1 Topic by Rashef (edited by Rashef 2018-09-28 15:09:01)

  • Rashef
  • Rashef
  • Member
  • Offline
  • From: London
  • Registered: 2009-05-22
  • Posts: 93

Topic: SMTP not working after fresh install

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Linux/BSD distribution name and version: CentOS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi, I am facing a few issues after a fresh installation.

The main one at the moment is that SMTP doesn't seem to be working properly. I configured a main domain (mydomain.com) and I have created two mailboxes (one@mydomain.com, two@mydomain.com).

Important premise, compared to the guidelines I have two modifications:
- a haproxy on top replying to mail.mydomain.com, while iredmail is on mail1.mydomain.com (and the whole configuration was done using mail1.mydomain.com, just in case that was a mistake)
- I replaced certificates with wildcard letsencrypt ones (to handle the whole mail -> mail1 thing)

I can log into both roundcube and sogo, but when I try and send an email from one address to the other (so, internal to the same domain) I get in both rc and sogo "Connection to server failed".

The Maillog is full of these lines, repeated every 2 seconds, but nothing more:

Sep 28 08:42:19 mail1 postfix/postscreen[22162]: CONNECT from [<haproxy_ip>]:47858 to [<iredmail_ip>]:25
Sep 28 08:42:19 mail1 postfix/postscreen[22162]: HANGUP after 0 from [<haproxy_ip>]:47858 in tests before SMTP handshake
Sep 28 08:42:19 mail1 postfix/postscreen[22162]: DISCONNECT [<haproxy_ip>]:47858

Syslog is full of these lines repeated over and over:

Sep 28 08:52:01 mail1 systemd: Created slice User Slice of sogo.
Sep 28 08:52:01 mail1 systemd: Starting User Slice of sogo.
Sep 28 08:52:01 mail1 systemd: Started Session 933 of user sogo.
Sep 28 08:52:01 mail1 systemd: Starting Session 933 of user sogo.
Sep 28 08:52:01 mail1 systemd: Removed slice User Slice of sogo.
Sep 28 08:52:01 mail1 systemd: Stopping User Slice of sogo.

I cannot see any real error anywhere so my assumption is that both roundcube and sogo cannot even reach postfix...

Although:

# netstat -tlpn | grep :587
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      19272/master
tcp6       0      0 :::587                  :::*                    LISTEN      19272/master

BTW, I can connect to the SMTP from my laptop with:

openssl s_client -debug -starttls smtp -crlf -connect mail.mydomain.com:25

I tried to send a message and I think I was greylisted...

2018-09-28 08:24:52 INFO [my_ip] RCPT, personal_email@me.com -> one@mydomain.com, 451 4.7.1 Intentional policy rejection, please try again later [sasl_username=, sender=personal_email@me.com, client_name=cpc101482-brnt2-2-0-cust200.4-2.cable.virginm.net, reverse_client_name=cpc101482-brnt2-2-0-cust200.4-2.cable.virginm.net, helo=mail.mydomain.com, encryption_protocol=TLSv1.2, process_time=0.0445s]

I am not sure this means anything but if I try the same locally I get a message about the lack of startls on the server?

# openssl s_client -debug -starttls smtp -crlf -connect 127.0.0.1:25
CONNECTED(00000003)
read from 0x2706150 [0x2706250] (4096 bytes => 31 (0x1F))
0000 - 34 32 31 20 34 2e 33 2e-32 20 4e 6f 20 73 79 73   421 4.3.2 No sys
0010 - 74 65 6d 20 72 65 73 6f-75 72 63 65 73 0d 0a      tem resources..
write to 0x2706150 [0x2707260] (25 bytes => 25 (0x19))
0000 - 45 48 4c 4f 20 6f 70 65-6e 73 73 6c 2e 63 6c 69   EHLO openssl.cli
0010 - 65 6e 74 2e 6e 65 74 0d-0a                        ent.net..
read from 0x2706150 [0x2706250] (4096 bytes => 0 (0x0))
didn't found starttls in server response, try anyway...
write to 0x2706150 [0x7ffc7a815540] (10 bytes => -1 (0xFFFFFFFFFFFFFFFF))
read from 0x2706150 [0x2633f00] (8192 bytes => 0 (0x0))
write to 0x2706150 [0x27061d0] (289 bytes => -1 (0xFFFFFFFFFFFFFFFF))
write:errno=32
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 31 bytes and written 25 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1538118320
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

A normal 

telnet 127.0.0.1 25

seems to work for a few seconds and then:

421 4.3.2 No system resources
Connection closed by foreign host.

Any suggestion on what I can check?

Thanks!

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,792

Re: SMTP not working after fresh install

Whitelist your haproxy ip address in Postfix /etc/postfix/postscreen_access.cidr
Also: https://www.haproxy.com/blog/efficient- … balancers/