[SOLVED] Can't receive mail on Dovecot / Postfix server

[Drate]

To albinootje: I believe I have the pop3 connection working off of SSL, but SMTP did not respond to request when using the port 465 (Thunderbird indicated that port as default for smtp ssl).

In truth, even knowing for certain which levels of security to use where would be helpful. Everything you listed, anything you listed. I just want to make sure I put due diligence to securing this server. I can maintain the firewall adequately well, I just need to know what other exploits to avoid.

To MJN:
I appreciate the need for information to properly diagnose the problem, and I apologized if I sounded testy in my initial response, but again, the problem was syntactic. I offered the syntax of my MX record in the first post. Using the term "mydomain.com" is no different than saying "gmail.com" "ubuntuforums.com" or "wxyz.com"

So you are saying if I want to be explicit in my MX record I should put "mydomain.com." ? I'll DEFINITELY be remembering that!

[Drate]

I think it's time I mark this thread as solved and start a new one regarding appropriate security measures.

[albinootje]

To albinootje: I believe I have the pop3 connection working off of SSL,

If you have dovecot running properly and you've enabled pop3-ssl and imap4-ssl, (See the line with "protocols =" in /etc/dovecot/dovecot.conf
then that makes sense

but SMTP did not respond to request when using the port 465 (Thunderbird indicated that port as default for smtp ssl).

Quite some time ago i've read that port 465 was an unofficial Netscape related port for authenticated smtp.
Google's Gmail uses 578, so.. i'm not sure what is the official port for this.

Following the howto that you've used, configuring SASL is mentioned here : https://help.ubuntu.com/8.10/serverg...l#postfix-sasl

You can test the SASL availability with the "ehlo" command (see in the above mentioned link).

It should be a matter of using port_forwarding with your firewall software, and then manually give in the (465 or 578) port in the smtp-settings in thunderbird.

[MJN]

I offered the syntax of my MX record in the first post.

No you didn't. You said:

MX Record
priority=0
mydomain.com points to myserver.mydomain.com

You missed off the very relevent fact you had $ORIGIN set to mydomain.com. Of course, you didn't realise you had - and that's why you assumed you'd given us all we needed to know.

Using the term "mydomain.com" is no different than saying "gmail.com" "ubuntuforums.com" or "wxyz.com"

It is completely different. We can check the DNS configuration for the other domains. We can't for mydomain.com and hence we had to assume your interpretation of the config was correct (which we now wasn't the case! ).

So you are saying if I want to be explicit in my MX record I should put "mydomain.com." ?

Only if you have $ORIGIN set to your domain. GoDaddy obviously do - perfectly valid and correct but it can catch the unwary out.

I'll DEFINITELY be remembering that!

Good!

Mathew

[MJN]

Quite some time ago i've read that port 465 was an unofficial Netscape related port for authenticated smtp.
Google's Gmail uses 578, so.. i'm not sure what is the official port for this.

Mail related ports are rather all over the place as the demand for encrypted sessions and anti-spam techniques collided somewhat resulting in some parallel developments.

In the general sense the port options are as follows:

25 - SMTP port - Used by both clients and mail servers to submit and relay mail for delivery. TLS is optional and can be started by the sender once connected using STARTTLS. A true 'multi-purpose' port if ever there was one.
465 - SMTPS port - As above but with a TLS tunnel established before the SMTP stage. Some mail clients default to offering to use this when told to encrypt sessions but its use is not all that common - indeed was never registered with IANA to be used for this (no port was, probably partly because TLS was available post-connection on port 25).
587 - Submission port (RFC2476) - Used only by clients to submit mail for delivery. Given it is not used for inter-server delivery it does not have to be as locked down as port 25 given that access to this port is ('should') always be authenticated.

All very confusing I agree, but suffice to say that port 25 (to accept mail from external servers) and 587 (to allow your clients to connect wherever they are) are all that you really need to concentrate on for the majority of installations.

Mathew