First, do you run OS X Server 2.1.1, which is the latest version of server? You can check by opening the App Store and see if there are updates.
Second, do you run OS X Server at home? I yes, your provider might be blocking port 25 which is needed so that SMTP servers (for delivering mail) can talk to each other. Using a DNS provider that offers SMTP services to another port together with your Airport Extreme, this isn't hard to overcome.
Third, look here to see if you've set up mail correctly: http://krypted.com/mac-os-x/setting-up-the-mail-service-in-mountain-lion-server/
Thank you for your response.
I am running 2.1.1 and I am running this server at home.
I've been running a OS X mail server successfully for a number of years with the same ISP without issues on port 25. Recently, I called to ask them if they were blocking a different port for a different issue and they told me that they "do not block any ports, ever, period".
So I think I am ok there. I've seen that post before, but I'll read through it more carefully this time and report back.
So I ran through the krypted.com page. I can successfully telnet on 25. My fullstatus read-out is pretty much the same as his (except for timestamps of course).
I'm not sure if this is mandatory or not, but I haven't done anything in here and I’m not sure what it's for:
mail:postfix:mynetworks:_array_index:0 = “127.0.0.0/8″ – Add entries to this one to add “local” clients
Other than that, things look good.
Nothing terribly descriptive (to me) unfortunately:
Oct 15 14:30:24 server.mydomain.com log: imap(pid 21731 user com.apple.calendarserver): Disconnected: Logged out bytes=68/817
Oct 15 14:30:55 server.mydomain.com log: imap-login: Login: user=<com.apple.calendarserver>, method=CRAM-MD5, rip=127.0.0.1, lip=127.0.0.1, mpid=21731, TLS
REPEAT the above two statements a lot
Oct 15 14:30:55 server.mydomain.com log: imap(pid 21731 user com.apple.calendarserver): Disconnected: Logged out bytes=68/817
SMTP Log shows some things though:
Oct 15 14:24:58 server.mydomain.com postfix/qmgr: AC28E8D9A9: from=<email@example.com>, size=27929, nrcpt=1 (queue active)
Oct 15 14:24:58 server.mydomain.com postfix/error: 667488EAA9: to=<firstname.lastname@example.org>, relay=none, delay=21135, delays=21135/0.15/0/0.03, dsn=4.3.0, status=deferred (mail transport unavailable)
Oct 15 14:24:58 server.mydomain.com postfix/error: AC28E8D9A9: to=<email@example.com>, relay=none, delay=33950, delays=33950/0.07/0/0.01, dsn=4.3.0, status=deferred (mail transport unavailable)
Oct 15 14:24:58 server.mydomain.com postfix/error: 6ED788EAA5: to=<firstname.lastname@example.org>, relay=none, delay=21143, delays=21143/0.11/0/0.02, dsn=4.3.0, status=deferred (mail transport unavailable)
Oct 15 14:29:58 server.mydomain.com mail_groups: initializing email group services
Oct 15 14:29:59 server.mydomain.com mail_groups: no enabled mail groups found
Oct 15 14:29:59 server.mydomain.com mail_groups: sleeping for: 1 hour(s)
Oct 15 14:34:58 server.mydomain.com postfix/qmgr: 1F6C98DB8A: from=<email@example.com>, size=17580, nrcpt=1 (queue active)
Oct 15 14:34:58 server.mydomain.com postfix/qmgr: warning: connect to transport private/smtp-amavis: Connection refused
Oct 15 14:34:58 server.mydomain.com postfix/error: 1F6C98DB8A: to=<firstname.lastname@example.org>, relay=none, delay=33807, delays=33807/0.1/0/0.01, dsn=4.3.0, status=deferred (mail transport unavailable)
Oct 15 14:37:29 server.mydomain.com postfix/smtpd: warning: hostname proxy.address.com does not resolve to address XX.XXX.XXX.XXX: nodename nor servname provided, or not known
Oct 15 14:37:29 server.mydomain.com postfix/smtpd: connect from unknown[XX.XXX.XXX.XXX]
Oct 15 14:37:33 server.mydomain.com postfix/smtpd: lost connection after EHLO from unknown[XX.XXX.XXX.XXX]
Oct 15 14:37:33 server.mydomain.com postfix/smtpd: disconnect from unknown[XX.XXX.XXX.XXX]
Do you get these errors? Do you think they could be related?
2012-10-15 4:31:17.839 PM com.apple.launchd: (com.apple.collabd.expire) Exited with code: 1
2012-10-15 4:31:18.000 PM kernel: Sandbox: sandboxd(26449) deny mach-lookup com.apple.coresymbolicationd
2012-10-15 4:31:19.405 PM sandboxd: () collabpp(26445) deny file-read-metadata /private/var/teamsserver
2012-10-15 4:31:19.448 PM sandboxd: () collabpp(26445) deny file-read-data /Library/Preferences/.GlobalPreferences.plist
2012-10-15 4:31:20.456 PM sandboxd: () collabpp(26445) deny file-read-data /Library/Preferences/.GlobalPreferences.plist
2012-10-15 4:34:00.435 PM collabd: [CSContentService:47 cd41000 +19ms] Detected Magic Superuser Auth Token
I'm not sure why there could be so many errors with a fresh install and the basic services set up. Maybe I didn't do it in the right order, but I was following the order of topics in the Apple admin guide.
Is there a recommended order to the initial set up that I should follow?
Seems so, but I don't know what I'm looking for. Previously, I increased the size limit, but that's the only thing I've changed that I recognize in here.
I noticed entries for TLS. Is that required on the client side? I would have expected Profile Manager to set that all up when I issued the profiles.
Uncommented lines only:
queue_directory = /Library/Server/Mail/Data/spool
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /Library/Server/Mail/Data/mta
mail_owner = _postfix
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = _postdrop
html_directory = /usr/share/doc/postfix/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix/examples
readme_directory = /usr/share/doc/postfix
dovecot_destination_recipient_limit = 1
mailbox_size_limit = 0
smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
tls_random_source = dev:/dev/urandom
imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.cred
use_sacl_cache = yes
mydomain_fallback = localhost
message_size_limit = 104857600
biff = no
mynetworks = 127.0.0.0/8, [::1]/128
smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated permit
recipient_delimiter = +
smtpd_tls_ciphers = medium
inet_protocols = all
inet_interfaces = all
config_directory = /Library/Server/Mail/Config/postfix
smtpd_enforce_tls = no
smtpd_use_pw_server = yes
smtpd_tls_cert_file = /etc/certificates/server.mydomain.com.3CFA895E35F8C6ABD1641E07CE2CE315EA908FE1. cert.pem
mydomain = mydomain.com
smtpd_pw_server_security_options = cram-md5,gssapi,login,plain
smtpd_sasl_auth_enable = yes
smtpd_helo_required = no
smtpd_tls_CAfile = /etc/certificates/server.mydomain.com.3CFA895E35F8C6ABD1641E07CE2CE315EA908FE1. chain.pem
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination permit
myhostname = server.mydomain.com
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/certificates/server.mydomain.com.3CFA895E35F8C6ABD1641E07CE2CE315EA908FE1. key.pem
enable_server_options = yes
recipient_canonical_maps = hash:/Library/Server/Mail/Config/postfix/system_user_maps
virtual_alias_maps = $virtual_maps
smtpd_sasl_local_domain = server.mydomain.com
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mailbox_transport = dovecot
I tried resorting to the default and I tried retrofitting someone else's main.cf from another post, but SMTP still doesn't work in either case and IMAP only works with Cleartext.
At this point I think I have to start over and reinstall, but I'd like to find out an appropriate order of operations first.
Unfortunately, Lynda.com didn't do a Mountain Lion Server series so I can't get a subscription there and following the order of topics in the Apple documentation didn't work this time so I'm wondering if someone can point me to a good source of orderly information or tell me their approach.
Here's what I've gleaned from another post (thanks Martyin):
- initial Mountain Lion, then install and setup OSX Server (basic)
- Adjust and or Check! the DNS for correct operation, as it is the only service started after the basic installation.
- Question: If I have an MX record at the registrar and a mail -> server.mydomain.com alias on the server, do I need an MX record on the server?
- Breakdown for DNS records that I would set up. Please correct me if I'm wrong:
- server. machine record
- server. name server record (in primary and reverse zones)
- www alias
- mail alias
- _carddav service as per Apple doc
- _caldav service
- reverse IP to server. mapping
- reallocate the Users Map / groups map and or server data location.
- Since I'm doing a new install, I'm not sure if this applies to my case
- Create the "missing" teamsserver map and give appropriate rights
chown _teamsserver:teamsserver teamsserver
- I've noticed this error among many others in the standard install so this is a good time to correct it. Let me know if there are others that I can/should do.
- Configure the correct ports / port forwarding
- Question: Including typical Mail ports manually since there is no preset, right?
- Check if needed the Certs ( if needed cause you have a commercial one )
- Start the Profile Manager configuration (Without starting up the service, just configure)
- Check the logs after this
- Start Web server and Wiki and Messenger
- Start Profile manager
- Start rest of the services as needed
- After checking logs again and if everything seems ok, THEN start creating users and groups.
Is this an appropriate order? Is anything missing?
So I reinstalled following the procedure above and things are better except a couple of issues:
- I can send mail from my Mac but I can't send from the iPhone
- Profile Manager insists on setting up the Mail account with port 143 despite having SSL checked
- Profile Manager also insists on setting up anything with an email address as "@server.mydomain.com" instead of "@mydomain.com" (i.e. with the subdomain)
- I'm getting enormous amounts of mail log errors suddenly tonight
"Oct 18 22:38:51 server.mydomain.com postfix/postscreen: CONNECT from [18.104.22.168]:10239 to [10.0.1.50]:25
Oct 18 22:38:51 server.mydomain.com postfix/postscreen: PASS OLD [22.214.171.124]:10239
Oct 18 22:38:51 server.mydomain.com postfix/smtpd: connect from 173-9-1-233-newengland.hfc.comcastbusiness.net[126.96.36.199]
Oct 18 22:38:52 server.mydomain.com postfix/smtpd: error: authentication method: LOGIN is not enabled
Oct 18 22:38:52 server.mydomain.com postfix/smtpd: warning: 173-9-1-233-newengland.hfc.comcastbusiness.net[188.8.131.52]: SASL LOGIN authentication failed"
I don't recognize the IP address which suggests that someone is trying to get in via a brute force attack, but I have a feeling that maybe I have something set wrong. Even if I leave the Mail service off for an hour it comes back as soon as I start it up again.
I tried Icefloor to block the IP with pfctl, but ended up blocking port 25 instead. Mail is set to authenticate by SSL cert (not self-signed), Kerberos or MD5 only so I'm hoping that's good insurance.
What can I do to see if I have something set wrong? I don't really like the idea of having to permanently block port 25 when I never had to before, especially since I'm having send problems.