On Wed, Oct 12, 2011 at 09:13:45AM +0300, Tolga wrote:
> Below are my postconf -n and master.cf:
>
> root@vps:~# postconf -n
> debug_peer_level = 3
> debug_peer_list = localhost
Don't.
> myhostname = vps.ozses.net
No such host in the public DNS.
> mynetworks = 127.0.0.0/8 127.0.0.2/32 184.82.40.0/24 64.120.177.0/24
This looks wrong, with hosts like:
...
176.177.120.64.in-addr.arpa. IN PTR 64-120-177-176.static.hostnoc.net.
177.177.120.64.in-addr.arpa. IN PTR 64-120-177-177.static.hostnoc.net.
178.177.120.64.in-addr.arpa. IN PTR vpn.cyber-army.com.
179.177.120.64.in-addr.arpa. IN PTR lulz.maximumtrolling.pl.
180.177.120.64.in-addr.arpa. IN PTR chat.topbaby.com.br.
181.177.120.64.in-addr.arpa. IN PTR mitm.madhacker.biz.
182.177.120.64.in-addr.arpa. IN PTR sli6.amigo.co.za.
183.177.120.64.in-addr.arpa. IN PTR 64-120-177-183.static.hostnoc.net.
184.177.120.64.in-addr.arpa. IN PTR 64-120-177-184.static.hostnoc.net.
185.177.120.64.in-addr.arpa. IN PTR 64-120-177-185.static.hostnoc.net.
186.177.120.64.in-addr.arpa. IN PTR 64-120-177-186.static.hostnoc.net.
...
on 64.120.177, it seems unlikely they're all suitable trusted clients for
your Postfix server.
> smtpd_recipient_restrictions =
> permit_mynetworks,
> permit_sasl_authenticated,
> reject_non_fqdn_hostname,
> reject_non_fqdn_sender,
> reject_non_fqdn_recipient,
> reject_unauth_destination,
> reject_unauth_pipelining,
> reject_invalid_hostname
Good, this won't allow unauthenticated systems outside mynetworks
to send email.
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_local_domain = $myhostname
> smtpd_sasl_path = private/auth
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_type = dovecot
Assuming dovecot is running and configured appropriately, this
should enable SASL auth (dovecot's auth socket needs to be
in /var/spool/postfix/private).
> virtual_transport = virtual
If you have dovecot, you should probably use LMTP.
> # ==========================================================================
> # service type private unpriv chroot wakeup maxproc command + args
> # (yes) (yes) (yes) (never) (100)
> # ==========================================================================
> smtp inet n - n - - smtpd
> submission inet n - n - - smtpd
> # -o smtpd_tls_security_level=encrypt
> # -o smtpd_sasl_auth_enable=yes
> # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> # -o milter_macro_daemon_name=ORIGINATING
You forgot to uncomment the submission options, so your submission
port does not offer TLS, and you don't have a cert/key configured
in main.cf.
> Unfortunately, there are no errors / logs related to this. I just
> don't get any mail/logs when I use the submission port.
The Postfix SMTP server logs all TCP connections and any subsequent
mail transactions. With no logs, the best conclusion is that you do
not in fact "use the submission port".
You must show evidence that you're in fact connecting to this
Postfix on port 587 by showing appropriate logs, output of
attempts via "telnet hostname 587", packet traces, ...
--
Viktor.
