Noah Goodrich's questions

Given the following virtualhost:

<VirtualHost *:80>
    DocumentRoot "/var/www/dashboards/public/dist"
    Servername local.dashboards
    ServerAlias local.dashboards

    Header add Access-Control-Allow-Origin: "*"
    Header add Access-Control-Allow-Methods: "POST, GET, OPTIONS, PUT, DELETE, HEAD"
    Header set Access-Control-Allow-Headers: "Origin, X-Requested-With, Content-Type, Accept, Authorization"

    Alias /api /var/www/dashboards/laravel/public

    <Directory "/var/www/dashboards/public/dist">
        Options MultiViews FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    <Directory "/var/www/dashboards/laravel/public">
        Options MultiViews FollowSymLinks
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    <Location />
        ProxyPass http://localhost:3030/
        ProxyPassReverse http://localhost:3030/
    </Location>

    ErrorLog ${APACHE_LOG_DIR}/dashboards.error.log
    CustomLog ${APACHE_LOG_DIR}/dashboards.access.log combined

</VirtualHost>

Can ahyone suggest why requests to local.dashboards/api are still being caught by the Location directive? I can confirm that the node server is catching the request to /api and returning a 404 page.

This morning, in order to correct a problem with a name mismatch in the security certificate, I followed the recommended steps from How to fix mail server SSL?, but now, when attempting to send an email from a client (in this case the client is Windows Mail), I receive the following error.

The rejected e-mail address was '[email protected]'. Subject 'This is a test. ', Account: 'mail.domain.com', Server: 'mail.domain.com', Protocol: SMTP, Server Response: '554 5.7.1 : Relay access denied', Port: 25, Secure(SSL): No, Server Error: 554, Error Number: 0x800CCC79

Edit: I can still retrieve emails from this account, and I send emails to other accounts at the same domain. I just can't send emails to recipients outside of our domain.

I tried disabling TLS altogether but no dice, I still get the same error.

When I check file mail.log, I see the following.

Jul 18 08:24:41 company imapd: LOGIN, [email protected], ip=[::ffff:111.111.11.11], protocol=IMAP
Jul 18 08:24:42 company imapd: DISCONNECTED, [email protected], ip=[::ffff:111.111.11.11], headers=0, body=0, rcvd=83, sent=409, time=1
Jul 18 08:25:19 company postfix/smtpd[29282]: connect from company.university.edu[111.111.11.11]
Jul 18 08:25:19 company postfix/smtpd[29282]: NOQUEUE: reject: RCPT from company.university.edu[111.111.11.11]: 554 5.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<UserPC>
Jul 18 08:25:19 company postfix/smtpd[29282]: disconnect from company.university.edu[111.111.11.11]
Jul 18 08:25:22 company imapd: DISCONNECTED, [email protected], ip=[::ffff:111.111.11.11], headers=13, body=142579, rcvd=3289, sent=215892, time=79

File main.cf looks like this:

#
# Postfix MTA Manager Main Configuration File;
#
# Please do NOT edit this file manually;
#

#
# Postfix directory settings; These are critical for normal Postfix MTA functionallity;
#

command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix

#
# Some common configuration parameters;
#

inet_interfaces = all
mynetworks = 127.0.0.0/8
mynetworks_style = host

myhostname = mail.domain.com
mydomain = domain.com
myorigin = $mydomain

smtpd_banner = $myhostname ESMTP 2.4.7.1 (Debian/GNU)
setgid_group = postdrop

#
# Receiving messages parameters;
#

mydestination = localhost, company 
append_dot_mydomain = no
append_at_myorigin = yes
transport_maps = mysql:/etc/postfix/transport.cf

#
# Delivering local messages parameters;
#

mail_spool_directory = /var/spool/mail
mailbox_size_limit = 0
mailbox_command = procmail -a "$EXTENSION"

biff = no

alias_database = hash:/etc/aliases

local_recipient_maps =

#
# Delivering virtual messages parameters;
#
virtual_mailbox_maps=mysql:/etc/postfix/mysql_virt.cf
virtual_uid_maps=mysql:/etc/postfix/uids.cf
virtual_gid_maps=mysql:/etc/postfix/gids.cf
virtual_mailbox_base=/usr/local/virtual
virtual_maps=mysql:/etc/postfix/virtual.cf
virtual_mailbox_domains=mysql:/etc/postfix/virtual_domains.cf


#
# SASL paramters;
#
smtp_use_tls = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s

smtp_tls_CAfile = /etc/postfix/ssl/smptd.pem
smtp_tls_cert_file = /etc/postfix/ssl/smptd.crt
smtp_tls_key_file = /etc/postfix/ssl/smptd.key

smtpd_tls_CAfile = /etc/postfix/ssl/smptd.pem
smtpd_tls_cert_file = /etc/postfix/ssl/smptd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smptd.key

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain =

broken_sasl_auth_clients = yes

smtpd_sender_restrictions =
        permit_sasl_authenticated
        permit_mynetworks

smtpd_recipient_restrictions =
        permit_sasl_authenticated
        check_recipient_access hash:/etc/postfix/filtered_domains
        permit_mynetworks
        reject_unauth_destination

As a side note, my employer wants to be able to send emails from clients (Thunderbird and Outlook) both from within our local network and outside it.

I am responsible for maintaining two Debian servers. Every time I have to do anything with security certificates, I Google for tutorials and beat away until it finally works.

However, in my searches I often come across different file formats (.key, .csr, .pem) but I've never been able to find a good explanation of what each file format's purpose is.

I was wondering if the good folks here at ServerFault could provide some clarification on this matter?

I am responsible for managing both our production server (mail, web, database are all on one server) and our test server. Both are built on Debian. However as I am very new to system administration, I have only been installing updates as I come across things that have to be updated so that I can have newer features and get bug fixes. Its a pretty ad hoc process right now, and I'd like to make it less so.

So I am wondering how people who know what they're doing handle this? How often do you perform upgrades on your servers? Is the upgrade process different between test and production? Do you always upgrade any test servers first? And do you do a full update of all software, or do you just install selected updates?

Our mail server was originally set up using self-created certificates. However when those expired, and I tried to recreate them, the whole thing just blew up. Since I know it will be important, we are running a Debian server and postfix.

Now I see these errors generated in the mail logs:

May 15 08:06:34 letterpress postfix/smtpd[22901]: warning: cannot get certificate from file /etc/postfix/ssl/smtpd.cert
May 15 08:06:34 letterpress postfix/smtpd[22901]: warning: TLS library problem: 22901:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/etc/postfix/ssl/smtpd.cert','r'):
May 15 08:06:34 letterpress postfix/smtpd[22901]: warning: TLS library problem: 22901:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
May 15 08:06:34 letterpress postfix/smtpd[22901]: warning: TLS library problem: 22901:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:720:
May 15 08:06:34 letterpress postfix/smtpd[22901]: cannot load RSA certificate and key data

And when trying to access email from a client like Thunderbird from outside our local network, you receive "Unable to connect to smtp server".

I have verified that the file /etc/postfix/ssl/smtpd.cert does exist. The current owner of the file is root:root. Does this need to be changed?