:
http://doghousemedia.ca/

Thanks in advance!

Fri, 04/03/2009 - 16:11 (Reply to #3)
andreychek

Howdy,

The Submission port, 587, does appear to be enabled on your server.

If it's not working for you, be sure that you have SSL/TLS enabled in your email client, in addition to changing the port to 587.
-Eric

Fri, 04/03/2009 - 07:39
Joe
Joe's picture

<div class='quote'>I haven't had much with SMTP either. I believe my ISP is blocking port 25, so I need to open an alternate port.</div>

As Eric mentioned, this depends on where your server is located (and if it's located on a network without port 25 access, you simply can't realistically use it as a mail server). Assuming you just mean, &quot;I can't reach my server because my client machine has no port 25 access&quot;, the solution is easy:

Edit /etc/postfix/master.cf

Copy the whole line that begins with &quot;smtp&quot; (the first uncommented line, usually), and change &quot;smtp&quot; to &quot;2525&quot; (now there should be two identical lines...except for the change to 2525 for the second). Save it and restart Postfix. Configure your client to use port 2525.

The other, probably better option, is to configure smtps and/or submission. Both use TLS, by default, and so you need a certificate (the &quot;snake-oil&quot; certificate provided by some systems would work, but lead to lots of warnings from the email client...email clients tend to be more angry about invalid certs than even browsers, so it's just not worth the trouble of running SSL if you don't have a certificate).

Note that domain is irrelevant in these configurations (and Postfix can only ever have one domain name for SSL connections...and that's fine...stop thinking about domains at all in relation to smtp service, as it'll just confuse you to try thinking of things that way).

--

Check out the forum guidelines!

Fri, 04/03/2009 - 07:39
mdtiberi

I also switched from Plesk to Webmin and quite happy with it. I also had initial problems with Dovecot as well, The problem in my case was a permissions issue and couldn't receive email. Also usernames are a bit different them Plesk as well in that the syntax is <i>username.domain</i>. This caused me a lot of headaches at the beginning because I was so used to Plesk.

To reiterate Eric's comments, post the logs.

Fri, 04/03/2009 - 08:09
toothandnail

It turned some of the authentication settings I had specified for Dovecot were incompatible with the (default) storage message. I guess in a perfect world it would have been nice if Webmin could have caught the incompatibility, but I realize that's probably a tall order. Anyway, once I found the right log to look at it was easy enough to diagnose. Wouldn't mind finding out sometime what I would need to do to be able to use some of the MD5-based authentication sometime, tho.

I successfully sent a message using webmail, which leads me to believe the problem is with my ISP blocking port 25 (the server is at a data center somewhere far, far away). I did try uncommenting the submission line in the postfix config, but my mail client still says it can't establish an SMTP connection (it tries 587 by default).

One other poser, though: as a test I did a DNS check at pingability.com and here's what it said about the mail server: &quot;Socket Timeout Exception: Read timed out&quot;. Strange that my mail client is able to establish an IMAP connection but not pingability.com...

I did Google that error message, and there was a note in this forum about opening up port 53 for UDP. So I took a crack at that...

I opened up port 53 over UDP and added that to the incoming packets chain, one up from the bottom. When I tried to apply the changes, I got this error:
Loading additional iptables modules: ip_conntrack_netbios_ns [FAILED]

Thank God this is a Newbies forum!

Fri, 04/03/2009 - 11:05 (Reply to #7)
Joe
Joe's picture

<div class='quote'>Wouldn't mind finding out sometime what I would need to do to be able to use some of the MD5-based authentication sometime, tho.</div>

Encrypted authentication types don't work with normal system users. You would need a separate database of users with the alternately hashed passwords (or stored plaintext).

The secure alternative to digest auth types is to encrypt the entire session with SSL/TLS. Dovecot supports this without trouble.

--

Check out the forum guidelines!

Fri, 04/03/2009 - 10:05
toothandnail

OK, I'm thinking that the firewall message isn't critical, though it would be nice to sort that out. I got thinking that setting postfix to listen on 587 is one thing, but it doesn't do much good unless I open a port in the firewall too.

I allowed a TCP connection on 587, and now when I do a port scan it seems to see 587 OK.

Still no luck with an SMTP connection though, and still getting the &quot;Socket Timeout Exception&quot; error on pingability.

Any other thoughts?

Fri, 04/03/2009 - 10:51 (Reply to #9)
andreychek

Well, I know no one likes to post their hostnames and such on the Net -- but if you did, we could test to see what ports are working.

Think of the Virtualmin forums as a slightly more interactive pingability.com :-)
-Eric

Fri, 04/03/2009 - 17:22
toothandnail

I followed the instructions on this page, particularly &quot;3c. Configure SASL Authentication with TLS&quot;:
http://www.eurofreecode.com/linux/debian-quick-linux-server-installation...

It seems to have gotten things working for me, SMTP connections are now working without issue.

Topic locked