Results 1 to 9 of 9
  1. #1
    Join Date
    Jul 2006
    Posts
    73

    Postfix + Google = headache. Your help needed

    Hi all,

    I installed recently Postfix + Dovecot (yum) on a CentOS 5.1 test box. The configuration went OK, I can telnet on port 25, 587 and 465 with no problems.

    Code:
    # hostname -f
    localhost.localdomain
    
    #openssl s_client -connect localhost:465
    CONNECTED(00000003)
    depth=0 /C=CA/ST=Quebec/L=Montreal/O=Axivo [email protected]
    verify error:num=18:self signed certificate
    verify return:1
    depth=0 /C=CA/ST=Quebec/L=Montreal/O=Axivo [email protected]
    verify return:1
    [more certificate code here ...]
    ---
    220 localhost.localdomain ESMTP Postfix
    ehlo localhost
    250-localhost.localdomain
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-AUTH LOGIN PLAIN
    250-AUTH=LOGIN PLAIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    
    # telnet localhost 587
    Trying 127.0.0.1...
    Connected to localhost.localdomain (127.0.0.1).
    Escape character is '^]'.
    220 localhost.localdomain ESMTP Postfix
    ehlo localhost
    250-localhost.localdomain
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH LOGIN PLAIN
    250-AUTH=LOGIN PLAIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    Now, if I want to send a test email using a PHP script (I tried in vBulletin), I get this message in maillog:
    Code:
    Feb 24 23:21:08 localhost postfix/smtp[4148]: connect to ALT1.ASPMX.L.GOOGLE.com[209.85.133.114]: Connection timed out (port 25)
    The email I send out to is set on a Gmail for my domain host. In other words, mail.domain.com is CNAMEed to Google servers.
    I was wondering if you could look at my setup and let me know if I missed something.

    main.cf
    Code:
    queue_directory = /var/spool/postfix
    command_directory = /usr/sbin
    daemon_directory = /usr/libexec/postfix
    mail_owner = postfix
    default_privs = nobody
    inet_interfaces = all
    mydestination = $myhostname, localhost.$mydomain, localhost
    unknown_local_recipient_reject_code = 550
    mynetworks = 192.168.1.0/24, 127.0.0.0/8
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    home_mailbox = Maildir/
    mail_spool_directory = /var/spool/mail
    mailbox_command = /usr/bin/procmail
    local_destination_concurrency_limit = 2
    default_destination_concurrency_limit = 20
    debug_peer_level = 1
    debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5
    sendmail_path = /usr/sbin/sendmail.postfix
    newaliases_path = /usr/bin/newaliases.postfix
    mailq_path = /usr/bin/mailq.postfix
    setgid_group = postdrop
    html_directory = no
    manpage_directory = /usr/share/man
    sample_directory = /usr/share/doc/postfix-2.3.3/samples
    readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
    
    smtp_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_local_domain =
    smtpd_sasl_security_options = noanonymous
    smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination
    smtpd_delay_reject = yes
    broken_sasl_auth_clients = yes
    smtpd_use_tls = yes
    smtpd_tls_auth_only = no
    smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
    smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_smtp_use_tls = yes
    tls_random_exchange_name = /etc/postfix/prng_exch
    tls_random_source = dev:/dev/urandom
    master.cf (with some verbose turned on)
    Code:
    smtp      inet  n       -       n       -       -       smtpd -v
    submission inet n       -       n       -       -       smtpd -v
      -o smtpd_enforce_tls=no
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    smtps     inet  n       -       n       -       -       smtpd -v
      -o smtpd_tls_wrappermode=yes
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    ...
    the rest is unchanged as default conf
    I also set the mta to sendmail.postfix.
    Code:
    # alternatives --config mta
    
    $ ls -l /usr/sbin/sendmail
    lrwxrwxrwx 1 root root 21 Dec 14 23:13 /usr/sbin/sendmail -> /etc/alternatives/mta
    
    $ ls -l /etc/alternatives/mta
    lrwxrwxrwx 1 root root 26 Feb 23 23:16 /etc/alternatives/mta -> /usr/sbin/sendmail.postfix
    Any help is appreciated. Thank you for taking the time to read this thread.
    yqed.com (why queued) - my blog

  2. #2
    Can you telnet to that google mailserver IP address on port 25 from the server? Is there possibly a firewall rule in place preventing outbound connections on port 25?
    It looks like it accepted the message and is trying to relay it to google's mailserver, but the connection is timing out for some reason.

  3. #3
    Join Date
    Jul 2006
    Posts
    73
    Hi prologan,

    Nope... I cannot. Telneting to ALT1.ASPMX.L.GOOGLE.com

    Code:
    # telnet ALT1.ASPMX.L.GOOGLE.com 25
    Trying 64.233.183.114...
    telnet: connect to address 64.233.183.114: Connection timed out
    Trying Trying 209.85.133.27...
    telnet: connect to address 209.85.133.27: No route to host
    telnet: Unable to connect to remote host: No route to host
    I have this line in iptables:
    Code:
    -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 25 -j ACCEPT
    What do you recommend me to do? Thanks.
    Last edited by Teckinno; 02-25-2008 at 02:31 AM.
    yqed.com (why queued) - my blog

  4. #4
    Sounds like it's network related rather than anything pertaining to your mailserver config.

  5. #5
    Join Date
    Jul 2006
    Posts
    73
    Hmm, any server I try to telnet on port 25 would output a timeout error.
    What should I do next?
    yqed.com (why queued) - my blog

  6. #6
    Join Date
    Feb 2006
    Location
    Server cabinets
    Posts
    43
    Turn your firewall off and try again.

  7. #7
    Join Date
    Mar 2007
    Location
    UK
    Posts
    852
    Is your resolv.conf setup correctly, as this could cause the problems with routing to the host.

  8. #8
    Join Date
    Jul 2006
    Posts
    73
    Quote Originally Posted by awaes View Post
    Turn your firewall off and try again.
    Selinux was in permissive mode, during the tests I performed above.


    Thanks Ashley, I will look at the resolv.conf and let you know guys what I found.
    At least... I can ping the server and I have Internet access on the box. Better then nothing.
    yqed.com (why queued) - my blog

  9. #9
    Join Date
    Nov 2002
    Location
    WebHostingTalk
    Posts
    8,878
    * Moved to Technical and Security Issues....

    Sirius
    I support the Human Rights Campaign!
    Moving to the Tampa, Florida area? Check out life in the suburbs in Trinity, Florida.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •