dovecot:Failed to lookup domain owner - dovecot

Can't get mails then connected with The Bat!
Server sends:
-ERR Authentication failed.
and the record in maillog is:
dovecot: auth(default): Failed to lookup domain owner of
The problem occurred after I rebuild the Apache.
Where can be problem?

As hoster support said:
The reason was that the hostname was the same as domain. The mail server tried to authenticate agains system users for the VPS instead of virtual users for the domain.

Related

How to add SPF record through dedicated servers

hope everyone will be doing fine.
I am having a problem with sending emails to other domains. I have setup SMTP server on one of the dedicated servers and all the applications on each dedicated server are using this only SMTP. Now emails are not being received on gmail. I have read somewhere that there must be SPF record added to SMTP.
I am just a software engineer and never worked on maintaining the servers or networking, so do not know what to do to add this record.
On many forums, I have read that you must add this using CPanel, I want to know whether can I add this by logging to the dedicated server or I really need CPanel to connect? (Actually I have also forgot the CPanel details, although have requested to hosting provider to retrieve)
Please help me, one might have to give me a detailed info as well as assistance.
Regards
An SPF record must be setup in the DNS zone where the domain is hosted.
Is that on your actual server or are you using external DNS hosting?
In case it's on your own server and you use 'bind', edit the DNS file located at /var/named/domain.com (where domain.com is your actual domain name) and set it up as followed:
domain.com. 14400 IN TXT "v=spf1 a mx ip4:192.168.5.10
~all"
** Comment: 192.168.5.10 is the IP of your mailserver
After this is done, restart the DNS server with /etc/init.d/named restart
To check if your SPF record is setup correctly, check it out via MXTOOLBOX:
http://mxtoolbox.com/spf.aspx
You fill in the domain name there for the domain where the SPF record has just been installed. If it's setup correctly, it will show.
One other small advice I have is to also work with DKIM (especially needed for good delivery to Hotmail).
Yes, If you are using cpanel on your server then you need to enable SPF through cpanel. OR you can use following command to enable SPF for your domain.
/usr/local/cpanel/bin/spf_installer cpusername

Relay access denied on sending mail, Other domain outside of network

Sending mail results in error "Relay access denied".
It throws "Relay access denied", whenever I tried to send mail to "other_domain" from "outside_network".
It works just fine for "myown_domain" from "outside/inside_network" and to "other_domain" from "inside_network".
Here is the list of telnet commands.
mail from:myself#mydomain.com
- 250 2.1.0 Ok
rcpt to:yourself#mydomain.com
- 250 2.1.5 Ok
rcpt to:yourself#yourdomain.com
- 554 5.7.1 <yourself#yourdomain.com>: Relay access denied.
rcpt to:yourself#gmail.com
- 554 5.7.1 <yourself#gmail.com>: Relay access denied.
rcpt to:yourself#yahoo.com
- 554 5.7.1 <yourself#yahoo.com>: Relay access denied.
I followed all the steps described in "Microsoft Support" and make sure that server configured in correct way and it do not reject any mail. I also tried to trace through using couple of blogs like this one.
While using MxToolbox also got the same result "Relay access denied".
As "Relay access denied" is very common issue.. there are lot of blogs/documentation are there.. I tried to read all, but I think I am looking in wrong place.
Does anybody have any suggestion?
If it is giving you relay access denied when you are trying to send an email from outside your network to a domain that your server is not authoritative for then it means your receive connector does not grant you the permissions for sending/relaying. Most likely what you need to do is to authenticate to the server to be granted the permissions for relaying but that does depend upon the configuration of your receive connector. In Exchange 2007/2010/2013 you would need to enable ExchangeUsers permission group as well as an authentication mechanism such as Basic authentication.
Once you're sure your receive connector is configured make sure your email client is configured for authentication as well for the SMTP server. It depends upon your server setup but normally for Exchange you would configure the username by itself, no need for the domain to appended or prefixed to it.
To test things out with authentication via telnet you can go over my post here for directions: https://jefferyland.wordpress.com/2013/05/28/essential-exchange-troubleshooting-send-email-via-telnet/
Configuring $mail->SMTPAuth = true; was the solution for me. The reason why is because without authentication the mail server answers with 'Relay access denied'. Since putting this in my code, all mails work fine.
I'm using THUNDERBIRD as a MUA and I have same issues.
I solved adding the IP address of my home PC on mynetworks parameter on main.cf
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 MyIpAddress
P.S. I don't have a static ip for my home PC so when my ISP change it I ave to adjust every time.
Set your SMTP auth to true if using the PHPmailer class:
$mail->SMTPAuth = true;

Qmail SMTP server behind firewall configuration

i've a problem with configuration Qmail + SimScan + SpamAssassin (dovecot + RoundCube) with SPF plugin.
For Spf spam prevention, this system rejects all mail that don't passed SPF test with tool "spfquery" (read SPF explanation for understand my problem).
My Network configuration is:
NAT/Firewall: 10.0.1.1
MailServer: 10.0.1.2
Dns Server : 10.0.1.19
External IP: 212.212.12.12
All modules in my mail server works greatly, also network configuration.
Now i've problem with SPF-rejection or DNSBL, beacuse server IP for incoming mail is 10.0.1.1
Log for smtp server is:
CHKUSER accepted sender: from remote mx5.pippo.com:unknown:10.0.1.1> rcpt <> : sender accepted
qmail-smtpd: spf-reject: HELO(mx5.pippo.com) from 10.0.1.1 MAILFROM:info#pippo.com
Why my tcpserver see mail from 10.0.1.1 and not from mx record of pippo.com?
This is a bad configuration of my NAT or tcpserver/smtp server?
Intersting question. I think something is wrong with your config.
If I understand correctly, your MX record for your domain points to 212.212.12.12, which is the external IP of your router. You have port-forwarding setup on your router, to forward incoming connections on 212.212.12.12:25 to 10.0.1.2:25, which is the IP of your mail server on your private network.
If that's the case, your mail server should still see the connections from the remote IP that they are originating from, it should not look like the connections are coming from 10.0.1.1. Port-forwarding only re-writes the destination IP address on the packets, not the source address.
To confirm this, I did a test on a similar setup that I have at my house. I logged in remotely to a Linux box that I have running on my home network, on an inside IP behind by router, like you have. The Linux box did indeed see that I was coming from my remote IP address, not my home router's IP address.

SQL Server NETWORK SERVICE account permissions

My SQL Server Windows service is set to use the NETWORK SERVICE account.
The server is installed to C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL.
However looking at the permissions on that folder, NETWORK SERVICE does not have any permissions. The groups which are allowed access to that folder are...
CREATOR OWNER - who is this?
SYSTEM - sounds fine - so that Windows can access the folder I presume?
SQLServerMSSQLUser$Computer_Name$MSSQLSERVER - this is the interesting one - what is this?
Administrators
Users
If NETWORK SERVICE is a user with minimal permissions on the system and looks to the O/S as someone connecting from a network how does it have permissions to access any files in the SQL Server install folder?
Thanks.
See Setting Up Windows Service Accounts in the SQL Server documentation:
SQL Server uses a security group to set resource ACLs rather than using the service account directly, so changing the service account can be done without having to repeat the resource ACL process. The security group can be a local security group, a domain security group or a service SID.
During SQL Server installation, SQL Server Setup creates a service group for each SQL Server component. These groups simplify granting the permissions that are required to run SQL Server services and other executables, and help secure SQL Server files.
Depending on the service configuration, the service account for a service or service SID is added as a member of the service group during install or upgrade.
That's what SQLServerMSSQLUser$Computer_Name$MSSQLSERVER is.
About NetworkService Account:
The NetworkService account is a predefined local account used by the service control manager.
...
A service that runs in the context of the NetworkService account presents the computer's credentials to remote servers.
NOT, as you put it:
looks to the O/S as someone connecting from a network

Installing Windows Server AppFabric - Unknown user name or bad password

I'm installing Windows Server AppFabric in a Windows 2008 R2 SP1 that is part of my domain. On the Configure Hosting Service, I would like to configure each AppFabric service on a separate Domain account. I've created the 3 necessary databases on a separate database server that is also part of my domain, and 3 domain users, and I've given each domain user db_owner privilege on it's respective database.
When I'm installing Windows Server AppFabric, and I try to set the monitoring configuration, and on the AppFabric Event Collection service account, I'm trying to use the domain user, but it keeps giving me Logon Failure: Unknown username or bad password, but the user and password are valid! On the same server, if I do a runas with the same domain user and password, I open any application I want.
Is there a restriction on using domain accounts for this? I've placed all 3 accounts as local admin and on AS_Administrators, to see if it helped, but it's no good.
After a LOT of troubleshooting, I found out how to configure it. Before the Windows Server AppFabric Configuration Wizard is opened, go to the Services, and configure the 3 services (AppFabricCachingService, AppFabricEventCollectionService and AppFabricWorkflowManagementService) with the domain users you want. Then, you open the Wizard, and the correct domain users will already be configured, and all you need to do is configure the database.
The post https://stackoverflow.com/questions/4733348/configuring-appfabric-with-remote-database also helped, along with the article http://msdn.microsoft.com/en-us/library/ff637739.aspx