dovecot - Jun 2009 - unable to send mails via postfix/dovecot SASL

Hello,

I have a freshly setup postfix/dovecot mail server (after a server
upgrade I decided to change my sendmail/popper conf to something more
modern :)

It mostly works, there is no problem in sending/receiving mails in local
network, both using text clients like mutt or pine dealing with the
incoming/outcoming mail directly. Also dovecot works fine with SSL
authentication from the outside world (home computers etc) but only for
reading the mail.

I have been struggling for several days already to get
postfix/dovecot/SSL trio to work for sending (relaying) mail from the
home computers (but also from local network) via my server to the final
recipients, using authenticated connections. I followed 
http://wiki.dovecot.org/HowTo/PostfixAndDovecotSASL
hints for the configuration of postfix and dovecot (see output of
dovecot -n and postconf -n commands below). I also uncommented
"smtps" line in /etc/postfix/master.cf file (otherwise postfix was
refusing any connections to secure SMTP port). For a while, I
uncommented also "submission" line there but to no success either.

Now when I try to send a mail from my home PC, using Thuinderbird
2.0.0.21, with SSL connection configured for outgoing smtp server (port
465), using username/password, it shows "Connected to server..."
message
but after a minute or so, it fails saying that the connection to SMTP
server failed.

The server log shows:
11:51:24 sirius postfix/smtpd[15126]: connect from my_home_pc_name/ip
Jun 11 11:52:25 sirius postfix/smtpd[15126]: lost connection after
    UNKNOWN from from my_home_pc_name/ip
Jun 11 11:52:25 sirius postfix/smtpd[15126]: disconnect from my_home_pc_name/ip

There are no dovecot-related messages in the log regarding such an
attempt.

I am not sure whether this is dovecot or postfix problem but, being no
expert on either of those, I am asking help to resolve this annoying
problem.

with best regards,
Michal.

-------------- dovecon -n --------------------------
# 1.0.7: /etc/dovecot.conf
ssl_cert_file: /etc/pki/dovecot/certs/sirius.pem
ssl_key_file: /etc/pki/dovecot/private/sirius.key
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
mail_location: mbox:~/Mail:INBOX=/var/spool/mail/%u
mmap_disable: yes
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/lib64/dovecot/imap
mail_plugin_dir(imap): /usr/lib64/dovecot/imap
mail_plugin_dir(pop3): /usr/lib64/dovecot/pop3
imap_client_workarounds(default): delay-newmail outlook-idle netscape-eoh
imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh
imap_client_workarounds(pop3): outlook-idle
pop3_client_workarounds(default): 
pop3_client_workarounds(imap): 
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
auth default:
  mechanisms: plain login
  verbose: yes
  passdb:
    driver: pam
  userdb:
    driver: passwd
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 432
      user: postfix
      group: postfix

----------------- postconf -n ----------------------------
alias_database = hash:/etc/mail/aliases
alias_maps = hash:/etc/mail/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailbox_command = /usr/bin/procmail
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
masquerade_domains = astrouw.edu.pl
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
mail.$mydomain, www.$mydomain, ftp.$mydomain,	/etc/mail/local-host-names
myhostname = sirius.astrouw.edu.pl
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_generic_maps = hash:/etc/postfix/generic
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/access,
permit_mynetworks,	permit_sasl_authenticated,	reject_unauth_destination,
reject_unlisted_recipient
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
unknown_local_recipient_reject_code = 550
---------------------------------------------------------------

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

On 6/11/2009, Michal Szymanski (msz at astrouw.edu.pl)
wrote:
> (after a server upgrade I decided to change my sendmail/popper conf
> to something more modern :)
Then why install a version that is well over a year old?

1.1.16 is the current stable version, but 1.2 is at rc5 stage and
release is imminent... I'd start with that.

-- 

Best regards,

Charles

On Thu, Jun 11, 2009 at 5:02 AM, Michal Szymanski<msz at astrouw.edu.pl>
wrote:
> Now when I try to send a mail from my home PC, using Thuinderbird
> 2.0.0.21, with SSL connection configured for outgoing smtp server (port
> 465), using username/password, it shows "Connected to server..."
message
> but after a minute or so, it fails saying that the connection to SMTP
> server failed.
>
> The server log shows:
> 11:51:24 sirius postfix/smtpd[15126]: connect from my_home_pc_name/ip
> Jun 11 11:52:25 sirius postfix/smtpd[15126]: lost connection after
> ? ?UNKNOWN from from my_home_pc_name/ip
> Jun 11 11:52:25 sirius postfix/smtpd[15126]: disconnect from
my_home_pc_name/ip
This looks as if you didn't enable SSL wrappermode in postfix's
master.cf for port 465.

In postfix master.cf, make sure the section for port 465/smtps contains
  -o smtpd_tls_wrappermode=yes


With a modern email client like TBird, it's generally preferred to use
STARTTLS (that's the TLS button in TBird) on the "submission" port
587.

  -- Noel Jones

On Thu, Jun 11, 2009 at 5:02 AM, Michal Szymanski<msz at astrouw.edu.pl>
wrote:
> ----------------- postconf -n ----------------------------
> alias_database = hash:/etc/mail/aliases
> alias_maps = hash:/etc/mail/aliases
> broken_sasl_auth_clients = yes
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> header_checks = regexp:/etc/postfix/header_checks
> html_directory = no
> inet_interfaces = all
> mail_owner = postfix
> mailbox_command = /usr/bin/procmail
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> masquerade_domains = astrouw.edu.pl
> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
mail.$mydomain, www.$mydomain, ftp.$mydomain, ? /etc/mail/local-host-names
> myhostname = sirius.astrouw.edu.pl
> newaliases_path = /usr/bin/newaliases.postfix
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
> sample_directory = /usr/share/doc/postfix-2.3.3/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> smtp_generic_maps = hash:/etc/postfix/generic
> smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/access, permit_mynetworks, ? ? ?permit_sasl_authenticated, ? ?
?reject_unauth_destination, ? ? ?reject_unlisted_recipient
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_path = private/auth
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_type = dovecot
> unknown_local_recipient_reject_code = 550
> ---------------------------------------------------------------

I don't see any references to tls in your postconf -n output.  Has
postfix been built with openssl?

Also, postfix 2.3 is quite old, for a new installation consider a more
recent version.

  -- Noel Jones