At this time /command/svcscanboot
should have started qmail
:
> ps axfww 20017 ? Ss 0:00 /bin/sh /command/svscanboot 20019 ? S 0:00 \_ svscan /service 20021 ? S 0:00 | \_ supervise qmail-submission 20032 ? S 0:00 | | \_ /usr/local/bin/tcpserver -v -R -l smtp.mydomain.tld -x /home/vpopmail/etc/tcp.submission.cdb -c 200 -u 89 -g 89 0 587 /var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true 20022 ? S 0:00 | \_ supervise log 20045 ? S 0:00 | | \_ /usr/local/bin/multilog t s16777215 /var/log/qmail/submission 20023 ? S 0:00 | \_ supervise qmail-smtpd 20035 ? S 0:00 | | \_ /usr/local/bin/tcpserver -v -R -l smtp.mydomain.tld -x /home/vpopmail/etc/tcp.smtp.cdb -c 200 -u 89 -g 89 0 25 /var/qmail/bin/qmail-smtpd /bin/true 20024 ? S 0:00 | \_ supervise log 20034 ? S 0:00 | | \_ /usr/local/bin/multilog t n5 s16777215 /var/log/qmail/smtpd n5 s16777215 -* +* qlog* !/usr/local/bin/archive_qmail_qlog /var/log/qmail/smtpd/qlog 13965 ? S 0:00 | \_ supervise vusaged 13977 ? Sl 0:05 | | \_ /home/vpopmail/bin/vusaged 13966 ? S 0:00 | \_ supervise log 13980 ? S 0:00 | | \_ /usr/local/bin/multilog t /var/log/qmail/vusaged 20025 ? S 0:00 | \_ supervise vpopmaild 20033 ? S 0:00 | | \_ /usr/local/bin/tcpserver -v -H -R -l 0 -u 0 -g 0 0 89 /home/vpopmail/bin/vpopmaild 20026 ? S 0:00 | \_ supervise log 20040 ? S 0:00 | | \_ /usr/local/bin/multilog t /var/log/qmail/vpopmaild 20027 ? S 0:00 | \_ supervise clear 20028 ? S 0:00 | \_ supervise qmail-smtpsd 20047 ? S 0:00 | | \_ /usr/local/bin/sslserver -seV -Rp -l smtp.mydomain.tld -Xx /home/vpopmail/etc/tcp.smtp.cdb -c 200 -u 89 -g 89 0 smtps /var/qmail/bin/qmail-smtpd /bin/true 20029 ? S 0:00 | \_ supervise log 20041 ? S 0:00 | | \_ /usr/local/bin/multilog t n5 s16777215 /var/log/qmail/smtpsd n5 s16777215 -* +* qlog* !/usr/local/bin/archive_qmail_qlog /var/log/qmail/smtpsd/qlog 20030 ? S 0:00 | \_ supervise qmail-send 20036 ? S 0:00 | | \_ qmail-send 20052 ? S 0:00 | | \_ qmail-lspawn | /home/vpopmail/bin/vdelivermail '' delete 20053 ? S 0:00 | | \_ qmail-rspawn 20054 ? S 0:00 | | \_ qmail-clean 20055 ? S 0:00 | | \_ qmail-todo 20056 ? S 0:00 | | \_ qmail-clean 20031 ? S 0:00 | \_ supervise log 20042 ? S 0:00 | \_ /usr/local/bin/multilog t s16777215 /var/log/qmail/send 20020 ? S 0:00 \_ readproctitle service errors: ...............................................................................................................................................................
If everything is ok you should see something like this. There must be only dots in the readproctitle service errors
line.
You can always clean the errors' line in this way:
svc -o /service/clear
or, if you're using my modified qmailctl file, you can do this:
qmailctl clear
Check the queue and the services uptime:
> qmailctl stat qmail-smtpd: [ up ] (pid 20035) 0 day(s), 00:02:13 qmail-smtpd/log: [ up ] (pid 20034) 0 day(s), 00:02:13 qmail-smtpsd: [ up ] (pid 20047) 0 day(s), 00:02:13 qmail-smtpsd/log: [ up ] (pid 20041) 0 day(s), 00:02:13 qmail-submission: [ up ] (pid 20032) 0 day(s), 00:02:13 qmail-submission/log: [ up ] (pid 20045) 0 day(s), 00:02:13 qmail-send: [ up ] (pid 20036) 0 day(s), 00:02:13 qmail-send/log: [ up ] (pid 20042) 0 day(s), 00:02:13 vpopmaild: [ up ] (pid 20033) 0 day(s), 00:02:13 vpopmaild/log: [ up ] (pid 20040) 0 day(s), 00:02:13 vusaged: [ up ] (pid 13977) 0 day(s), 00:02:13 vusaged/log: [ up ] (pid 13980) 0 day(s), 00:02:13 dovecot status: [ down ] clamd status: [ down ] freshclam status: [ down ] spamd status: [ down ] solr status: [ down ] httpd status: [ down ] mariadb status: [ down ] fail2ban status: [ down ] ClamAV database updated at: 2021-09-28 12:40:15 Total Domains: 16 messages in queue: 0 messages in queue but not yet preprocessed: 0
Check that the up time increases by repeating the qmailctl stat
command a couple of times. If something fails, check the logs.
The next two notes will show how to handle and eventually repair the queue.
swaks
swaks
is a SMTP test tool that you can use to perform all the telnet tests that are described below.
Install as follows:
cd /usr/local/bin wget http://www.jetmore.org/john/code/swaks/latest/swaks chown root:root swaks chmod +x swaks
The usage is pretty simple. Adjust to your needs:
swaks \ --to someone@somewhere.net \ --from postmaster@mydomain.tld \ --server localhost \ --port 587 \ --ehlo test \ -tls \ --auth login \ --auth-user postmaster@mydomain.tld \ --auth-password [PASSWORD]
You may want to take a look at the reference manual: http://www.jetmore.org/john/code/swaks/latest/doc/ref.txt
Testing the qmail
delivery
Look at the TEST.deliver man page and do all suggested tests.
Testing the SMTP connection
In this example [your-IP] is an IP that is allowed to use our MTA as a relay according to ~vpopmail/etc/tcp.smtp
; usually it is 127.0.0.1 or an address on an allowed localnet such as 10.0.0.5 or 192.168.1.12
This test will fail if you try to use the MTA as an open relay, telnetting from the outnet without the SMTP authentication (see below).
> telnet [your IP] 25 Trying [your IP]... Connected to qmail.mydomain.tld. Escape character is '^]'. 220 smtp.mydomain.tld ESMTP mail from:<user@mydomain.tld> 250 ok rcpt to:<someone@somewhere.net> 250 ok data 354 go ahead subject: This is the subject to: someone@somewhere.net from: user@mydomain.tld This is the msg body FOLLOWING A BLANK LINE . 250 ok 1286469273 qp 31969 quit 221 www.mydomain.tld Connection closed by foreign host.
***********
Of course it may happen that something goes wrong
> telnet [your IP] 25 Trying [your IP]... Connected to [yout IP]. Escape character is '^]'. Connection closed by foreign host.
Let's check the smtp
log:
> more /var/log/qmail/smtpd/current @400000004cb7145314702f74 /var/qmail/bin/qmail-smtpd: error while loading shared libraries: libcrypt.so.1: failed to map segment from shared object: Cannot allocate memory
If you see an error like this, your softlimit is too low. Try to increase it editing /var/qmail/supervise/qmail-smtpd/run
***********
> more /var/log/qmail/smtpd/current @400000004cc5baaf076df464 /var/qmail/bin/qmail-smtpd: error while loading shared libraries: libmysqlclient.so.16: cannot open shared object file: No such file or directory
I faced this error in a 64b virtual mail server. Mysql
was in a different virtual server and the mysql dir was mounted locally but qmail-smtp
cannot load it. I fixed this error by copying (not linking!) the library inside the guest in this way:
cp -p /usr/local/mysql/lib/libmysqlclient.so.16.0.0 /usr/lib64/libmysqlclient.so.16
***********
Check if the messages has been sent by opening /var/log/qmail/send/current
***********
Try to send a message to yourself and look for the message in the Maildir/new
folder:
> telnet [your IP] 25 Trying [your IP]... Connected to qmail.mydomain.tld. Escape character is '^]'. 220 smtp.mydomain.tld ESMTP mail from:<user@mydomain.tld> 250 ok rcpt to:<user@mydomain.tld> 250 ok data 354 go ahead subject: This is the subject to: user@mydomain.tld from: user@mydomain.tld This is the msg body FOLLOWING A BLANK LINE . 250 ok 1286469273 qp 31969 quit 221 www.mydomain.tld Connection closed by foreign host. > ls -l /home/vpopmail/domains/mydomain.tld/user/Maildir/new total 4 -rw------- 1 vpopmail vchkpw 211 2010-12-09 13:22 1291897368.13072.qmail,S\=211
Testing the vpopmail
authentication
> telnet [your-IP] 89 Trying [your-IP]... Connected to [your-IP]. Escape character is '^]'. +OK login userid@mydomain.tld PASSWORD +OK+ vpopmail_dir /home/vpopmail domain_dir /home/vpopmail/domains/mydomain.tld uid 89 gid 89 name userid comment userName userSurname quota NOQUOTA user_dir /home/vpopmail/domains/mydomain.tld/userid encrypted_password $xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx clear_text_password xxxxxxxxxxxxxxxxx no_password_change 0 no_pop 0 no_webmail 0 no_imap 0 bounce_mail 0 no_relay 0 no_dialup 0 user_flag_0 0 user_flag_1 0 user_flag_2 0 user_flag_3 0 no_smtp 0 domain_admin_privileges 0 override_domain_limits 0 no_spamassassin 0 delete_spam 0 no_maildrop 0 system_admin_privileges 0 . quit +OK Connection closed by foreign host.
Testing chkuser
If you perform this test from localhost or from one of the localnets that are allowed to relay according to ~vpopmail/etc/tcp.smtp
...
10.0.0.:allow,RELAYCLIENT="" 127.:allow,RELAYCLIENT=""
...before continuing, you have to deny yourself from relaying. Clean and reload tcp.smtp
:
cd ~vpopmail/etc mv tcp.smtp tcp.smtp.bck touch tcp.smtp qmailctl cdb
Now we are ready for the test.
No valid MX test, mailbox syntax test
chkuser
rejects the messages if the MX record in the from field is non existent. This is a rare case since spammers will try to use your own domain in the from field.
> telnet [yourIP] 25 Trying [yourIP]... Connected to [yourIP]. Escape character is '^]'. 220 mydomain.tld ESMTP mail from: unexistent@fakedomain.xxx 550 5.1.8 sorry, can't find a valid MX for sender domain (chkuser) mail from: unexistent@fake_domain.xxx 553 5.1.7 sorry, mailbox syntax not allowed (chkuser) quit
No mailbox test
qmail/control/rcpthosts
file determines whether the recipient will be accepted: it will be accepted if and only if the domain of the address given in the RCPT TO
command is listed in rcpthosts. Anyway chkuser
is programmed to reject the messages for non existent users of these domains:
> telnet [yourIP] 25 Trying [yourIP]... Connected to [yourIP]. Escape character is '^]'. 220 mydomain.tld ESMTP mail from: someone@gmail.com 250 ok rcpt to: nobody@mydomain.tld 550 5.1.1 sorry, no mailbox here by that name (chkuser) quit
No rcpt hosts test
To allow clients to send outgoing messages through this MTA, you must authorize the relay from their IP addresses inside tcp.smtp
:
111.222.333.444:allow,RELAYCLIENT=""
In this case we have purged tcp.smtp
, so we are allowed to send messages only to local users (domains inside rcpthosts
) and chkuser
can't find the external domain in his list of allowed rcpthosts
> telnet [yourIP] 25 Trying [yourIP]... Connected to [yourIP]. Escape character is '^]'. 220 mydomain.tld ESMTP mail from: someone@gmail.com 250 ok rcpt to: someone@gmail.com 553 5.7.1 sorry, that domain isn't in my list of allowed rcpthosts (chkuser) quit
In addition look for chkuser
messages inside the smtp log /var/log/qmail/smtp/current
.
Don't forget to restore the tcp.smtp
rm tcp.smtp mv tcp.smtp.bck tcp.smtp qmailctl cdb
Testing smtp-auth
and TLS
Let's suppose that you have enabled the submission
service (port 587). If you have enabled smtp-auth
on port 25 replace 587 with 25 below.
Check that auth and TLS are present:
> telnet [your-IP] 587 Trying [your-IP]... Connected to [your-IP]. Escape character is '^]'. 220 smtp.mydomain.tld ESMTP EHLO test 250-smtp.mydomain.tld 250-STARTTLS 250-PIPELINING 250-8BITMIME 250-SIZE 3000000 mail from:someone@somewhere.net 530 Authorization required (#5.7.1) AUTH PLAIN 538 auth not available without TLS (#5.3.3) STARTTLS 220 ready for tls ?(?S^F?^@???^\?^^CR?^??*LV^?^Y+ ^W^C^A^@ o?^?&@?????^N^?>??^?.d[^ZE?^?2^?^F^?Xr?XN^W^C^A^@P?^?^?4H&>/4^UG^?^??Njg^]?^_^F;@?^T?^? ^@i?>r^F??g4??{^C??bc^^N?^Qb???^@?n^???8`?W^\?5?^?^HT?F^?X?(^?+ ^W^C^A^@ ?+^??2??W]^Y??}?^?^B^[??n?w^?qs^???^N^B^[^W^C^A^@@^CC3^?f?^Y.^?^?x#?j?^D?+?u^F^?^H?0^?^U??^@i?c$ ^CConnection closed by foreign host.
The server seems to correctly provide STARTTLS
and AUTH
support. As you can see the authorization is required and the auth is not available without TLS
. When the server is "ready for tls" the connection goes encrypted and you have to quit with a ^C.
Be aware that you can choose between 3 authentication methods:
PLAIN
(unsecure withoutTLS
)LOGIN
(unsecure withoutTLS
)CRAM-MD5
(more secure, but not nedeed withTLS
)
Since we support TLS
I use to disable CRAM-MD5
in my run file. So we will test just LOGIN
and PLAIN
. If you want to enable CRAM-MD5
refer to the README.auth file.
Testing the relay with AUTH LOGIN
- Encoding the login -
To test the AUTH LOGIN
" method (it is safe since the entire connection is secure) you have to encode the BASE64 string of the username, let's say "test@test.net", and the password, let's say "test" as shown below.
> printf "test@test.net" | base64 dGVzdEB0ZXN0Lm5ldA== > printf "test" | base64 dGVzdA==
Thus, the username "test@test.net" translates to "dGVzdEB0ZXN0Lm5ldA==" and the corresponding password "test" becomes "dGVzdA=="
- Testing the relay -
Now let's check if the relay is working fine. To talk with the server during an encrypted dialog we will use an openssl connection with -starttls smtp; first of all the certificate will be presented:
> openssl s_client -starttls smtp -crlf -connect [your-IP]:587 CONNECTED(00000003) depth=0 /C=IT/ST=Italy/L=Cagliari/O=Your Name/CN=smtp.mydomain.tld/emailAddress=postmaster@mydomain.tld verify error:num=18:self signed certificate verify return:1 depth=0 /C=IT/ST=Italy/L=Cagliari/O=Your Name/CN=smtp.mydomain.tld/emailAddress=postmaster@mydomain.tld verify return:1 --- Certificate chain 0 s:/C=IT/ST=Italy/L=Cagliari/O=Your Name/CN=smtp.mydomain.tld/emailAddress=postmaster@mydomain.tld i:/C=IT/ST=Italy/L=Cagliari/O=Your Name/CN=smtp.sagredo.eu/emailAddress=postmaster@mydomain.tld --- Server certificate -----BEGIN CERTIFICATE----- xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -----END CERTIFICATE----- subject=/C=IT/ST=Italy/L=Cagliari/O=Your Name/CN=smtp.mydomain.tld/emailAddress=postmaster@mydomain.tld issuer=/C=IT/ST=Italy/L=Cagliari/O=Your Name/CN=smtp.yourname.net/emailAddress=postmaster@yourname.net --- No client certificate CA names sent --- SSL handshake has read 1650 bytes and written 354 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Session-ID-ctx: Master-Key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Key-Arg : None Start Time: 1292613625 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- EHLO test 250-sagredo.eu 250-PIPELINING 250-8BITMIME 250-AUTH LOGIN PLAIN CRAM-MD5 250 SIZE 25000000 AUTH LOGIN 334 VXNlcm5hbWU6 dGVzdEB0ZXN0Lm5ldA== 334 UGFzc3dvcmQ6 dGVzdA== 235 ok, go ahead (#2.0.0)
Testing the relay with AUTH PLAIN
- Encoding the login -
The correct form of the AUTH PLAIN
is "\0authentication-id\0passwd
'" where \0 is the null byte. If the username is "test@test.net" and the password is "test" you have to encode the BASE64 string of "\0test@test.net\0test":
> printf "\0test@test.net\0test" | base64 AHRlc3RAdGVzdC5uZXQAdGVzdA==
- Testing the relay -
Now let's check if the relay is working fine. To talk with the server during an encrypted dialog we will use an openssl connection with -starttls smtp; first of all the certificate will be presented:
> openssl s_client -starttls smtp -crlf -connect [your-IP]:587 CONNECTED(00000003) [THE SAME AS AUTH LOGIN BEFORE] --- 250 AUTH LOGIN PLAIN AUTH PLAIN AHRlc3RAdGVzdC5uZXQAdGVzdA==
Troubleshooting
If something goes wrong you can always log the smtp conversation running qmail-smtpd
in conjunction with Bernstein's recordio
program (hopefully from the command line):
exec /usr/local/bin/softlimit -m "$SOFTLIMIT" \ /usr/local/bin/tcpserver -v -H -R -l 0 \ -x /home/vpopmail/etc/tcp.submission.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g "$NOFILESGID" 0 submission \ /usr/local/bin/recordio \ /var/qmail/bin/qmail-smtpd \ /home/vpopmail/bin/vchkpw /bin/true 2>&1
You can also use strace to better investigate how the smtpd
session is going on:
# strace -f -o /tmp/strace.log -p <tcpserver-pid>
You can quickly get the qmail-smtpd
tcpserver
's ip as follows:
# ps axf|grep tcpserver|grep 25 26194 ? S 0:00 | | \_ /usr/local/bin/tcpserver -v -H -R -l yourdomain.tld -x /home/vpopmail/etc/tcp.smtp.cdb -c 20 -u 89 -g 89 0 25 /var/qmail/bin/qmail-smtpd
Testing TLS (1.3) capabilities
- More info here
You can check the server's TLS 1.3 capabilities and vulnerabilities using the testssl.sh script from Dirk Wetter.
Download as follows
git clone --depth 1 https://github.com/drwetter/testssl.sh.git cd testssl.sh
Check that your submission port offers TLS 1.3 and that all SSL are banned
> ./testssl.sh -t smtp localhost:587 Testing protocols via sockets SSLv2 not offered (OK) SSLv3 likely not offered (OK), received 4xx/5xx after STARTTLS handshake, rerun with DEBUG>=2 or --ssl-native TLS 1 offered (deprecated) TLS 1.1 offered (deprecated) TLS 1.2 offered (OK) TLS 1.3 offered (OK): final
You should check the same with the option --ssl-native
to confirm that SSLv3 is not offered.
The script allows you to test other ports and your connection more deeply. Look at all possibilities offered
./testssl.sh --help
Comments
port 587 change TLS to SSL
Kenny Lee November 14, 2024 03:30 CET
Hi Roberto,
is it possible to change port 587 from TLS to SSL, which using the cert as IMAP and POP3 using now?
thank you
Reply | Permalink
port 587 change TLS to SSL
Roberto Puzzanghera Kenny Lee November 14, 2024 05:51 CET
Sorry, I can't get what you mean
Reply | Permalink
Can't telnet to port 25 until qmailctl reboot
Oliver Huynh November 12, 2024 06:40 CET
Hi Roberto, can you help me to investigate why qmail runs on port 25 for a while then it stops responding until I do qmailctl reboot. Pls check following logs
Reply | Permalink
Can't telnet to port 25 until qmailctl reboot
Roberto Puzzanghera Oliver Huynh November 12, 2024 10:38 CET
Hi, which qmail version? Does the connection die after a while even after the reboot?
Can you post the smtp log and your run file?
Reply | Permalink
Can't telnet to port 25 until qmailctl reboot
Oliver Huynh Roberto Puzzanghera November 13, 2024 04:55 CET
The issue happens also in port 587 today. I ran qmailctl reboot to fix this.
QMAIL_VERSION=2024.10.26
I followed all your notes.
Which log do you want to check since there are a lot of logs. smtpd?
Reply | Permalink
Can't telnet to port 25 until qmailctl reboot
Roberto Puzzanghera Oliver Huynh November 13, 2024 05:45 CET
Yes, qmail-smtpd log and run file
Reply | Permalink
ucspi-ssl have a error message on my server.
Jackie July 8, 2024 02:09 CET
I have configured ucspi-ssl with qmail on two servers. The SSL server works without problems on the standalone server, but on the server connected to the L4 switch, I see the following error message:
Despite this error, i can still connect to Outlook using port 465 and send emails. When i debug the issue, the SSL_get_error function returns the error SSL_ERROR_SYSCALL.
What is a problem? please help me.
Reply | Permalink
ucspi-ssl have a error message on my server.
Roberto Puzzanghera Jackie July 8, 2024 08:34 CET
from man sslserver I get
I would check your certificate
Reply | Permalink
Please Help. Why this error happen?
bakjeonggi July 5, 2024 03:40 CET
I installed ucspi-ssl-0.12.10 and run.
But this error showded
Strangely, outlook is working with 465 port.
Why this error happend??
Please help.
Reply | Permalink
Please Help. Why this error happen?
Roberto Puzzanghera bakjeonggi July 5, 2024 06:39 CET
from man sslserver I get
I would check your certificate
Reply | Permalink
qmail-smtpd segfault error 4 in libssl.so.3?
casey workman May 7, 2024 15:35 CET
I have installed two new servers to replace our aging qmail servers. I have them up and running and delivering mail just fine, I can telnet to port 25 on both machines and it will move mail. These are just relay servers, there aren't any actual email accounts on them. The servers sit in our server room and forward email on to Google for some legacy programs that we have that can't talk directly to Google. The issue pops up when a program tries to connect to port 25 and start a TLS session (without passing a username or password) just for encryption sake. The old servers were Cent7 and the new servers are Debian 12. The error that I am seeing in the qmail smtpd log file is "Status 11" and then in journalctl I am getting the following error...
Reply | Permalink
qmail-smtpd segfault error 4 in libssl.so.3?
Roberto Puzzanghera casey workman May 7, 2024 15:44 CET
which qmail or qmail patch are you using? I would try to do an strace against the qmail-smtpd process to investigate what's happening in detail
Reply | Permalink
qmail-smtpd segfault error 4 in libssl.so.3?
casey workman Roberto Puzzanghera May 7, 2024 16:27 CET
I'm running 1.03
And I will admit that I don't know much about getting a stack trace together to give to you. I have strace installed and when i run "strace -p #processnumber" it just displays...
and then I have to Ctrl-C to quit it.
Reply | Permalink
qmail-smtpd segfault error 4 in libssl.so.3?
Roberto Puzzanghera casey workman May 7, 2024 16:43 CET
If you are running qmail-1.03 you don't have TLS capabilities on qmail. You should patch qmail for tls using this patch http://inoa.net/qmail-tls/
To trace what qmail-smtpd is doing
but it's not useful at this point, until you don't have TLS enabled on qmail
Reply | Permalink
qmail-smtpd segfault error 4 in libssl.so.3?
casey workman Roberto Puzzanghera May 7, 2024 17:34 CET
i started the stack trace like you said and from another server ran the following...
and confirmed that no email came through. went to the qmail server, hit Ctrl-c to exit the trace and the viewed the log file.
And that same openssl code works just fine if I bounce it off one of the old servers. It connects and sends me an email. So I'm assuming that the install I have for this version of qmail has some sort of TLS already patched in. It just appears that the new servers are having an issue somewhere with a library. Qmail on all the servers were installed with the exact same set of instructions and install files. I did have to make one change to the qmail-smtpd.c file on the new servers because it was throwing an error when i was doing the inital "make"
When the process got to /usr/src/qmail/qmail-1.03/qmail-smtpd.c it was throwing an error (don't recall the exact wording) when it got to the line "ssl->state = SSL_ST_ACCEPT;". After a lengthy Google debug session i saw a few sites that had to replace that line with "SSL_set_accept_state(ssl);". I did that and it cleared up. I don't know if this has anything to do with my current problem or not. But I thought I would throw that out there.
Reply | Permalink
qmail-smtpd segfault error 4 in libssl.so.3?
Roberto Puzzanghera casey workman May 7, 2024 18:58 CET
mmmh you are in good position to have a mess in your server. I strongly suggest to use a patch that is tested. I don't think it's a good idea to modify the sources if you don't know exactly what you are doing. In addition your server certainly has an obsolete TLS support and you'll have rejects from other servers.
You can check if it already has TLS support looking at the smtp conversation, for example
as you see my server is issuing the STARTTLS verb
Reply | Permalink
qmail-smtpd segfault error 4 in libssl.so.3?
Roberto Puzzanghera Roberto Puzzanghera May 7, 2024 17:14 CET
you can use this patch of mine which already include TLS https://notes.sagredo.eu/qmail-notes-185/smtp-auth-qmail-tls-forcetls-patch-for-qmail-84.html
Reply | Permalink
Testing qmail fail
Kenny Lee January 15, 2024 02:47 CET
Hi Roberto,
i followed your page setup until Testing QMail, i tried to send email to external and it fail to send out.. i checked my qmail-send/current and found the error msg as below:
i checked my /var/qmail/bin folder and found that it really no this file (dk-filter) inside there... may i know which steps i have skipped?
Thank you
Reply | Permalink
Testing qmail fail
Roberto Puzzanghera Kenny Lee January 15, 2024 06:01 CET
Hi Kenny, dk-filter has been dropped in latest patch. You have to reconfigure your RC file. There is a warning in the change log...
Reply | Permalink
Testing qmail fail
Roberto Puzzanghera Roberto Puzzanghera January 15, 2024 06:06 CET
Sorry, I forgot to update the configuring page. Look at the RC file example in the dkim page
Reply | Permalink
Testing qmail fail
Kenny Lee Roberto Puzzanghera January 15, 2024 06:33 CET
Hi Roberto,
after changed the qmail/rc same like DKIM page... i checked on qmailctl-queue, got below output:
i checked on /var/log/qmail/send/current, i only found this as below:
i restarted the qmail also same. please advise.
thank you.
Reply | Permalink
Testing qmail fail
Roberto Puzzanghera Kenny Lee January 15, 2024 06:41 CET
If not done yet, can you try to force to process the queue in this way
Reply | Permalink
Testing qmail fail
Kenny Lee Roberto Puzzanghera January 15, 2024 06:49 CET
Hi Roberto,
after run qmailctl flush... still same.. and inside /var/log/qmail/send/current no new message.
Reply | Permalink
Testing qmail fail
Roberto Puzzanghera Kenny Lee January 15, 2024 08:24 CET
What do you have in send log after flushing the queue?
Reply | Permalink
Testing qmail fail
Kenny Lee Roberto Puzzanghera January 15, 2024 08:34 CET
Hi Roberto,
no new message inside Send Log, the last message is ...
which the message i posted in my previous message
Reply | Permalink
Testing qmail fail
Roberto Puzzanghera Kenny Lee January 15, 2024 10:19 CET
What happens to new messages? Do they remain in the queue?
Reply | Permalink
Testing qmail fail
Kenny Lee Roberto Puzzanghera January 16, 2024 02:10 CET
Hi Roberto, Good Morning.. this morning i tried to restart the server and do a new telnet on port 25. i sent an email to external and below is the output from /var/log/qmail/smtpd/current
but i checked on /var/log/qmail/send/current, inside really empty. then i tried to send another email to myself. and below is msg from my /var/log/qmail/smtpd/current
but i checked again the send/current file.. inside also empty. then i run qmailctl stat and below is the msg
look like both email also pending at server, unable to deliver to users
Reply | Permalink
Testing qmail fail
Roberto Puzzanghera Kenny Lee January 16, 2024 06:02 CET
Hi Kenny, what do you have in your RC file? Try disable dkim and restart email.
Post the qmail-dkim test from the dkim page
Reply | Permalink
Testing qmail fail
Anonymous Roberto Puzzanghera January 16, 2024 06:13 CET
Hi Roberto,
below is my qmail/rc file:
anyway how to disable DKIM? thank you
Reply | Permalink
Testing qmail fail
Roberto Puzzanghera Anonymous January 16, 2024 06:44 CET
Kenny, did you create the filterargs file?
Reply | Permalink
Testing qmail fail
Roberto Puzzanghera Anonymous January 16, 2024 06:25 CET
Hi, you have to comment out that DKIM_ON variable. Then, if you want dkim active, do all tests in the dkim page as far as qmail-remote signature is concerned
Reply | Permalink
Testing qmail fail
Kenny Lee Roberto Puzzanghera January 16, 2024 07:04 CET
Hi Roberto, i have commented out that DKIM_ON in qmail/rc and do a restart on the server. then i removed all old pending messages and tried to telnet again and send an email to myself. i check smtpd/currect and snd/currect log files.. neither one got new data inside.. and when i run qmailctl queue, i can see one email pending there
Server:/var/log/qmail/send # qmailctl queue
messages in queue: 1
messages in queue but not yet preprocessed: 1
any place went wrong?
Reply | Permalink
Testing qmail fail
Roberto Puzzanghera Kenny Lee January 16, 2024 07:22 CET
Is there any log line or they are completely empty? If they are empty, which daemontools program version and patch are you using?
What do you have in domains .qmail-default and in user's .qmail?
Are you using any valias?
Reply | Permalink
Testing qmail fail
Kenny Lee Roberto Puzzanghera January 19, 2024 06:52 CET
Hi Roberto, any update on my issue?
thank you
Reply | Permalink
Testing qmail fail
Roberto Puzzanghera Kenny Lee January 19, 2024 08:13 CET
Hi Kenny, please reply to my questions above
Reply | Permalink
Testing qmail fail
Kenny Lee Roberto Puzzanghera January 22, 2024 06:26 CET
Hi Roberto,
when i run ps axfww, i found this error.. dont know got related?
Reply | Permalink
Testing qmail fail
Roberto Puzzanghera Kenny Lee January 22, 2024 14:37 CET
Hi Kenny, I think you have a broken configuration of the supervise log scripts. Double check it. Be sure you created the qmail users as well.
Do you have empty lines in both qmail-send and qmail-smtpd?
Can you do
Also check that there are not zombie qmail processes
Reply | Permalink
Testing qmail fail
Kenny Lee Roberto Puzzanghera January 22, 2024 06:22 CET
Hi Roberto, i have replied you 3 times, but still no see you reply.. please see below:
Is there any log line or they are completely empty?
no log line.. after that new telnet test, both smtpd/currect and send/send are empty
which daemontools program version and patch are you using?
the daemontools version is daemontools-0.77
What do you have in domains .qmail-default?
| /home/vpopmail/bin/vdelivermail '' delete
and in user's .qmail?
Hi, May i know where is the location of this file?
Are you using any valias?
No.
Reply | Permalink
Testing qmail fail
Roberto Puzzanghera Kenny Lee January 22, 2024 14:27 CET
Did you find an answer as to why I didn't reply in the middle of the night and during the morning? And before this one there's only another message
Reply | Permalink
Testing qmail fail
Kenny Lee Roberto Puzzanghera January 22, 2024 01:31 CET
Hi Roberto, this is 2nd part:
What do you have in domains .qmail-default?
| /home/vpopmail/bin/vdelivermail '' delete
and in user's .qmail?
Hi, May i know where is the location of this file?
Are you using any valias?
No.
Reply | Permalink
Readproctitle Buffer Overflow
KPC September 1, 2023 07:34 CET
Far from the first time I've build/rebuilt a qmail toolchain, and I can't help but think something minor has been done to cause something major to go wrong.
After using qmailctl to start svscanboot nothing appears in any of the log files (they are are 0 in size but were created) not even the startup messages. The ps command has this to say...
Using clear will clear it, but it comes back.
Two messages have made it into the queue while I was testing, one should land locally (my test) and one should exit but they've not moved. I don't really expect anything to happen until the buffer overflow is resolved. Softlimit was increased to 90000000.
Deeply appreciate any insight. This is a current ubuntu system (22.04 lts)
Reply | Permalink
Readproctitle Buffer Overflow
Roberto Puzzanghera KPC September 1, 2023 11:59 CET
Anything else in your logs? Can you show you smtpd and send run files?
Also do an strace against the smtpd process after sending yourself a msg. Please upload it somewhere because it's very long
Reply | Permalink
Readproctitle Buffer Overflow
KPC Roberto Puzzanghera September 1, 2023 16:31 CET
As mentioned, there is no logging happening. all the log files are 0. Not even the starting up messages.
Both (all) the run files are the stock examples from here, unedited at this stage in the install/testing process.
More than happy to run an strace, but not sure what/how it should be run to capture what would be helpful.
Reply | Permalink
Readproctitle Buffer Overflow
Roberto Puzzanghera KPC September 1, 2023 16:38 CET
Concerning strace have a look at the bottom of the testing page
Reply | Permalink
Readproctitle Buffer Overflow
KPC Roberto Puzzanghera September 1, 2023 17:09 CET
Hopefully I've attached to the correct process. Two messages came in while tracing - one my test.
Now 4 in the queue. 3 Local.
strace of what I hope is the right stuff: https://drive.google.com/file/d/16QJi2VaWHFyFaR3hPZ5i_qFsr2Z4RFvQ/view?usp=share_link
Reply | Permalink
Readproctitle Buffer Overflow
Roberto Puzzanghera KPC September 1, 2023 17:59 CET
I don't understand why you don't have anything in your logs... are the log processes running (qmailctl stat)?
The strace shows that you have SURBL active but you have the level2-tlds and level3-tlds files missing. But I'm not sure if this is the cause of the trouble.
Reply | Permalink
Readproctitle Buffer Overflow
KPC Roberto Puzzanghera September 1, 2023 18:11 CET
I've not been leaving it up due to the fact it is so deeply broken.
But yes, it all seems to start - but no logs happen, I did not do the archive log items in your process - under the impression that it was optional.
Reply | Permalink
Readproctitle Buffer Overflow
Roberto Puzzanghera KPC September 2, 2023 20:29 CET
Can you guys redownload the daemontools-0.76-readable_datetime.patch and test if the issue is solved, please? I increased the size of the buffer of a variable I defined there.
Remember to completely reboot qmail after recompiling daemontools
Reply | Permalink
Readproctitle Buffer Overflow
KPC Roberto Puzzanghera September 2, 2023 20:48 CET
Looks good.
Reply | Permalink
Readproctitle Buffer Overflow
Roberto Puzzanghera KPC September 2, 2023 20:55 CET
Thank you. Not sure how much buffer would be best to store that nanoseconds array anyway. It was just 10, now it's 100.
If you guys can try 20 in nsec_buf inside timestamp.c and recompile it would be nice.
Reply | Permalink
Readproctitle Buffer Overflow
Roberto Puzzanghera KPC September 2, 2023 19:53 CET
KPC, please report if dropping that patch solves for you. Remember also to fix the SURBL missing file issue
Reply | Permalink
Readproctitle Buffer Overflow
Bai Borko Roberto Puzzanghera September 3, 2023 07:32 CET
Hi Roberto,
I confirm after your changes in the patch all is working - no buffer overflow, the loging is working as expected.
Thank you !
Roberto please tell us more about the old functionality of convert-multilog script which is store old logs in /var/log/qmail/backup/ will continue to work as before ?
I use these logs to create jgreylist db and for me it is important to work.
Reply | Permalink
Readproctitle Buffer Overflow
Roberto Puzzanghera Bai Borko September 3, 2023 07:58 CET
Glad to here that!
I've patched convert-multilog accordingly, just download it again. Also you have to adjust your log/run file to preserve the qlog entry. Have a look at the daemontools page, under the "upgrading" section.
Are you using Ubuntu 22.04 as KPC? I'd like to reproduce myself the error
Reply | Permalink
Readproctitle Buffer Overflow
Bai Borko Roberto Puzzanghera September 3, 2023 08:05 CET
My distro is Ubuntu 22.04.3 LTS
Reply | Permalink
Readproctitle Buffer Overflow
Roberto Puzzanghera Bai Borko September 3, 2023 11:09 CET
I managed to reproduce the bug on Ubuntu 22.04. The minimum buffer needed for the nsec_buf[] array in timestamp.c is 11 (was 10, so one character more). If anyone can confirm that it's ok it would be much appreciated
Reply | Permalink
Readproctitle Buffer Overflow
KPC Roberto Puzzanghera September 2, 2023 20:36 CET
Just confirming that it did indeed help at this level of the thread here.
The SURLB files I presume will come once I hit that part of the process? In times past I'm not sure if I've gone that far in the filtering process as to enable it.
At the moment I'm getting the vdeliever error of database down. But I can properly make and query virtualusers, as well as connect to the database as vpopmail. I see someone else had this issue 2 years ago and your suggestion was to review the Mysql aspects. Which is what I'm doing.
Reply | Permalink
Readproctitle Buffer Overflow
Bai Borko KPC September 2, 2023 18:53 CET
Hi Roberto,
I wrote you for exact the same issue few weeks ago.
The Buffer Overflow issue is related with readable datetime daemontools-0.76-readable_datetime.patch.
@KPC Recompile daemontools without this patch and all will be ok .
Reply | Permalink
Readproctitle Buffer Overflow
Roberto Puzzanghera Bai Borko September 2, 2023 19:01 CET
I remember a comment of someone, maybe you, who claimed that there where errors without providing any further information that I asked for days. If you have any reproducible steps to spot an eventual bug please post them here.
Reply | Permalink
Readproctitle Buffer Overflow
KPC Roberto Puzzanghera September 2, 2023 19:17 CET
I can confirm that I've just re-compiled without the mentioned patch & qmail starts up, logs are happening.
I've got a delivery 3: deferral: vdelivermail:_deferred,_database_down/ - which will have me chase that down but this is worlds ahead of where I was.
Thank you.
I did the following to try to track it down prior to the recompile: Had it only run one service (send) and even commented everything DKIM out of the run script for it as I was able to catch the first error of no dkimdomain set (I cp'd the contents of the 'me' file into it - which resolved the no such file error but didn't remove the buffer overflow so I proceeded to the larger comment out. I will have to undo that as I move forward. Also not certain that is the correct value for that file.)
Reply | Permalink
Readproctitle Buffer Overflow
Roberto Puzzanghera KPC September 2, 2023 19:49 CET
Thanks for sharing. It will be useful to others who face the same issue
Reply | Permalink
qq_temporary_problem_(#4.3.0)
Herbert May 3, 2023 17:12 CET
Hi Roberto,
Mailserver is working mostly as expected but with some EMails I get the following error:
So far everything seems to be ok but then:
Any ideas?
Reply | Permalink
qq_temporary_problem_(#4.3.0)
Roberto Puzzanghera Herbert May 3, 2023 17:17 CET
Hi Herbert,
are you using the latest patch? Are you verifing dkim?
Reply | Permalink
qq_temporary_problem_(#4.3.0)
Herbert Roberto Puzzanghera May 4, 2023 07:36 CET
...after some more testing the problem is not the EMailaddress itself because the users receives "standard EMails"
The problem seems to be related to Mailinglists only.....
Reply | Permalink
qq_temporary_problem_(#4.3.0)
Roberto Puzzanghera Herbert May 4, 2023 08:14 CET
You should do an strace of the tcpserver process. Send yourself an email to one of your m/l and log the results in this way
do not post it as a comment here because it will be very long :-). Post it to pastebin or somewhere else please
Edit: before the strace, try the other solution below. If it doesn't solve do the strace
Reply | Permalink
qq_temporary_problem_(#4.3.0)
Herbert Roberto Puzzanghera May 4, 2023 11:31 CET
....what a stupid mistake!!! I'm really sorry!
yes - the user who runs qmail-smtpd is vpopmail and the cache directory had wrong permissions!
I was sure that I corrected permissons on the directory because I had permission problems some time ago.
But for me it was strange that everything worked except emails from mailing lists.
Now its working!
Anyway - thanks for your efforts!
Reply | Permalink
qq_temporary_problem_(#4.3.0)
Roberto Puzzanghera Herbert May 4, 2023 11:35 CET
great to hear that your problem is solved!
The control/cache dir is assigned to vpopmail by default. I assume that you changed its ownership...
Reply | Permalink
qq_temporary_problem_(#4.3.0)
Herbert Roberto Puzzanghera May 31, 2023 14:42 CET
...and another correction......make setup from qmail changes ownership to postfix! - NOT system update
Regards,
Herbert
Reply | Permalink
qq_temporary_problem_(#4.3.0)
Roberto Puzzanghera Herbert June 1, 2023 21:18 CET
I released a new combined patch where the IDs of vpopmail are determined dinamically
Reply | Permalink
qq_temporary_problem_(#4.3.0)
Herbert Roberto Puzzanghera June 2, 2023 06:32 CET
Thanks Roberto!
I think this will help some people because not all will run vpopmail:vchkpw on ID's 89:89 and then they will run into same problem like me.
Great work! As always! :-)
Regards,
Herbert
Reply | Permalink
qq_temporary_problem_(#4.3.0)
Roberto Puzzanghera Herbert May 31, 2023 18:22 CET
When you make setup, you change the uid/gid of control/cache to 89:89, which is vpopmail:vchkpwd in my guide, but not for you.
If you don't want to patch hier.c accordingly, you should delete your postfix user and group, assign those IDs to vpopmail and rebuild the IDs of the vpopmail directory.
Reply | Permalink
qq_temporary_problem_(#4.3.0)
Herbert Roberto Puzzanghera May 31, 2023 14:33 CET
Hi Roberto,
now I know why /var/qmail/control/cache had wrong owner!
I did a system update fron Rocky Linux 8.7 to 8.8 and the owner was changed from vpopmail to postfix again!
Postfix is not running and I don't know what causes this chage because UID of postfix (89) and vpopmail (3008) is different.
...and I was right when I remembered that I changed ownership of the directory before the error occured :-) ...so - system update was the cause....
Only wanted to inform you - maybe someone has the same problem and this information is useful.
Regards,
Herbert
Reply | Permalink
qq_temporary_problem_(#4.3.0)
Herbert Roberto Puzzanghera May 4, 2023 09:45 CET
...sent you the download links for strace and log to your "notes-Email-address" because I can't remove private information
It is qmail with latest patch - somehow I didn't find exact error message from log in strace with the newest patch???
...and I have this in the run file but nothing changed:
Reply | Permalink
qq_temporary_problem_(#4.3.0)
Herbert Roberto Puzzanghera May 4, 2023 06:11 CET
Hi Roberto,
tried then new patch and the old one - same error and only with one address so far.
This is the DKIM part of my run file. Imho I am not verifying dkim but maybe I missed something:
Reply | Permalink
qq_temporary_problem_(#4.3.0)
Roberto Puzzanghera Herbert May 4, 2023 08:04 CET
probably you are missing this one, as your mails are not processed by simscan after SURBL
This line is useless, as dkim is not executed after SURBL
Reply | Permalink
What is qq_internal_bug_?
J March 16, 2023 06:26 CET
My email server works fine but for some incoming emails, qmail server simply rejects for some reason. What might be causing this?
/var/log/qmail/smtpd/current
Reply | Permalink
What is qq_internal_bug_?
Roberto Puzzanghera J March 18, 2023 07:48 CET
New combined patch released with fix to this issue
Reply | Permalink
What is qq_internal_bug_?
Roberto Puzzanghera J March 17, 2023 18:07 CET
Hi J, another user reported the same error. I think it is a qmail-dkim issue. You should disable the verification, or downgrade the qmail patch for the time being
Reply | Permalink
What is qq_internal_bug_?
Ali Erturk TURKER Roberto Puzzanghera March 18, 2023 03:37 CET
It is definitely a qmail-dkim issue.
The qmail-dkim.c code segfaults somewhere and the kernel issues a SIGSEGV signal which is caught by
sigbug() functon in qmail-dkim.c (via sig_catch(SIGSEGV,f);) and then the program
terminates with die(81, 0); which is reported by "case 81: return "Zqq internal bug (#4.3.0)";"
While Manvendra Bhangui debugs this issue, people can use Kyle Wheeler's DKIM wrapper
for signing outgoing mail, if they don't want to rebuild qmail.
AET
Reply | Permalink
What is qq_internal_bug_?
Roberto Puzzanghera Ali Erturk TURKER March 18, 2023 06:43 CET
Hi Ali, Manvendra already updated his dkim patch. The segfault happened when the signature missed the k flag. I'll update my combined patch later
Reply | Permalink
What is qq_internal_bug_?
Ali Erturk TURKER Roberto Puzzanghera March 18, 2023 07:08 CET
I'm glad to hear that. Thanks Manvendra for the quick response.
And for the curious, segfault was due to a null pointer dereference on line 1126 of dkimverify.cpp:
which is corrected as:
Regards
AET
Reply | Permalink
What is qq_internal_bug_?
Manvendra Ali Erturk TURKER March 18, 2023 10:28 CET
The analysis by Ali is correct. values[3] is null because there isn't any k= tag in the DNS selector txt record. Now RFC6376 says that k= tag is optional and if not specified it should default to rsa
There were two changes made to dkimverify.cpp to allow the DNS selector record not to have k= tag
First change was
Second change was to bypass string comparision
instead of
Reply | Permalink
What is qq_internal_bug_?
Roberto Puzzanghera J March 16, 2023 07:29 CET
As you know, that error code is not documented at all in the source code. I did a grep "qq internal bug" in my logs of the last 10 years and didn't find a single occurrence.
I googled a bit and found that it seems to be related to a broken queue. I would try to rebuild the queue.
I leave here what I've found (I'm sure that you already got these discussions in your googling)
https://lists.archive.carbon60.com/qmail/users/8046?do=post_view_threaded
https://www.mail-archive.com/qmail@id.wustl.edu/msg12778.html
Please let me know if you solve by rebuilding the queue
Reply | Permalink
What is qq_internal_bug_?
Manvendra Roberto Puzzanghera March 18, 2023 10:08 CET
qq_internal_bug is not because of a broken queue. It happens when qmail-queue or any program executed by setting QMAILQUEUE env variable dies because of a signal like SIGBUS, SIGSEGV.
In our case qmail-dkim was segfaulting because of a null pointer access. This is what qmail-dkim and many of qmail programs do to catch signals generated becuase of doing something illegal in the code.
Reply | Permalink
keep getting 421 unable to read controls
GoofY March 5, 2023 20:28 CET
Hi Roberto,
I've installed qmail per your site allready a couple of times, but now I hit an issue I can't find out myself (or with google).
I've tried with Ubuntu 22.04 3 times and with Debian 11 2 times and every time I can't get past the 'telnet 127.0.0.1 25' command.
it's output is on all occasions, do you have a clou as to where to look for this issue?:
Reply | Permalink
strace shows some clues as to why telnet 127.0.0.1 25 is failing with 421 read control error
GoofY GoofY March 5, 2023 23:24 CET
hi,
after looking at some more debuging, I found that some files aren't in the location it's supposed to be:
The file libssl.so.1.1 is available but not in that dir, also some others like cryptossl.so.1.1 and mariadb.so.3. I fixed that quick and dirty with making a symlink:
That fixed that part of the errors.
The trace than only complained about certain files not being in /var/qmail/control, eg: smtpgreeting, localiphost and some more. It could find however control/me an control/maxrcpt, so my guess it's not related to that but I'm not certain.
Here is the last part of the strace, unfortunately I can't find why it's throwing the '421 unable to read controls' ...:
Do you maybe have an idea as to why it comes with 421 unable to read controls?
Reply | Permalink
strace shows some clues as to why telnet 127.0.0.1 25 is failing with 421 read control error
Roberto Puzzanghera GoofY March 6, 2023 13:47 CET
I think you miss the smtpplugins control file while qmail-spp is enabled in your run file. Touch that file and it will be solved.
My fault. I modified the qmail-smtpd run file with qmail-spp enabled by default
Reply | Permalink
strace shows some clues as to why telnet 127.0.0.1 25 is failing with 421 read control error
GoofY Roberto Puzzanghera March 6, 2023 15:16 CET
Hi Roberto,
thanks for pointing it out. Solved!
Reply | Permalink
Chkuser and relay client
Raya December 14, 2022 14:33 CET
Hi Roberto,
Thank you for this great documentation
I have a problem when RELAY client sends an e-mail to an unknown local user. Please help me to understand my problem
If .qmail-default file for domain contains:
- the message dissapears with no notification to the client
There is the record in the log that the message is delivered.
/var/log/qmail/send/current:
if .qmail-default file for domain contains:
- the message remains in the queue
and there is the record in the dovecot.log
/var/log/dovecot/dovecot.log:
Reply | Permalink
Chkuser and relay client
Roberto Puzzanghera Raya December 14, 2022 15:45 CET
I can't perform tests in this moment, but chkuser should notify that the user does not exist during the SMTP session. Are you sure that you have chkuser enabled?
PS Sorry, chkuser is disabled by default for RELAYCLIENT. You can enable it via tcprules
Reply | Permalink
Chkuser and relay client
Raya Roberto Puzzanghera December 14, 2022 21:01 CET
Thank you for your answer
How can I enable CHKUSER for RELAYCLIENT via tcprules?
Reply | Permalink
Chkuser and relay client
Roberto Puzzanghera Raya December 15, 2022 09:31 CET
I don't recall now and I am out of home. Check the settings
Reply | Permalink
Chkuser and relay client
Raya Roberto Puzzanghera December 15, 2022 12:11 CET
I could not enable chkuser for relayclient via tcprules. I was forced to delete localnet from relayclient to solve the problem. Thank you for your help.
Reply | Permalink
Chkuser and relay client
Roberto Puzzanghera Raya December 17, 2022 13:51 CET
I see the problem. Actually there was an ancient modification of mine which prevented chkuser to do the receipt check also for RELAYCLIENTs provided that the variable CHKUSER_DISABLE_VARIABLE is commented out.
Try to use this new patch where I have corrected the problem and commented out that variable https://notes.sagredo.eu/files/qmail/patches/roberto-netqmail-1.06/roberto-netqmail-1.06.patch-2022.12.17.gz
Reply | Permalink
Chkuser and relay client
Raya Roberto Puzzanghera December 21, 2022 11:56 CET
Thank you so much! It is working now
Reply | Permalink
Chkuser and relay client
Roberto Puzzanghera Raya December 14, 2022 15:38 CET
Hi, if you want to have bounces change the vdelivermail option to bounce-no-mailbox instead of delete. Of course in this way the forged sender will receive tons of spam
Reply | Permalink
Testing chkuser: 554 SMTP protocol violation
numattic May 27, 2022 23:05 CET
Roberto,
In "No valid MX test, mailbox syntax test", my test looks like this:
About the only info for SMTP protocol violation was related to large attachments or "talking before greeting", which aren't the case here.
Any ideas?
Reply | Permalink
Testing chkuser: 554 SMTP protocol violation
Roberto Puzzanghera numattic May 28, 2022 07:49 CET
Hi, it appears that you are sending the "mail from" before the server's greeting. This is the greeting of my server, which is not received immediately because of the greetdelay feature
So the "554 SMTP protocol violation" reject is normal.
Reply | Permalink
Testing submission port error
khchan October 13, 2021 15:16 CET
When I perform telnet testing as below, I've hit a error:
Reply | Permalink
Testing submission port error
Roberto Puzzanghera khchan October 13, 2021 15:58 CET
The telnet session is useless when you go encrypted. Try to do the same with an openssl session like this
swaks can do it for you as explained at the top of this page
Reply | Permalink
Testing submission port error
khchan Roberto Puzzanghera October 14, 2021 02:42 CET
The swak and openssl s_client with error and info below:
Reply | Permalink
Testing submission port error
Roberto Puzzanghera khchan October 21, 2021 16:41 CET
Sorry for the late response.
Are you sure that it's connecting via IPv4? My patch doesn't have IPv6.
To force ipv4 add the -4 option to swaks
Reply | Permalink
problem with CHKUSER_SENDER_FORMAT
Jacky September 24, 2021 11:14 CET
Hi all.
Today I have problem with mail account with double hyphen in domain(y--s.co.jp).
So how can I disable CHKUSER_SENDER_FORMAT for special domain only?
Reply | Permalink
problem with CHKUSER_SENDER_FORMAT
Roberto Puzzanghera Jacky September 24, 2021 19:07 CET
try to patch chkuser.c starting from line 330 in order to disable the else block like this
This should get the program to allow double hyphens, provided that they are not in the 3rd and the 4th character of the domain
Reply | Permalink
problem with CHKUSER_SENDER_FORMAT
Roberto Puzzanghera Roberto Puzzanghera September 27, 2021 18:43 CET
I pushed this patch into the combo
Reply | Permalink
problem with CHKUSER_SENDER_FORMAT
Roberto Puzzanghera Jacky September 24, 2021 18:54 CET
Hi, I don't think that you can disable that for a specific domain only.
But if consecutive -- are allowed (?) the regular expression behind the CHKUSER_SENDER_FORMAT check should be adjusted.
I'll check it out in the following days.
Reply | Permalink
problem with CHKUSER_SENDER_FORMAT
Jacky Roberto Puzzanghera September 28, 2021 16:59 CET
Thank you Roberto very much.
and your patch. I patched to my mail server. it works well!!
Reply | Permalink
421 unable to execute recipient check (#4.3.0)
Newb July 27, 2021 15:10 CET
While testing SMTP from myself to myself i got a error
421 unable to execute recipient check (#4.3.0)
In logs:
Reply | Permalink
421 unable to execute recipient check (#4.3.0)
Roberto Puzzanghera Newb July 27, 2021 15:14 CET
Try without those <> chars in the from field
Reply | Permalink
421 unable to execute recipient check (#4.3.0)
Newb Roberto Puzzanghera July 27, 2021 15:26 CET
still same error
Reply | Permalink
421 unable to execute recipient check (#4.3.0)
Roberto Puzzanghera Newb July 27, 2021 15:31 CET
I mean FROM field, not MAIL FROM
PS using swaks would be of great help in testing and trouble shooting
Reply | Permalink
421 unable to execute recipient check (#4.3.0)
Newb Roberto Puzzanghera July 27, 2021 15:49 CET
I tryied swaks and same error.
Qmail logs are telling that message is rejected because of rcptcheck
Reply | Permalink
421 unable to execute recipient check (#4.3.0)
Roberto Puzzanghera Newb July 27, 2021 15:56 CET
how are patching qmail? the patch process went well? do you have any smtp wrapper?
Reply | Permalink
421 unable to execute recipient check (#4.3.0)
Newb Roberto Puzzanghera July 27, 2021 16:10 CET
>how are patching qmail? the patch process went well?
yes without errors
>do you have any smtp wrapper?
Nope
Reply | Permalink
421 unable to execute recipient check (#4.3.0)
Roberto Puzzanghera Newb July 27, 2021 16:11 CET
can you post your smtpd/run and tcp.smtp files?
Reply | Permalink
421 unable to execute recipient check (#4.3.0)
Newb Roberto Puzzanghera July 27, 2021 16:34 CET
qmail-smtpd/run
tcp.smtp
Reply | Permalink
421 unable to execute recipient check (#4.3.0)
Roberto Puzzanghera Newb July 27, 2021 16:54 CET
I think that your tcp.smtp is not recongnizing localhost as a RELAYCLIENT. Try to do the test like this
or
This would explain why the rcptcheck patch is going to complain...
PS I would add
at the end as well
Reply | Permalink
421 unable to execute recipient check (#4.3.0)
Roberto Puzzanghera Newb July 27, 2021 16:51 CET
the tcp.smtp is banning the outnet from connecting to your server, but I suppose that this is intentional
Are you doing the tests from localhost or from the outnet?
Reply | Permalink
421 unable to execute recipient check (#4.3.0)
Newb Roberto Puzzanghera July 27, 2021 18:04 CET
my file tcp.smtp is now:
i update cdb file and still same error :(
I telnet from localhost, not from outnet
Reply | Permalink
421 unable to execute recipient check (#4.3.0)
Roberto Puzzanghera Newb July 27, 2021 18:25 CET
I think it is because you have this in your run file
but you have not set the priviledges yet as explained later here https://notes.sagredo.eu/en/qmail-notes-185/limiting-the-number-of-emails-sent-by-a-given-auth-userdomainip-231.html
Can you comment out those 2 lines and restart qmail?
If this is the cause (I think yes) it's my fault, as I should have commented them initially in the docs
Reply | Permalink
421 unable to execute recipient check (#4.3.0)
Newb Roberto Puzzanghera July 27, 2021 20:09 CET
Yes, it worked after comment out those 2 lines
Reply | Permalink
421 unable to execute recipient check (#4.3.0)
Roberto Puzzanghera Newb July 27, 2021 21:45 CET
so you may have exceeded your overlimit. Check your control/relaylimits for localhost and the overlimit dir.
Check the overlimit config here https://notes.sagredo.eu/en/qmail-notes-185/limiting-the-number-of-emails-sent-by-a-given-auth-userdomainip-231.html
Reply | Permalink
421 unable to execute recipient check (#4.3.0)
Anonymous Roberto Puzzanghera July 27, 2021 15:46 CET
still same problem.
In qmail logs message is rejected because of rcptcheck
Reply | Permalink
mail not delivered
Nicolas July 10, 2021 15:40 CET
I try on my new server the installation of qmail + your patch + vpopmail + simscan + dovecot. Now qmail is working but when I send an email to an account everything is fine except the message didn't arrive in user Maildir :)
This is the logs :
normally the delivery success message means that the message file is inside Maildir/new/ folder but in fact there is no file.
If I do the same thing with postmaster@server7.xxxx.org the qmail server generate :
the postmaster account exist and had been created with vadddomain command.
I am not using sql method.
Is there somewhere to search ?
Reply | Permalink
mail not delivered
Roberto Puzzanghera Nicolas July 10, 2021 17:40 CET
Can you perform again the "telnet localhost 89" vpopmail test to check if it recognizes the yyyy@server7.xxxx.org account?
If the test succeds, what do you have in your .qmail-default file placed in server7.xxxx.org dir?
if you're delivering via dovecot, what does the dovecot-lda log say?
Reply | Permalink
Strange problem
Nicolas July 9, 2021 19:39 CET
I installed netqmail + the latest complet patch 2021.06.19. I carefully followed the installation process and When I try to send an email to ther server I have these logs.
In which direction may I search ?
Reply | Permalink
Strange problem
Roberto Puzzanghera Nicolas July 9, 2021 20:24 CET
have you performed all the tests mentioned in this "testing" page? if yes, what do you have in your QMAILQUEUE variable?
Reply | Permalink
Testing the SMTP port 25
Kenny Lee September 4, 2020 11:32 CET
Hi Mr Roberto,
after i touch a new file for "tcp.smtp" then run qmailctl cdb .. i start telnet to my server with 25 as below:
2 questions need your help:
1. why CHKUSER unable to block unknown sender while telnet?
2. i checked on Send log file, the server able to block nobody email address with "no_mailbox_here_by_that_name", but why CHKUSER unable to block while i was doing telnet that time?
Thank you
Reply | Permalink
Testing the SMTP port 25
Roberto Puzzanghera Kenny Lee September 4, 2020 12:02 CET
so what do you have in your tcp.smtp? you cannot have it blank
1. chkuser will block unexistent recipient and unexistent sender domains, but of course it cannot say anything about sender username (unexistent@gmail.com is good).
2. chkuser is disabled for RELAYCLIENT ip, according to your tcprules
PS be aware that such things are already mentioned in the present guide :-)
Reply | Permalink
Testing the SMTP port 25
Kenny Lee Roberto Puzzanghera September 4, 2020 12:30 CET
Hi Mr Roberto,
Actually i followed the steps on your "Testing chkuser", my existing tcp.smtp got info inside such as:
after that, i moved the file to a tmp file, then touch a new empty file for tcp.smtp, then do telnet... so suppose chkuser able to rejected the messages if the MX record in the from field is non existent, right? or any settings i need to look into to start chkuser? i checked my SMTP log file, inside no have this "chkuser" word occurred. anyway is it got related to that file "chkuser_settings.h"?
Thank you
Reply | Permalink
Testing the SMTP port 25
Roberto Puzzanghera Kenny Lee September 4, 2020 12:57 CET
I think that this is due to the fact that you are using the wrong patch, which doesn't include chkuser.
At any rate I strongly suggest to have a look at chkuser_settings.h
Reply | Permalink
Testing the SMTP port 25
Kenny Lee Roberto Puzzanghera September 7, 2020 04:21 CET
Hi Roberto,
oh .. ya ... i forgot i just patched on smtp-auth + qmail-tls + forcetls only... sorry about this issue.
anyway thanks.
Reply | Permalink
qmail with TLSv1.3
Tony Fung March 25, 2019 05:58 CET
Hi,
I am trying to have TLSv1.3 can be used with your guide. With openssl updated to version 1.1.1b and ucspi-tcp6 updated to vesion 1.10.2 (from www.fehcom.de), then test the SMTP connection with the underneath command:
It is found that the Protocol of SSL-Session is TLSv1.3, see the following captured lines.
Does that mean the qmail setup is TLSv1.3 functional?
Reply | Permalink
qmail with TLSv1.3
Roberto Puzzanghera Tony Fung March 25, 2019 07:12 CET
yes it does
Reply | Permalink
libssl error
Ralph August 12, 2018 14:28 CET
Hello Roberto,
i have installed the qmail server on a new server with debian 9
swaks ... --tls gives me following error in subbmission/current
Any suggestion is greatly appreciated
Reply | Permalink
libssl error
Roberto Puzzanghera Ralph August 13, 2018 11:24 CET
honestly, I'm not sure that the qmail-tls patch is openssl-1.1 compliant. But if you upgraded your Debian over an old qmail installation you should recompile
Please let me know if you solve
Reply | Permalink
libssl error
Roberto Puzzanghera Roberto Puzzanghera August 13, 2018 17:32 CET
Yes, qmail-tls breaks with openssl-1.1. Someone submitted some changes to the author f.v. but we have to wait. Look here https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218590
I tried myself to include those changes without success, for the moment. I hope someone could help... in the meantime the DKIM part is already 1.1 compliant
Reply | Permalink
libssl error
Ralph Roberto Puzzanghera August 13, 2018 18:36 CET
needed to incrase softlimit to 6MB, no it runns with
Ralph
Reply | Permalink
libssl error
Roberto Puzzanghera Ralph August 13, 2018 19:20 CET
Yes... I didn't notice that it was the qmail log and not the compilation log
Reply | Permalink
chkuser with catchalls
M G January 16, 2018 05:27 CET
I've been using this awesome guide to migrate to a new server and I certainly appreciate it! One issue I have is I have some users who have domains with a catch-all, so their vpopmail/domains/0/domain.com/.qmail-default contains something like:
paul@domain.com is a valid account; if I send mail to paul@domain.com it will work. However, if I send mail to samjoe@domain.com, I get:
If I strace qmail-smtp, I see it trying to stat /home/vpopmail/domains/0/domain.com/.qmail-samjoe, then it does a mysql query, then returns the no such user - I never see it looking at /home/vpopmail/domains/0/domain.com/.qmail-default
Do catch-alls work with chkuser? I can't figure it out..
Reply | Permalink
chkuser with catchalls
Roberto Puzzanghera M G January 19, 2018 11:41 CET
Sorry for the late reply, I was not so well these days..
I think that chkuser breaks this functionality, because it acts at qmail-smtpd level, then before the delivery.
Reply | Permalink
chkuser with catchalls
M G Roberto Puzzanghera January 20, 2018 21:11 CET
Not a problem! I figured it out after reading the checkuser code. It's the CHKUSER_START variable in qmail-smtpd/run, if set to "DOMAIN" instead of "ALWAYS" it'll check the .qmail-default for each domain. If the file has 'bounce' in it, then it'll reject users who don't exist, otherwise it'll accept all.
Reply | Permalink
STARTTLS connection respond slow - qmail-smtp process 100percent
Marc March 22, 2016 11:20 CET
Hello Roberto,
i have installed the qmail server on a new server - everything went fine except the STARTSSL authentification is not working well.
When i ran the command "openssl s_client -starttls smtp -crlf -connect localhost:587" i get the message "CONNECTED(00000003)" then 30 second to 60 seconds nothing happened and then i got the view of the certificate. In the meantime i see the qmail-smtp process working with 100%. Sending Mails In and Out is working but it takes the same amount of time and the qmail-smtp process working on full load. Sometimes i got a timeout with the mail client. I have tried it with 2 different certificates and it is always the same. Do you have an idea what went wrong or how i can track this? Thanks.
Reply | Permalink
openssl s_client hangs after CONNECTED(00000003)
Norbert Marc May 27, 2017 12:03 CET
Issuing the command
openssl s_client -starttls smtp -showcerts -connect mx-exchanger.tld:465
results in a openssl hang. Below is the relevant strace section. 175 seconds is when I interrupted the process.What happens in the line directly above it?
Reply | Permalink
Delay due to missing dh2048.pem file
Norbert Norbert May 27, 2017 12:31 CET
strace before and after adding a separate dh2048.pem in /var/qmail/control
Before:
After:
This seems to be new behavior (after upgrading from a 2015 install) . Why is it not using the dh parameters included in servercert.pem any longer?
Reply | Permalink
if you are strictly following
roberto puzzanghera Norbert May 27, 2017 13:37 CET
if you are strictly following my guide and have my combined patch installed, and then using ucspi-tcp6, you should connect to 587 port (submission service) instead of 465, which goes with ucspi-ssl. I suppose that in your previous configuration you were using something like ucspi-ssl
Reply | Permalink
Hi Marc, are you running
roberto puzzanghera Marc March 22, 2016 12:05 CET
Hi Marc, are you running qmail-smtpd as vpopmail?
Reply | Permalink
Hello Roberto,
Marc roberto puzzanghera March 22, 2016 12:33 CET
Hello Roberto,
i'm running qmail-smtpd as vpopmail user.
Reply | Permalink
What the logs say? I would
roberto puzzanghera Marc March 22, 2016 12:40 CET
What the logs say? I would check the ownership of the certificate and eventually try to debug with strace
Reply | Permalink
chkuser problem
miz October 9, 2015 14:06 CET
I have a long time issue that is driving me crazy. I recompiled netqmail with Roberto's full patch, in order to update the qmail-auth patch and trying to secure my server as mush as possibile. I ran into the same problem occurred during the installation of the server, so I tried to gather some more infos.
The problem is related to chkuser; if I use the qmail-smtpd binary file from the compilation, chkuser is always accepting email, even if for non-existend users::
If I replace the qmail-smtpd binary file with the one from the qmail-1.03-26.el6.art.x86_64.rpm, WITHOUT changing anything else (NO configuration or run file change at all), chkuser is working fine:
Any suggestion is greatly appreciated !
Reply | Permalink
how do you run qmail-smtp?
roberto puzzanghera miz October 9, 2015 14:58 CET
how do you run qmail-smtp and chkuser? are you using my configuration and running qmail-smtp as vpopmail?
Reply | Permalink
Hello Roberto,
miz roberto puzzanghera October 15, 2015 14:18 CET
Hello Roberto,
after recompliation of netqmail with your latest patch everything works fine ! I think some issues could be related to the latest qmail-authentication v. 0.8.3 fixes.
Thank you, as always !
Reply | Permalink
DKIM TEST?
Fabiano Heringer July 21, 2013 00:34 CET
Hi, great tutorial! thanks!
Everything worked like a charm, but i tested DKIM sending mail for sa-test@sendmail.net, and I got NO PRESENT for DKIM.
That´s someway to test it?
Thanks
Reply | Permalink
Yes, read this
roberto puzzanghera Fabiano Heringer July 21, 2013 09:41 CET
Yes, read this http://notes.sagredo.eu/node/92
Reply | Permalink
SPF problem
Bogdan April 10, 2013 16:45 CET
Hello,
I have encountered a problem with SPF checking using your qmail installation.
Every SPF check is like this:
using spfquery command, the result is OK.
Do you have any suggestions on how to fix this, so the IPv4 is detected correctly, without "::ffff:" prefix ?
Thank you!
Reply | Permalink
@SPF problem
roberto puzzanghera Bogdan April 10, 2013 17:47 CET
unfortunately i've no suggestions, I think that the error is due to the prefix.. it's a very old patch. By the way it appears that the spfquery program was not written by the same author of the qmail-SPF patch
let me know if you manage to solve :)
Reply | Permalink
After further research I did
Bogdan roberto puzzanghera April 10, 2013 18:16 CET
After further research I did manage to solve the problem.
tcpserver was transforming IPv4 into IPv6 format
The fix was to add in /var/qmail/supervise/qmail-smtpd/run "-4" at the tcpserver command. This forces the use of IPv4 IPs only.
exec /usr/local/bin/softlimit -m "$SOFTLIMIT" \
/usr/local/bin/tcpserver -4 -v -H -R -l 0 \ .....
Reply | Permalink
qmail-pop3d issue
roberto puzzanghera January 28, 2013 13:13 CET
Today I released a new combined patch which fixes this issue on qmail-pop3d. Many clients were tested and everything seems to be working fine now.
Reply | Permalink
Unable to auth pop3 from email client
Anonymous December 6, 2012 07:30 CET
Hello all,
Every thing is working perfectly while I test from command line (SMTP, Auth SMTP and POP3) but while I configure in email client ie MS Outlook. I'm not able to make auth pop3 and retrieve mail from server. but Auth SMTP is work perfectly using same username and password as my incoming mail server. but while I test from command line using telnet I'm able to auth(login and access mail) pop3. I tried both /home/vpopmail/bin/vchkpw and /home/vpopmail/bin/vpopmaild on vpopmail run file can any one help me to resolve this problem.
Thanks in advance.
Reply | Permalink
POP3 not working, However, SMTP and SMTPS working
Orbit Anonymous December 18, 2012 07:27 CET
When Telnet to pop3, it works but receives double +OK +OK after entering "pass password" and other commands. See below conversition.
qmail-pop3d and vpopmail:vchkpw seems to be working via remote telnet.
When Mail Client used such as Outlook auth pop3 does hang. I have also tested it with other email clients but no avail!
"Receiving' reported error (0x8004210A) : 'The operation timed out waiting for a response from the receiving (POP) server."
Here is below mail server side conversition between Outlook and Mail Server
Reply | Permalink
POP3 not working, However, SMTP and SMTPS working
Orbit Orbit January 21, 2013 15:52 CET
Patching qmail-pop3d.c with following
It is tested on live qmail+vpopmail server port 110 and 995 with stunnel. it seems to be working perfectly. Thanks to Simplex and Roberto
Reply | Permalink
POP3 not working, However, SMTP and SMTPS working
Orbit Orbit January 21, 2013 16:29 CET
Further my previous post
Above patch to "qmail-pop3d.c", after intensive test, is found to be not working as expected.
After auth pop3d , email moves to "cur" folder from "new" under /Maildir even though email client is configured not to "Leave a copy of messages on server".
Regards,
Reply | Permalink
I had the same issue when
simplex Orbit January 20, 2013 15:04 CET
I had the same issue when compiling only qmail with the patches included here
the problem is that qmail-popup.c or qmail-pop3d.c print after the pass is sent +OK twice,
If you do a diff on the original netqmail files and the patched ones you will see what i'm talking about:
The MUA expects only one +OK from pop3d.
So I think the problem is in qmail-pop3d.c
maybe this line from the patched qmail-pop3d.c
In any case I just replaced the patched qmail files (qmail-popup.c or qmail-pop3d.c) with the original ones since the only difference I noticed was the function puts renamed to my_puts. and I recompiled. And it worked.
Reply | Permalink
yes, you are right.
roberto puzzanghera simplex January 20, 2013 19:15 CET
yes, you are right. Modifying like this
seems to solve.
fyi, both the dkim and maildir++ patches modifies qmail-pop3d, so I think you shouldn't replace the patched files with the original ones, because there are other changes there.
Before releasing a new patch can you make a test with this one or adjust yourself qmail-pop3d.c?
Reply | Permalink
thanks for the contribution.
roberto puzzanghera simplex January 20, 2013 18:00 CET
thanks for the contribution. I'm going to test qmail-pop3d as soon as possible and eventually provide a new patch :)
Reply | Permalink
Unfortunately I can't
roberto puzzanghera Orbit December 18, 2012 08:30 CET
Unfortunately I can't be of any help as I'm not using qmail-pop3d since a long time.. anyway I would give dovecot's pop3 service a chance..
Reply | Permalink
got status11 in qmail-smtp log
Anonymous roberto puzzanghera June 5, 2015 13:28 CET
Hello, i cand not telnet on port 25 becouse i get a disconect message and no mail can arrive .
Escape character is '^]'.
Connection closed by foreign host.
here are some logs
Any ideeas?
Reply | Permalink
is there any firewall?
roberto puzzanghera Anonymous June 5, 2015 13:41 CET
is there any firewall?
Reply | Permalink
no, no firewall
Anonymous roberto puzzanghera June 8, 2015 04:40 CET
no, no firewall
Reply | Permalink
was the IP 89.137.228.94 in
roberto puzzanghera Anonymous June 8, 2015 13:27 CET
was the IP 89.137.228.94 in your tests above the one you were connecting from?
are you using my qmail patch and installation?
can you post a telnet session?
Reply | Permalink
yes this was my ipi
Anonymous roberto puzzanghera June 24, 2015 08:41 CET
yes this was my ip
i redirected port 25 to 587 and now everything is working ... don`t know what was wrong with port 25
Reply | Permalink