A remote CentOS 7 web server is able to successfully receive email sent from elsewhere on the internet addressed to me@mydomain.com . An app running on the same CentOS 7 server is able to use JavaMail to make an IMAP connection to the dovecot Maildir where the incoming messages get stored. So what do I have to add in order for Thunderbird running on my devbox to be able to make an IMAP connection to the remote CentOS 7 server across the internet?
So far, I added imaps to the public zone of firewalld. I also confirmed that dovecot.conf contains the line protocols = imap pop3. I configure Thunderbird to use IMAP for incoming mail, with mydomain.com as the hostname, with port 993 and SSL with normal password. And I confirmed at my domain registrar's web site that the dns mx entry uses mydomain.com as the mx address.
EDIT
To answer @Celada's question, I have posted the dialog that Thunderbird gives indicating that it has failed to connect to the server when it tries to confirm my login information. I get the same information when I specify port 993 for imap and port 25 for smtp, and when I indicate SSL connection. Also, changing .mydomain.com to mydomain.com does not eliminate the login failure.
I will try to access the firewalld logs next and will post results. My understanding is that firewalld does not log automatically, so I will have to develop some rich rules. It might take some time to identify the proper syntax.
I think it is a server config problem. I hesitated to show the Thunderbird dialog because I did not want to give the impression that it is a client issue. I think the server config needs to be determined/set-up before I can set up Thunderbird.
EDIT#2
As per @Celada's suggestion, I typed telnet localhost 143 and got the following response:
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] Dovecot ready.
I also typed telnet localhost 25 and then got the following in response:
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mydomain.com ESMTP Postfix
These telnet results pointed out that firewalld was mapping imaps and smtp to the wrong ports, so I typed nano /usr/lib/firewalld/services/imaps.xml and changed the port from 993 to 143. And then I typed nano /usr/lib/firewalld/services/smtp.xml and changed the port to 25.
I then typed firewall-cmd --reload to ensure that the changes were put into effect.
Next, I put the new information into Thunderbird and tried a test connection again, but again got a failure message shown by the following dialog box:
Note that I checked the MX record in the DNS at my domain registrar, and it is exactly mydomain.com, as shown in the screen shots. I don't see how this is irrelevant. I did check and the hostname on the server is also mydomain.com. Is there some other resource I should be checking to confirm the correct mail server name instead?
Also note that dovecot and postfix were installed with a standard configuration. I did not explicitly configure ssl to work with them, though SSL may have been part of the default configuration. I did, however, change the settings in the dialog box above and tested a connection with None specified in the SSL field, but got the same failure message.
The dovecot log in /var/log/maillog after the most recent (bottom) screen shot above is:
Feb 27 00:52:57 mydomain dovecot: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=my.DEVBOX.ip.addr, lip=my.SERVER.ip.addr, session=<YsH2egsQAABi9AyF>
EDIT#3
Following @Bandrami's advice, I changed protocols = imap pop3 in dovecot.conf to protocols = imaps pops. I then made sure that /usr/lib/firewalld/services/imaps.xml specifies port 993. I typed firewall-cmd --reload and systemctl stop dovecot then systemctl start dovecot to restart the relevant processes on the server. I then configured the Thunderbird test to specify port 993 and SSL/TLS and re-ran the connection test in Thunderbird, only to get the same result in Thunderbird.
The dovecot logs, however, are a little more explicit, and are as follows:
Feb 27 01:18:20 mydomain dovecot: config: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf
Feb 27 01:18:20 mydomain dovecot: config: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:26: 'imaps' protocol can no longer be specified (use protocols=imap). to disable n$
Feb 27 01:18:38 mydomain dovecot: imap-login: Disconnected (no auth attempts in 18 secs): user=<>, rip=my.SERVER.ip.addr, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:14$
Feb 27 01:19:15 mydomain dovecot: master: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill)
Feb 27 01:19:15 mydomain dovecot: anvil: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill)
Feb 27 01:19:15 mydomain dovecot: ssl-params: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill)
Feb 27 01:19:15 mydomain dovecot: config: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill)
Feb 27 01:19:15 mydomain dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
Feb 27 01:19:15 mydomain dovecot: auth: Error: net_connect_unix(anvil-auth-penalty) failed: Permission denied
Feb 27 01:19:15 mydomain dovecot: auth: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill)
Feb 27 01:19:15 mydomain dovecot: log: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill)
Feb 27 01:19:22 mydomain dovecot: master: Dovecot v2.2.10 starting up for pop3, imap (core dumps disabled)
Feb 27 01:19:44 mydomain dovecot: imap-login: Disconnected (no auth attempts in 15 secs): user=<>, rip=my.SERVER.ip.addr, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:14$
Feb 27 01:23:55 mydomain postfix/qmgr[30121]: 2C915811BD1C: from=<me@mydomain.com>, size=5316, nrcpt=1 (queue active)
Feb 27 01:23:58 mydomain postfix/smtp[27144]: 2C915811BD1C: to=<address@domain_that_sends_to_this_addresson_server.com>, relay=none, delay=290245, delays=290241/0.02/3.6/0, dsn=4.4.3, status=deferred (Host or domain$
Feb 27 01:24:41 mydomain dovecot: config: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf
Feb 27 01:24:41 mydomain dovecot: config: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:26: 'imaps' protocol can no longer be specified (use protocols=imap). to disable n$
Feb 27 01:24:41 mydomain dovecot: config: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf
Feb 27 01:24:41 mydomain dovecot: config: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:26: 'imaps' protocol can no longer be specified (use protocols=imap). to disable n$
Feb 27 01:24:53 mydomain dovecot: imap-login: Disconnected (no auth attempts in 12 secs): user=<>, rip=my.SERVER.ip.addr, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:14$
Feb 27 01:25:05 mydomain dovecot: imap-login: Aborted login (no auth attempts in 1 secs): user=<>, rip=my.DEVBOX.ip.addr, lip=my.SERVER.ip.addr, TLS, session=<Kdrl7QsQxwBi9AyF>
Feb 27 01:27:16 mydomain dovecot: master: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill)
Feb 27 01:27:16 mydomain dovecot: anvil: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill)
Feb 27 01:27:16 mydomain dovecot: log: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill)
Feb 27 01:27:24 mydomain dovecot: master: Dovecot v2.2.10 starting up for pop3, imap (core dumps disabled)
Feb 27 01:27:24 mydomain dovecot: config: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf
Feb 27 01:27:24 mydomain dovecot: config: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:26: 'imaps' protocol can no longer be specified (use protocols=imap). to disable n$
EDIT#4
As per @Celada's further clarification, I typed telnet imap.mydomain.com 143, in the local devbox that I've been using for Thunderbird testing, and the terminal replied with:
Trying my.SERVER.ip.addr...
Connected to imap.mydomain.com.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] Dovecot ready.
Next, I typed in openssl s_client -CApath /etc/ssl/certs -starttls imap -port 143 -host imap.mydomain.com at the devbox terminal, and the terminal replied by printing out the details which you can read by clicking on this link to a file sharing site.
My complete dovecot.conf can be read at a file sharing site by clicking on this link.
EDIT#5
As per @Celada's suggestion, I typed t1 login USERNAME PASSWORD after . OK Pre-login capabilities listed, post-login capabilities have more., and the terminal replied with the following:
* CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE
t1 OK Logged in
However, I then repeated the Thunderbird login test, and I checked to force Thunderbird to use port 143 and "Normal password". When I did this, Thunderbird forced "Autodetect" as the SSL option, and then clicking the "Re-test" button resulted in the same error message:
"Thunderbird failed to find the settings for your email account."
NOTE: @Celada answered this question in comments, and in chat. The answer involved minor changes to firewalld config, using commands like telnet, and others to probe what is happening at port 143, and then tinkering with Thunderbird advanced config to use imap.mydomain.com as the imap server definition (not in the main dialog, but in the advanced settings.) Two people have voted to re-open this. Please vote to re-open this so that she can submit the correct answer for others. If someone has a suggestion as to how I can clean up my posting to get their vote to re-open, please let me know.
Aucun commentaire:
Enregistrer un commentaire