hello
INSERT INTO users (id,name,maildir,crypt) VALUES ('xandros@blobber.org','xandros','xandros/', encrypt('apassword') );
/var/mail/virtual/xandros/ is created for that, is not it? why not something like /var/mail/virtual/blobber.org/xandros/ ? what to do if i want 2 separate maildirs for name in 2 domains ? just create user with such maildir in mysql query?

2009-12-30 18:22 utc+3 :
there are also 40-policy_banks and 21-ubuntu_defaults files in /etc/amavis/conf.d in ubuntu 9.10 .

2009-12-31 17:41 utc+3 :
flurdy, in previous edition you say to create postfix certificate myself in /etc/postfix/ , in the current edition you say to use /etc/ssl/certs/ssl-cert-snakeoil.pem i have looked that directory , no such file there but many certificate files, i think, does not this mean that i should use one of them?

2010-01-01 14:58 utc+3 : i have made this yesterday. thank you. postgrey makes it to receive mail longer, i am going to disable it.

2010-01-01 20:51 utc+3 : one bug of this in ubuntu 9.10 is that "virtual" user has appeared on the login screen.

Hi Guys

New to the forum :D

I've been following the 9th edition and got the basic setup done.

I am able to send and receive email through telnet, however I am having problems with getting a mail client (e.g Thunderbird) to send email via smtp.

Here is my /etc/postfix/main.cf


alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
delay_warning_time = 4h
disable_vrfy_command = yes
inet_interfaces = all
local_recipient_maps =
mailbox_size_limit = 0
maximal_backoff_time = 8000s
maximal_queue_lifetime = 7d
minimal_backoff_time = 1000s
mydestination =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks_style = host
myorigin = chris-reeves.com
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_helo_timeout = 60s
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_limit = 16
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
smtpd_soft_error_limit = 3
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 450
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf


The mail client is able to connect and receive emails via IMAP, but when it comes to SMTP sending it fails, this is what I get in the /var/log/mail.log


Dec 31 15:37:01 localhost postfix/smtpd[6393]: warning: 92.11.7.17: hostname host-92-11-7-17.as43234.net verification failed: Name or service not known
Dec 31 15:37:01 localhost postfix/smtpd[6393]: connect from unknown[92.11.7.17]
Dec 31 15:37:01 localhost postfix/smtpd[6393]: disconnect from unknown[92.11.7.17]


I've followed the guide to the letter, so I'm a little confused as to why it's not able to send emails via SMPT. :confused:

Any help guys?

Thanks

Chris

I have some question with the shorewall configuration part which is vi /etc/shorewall/rules

SSH/ACCEPT net $FW

I am confused with the entry above,the entry above should insert into which column?

After that,it said once the server is working, go back to vi /etc/shorewall/rules
how do i know the server is working or not? Anybody knows?

and the open business part is really confusing,
I have no idea how to insert the entries into it,can anybody shows me the screen shot or guidance so that i can understand?

tq.

hello. i have read shorewall manuals once, may be when reading this how-to, but i could not understand easily, (and i had not installed mail with this how-to that time), then iptables seemed easier to me, and now i use iptables and i left shorewall configuration part of this how-to.

Need of a little help. I am setting up email server on ubuntu desktop 9.10 and following the tutorial (I think). I didn't install shorewall cause i'm using the firewall in the router. I can send no problem and when I try to telnet from the server from itself to receive an email I get "status=bounced (mail for domain.com loops back to myself) in the mail.log folder. It seems to be getting rejected before the system can receive the email. I'm not seeing any other errors, but they may come once the email gets through.

Please help running out of stuff to read.

Thanks

Need of a little help. I am setting up email server on ubuntu desktop 9.10 and following the tutorial (I think). I didn't install shorewall cause i'm using the firewall in the router. I can send no problem and when I try to telnet from the server from itself to receive an email I get "status=bounced (mail for domain.com loops back to myself) in the mail.log folder. It seems to be getting rejected before the system can receive the email. I'm not seeing any other errors, but they may come once the email gets through.

Please help running out of stuff to read.

Thanks

Might be a good idea to start a new thread in the server section of the forum or ask the staff to move your query from the "outdated tutorials" section of the forum.

(No clue comes to mind why your telnet might be bouncing..... possibly a problem with your how your "hosts" information is configured)

Thanks lisati I'll do that.

Hello everybody,
I am trying to set up a mail server on ubuntu 9.10 Server installed on VMware. In order to do that, I chose postfix and I followed the following tutorial (http://flurdy.com/docs/postfix/). But after I finished the setup, I am not able to run the basic server. The problem is that I have to setup the mail server for an entreprise where I'm doing my internship. First I just wanted to test it locaally before being able to bind it to a future Internet web site. I don't really know what's wrong with my basic setup. By the way I haven't set the DNS and I don't know if it's mandatory to do that even for local tests. Also, the machine is under dhcp. I'm also trying to install and set another mail server called Zimbra as someone advised me to, but as many people succeeded in installing and running Postfix, I really want to know what's wrong with my configuration. Below, you'll find some commands I typed and the results.

Hello everybody,
I am trying to set up a mail server on ubuntu 9.10 Server installed on VMware. In order to do that, I chose postfix and I followed the following tutorial (http://flurdy.com/docs/postfix/). But after I finished the setup, I am not able to run the basic server. The problem is that I have to setup the mail server for an entreprise where I'm doing my internship. First I just wanted to test it locaally before being able to bind it to a future Internet web site. I don't really know what's wrong with my basic setup. By the way I haven't set the DNS and I don't know if it's mandatory to do that even for local tests. Also, the machine is under dhcp. I'm also trying to install and set another mail server called Zimbra as someone advised me to, but as many people succeeded in installing and running Postfix, I really want to know what's wrong with my configuration. Below, you'll find some commands I typed and the results.

in your attached screenshots it says: status:sent(delivered to mailbox)

So your postfix works.
(The rbl errors are due to dns but the server still works.)

Thanks a lot flurdy,Now it's ok I send and receive local messages. But when I tried to send messages to external domains like my gmail address it doesn't work as expected although I put the smtp address of my ISP in the relayhost case. What could be the problem??

Thanks a lot flurdy,Now it's ok I send and receive local messages. But when I tried to send messages to external domains like my gmail address it doesn't work as expected although I put the smtp address of my ISP in the relayhost case. What could be the problem??

Does your ISP block port 25?

I don't know if my ISP blocks port 25, but I'm going to check it right now

Hi Flurdy,

I am very confused in adding users and domains part.

First, is it I need to log in to mysql database using mysql -u root -p?

Then just follow whatever the instruction in that particular part?

Second, is it I only can test my email server after adding users and domains?

I have nearly finish my basic email server setup, just have a bit problem with firewall part.

Hope you can answer my question as soon as possible, so that i can solve my project faster. thank you very much.

Ive updated the SASL section of flurdy.com/docs/postfix/ (http://flurdy.com/docs/postfix/) to properly explain how to use password that are encrypted in the database.

hi flurdy,

i am very confused in adding users and domains part.

First, is it i need to log in to mysql database using mysql -u root -p?

Then just follow whatever the instruction in that particular part?

Second, is it i only can test my email server after adding users and domains?

I have nearly finish my basic email server setup, just have a bit problem with firewall part.

Hope you can answer my question as soon as possible, so that i can solve my project faster. Thank you very much.


1)
Are you asking of you need to log in as root in the configuring the database or the add user section?

For the add domains and users section you log in as the mail user. But you can log in as root as well.

For adding domains and users you have to add the required ones.

Then modify the examples for normal users to suit your requirements.

2)
You can test your server without user etc. Especially not needed early on when you are simply testing if the server is up and can connect etc and not worried if the emails are rejected or not.

But eventually you will need domains and users otherwise testing will always reject your emails. So you need them quite early.

Still no idea why my tutorial at some point was moved to the "outdated tutorial" forum, but nevermind.

I have gone through this tutorial and have just about everything working. I can send/receive mail via postfix using telnet. I can connect an email client, Thunderbird, from another system in the same network. I can receive mail in the mail client. However, I cannot send mail while using the mail client. I receive the following error in /mail.log:

Feb 16 14:56:40 pg4 postfix/smtpd[4837]: connect from unknown[172.20.X.XXXX]
Feb 16 14:56:40 pg4 postfix/smtpd[4837]: setting up TLS connection from unknown[172.20.X.XXXX]
Feb 16 14:56:40 pg4 postfix/smtpd[4837]: TLS connection established from unknown[172.20.X.XXXX]: SSLv3 with cipher DHE-RSA-... (256/256 bits)
Feb 16 14:56:40 pg4 postfix/smtpd[4837]: warning: SASL authentication failure: no secret in database
Feb 16 14:56:40 pg4 postfix/smtpd[4837]: warning: unknown[172.20.X.XXXX]: SASL CRAM-MD5 authentication failed
Feb 16 14:56:43 pg4 postfix/smtpd[4837]: warning: SASL authentication failure: no secret in database
Feb 16 14:56:43 pg4 postfix/smtpd[4837]: warning: unknown[172.20.X.XXXX]: SASL CRAM-MD5 authentication failed
Feb 16 14:56:45 pg4 postfix/smtpd[4837]: disconnect from unknown[172.20.X.XXXX]

When I try to send a message in Thunderbird, I get a prompt telling me the password for the server is incorrect. If I reenter what should be the correct password, I receive the prompt again.

Any thoughts?

I have gone through this tutorial and have just about everything working. I can send/receive mail via postfix using telnet. I can connect an email client, Thunderbird, from another system in the same network. I can receive mail in the mail client. However, I cannot send mail while using the mail client. I receive the following error in /mail.log:

Feb 16 14:56:40 pg4 postfix/smtpd[4837]: connect from unknown[172.20.X.XXXX]
Feb 16 14:56:40 pg4 postfix/smtpd[4837]: setting up TLS connection from unknown[172.20.X.XXXX]
Feb 16 14:56:40 pg4 postfix/smtpd[4837]: TLS connection established from unknown[172.20.X.XXXX]: SSLv3 with cipher DHE-RSA-... (256/256 bits)
Feb 16 14:56:40 pg4 postfix/smtpd[4837]: warning: SASL authentication failure: no secret in database
Feb 16 14:56:40 pg4 postfix/smtpd[4837]: warning: unknown[172.20.X.XXXX]: SASL CRAM-MD5 authentication failed
Feb 16 14:56:43 pg4 postfix/smtpd[4837]: warning: SASL authentication failure: no secret in database
Feb 16 14:56:43 pg4 postfix/smtpd[4837]: warning: unknown[172.20.X.XXXX]: SASL CRAM-MD5 authentication failed
Feb 16 14:56:45 pg4 postfix/smtpd[4837]: disconnect from unknown[172.20.X.XXXX]

When I try to send a message in Thunderbird, I get a prompt telling me the password for the server is incorrect. If I reenter what should be the correct password, I receive the prompt again.

Any thoughts?

I updated the SASL authentication a few days ago.
Check if it solves your problem. Such as adding postfix to sasl user etc.

I updated the SASL authentication a few days ago.
Check if it solves your problem. Such as adding postfix to sasl user etc.

I noticed that you updated the SASL portion and was eager to walk through it hoping it would resolve my issue... Unfortunately it did not.

A general question:
Is there a version of the tutorial for 8.04 that describes how to set up an outgoing only mail server? (Ideally for ppl who have comcast or verizon as their ISP?)

OR

A 'bare bones' version that does both outgoing and incoming?

Thanks for any help....
-John

First off, I'm kind of a noob with ubuntu, but I'll try my best to explain my problem.

I followed your tutorial and everything works great.

My problem is that I am trying to add a plug-in for Squirrelmail, so that a user can change their password instead of changing it through SQL. So, I am trying to set up 'Change SQL Password' plugin from squirrelmail.org, I installed the compatibility plug-in as well. So far, I have the plug-in installed, but when squirrelmail accesses the SQL database it can't compare the old password properly to change it.

id: root@localhost
pw: 1234

The configuration file for Change SQL Password, the main lines:
accesses the SQL database:
$csp_dsn = 'mysl://mail:****@localhost/maildb';
looks up password to compare:
$lookup_password_query = 'SELECT count(*) FROM users WHERE id = "%1" AND crypt = %4';
encryption method:
$password_encryption = 'MYSQLENCRYPT';
salt static and query are set to: nothing

MySQL Log:
210 Connect mail@localhost on
210 Init DB maildb
210 Init DB maildb
209 Query SELECT count(*) FROM users WHERE id = "root@localhost" AND crypt = encrypt("1234")
209 Quit

Squirrelmail responds with "Your old password does not match".

Thanks

1)
Are you asking of you need to log in as root in the configuring the database or the add user section?

For the add domains and users section you log in as the mail user. But you can log in as root as well.

For adding domains and users you have to add the required ones.

Then modify the examples for normal users to suit your requirements.

2)
You can test your server without user etc. Especially not needed early on when you are simply testing if the server is up and can connect etc and not worried if the emails are rejected or not.

But eventually you will need domains and users otherwise testing will always reject your emails. So you need them quite early.


thank you flurdy, how can i know my server is up or not?

Have been running Flurdy's mail server for about 3 years based on Ubuntu 6.06 and thought it about time to get up to a newer version. So loaded up 9.10 server and followed it thru step by step. I am running it on the bench off the Interenet for testing purpose. Before the advanced setup it seemed to be sending and receiving OK. I had imported the old databases from 6.06 (MySQL)

With the advanced setup, the moment another mail server tries to connect or I even do a telnet localhost 25 I get:

Feb 26 01:15:46 mail postfix/smtpd[4219]: warning: SASL per-process initialization failed: generic failure
Feb 26 01:15:46 mail postfix/smtpd[4219]: fatal: SASL per-process initialization failed
Feb 26 01:15:47 mail postfix/master[4211]: warning: process /usr/lib/postfix/smtpd pid 4219 exit status 1
Feb 26 01:15:47 mail postfix/master[4211]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

After that the server is locked up and starting and stopping it is the only way to get it back.

I have gone over and over the setup and still can't find any config problems. Can anyone point me in the right direct where I may have slipped up??

Mike

Hi,
I have used your site to setup a mail sever. but I have run in to some problems.
IMAP isnt working as it should. The mail log keeps giving me the error mail imapd: chdir Maildir: No such file or directory.
I have added data succesfuly and postfix and mysql seems seems to work fine.
I know this because I have tested via telnet and sended mails succesfully also the user directories were made.
Also the squirrelmail site says ERROR: ERROR: connection dropped by IMAP server.
Does anyone know what is configured maybe wrong?
I followed the documentation to the point.



This is from the mail.log

Feb 28 07:47:14 mail imapd: Connection, ip=[::ffff:192.168.2.15]
Feb 28 07:47:14 mail imapd: chdir Maildir: No such file or directory
Feb 28 07:47:14 mail imapd: jeroen: No such file or directory
Feb 28 07:47:48 mail imapd: Connection, ip=[::ffff:192.168.2.15]
Feb 28 07:47:48 mail imapd: chdir Maildir: No such file or directory
Feb 28 07:47:48 mail imapd: jeroen: No such file or directory



root@mail:/var/mail/virtual# pwd
/var/mail/virtual
root@mail:/var/mail/virtual# ls -ltra
total 20
drwxrwsr-x 3 root mail 4096 2010-02-27 14:43 ..
drwx--S--- 5 virtual virtual 4096 2010-02-27 15:47 test
drwx--S--- 5 virtual virtual 4096 2010-02-27 15:49 jeroen
drwxr-sr-x 5 virtual virtual 4096 2010-02-28 03:19 .
drwx--S--- 5 virtual virtual 4096 2010-02-28 03:19 joyce


root@mail:/var/mail/virtual/jeroen# pwd
/var/mail/virtual/jeroen
root@mail:/var/mail/virtual/jeroen# ls -ltra
total 20
drwx--S--- 2 virtual virtual 4096 2010-02-27 15:49 cur
drwx--S--- 5 virtual virtual 4096 2010-02-27 15:49 .
drwx--S--- 2 virtual virtual 4096 2010-02-28 03:10 tmp
drwx--S--- 2 virtual virtual 4096 2010-02-28 03:10 new
drwxr-sr-x 5 virtual virtual 4096 2010-02-28 03:19 ..


root@mail:/var/mail/virtual/jeroen/new# pwd
/var/mail/virtual/jeroen/new
root@mail:/var/mail/virtual/jeroen/new# ls -ltra
total 20
-rw------- 1 virtual virtual 425 2010-02-27 15:49
267282160.Vfc00I548fM177362.mail
drwx--S--- 5 virtual virtual 4096 2010-02-27 15:49 ..
-rw------- 1 virtual virtual 3298 2010-02-27 15:51 1267282314.Vfc00I54a0M170046.mail
-rw------- 1 virtual virtual 3831 2010-02-28 03:10 1267323030.Vfc00I54b2M855278.mail
drwx--S--- 2 virtual virtual 4096 2010-02-28 03:10 .



vi /etc/courier/authmysqlrc

MYSQL_HOME_FIELD home
##NAME: MYSQL_NAME_FIELD:0
#
# The user's name (optional)
MYSQL_NAME_FIELD name
##NAME: MYSQL_MAILDIR_FIELD:0
#
# This is an optional field, and can be used to specify an arbitrary
# location of the maildir for the account, which normally defaults to
# $HOME/Maildir (where $HOME is read from MYSQL_HOME_FIELD).
#
# You still need to provide a MYSQL_HOME_FIELD, even if you uncomment this
# out.
#
MYSQL_MAILDIR_FIELD concat(home,'/',maildir)


Iff more info is required then let me know, I'm really stuck. Also googled the problem but did'nt get any wiser.

from the FAQ section
Squirrelmail does not allow me to log in

This is due to many things. Most are due to skipping too fast forward, ignoring test sections (http://flurdy.com/docs/postfix/#test) etc.


Answers:

Does postfix (http://flurdy.com/docs/postfix/#config-simple-mta) work?
No point trying to run before you can crawl. Send emails to recipients on your server, tail mail.log to see if everything is okay.
Often mysql (http://flurdy.com/docs/postfix/#config-simple-database) is not configured properly, check the mysql logs (http://flurdy.com/docs/postfix/#test) for activity.
Yes postfix works and i see activity in the mysql.log
Also the user dir's are made.


Have they ever received an email?
If not they can not log into squirrelmail as the email folders will not yet exist.
Yes as you can see above

Does Courier (http://flurdy.com/docs/postfix/#config-simple-imap) work?
If it doesn't then you have still got some more setup to do.
Yes trying with telnet shows.

telnet localhost 143
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION] Courier-IMAP ready. Copyright 1998-2008 Double Precision, Inc. See COPYING for distribution information.

telnet localhost 10024
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready



ps -ef |grep courier
root 13243 1 0 Feb27 ? 00:00:00 /usr/sbin/courierlogger -pid=/var/run/courier/authdaemon/pid -start /usr/lib/courier/courier-authlib/authdaemond
root 13244 13243 0 Feb27 ? 00:00:00 /usr/lib/courier/courier-authlib/authdaemond
root 13254 13244 0 Feb27 ? 00:00:00 /usr/lib/courier/courier-authlib/authdaemond
root 13255 13244 0 Feb27 ? 00:00:00 /usr/lib/courier/courier-authlib/authdaemond
root 13256 13244 0 Feb27 ? 00:00:00 /usr/lib/courier/courier-authlib/authdaemond
root 13257 13244 0 Feb27 ? 00:00:00 /usr/lib/courier/courier-authlib/authdaemond
root 13258 13244 0 Feb27 ? 00:00:00 /usr/lib/courier/courier-authlib/authdaemond
root 13318 1 0 Feb27 ? 00:00:00 /usr/sbin/courierlogger -pid=/var/run/courier/imapd.pid -start -name=imapd /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=20 -nodnslookup -noidentlookup 143 /usr/lib/courier/courier/imaplogin /usr/bin/imapd Maildir
root 13319 13318 0 Feb27 ? 00:00:00 /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=20 -nodnslookup -noidentlookup 143 /usr/lib/courier/courier/imaplogin /usr/bin/imapd Maildir
root 13374 1 0 Feb27 ? 00:00:00 /usr/sbin/courierlogger -pid=/var/run/courier/imapd-ssl.pid -start -name=imapd-ssl /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=20 -nodnslookup -noidentlookup 993 /usr/bin/couriertls -server -tcpd /usr/lib/courier/courier/imaplogin /usr/bin/imapd Maildir
root 13375 13374 0 Feb27 ? 00:00:00 /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=20 -nodnslookup -noidentlookup 993 /usr/bin/couriertls -server -tcpd /usr/lib/courier/courier/imaplogin /usr/bin/imapd Maildir
root 30095 30074 0 08:34 pts/1 00:00:00 grep courier




If all above is okay, then it may be a problem with your Squirrelmail setup (http://flurdy.com/docs/postfix/#config-extra-webmail).
Check empty spaces in squirrelmail mysql setup. More details in test section (http://flurdy.com/docs/postfix/#test).
Email folders do not exist

Mentioned many times in this guide and forums.


Answers:

Have they received an email?
If not they you can not log into squirrelmail as the email folders will not yet exist. When receiving their first email, postfix will create all the neccessary folders. If it does not your postfix setup is broken.
user dir's are made see above.

Greetz

@jvdl85

Your setup certainly seems fine.
And the fact that the mail folders are created when receiving emails and that you can send indicates postfix is fine.

The courier bit also seems correct...


The only thing I would check is the sql logs. What happens there when you try to login read emails via imap?

i have question. i know that ssl works when i use squirrelmail. how can i know whether it works between mail servers when they send mail with smtp protocol. if i send message to a server that does not support ssl, do i see in log that mail is sent without ssl.
if target server does not trust my certificate, it can refuse mail or accept it anyway? can it ask to get it unciphered instead of getting it untrusted?

Flurdy

I would certainly appreciate any pointers from my entry about 3 posts back, if you have the time??

Mike

I've been considering upgrading from 8.04 to 9.10.

Is this possible without breaking my mailserver?

I will be making a PING image of the system drive before attempting, but which files should I backup for an easy setup should I find it necessary to perform a clean install?

Thanks.

< < < SOLVED! ...well, at least working. Feedback certainly appreciated, see below > > >

Okay... I'm going mad with a problem that crops up for me after the basic part of the setup.

I've worked through the tutorial up through Courier, and am testing the basic mail server. I can successfully telnet localhost 25 to send a mail to a recipient on the machine. When I attempt to telnet mymachine 25 from anywhere else, the telnet just hangs and eventually times out.

I can SSH into mymachine just fine from the outside world so it's presumably not some kind of DNS issue (I'm using ddclient + DynDNS to route to my DMZ'd machine behind a DSL router).

I figured maybe this was a firewall issue of some sort but if I use mymachine to surf to www.canyouseeme.org, it reports to mymachine that it can see port 25 just fine. Furthermore, /var/log/syslog or mail.log cheerfully reports a SMTP port connection from www.no-ip.com:

postfix/smtpd[14144]: connect from www.no-ip.com[204.16.252.112]
postfix/smtpd[14144]: lost connection after CONNECT from www.no-ip.com[204.16.252.112]
postfix/smtpd[14144]: disconnect from www.no-ip.com[204.16.252.112]

Whatever they are doing is apparently able to connect just fine to the SMTP port, but telnet can't. I tried deactivating shorewall altogether (and deactivating ufw as well, in case that was blocking anything) and got the same result. (Needless to say, actually sending email to a user@mymachine results in said email vanishing into a black hole, unless I sent it from mymachine using telnet localhost.)

I'm really bamboozled. This guide to setting up a mail server looks great, I just can't figure out what I've done wrong / haven't done that would result in an error like this.

Appreciate any help you can offer! Thanks.

----------

< < < EDIT: Solution > > >

Gahhhh. I guess this is what I get for trusting blindly in web-based port testers... it looks like it's just the "your ISP is blocking port 25 thing." I changed the incoming port to 2525 and it seems to be accessible now. I don't know if this is the cleanest way to solve this problem -- I've heard different chatter about using 587 or enforcing secure SMTP so I'm certainly still open to suggestions/criticism!

What I did:

Open Shorewall port 2525: edit /etc/shorewall/rules, add:

#Accept from anyone on the net
ACCEPT net $FW tcp 2525

Get Postfix to listen on port 2525: edit /etc/postfix/master.cf, change:

smtp inet n - - - - smtpdto2525 inet n - - - - smtpd

Get DynDNS MailHop Relay to relay incoming mail to port 2525.

I was struggling to get SASL working, and then noticed that the following command would simply hang.
telnet localhost 25
I proceeded to copy over my existing main.cf file with main.cf.debian, made all changes noted in the walkthrough, and the above command continues to hang. I can view the following in mail.log.
Mar 10 16:40:50 host4 postfix/smtpd[5030]: warning: SASL per-process initialization failed: generic failure
Mar 10 16:40:50 host4 postfix/smtpd[5030]: fatal: SASL per-process initialization failed
Mar 10 16:40:51 host4 postfix/master[4679]: warning: process /usr/lib/postfix/smtpd pid 5030 exit status 1
Mar 10 16:40:51 host4 postfix/master[4679]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

**edit**
Added main.cf and master.cf for reference.

A general question:
Is there a version of the tutorial for 8.04 that describes how to set up an outgoing only mail server? (Ideally for ppl who have comcast or verizon as their ISP?)


Ubuntu comes with an "outgoing" mail server installed by default - postfix.

All you may need to do is:
sudo dpkg-reconfigure postfix
and make sure it is set to "Internet", then edit the /etc/postfix/main.cf file with a relayhost (if you want your ISP's SMTP server to do the work).

Set you mail clients to use your system for outgoing mail and it should work. Can't get much simpler than that.

I was struggling to get SASL working, and then noticed that the following command would simply hang.

I proceeded to copy over my existing main.cf file with main.cf.debian, made all changes noted in the walkthrough, and the above command continues to hang. I can view the following in mail.log.


**edit**
Added main.cf and master.cf for reference.

Is port 25 blocked from the machine you're running the telnet command on to your server?

Is port 25 blocked from the machine you're running the telnet command on to your server?

No, port 25 is not blocked. I even ran iptables -F to flush all the rules. I feel my issue has to be connected to the two files I posted given postfix is bound to 25.

i have got this error after i sent a mail:

host ***[***] said: 550 Access denied
- Invalid HELO name (See RFC2821 4.1.1.1) (in reply to MAIL FROM command)

this is mail from MAILER-DAEMON@***(mydomain).

i have got this error after i sent a mail:

host ***[***] said: 550 Access denied
- Invalid HELO name (See RFC2821 4.1.1.1) (in reply to MAIL FROM command)

this is mail from MAILER-DAEMON@***(mydomain).

Can you post a copy of your main.cf file?

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = dinar-desktop
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
#mydestination = kukmara.ru, dinar-desktop, localhost.localdomain, localhost
#As we will be using virtual domains, these need to be empty. http://flurdy.com/docs/postfix/
mydestination =
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

# http://flurdy.com/docs/postfix/ :
# how long if undelivered before sending warning update to sender
delay_warning_time = 4h
# will it be a permanent error or temporary
unknown_local_recipient_reject_code = 450
# how long to keep message on queue before return as failed.
# some have 3 days, I have 16 days as I am backup server for some people
# whom go on holiday with their server switched off.
maximal_queue_lifetime = 7d
# max and min time in seconds between retries if connection failed
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
# how long to wait when servers connect before receiving rest of data
smtp_helo_timeout = 60s
# how many address can be used in one message.
# effective stopper to mass spammers, accidental copy in whole address list
# but may restrict intentional mail shots.
smtpd_recipient_limit = 16
# how many error before back off.
smtpd_soft_error_limit = 3
# how many max errors before blocking it.
smtpd_hard_error_limit = 12
# Requirements for the HELO statement
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit

# Requirements for the sender details
#smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, #reject_unauth_pipelining, permit
#smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, #reject_unauth_pipelining, permit
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit

# Requirements for the connecting server
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org

# Requirement for the recipient address
#smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, #reject_unknown_recipient_domain, reject_unauth_destination, permit
#smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, #reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service #inet:127.0.0.1:10023, permit
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit

smtpd_data_restrictions = reject_unauth_pipelining
# require proper helo at connections
smtpd_helo_required = yes
# waste spammers time before rejecting them
smtpd_delay_reject = yes
disable_vrfy_command = yes
# not sure of the difference of the next two
# but they are needed for local aliasing
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
# this specifies where the virtual mailbox folders will be located
virtual_mailbox_base = /var/spool/mail/virtual
# this is for the mailbox location for each user
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
# and their user id
virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf
# and group id
virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf
# and this is for aliases
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
# and this is for domain lookups
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
# this is how to connect to the domains (all virtual, but the option is there)
# not used yet
# transport_maps = mysql:/etc/postfix/mysql_transport.cf

#http://flurdy.com/docs/postfix/
content_filter = amavis:[127.0.0.1]:10024

#http://flurdy.com/docs/postfix/edition5.html
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
#smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =

#http://flurdy.com/docs/postfix/edition5.html#conf_auth
#smtpd_use_tls = yes
#smtpd_tls_cert_file = /etc/postfix/postfix.cert
#smtpd_tls_key_file = /etc/postfix/postfix.key
#smtpd_data_restrictions = reject_unauth_pipelining

#http://flurdy.com/docs/postfix/#config-secure-auth
# TLS parameters
#smtp_use_tls = no
smtp_tls_security_level = may
#smtpd_use_tls=yes
smtpd_tls_security_level = may
#smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_cert_file = /etc/postfix/postfix.cert
smtpd_tls_key_file = /etc/postfix/postfix.key
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

i have got this error after i sent a mail:

host ***[***] said: 550 Access denied
- Invalid HELO name (See RFC2821 4.1.1.1) (in reply to MAIL FROM command)

this is mail from MAILER-DAEMON@***(mydomain).

What this says to me is that the receiving system thinks that your system is introducing itself in a way that the receiving system doesn't like. I had a look at the main.cf file you posted, and suspect the following line might need to be changed (someone else might be able to confirm or correct):
myhostname = dinar-desktop
On my system I have it set to reflect the name people would use in email addresses and when accessing my website.

I'm unable to connect using IMAP, what could I have done wrong?

Mar 24 22:20:10 sweb00 authdaemond: received auth request, service=imap, authtype=login
Mar 24 22:20:10 sweb00 authdaemond: authmysql: trying this module
Mar 24 22:20:10 sweb00 authdaemond: authmysqllib: connected. Versions: header 50075, client 50083, server 50137
Mar 24 22:20:10 sweb00 authdaemond: SQL query: SELECT id, "", clear, uid, gid, home, concat(home,'/',maildir), "", name, "" FROM users WHERE id = 'steve' AND (enabled=1)
Mar 24 22:20:10 sweb00 imapd: LOGIN FAILED, user=steve, ip=[my home ip]
Mar 24 22:20:10 sweb00 authdaemond: zero rows returned
Mar 24 22:20:10 sweb00 authdaemond: no password available to compare
Mar 24 22:20:10 sweb00 authdaemond: authmysql: REJECT - try next module
Mar 24 22:20:10 sweb00 authdaemond: FAIL, all modules rejected
Mar 24 22:20:15 sweb00 imapd: LOGOUT, ip=[my home ip], rcvd=63, sent=499

I fixed one problem, logging in, I needed to change 'user' to 'name' in authdaemonrc. But now it looks like I can't send, so will look through the settings I added for SASL - AHHH

My problem now:

Mar 25 13:55:53 sweb00 imapd-ssl: Failed to connect to socket /tmp/fam--
Mar 25 13:56:26 sweb00 imapd-ssl: last message repeated 3 times
Mar 25 13:56:26 sweb00 postfix/smtpd[27826]: warning: SASL per-process initialization failed: generic failure
Mar 25 13:56:26 sweb00 postfix/smtpd[27826]: fatal: SASL per-process initialization failed
Mar 25 13:56:27 sweb00 postfix/master[27666]: warning: process /usr/lib/postfix/smtpd pid 27826 exit status 1
Mar 25 13:56:27 sweb00 postfix/master[27666]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

My current setup consists of Exchange 2003 processing email for domain A. We have been sending/receiving for an additional domain, domain B, for a few years now, but the setup is clunky given I have distribution lists setup for the domain B email addresses.

I have setup a postfix box on the same network as the Exchange server to host email for domain B. My, I would love to say only, main issue is that I need to be able to send emails from domain A to (Exchange) to domain B (postfix). How do I go about this? Do I need appropriate DNS records for both boxes given the messages are not leaving the network?

OK, Here are my config files, if another set of eyes can look and see what I've done wrong...

main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# SASL
smtpd_sasl_auth_enable = yes
# If your potential clients use Outlook Express or other older clients
# this needs to be set to yes
broken_sasl_auth_clients = no
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =

# TLS parameters
#smtp_use_tls = no
smtp_tls_security_level = may
#smtpd_use_tls=yes
smtpd_tls_security_level = may
#smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mail.stevemulcahy.co.uk
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = stevemulcahy.co.uk
local_recipient_maps =
mydestination =
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
mynetworks_style = host
# how long if undelivered before sending warning update to sender
delay_warning_time = 4h
# will it be a permanent error or temporary
unknown_local_recipient_reject_code = 450
# how long to keep message on queue before return as failed.
# some have 3 days, I have 16 days as I am backup server for some people
# whom go on holiday with their server switched off.
maximal_queue_lifetime = 7d
# max and min time in seconds between retries if connection failed
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
# how long to wait when servers connect before receiving rest of data
smtp_helo_timeout = 60s
# how many address can be used in one message.
# effective stopper to mass spammers, accidental copy in whole address list
# but may restrict intentional mail shots.
smtpd_recipient_limit = 16
# how many error before back off.
smtpd_soft_error_limit = 3
# how many max errors before blocking it.
smtpd_hard_error_limit = 12
# Requirements for the HELO statement
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
# Requirements for the sender details
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
# Requirement for the recipient address
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit
smtpd_helo_required = yes
# waste spammers time before rejecting them
smtpd_delay_reject = yes
disable_vrfy_command = yes
# not sure of the difference of the next two
# but they are needed for local aliasing
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
# this specifies where the virtual mailbox folders will be located
virtual_mailbox_base = /var/spool/mail/virtual
# this is for the mailbox location for each user
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
# and their user id
virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf
# and group id
virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf
# and this is for aliases
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
# and this is for domain lookups
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
# this is how to connect to the domains (all virtual, but the option is there)
# not used yet
# transport_maps = mysql:/etc/postfix/mysql_transport.cf
content_filter = amavis:[127.0.0.1]:10024


master.cf:
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - - - - smtpd
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
# if you do not want to restrict it encryption only, comment out next line
#-o smtpd_tls_auth_only=yes
# -o smtpd_tls_security_level=encrypt
# -o header_checks=
# -o body_checks=
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject_unauth_destination,reject
-o smtpd_sasl_security_options=noanonymous,noplaintex t
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject
-o smtpd_sasl_security_options=noanonymous,noplaintex t
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
-o content_filter=
-o receive_override_options=no_header_body_checks
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ================================================== ==================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ================================================== ==================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_ unknown_recipient_checks


smtpd.conf:
pwcheck_method: saslauthd
mech_list: plain login cram-md5 digest-md5
log_level: 7
allow_plaintext: true
auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: mail
sql_passw : ------
sql_database: maildb
sql_select: select crypt from users where id='%u@%r' and enabled = 1

Any ideas?

Can this tutorial be used for a home mail server for testing? What do I need? Does it work with a static IP that I have at home?

I have a domain registered, but then what? Should I create this smtp.domain.name?

Can anyone give me answers to these questions?

Thank you.

yes, it work with static ip. your domain should have mx record pointing to your ip.
"smtp." subdomain is not needed if main domain points with "mx" to your ip. (main domain can point with "A" record to other ip or to your ip. also any subdomain can point to different ips with A and Mx , A to serve sites, MX to serve mail.)

another error when 10 mb mail sent to me:
Mar 28 15:02:59 dinar-desktop postfix/smtpd[7681]: connect from forward9.mail.yandex.net[77.88.61.48]
Mar 28 15:03:00 dinar-desktop postfix/smtpd[7681]: lost connection after EHLO from forward9.mail.yandex.net[77.88.61.48]
Mar 28 15:03:00 dinar-desktop postfix/smtpd[7681]: disconnect from forward9.mail.yandex.net[77.88.61.48]
Mar 28 15:06:20 dinar-desktop postfix/anvil[7684]: statistics: max connection rate 1/60s for (smtp:77.88.61.48) at Mar 28 15:02:59
Mar 28 15:06:20 dinar-desktop postfix/anvil[7684]: statistics: max connection count 1 for (smtp:77.88.61.48) at Mar 28 15:02:59
Mar 28 15:06:20 dinar-desktop postfix/anvil[7684]: statistics: max cache size 1 at Mar 28 15:02:59
Mar 28 15:16:15 dinar-desktop postfix/smtpd[7728]: connect from forward9.mail.yandex.net[77.88.61.48]
Mar 28 15:16:16 dinar-desktop postfix/smtpd[7728]: lost connection after EHLO from forward9.mail.yandex.net[77.88.61.48]
Mar 28 15:16:16 dinar-desktop postfix/smtpd[7728]: disconnect from forward9.mail.yandex.net[77.88.61.48]

Im trying to follow this guide and ran into a problem when installing SASL. I was having trouble working with my repositories, could that be the problem?

Ran this.
:~$ sudo apt-get install libsasl2-modules libsasl2-modules-sql libgsasl7 \ libauthen-sasl-cyrus-perl sasl2-bin libpam-mysql
Reading package lists... Done
Building dependency tree
Reading state information... Done
libsasl2-modules is already the newest version.
E: Couldn't find package libauthen-sasl-cyrus-perl


Here is my sources.list file.
#
# deb cdrom:[Ubuntu-Server 9.10 _Karmic Koala_ - Release i386 (20091027.2)]/ karmic main restricted

#deb cdrom:[Ubuntu-Server 9.10 _Karmic Koala_ - Release i386 (20091027.2)]/ karmic main restricted
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.

deb http://us.archive.ubuntu.com/ubuntu/ karmic main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ karmic main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://us.archive.ubuntu.com/ubuntu/ karmic-updates main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ karmic-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://us.archive.ubuntu.com/ubuntu/ karmic universe
deb-src http://us.archive.ubuntu.com/ubuntu/ karmic universe
deb http://us.archive.ubuntu.com/ubuntu/ karmic-updates universe
deb-src http://us.archive.ubuntu.com/ubuntu/ karmic-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://us.archive.ubuntu.com/ubuntu/ karmic multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ karmic multiverse
deb http://us.archive.ubuntu.com/ubuntu/ karmic-updates multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ karmic-updates multiverse

## Uncomment the following two lines to add software from the 'backports'
## repository.
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
# deb http://us.archive.ubuntu.com/ubuntu/ karmic-backports main restricted universe multiverse
# deb-src http://us.archive.ubuntu.com/ubuntu/ karmic-backports main restricted universe multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
deb http://archive.canonical.com/ubuntu karmic partner
deb-src http://archive.canonical.com/ubuntu karmic partner

deb http://security.ubuntu.com/ubuntu karmic-security main restricted
deb-src http://security.ubuntu.com/ubuntu karmic-security main restricted
deb http://security.ubuntu.com/ubuntu karmic-security universe
deb-src http://security.ubuntu.com/ubuntu karmic-security universe
deb http://security.ubuntu.com/ubuntu karmic-security multiverse
deb-src http://security.ubuntu.com/ubuntu karmic-security multiverse

I'm going read the whole thread if this question is already asked.. If that is the case sorry I asked ;)

But is it possible to forget about local users and just deliver all scanned mail to an exchange 2003 server? If so.. How?

BTW, thanx for the GREAT HOwTO!!

Hi Flurdy and everyone else!

Thanks a lot of writing this amazing guide. I really appreciate, it will make my life a lot easier :)

I have installed the AMI image into my AWS account. I have installed flurdy-amis/ubuntu-mail-server-webmail.
I can access phpmyadmin via the internet. But, I am not sure what's the user name and password for phpmyadmin? I also logged into the server via ssh but was not able to run mysqladmin command. It said I didn't have enough privileges to access mysqladmin. But I am logged in as root... why cant I use mysqladmin?

Any help wold be highly appreciated. Thanks again for the great work :)

-Shaq

Hi Flurdy and everyone else!

Thanks a lot of writing this amazing guide. I really appreciate, it will make my life a lot easier

I have installed the AMI image into my AWS account. I have installed flurdy-amis/ubuntu-mail-server-webmail.
I can access phpmyadmin via the internet. But, I am not sure what's the user name and password for phpmyadmin? I also logged into the server via ssh but was not able to run mysqladmin command. It said I didn't have enough privileges to access mysqladmin. But I am logged in as root... why cant I use mysqladmin?

Any help wold be highly appreciated. Thanks again for the great work

-Shaq

Update:
This courier issue was resolved for me by editing /etc/courier/authmysqlrc

MYSQL_HOME_FIELD "/var/spool/mail/virtual"
...
MYSQL_MAILDIR_FIELD CONCAT(home,'/',maildir)


I seriously hope this helps someone else, it was driving me nuts.
/Update



Hello Flurdy et al,

I am having a problem identical to jvdl85. I have been stuck on it for a few hours now and haven't found a satisfactory answer... Postfix works, it created the directories, mail is in the directory &c &c.

The last I saw you mention to jvdl was to check mysql logs-


# tail /var/log/mysql/mysql.log
149 Query SHOW TABLES
149 Query SHOW FULL FIELDS IN `Permission`
149 Query SHOW COLLATION LIKE 'utf8_general_ci'
149 Query SHOW FULL FIELDS IN `Member`
149 Query SELECT `Member`.*, `Member`.ID, if(`Member`.ClassName,`Member`.ClassName,'Member') AS RecordClassName FROM `Member` WHERE (Member.ID = 1) ORDER BY Surname, FirstName LIMIT 1
149 Query UPDATE Member SET LastVisited = NOW() WHERE ID = 1
149 Quit
100503 0:11:10 150 Connect user@hostname on
150 Init DB mail_database
150 Query SELECT id, crypt, "", uid, gid, home, "", "", name, "" FROM users WHERE id = 'user@domain.ext'



#tail /var/log/mail.log
host authdaemond: received auth request, service=imap, authtype=login
host authdaemond: authmysql: trying this module
host authdaemond: SQL query: SELECT id, crypt, "", uid, gid, home, "", "", name, "" FROM users WHERE id = 'address@domain.ext'
host authdaemond: password matches successfully
host authdaemond: authmysql: sysusername=<null>, sysuserid=5000, sysgroupid=5000, homedir=/var/spool/mail/virtual, address=address@domain.ext, fullname=name, maildir=<null>, quota=<null>, options=<null>
host authdaemond: Authenticated: sysusername=<null>, sysuserid=5000, sysgroupid=5000, homedir=/var/spool/mail/virtual, address=address@domain.ext, fullname=name, maildir=<null>, quota=<null>, options=<null>
host imapd: chdir Maildir: No such file or directory


Any advice you can give me would be much appreciated! If any more information is needed, please let me know.


Thanks in advance,
Gonzo

I have set up my apache2 server and my SquirrelMail. as well as the many things i have seen in the first post. but i am running into the issue when i try and view it through a web browser. i cant seam to set up my SSL mod to get it running. any thoughts?

Works fine on debian. Two problems with SASL that should be relevant for ubuntu, too (at least 2):

1. The one problem is described here:
http://isp-control.net/forum/thread-8381-post-65998.html#pid65998
I had to remove:
check_policy_service inet:127.0.0.1:10023,
from:
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit

2. There may no be blanks af the variables in:
/etc/postfix/sasl/smtpd.conf

Finally, it is not clear TLS-encryption of sending requires SASL? I have earlier sat up TLS, but then I could not receive mails from other mailservers that did not like TLS-authentication. As Ivar writes:

"For the encryption of reading emails, it is Courier you need to configure. For sending, and beetwen server encryption it is Postfix."

It could be nice to have a description of how to set up encrypted sending without between server encryption.

But, thank you, for the nice howto!

....
Ran this.
:~$ ....
E: Couldn't find package libauthen-sasl-cyrus-perl

...

Yes, I had the same strange problem on debian. I ran:
aptitude search libauthen
and indeed the packet was in the repository. I copied the name of the package of from prompt in order to run
aptitude install libauthen-sasl-cyrus-perl
And: no problem! I think there must be some hidden code in the howto.

Hi - all.. Thanks for the great guide, I have everything working except SMTP/SASL.

I think I am getting the same problem as Mcfly1204 was a few posts back:

Jun 18 13:41:29 de1 postfix/smtpd[24493]: connect from xxx
Jun 18 13:41:29 de1 postfix/smtpd[24493]: warning: SASL authentication failure: no secret in database
Jun 18 13:41:29 de1 postfix/smtpd[24493]: warning: xxx: SASL CRAM-MD5 authentication failed: authentication failure

I've checked and double checked all config against the guide. I think there may be a typo in the 10.04 version where in /etc/postfix/sasl/smtpd.conf

sql_passw: mailPASSWORD

should be

sql_passwd: mailPASSWORD

I've changed this but no luck.

Mcfly1204 - did you resolve this? Sorry if I missed the fix.

Thanks!

I think there may be a typo in the 10.04 version where in /etc/postfix/sasl/smtpd.conf

sql_passw: mailPASSWORD

should be

sql_passwd: mailPASSWORD



Hi,
sql_passw is the correct parameter, even if the other (sql_passwd) makes more sense. However I think both may even be supported now.

ah ok, I'd just seen it as sql_passwd on other guides so I guess both are supported.

I changed it back but have the same issue. I can send email with no encrypted authentication but if I select encrypted in Thunderbird I cannot. I have a tail on mysql.log which doesn't seem to get hit so I don't think it is getting that far. My config is:


sudo adduser postfix sasl
The user `postfix' is already a member of `sasl'.

main.cf

smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks,warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain,reject_unauth_pipelin ing, permit

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

...

# SASL
smtpd_sasl_auth_enable = yes
# If your potential clients use Outlook Express or other older clients
# this needs to be set to yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =

# TLS parameters
#smtp_use_tls = no
smtp_tls_security_level = may
#smtpd_use_tls=yes
smtpd_tls_security_level = may
#smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_sasl_authenticated_header = yes


master.cf
smtp inet n - - - - smtpd
submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject_unauth_destination,reject
-o smtpd_sasl_security_options=noanonymous,noplaintex t
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject
-o smtpd_sasl_security_options=noanonymous,noplaintex t
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING


/etc/default/saslauthd

DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="pam"
MECH_OPTIONS=""pwcheck_method: saslauthd
mech_list: plain login cram-md5 digest-md5
log_level: 7
allow_plaintext: true
auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: mail
sql_passw: MY_MAIL_PASS
sql_database: maildb
sql_select: select crypt from users where id='%u@%r' and enabled = 1
THREADS=5
OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd"


/etc/pam.d/smtp
auth required pam_mysql.so user=mail passwd=PASSWORD host=127.0.0.1 db=maildb table=users usercolumn=id passwdcolumn=crypt crypt=1
account sufficient pam_mysql.so user=mail passwd=PASSWORD host=127.0.0.1 db=maildb table=users usercolumn=id passwdcolumn=crypt crypt=1


A tail on auth.og only shows

Jun 18 14:33:04 de1 postfix/smtpd[24787]: sql auxprop plugin using mysql engine

Again it doesn't get hit when I attempt to log on - the only change in the tailed logs is in mail.log


Jun 18 12:04:21 de1 postfix/smtpd[21601]: connect from xxx
Jun 18 12:04:21 de1 postfix/smtpd[21601]: warning: SASL authentication failure: no secret in database
Jun 18 12:04:21 de1 postfix/smtpd[21601]: warning: xxx: SASL CRAM-MD5 authentication failed: authentication failure
Jun 18 12:04:21 de1 postfix/smtpd[21601]: disconnect from xxx

Any help you can give would be great. Thanks!

Ps. You should mask you pw in the /etc/pam.d/smtp part of your post :)

And was your post of the /etc/default/saslauthd merged with /etc/postfix/sasl/smtpd.conf?

oops! :redface:

The /etc/default/saslauthd is actually

DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="pam"
MECH_OPTIONS=""
mech_list: plain login cram-md5 digest-md5
log_level: 7
allow_plaintext: true
auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: mail
sql_passw: MY_MAIL_PASS
sql_database: maildb
sql_select: select crypt from users where id='%u@%r' and enabled = 1
THREADS=5
OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd"

The version in the post above was just cuz of a problem with my mouse button 3 (keeps pasting when rolling!) ](*,)

I've got a bit further now - I removed

smtpd_sasl_authenticated_header = yes

from main.cf and now from Thunderbird it works with these settings:

Port: 465
Secure Authentication: No
Connection Security: SSL/TLS

I'm not sure if this means it is working or whether I need to have

Secure Authentication: Yes

If I switch it to yes it no longer works.

Thanks!

:p

Any particular reason for why you have the contents of /etc/postfix/sasl/smtpd.conf in the middle of /etc/default/saslauthd ?? :confused:

Yes - because I need to buy a new mouse with a wheel that doesn't paste when I spin it :p

DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd"

mech_list: plain login cram-md5 digest-md5
log_level: 7
allow_plaintext: true
auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: mail
sql_passw: MY_MAIL_PASS
sql_database: maildb
sql_select: select crypt from users where id='%u@%r' and enabled = 1

I have not had any luck with resolving that issue. At this point, I am waiting for the next edition of the guide in hopes that I can start from the beginning and work my way through it successfully.

Hello,

How can i create other folder for sent, trash, drafts, ... mails in the maildir and onfigure courier imap to use them.

Thanks in advance

No idea?!!

I have started again, this time using Ubuntu Server 10.04. I need to replace my old Ubuntu 6.06 server before the support runs out. I have set this one up on the bench to get it going before the swap over. I am getting the following error when trying to login from roundcube.

I did copy all the mail directories over from the old server and checked permissions etc, but keep getting this:

Jul 3 14:54:48 mail authdaemond: Installing libauthmysql
Jul 3 14:54:48 mail authdaemond: Installation complete: authmysql
Jul 3 14:54:49 mail postfix/master[1730]: daemon started -- version 2.7.0, configuration /etc/postfix
Jul 3 14:56:10 mail imapd-ssl: Connection, ip=[::1]
Jul 3 14:56:10 mail authdaemond: received auth request, service=imap, authtype=cram-md5
Jul 3 14:56:10 mail authdaemond: authmysql: trying this module
Jul 3 14:56:10 mail authdaemond: cram: challenge=PDFENDE0Q0M1REU3NDk2RjFDMjBDMUZFRkU4NTE1 QTA3QG1haWwudGJwbC5jb20uYXU+, response=b3ppZW1pa2VAdGJwbC5jb20uYXUgZDA0NmM2MmE0Y Tg2MDVhYmU2MzFlZTkyZGVkY2IwNTE=
Jul 3 14:56:10 mail authdaemond: cram: decoded challenge/response, username 'oziemike@tbpl.com.au'
Jul 3 14:56:10 mail authdaemond: authmysqllib: connected. Versions: header 50137, client 50141, server 50141
Jul 3 14:56:10 mail authdaemond: SQL query: SELECT id, crypt, "", uid, gid, "/var/spool/mail/virtual", CONCAT(home,'/',maildir), "", name, "" FROM users WHERE id = 'oziemike@tbpl.com.au' AND (enabled=1)
Jul 3 14:56:10 mail authdaemond: authmysql: REJECT - try next module
Jul 3 14:56:10 mail authdaemond: FAIL, all modules rejected
Jul 3 14:56:10 mail imapd-ssl: LOGIN FAILED, method=CRAM-MD5, ip=[::1]
Jul 3 14:56:15 mail imapd-ssl: Disconnected, ip=[::1], time=5, starttls=1

Roundcube naturally reports that the login failed.

Any help would be seriously appreciated.

Mike

There is a pretty major problem with the way MySQL's ENCRYPT() function is being used in conjunction with the mail server setups. Actually I had to revert to using the plaintext password for both Postfix and Courier. In the case of Postfix I also had to restrict the AUTH types to 'LOGIN' because programs that were using CRAM-MD5 were failing authentication. One major problem here is that ENCRYPT is using whatever the OS's low-level crypt() is which can be anything. Furthermore since we are not supplying any salt, the salt is random! So now we can't reproduce the crypted string since we don't know the salt.

http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html#function_encrypt

Did this just change with MySQL? I've spent the better part of 2 days pulling my hair out trying to understand wtf was going on. I have it working fine on 9.10 and 9.04 boxes, but 10.04 boxes get no love.

Did this just change with MySQL? I've spent the better part of 2 days pulling my hair out trying to understand wtf was going on. I have it working fine on 9.10 and 9.04 boxes, but 10.04 boxes get no love.

It could very well be a difference in the way MySQL's ENCRYPT() worked in previous versions of Ubuntu vs. the way it works on 10.04. Again, since MySQL's ENCRYPT()'s behavior depends on the lower-level crypt() call, it can not be used reliably (unless you know exactly what crypt() is doing, you store your salt, etc).

Solutions:

a) Fall back to using the 'clear' field and switching passwords to cleartext in both Postfix and Courier. As long as you have TLS or SSL setup then the password won't be traveling over the network in cleartext. This is what I am doing.

b) Make a proper hash of the password and store that. Maybe use CRAM-MD5 for Postfix since that is pretty standard. Not sure what the standard hashing algorithms are for Courier. If I could choose any I would choose SHA-256 with random salt, and store the salt in the database along with the password to protect against rainbow table attacks.

:popcorn:

UPDATE: Actually I took out the 'crypt' column from the 'users' table since I thought I no longer needed it. In fact Postfix is still using this column and authentication was failing without it. So I guess my own understanding of the situation is lacking! LOL :( but still, I had to turn off CRAM-MD5 to get the SMTP server to work with some clients.

Its definitely something wrong with 10.04. i followed the guide to a T, two or three times, same exact issue with the CRAM-MD5. I wiped the VM and stuck 9.10 on there, works perfectly fine with the guide. I too am lost as to what on earth is causing the crpyto to break, but something is.

I have installed an Ubuntu 10.4. I want to install a mail server to this machine.
I have google -it 2h and I didn't find a free Linux mail server all in one pack!
I need to install like 7-10 software and configure properly, test it, which I can't from the first try, for sure. I don't want to became administrator, I hate this job.

Is there any mail server bundle with free software like XAMP for web developers?

Hello,

How can i create other folder for sent, trash, drafts, ... mails in the maildir and onfigure courier imap to use them.

Thanks in advance

Well I think it is more down to the mail client you use on top of courier. It is them that move/copy emails to sent,trash etc.

So e.g. if you run squirrelmail on top of courier then the option to create special folders must be true, which I believe it is by default.

However if your intention are not to use the default names, then you should tweak the IMAP_TRASHFOLDERNAME in /etc/courier/imapd and in your mail gui for all the default special folders.

Hope that answers your question?

Its definitely something wrong with 10.04. i followed the guide to a T, two or three times, same exact issue with the CRAM-MD5. I wiped the VM and stuck 9.10 on there, works perfectly fine with the guide. I too am lost as to what on earth is causing the crpyto to break, but something is.

Ill look into this issue as well as I am trying to help oziemike with this specific issue.

My main servers are still running 9.10, due to no time to migrate them yet, so I may not have tested the 10.04 properly. :0 However when I set up a 10.04 test server (the ec2 AMIs) I did not encounter any problems.

Hi, guys,

it might be a stupid question but it bothers me so much.

I followed this guide setting up a mail server serving multiple virtual domains, say:
domain1.com, domain2.com, domain3.com

but as for these hostnames: what name should I use?
/etc/hostname
/etc/mailname
$myhostname inside /etc/postfix/main.cf

and consequently, what EHLO will postfix submit while sending out emails to external domains?

Any ideas and thoughts will be appreciated.

how to connect the C programming language into MYSQL database..???

Hi, guys,

it might be a stupid question but it bothers me so much.

I followed this guide setting up a mail server serving multiple virtual domains, say:
domain1.com, domain2.com, domain3.com

but as for these hostnames: what name should I use?
/etc/hostname
/etc/mailname
$myhostname inside /etc/postfix/main.cf

and consequently, what EHLO will postfix submit while sending out emails to external domains?

Any ideas and thoughts will be appreciated.


There is no "right" answer, but you need to pick which is your "main" or infrastructure domain name, e.g. domain1.com, as the mail server will only respond with one fully qualified name.

Then choose a desired name for the server and set hostname as eg. myserver.domain1.com.

Mailname and myhostname should be the same name and could reflect it is mail server so I would set them to e.g.
mail.domain1.com. If you create your own SSL certificates, this is the name to use there as well.

If the server is only used as a mail server and nothing else then /etc/hostname could be mail.domain1.com as well.

Great clarification, Ivar, thanks. :-)

Since the server is the only one also hosting LAMP services, I would better set all the hostnames to say, server.domain1.com

And it's a fantastic HOWTO, keep up the excellent work.

By the way, is it possible to include a few tips while using DOVECOT over Courier?

Hi, Ivar,

One more question, :-) looks like the localdomain mail is not working properly, please refers to the following log.

Thought it's probably because of the hostname settings.
Tried to add an alias entry like this
@localhost.domain1.com ---> @localhost

--------------------------------------------------------------
Jul 31 12:34:12 server postfix/qmgr[2003]: F13B965A75: from=<rivers@server.domain1.com>, size=617, nrcpt=1 (queue active)
Jul 31 12:34:33 server postfix/smtp[2028]: connect to localhost.domain1.com[218.83.175.155]:25: Connection timed out
Jul 31 12:34:33 server postfix/smtp[2028]: F13B965A75: to=<root@localhost.domain1.com>, orig_to=<root@localhost>, relay=none, delay=21, delays=0.17/0.09/21/0, dsn=4.4.1, status=deferred (connect to localhost.domain1.com[218.83.175.155]:25: Connection timed out)
--------------------------------------------------------------

****UPDATE: FIXED****
Hopefully this will save someone else some time. Did I miss this step in the tutorial or something?
Looking back on it... this should have been a pretty easy fix.
On the last line of
/etc/courier/imapd-ssl
I changed
MAILDIRPATH=Maildir
to
MAILDIRPATH=/var/spool/mail/virtual
********************


Thanks flurdy for the tutorial

I'm having a similar, if not the same, problem as DonGonzo and jvdl85.
When I try to login, I get:
ERROR: ERROR: Connection dropped by IMAP server.

This is on 10.04

*Note: I have deleted characters from the usernames/domain names, so ignore that part of the copy/paste.

One thing I have noticed (if it makes any difference) is that if I change "MAILDIRPATH=Maildir" to "MAILDIRPATH=/var/spool/mail/virtual", then I am able to telnet to localhost:143, login, and list the folders. But, the only folder listed when i do an "a list "INBOX" "*"", it only shows as having a "SENT" folder.

Thanks ahead of time for any help.

When I try to log in to squirrelmail, here is what I get:
mail.log
Aug 1 11:33:50 server1 imapd-ssl: Connection, ip=[::1]
Aug 1 11:33:50 server1 imapd-ssl: chdir Maildir: No such file or directory
Aug 1 11:33:50 server1 imapd-ssl: adn@oga.com: No such file or directory
mysql.log
100801 11:33:50 203 Connect mail@localhost on
203 Init DB maildb
203 Query SELECT id, crypt, "", uid, gid, "/var/spool/mail/virtual", "", "", name, "" FROM users WHERE id = 'admin@owoga.com' AND (enabled=1)
Dir of /var/spool/mail/virtual/admin:
root@server1:/var/spool/mail/virtual/admin# ls -a
. .. cur new tmp
There are several messages in new.

I have tried making DonGonzo's changes to authmysqlrc. I restarted all of the courier/postfix services (Don't know if that was necessary) but I continue to get the same errors.

Here is the entire process for a new username:
After I run the insert query for a new user:
mysql.log
100801 11:42:49 164 Query INSERT INTO users (id,name,maildir,crypt) VALUES ('dli@oga.com','dli','dli/', encrypt('password') )
After I send the new account an email:
mail.log:
Aug 1 11:45:54 server1 postfix/smtpd[29816]: connect from mail-iw0-f175.google.com[209.85.214.175]
Aug 1 11:45:54 server1 postfix/smtpd[29816]: 6E5FFD8334: client=mail-iw0-f175.google.com[209.85.214.175]
Aug 1 11:45:54 server1 postfix/cleanup[29820]: 6E5FFD8334: message-id=<AANLkTi=m9=bUvr9FViFqx5tULty9teYNFdF_wdn5UOU6@mail .gmail.com>
Aug 1 11:45:56 server1 postfix/qmgr[29704]: 6E5FFD8334: from=<lokah@gmail.com>, size=1832, nrcpt=1 (queue active)
Aug 1 11:45:56 server1 postfix/virtual[29821]: 6E5FFD8334: to=<di@oa.com>, relay=virtual, delay=2.1, delays=2/0.02/0/0.06, dsn=2.0.0, status=sent (delivered to maildir)
Aug 1 11:45:56 server1 postfix/qmgr[29704]: 6E5FFD8334: removed
mysql.log:
100801 11:45:54 204 Connect mail@localhost on maildb
204 Query SELECT destination FROM aliases WHERE mail='gmail.com' and enabled = 1
205 Connect mail@localhost on maildb
205 Query SELECT domain FROM domains WHERE domain='gmail.com' and enabled = 1
204 Query SELECT destination FROM aliases WHERE mail='oo.com' and enabled = 1
205 Query SELECT domain FROM domains WHERE domain='oga.com' and enabled = 1
206 Connect mail@localhost on maildb
206 Query SELECT destination FROM aliases WHERE mail='dli@oga.com' and enabled = 1
206 Query SELECT destination FROM aliases WHERE mail='dli' and enabled = 1
206 Query SELECT destination FROM aliases WHERE mail='@oa.com' and enabled = 1
207 Connect mail@localhost on maildb
207 Query SELECT maildir FROM users WHERE id='d@ga.com' and enabled = 1
208 Connect mail@localhost on maildb
208 Query SELECT destination FROM aliases WHERE mail='di@oa.com' and enabled = 1
Dir of /var/spool/mail/virtual:
root@server1:/var/spool/mail/virtual/d# ls -a
. .. cur new tmp
root@server1:/var/spool/mail/virtual/dli# cd new
root@server1:/var/spool/mail/virtual/dli/new# ls
1280681156.Vca01I1305f9M447310.server1.oa.com
When I try to login to SquirrelMail:
ERROR: ERROR: Connection dropped by IMAP server.

mail.log after trying to login:
Aug 1 11:45:56 server1 postfix/qmgr[29704]: 6E5FFD8334: removed
Aug 1 11:46:26 server1 postfix/smtpd[29816]: disconnect from mail-iw0-f175.google.com[209.85.214.175]
Aug 1 11:49:46 server1 postfix/anvil[29818]: statistics: max connection rate 1/60s for (smtp:209.85.214.175) at Aug 1 11:45:54
Aug 1 11:49:46 server1 postfix/anvil[29818]: statistics: max connection count 1 for (smtp:209.85.214.175) at Aug 1 11:45:54
Aug 1 11:49:46 server1 postfix/anvil[29818]: statistics: max cache size 1 at Aug 1 11:45:54
Aug 1 11:50:07 server1 imapd-ssl: Connection, ip=[::1]
Aug 1 11:50:07 server1 imapd-ssl: chdir Maildir: No such file or directory
Aug 1 11:50:07 server1 imapd-ssl: di@o.com: No such file or directory
mysql.log after trying to login:
100801 11:50:07 210 Connect mail@localhost on
210 Init DB maildb
210 Query SELECT id, crypt, "", uid, gid, home, "", "", name, "" FROM users WHERE id = 'li@a.com' AND (enabled=1)
Telnet to localhost:143:
root@server1:/var/log# telnet localhost 143
Trying ::1...
Connected to localhost.localdomain.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2008 Double Precision, Inc. See COPYING for distribution information.
a login di@oa.com password
* BYE [ALERT] Fatal error: No such file or directory: No such file or directory
Connection closed by foreign host.

Hi, Ivar,

One more question, :-) looks like the localdomain mail is not working properly, please refers to the following log.

Thought it's probably because of the hostname settings.
Tried to add an alias entry like this
@localhost.domain1.com ---> @localhost

--------------------------------------------------------------
Jul 31 12:34:12 server postfix/qmgr[2003]: F13B965A75: from=<rivers@server.domain1.com>, size=617, nrcpt=1 (queue active)
Jul 31 12:34:33 server postfix/smtp[2028]: connect to localhost.domain1.com[218.83.175.155]:25: Connection timed out
Jul 31 12:34:33 server postfix/smtp[2028]: F13B965A75: to=<root@localhost.domain1.com>, orig_to=<root@localhost>, relay=none, delay=21, delays=0.17/0.09/21/0, dsn=4.4.1, status=deferred (connect to localhost.domain1.com[218.83.175.155]:25: Connection timed out)
--------------------------------------------------------------

If you intend to receive mail as xxx@domain1.com, then make sure you list domain1.com in the domains table. And if you prefer subdomains such as localhost.domain1.com as well make sure you list localhost.domain1.com in your domains as well, but you should perhaps just alias @localhost to @domain1.com?

****UPDATE: FIXED****
Hopefully this will save someone else some time. Did I miss this step in the tutorial or something?
Looking back on it... this should have been a pretty easy fix.
On the last line of
/etc/courier/imapd-ssl
I changed
MAILDIRPATH=Maildir
to
MAILDIRPATH=/var/spool/mail/virtual
********************


Thanks flurdy for the tutorial

I'm having a similar, if not the same, problem as DonGonzo and jvdl85.
When I try to login, I get:
ERROR: ERROR: Connection dropped by IMAP server.

This is on 10.04

*Note: I have deleted characters from the usernames/domain names, so ignore that part of the copy/paste.

One thing I have noticed (if it makes any difference) is that if I change "MAILDIRPATH=Maildir" to "MAILDIRPATH=/var/spool/mail/virtual", then I am able to telnet to localhost:143, login, and list the folders. But, the only folder listed when i do an "a list "INBOX" "*"", it only shows as having a "SENT" folder.

Thanks ahead of time for any help.

When I try to log in to squirrelmail, here is what I get:
mail.log
Aug 1 11:33:50 server1 imapd-ssl: Connection, ip=[::1]
Aug 1 11:33:50 server1 imapd-ssl: chdir Maildir: No such file or directory
Aug 1 11:33:50 server1 imapd-ssl: adn@oga.com: No such file or directory
mysql.log
100801 11:33:50 203 Connect mail@localhost on
203 Init DB maildb
203 Query SELECT id, crypt, "", uid, gid, "/var/spool/mail/virtual", "", "", name, "" FROM users WHERE id = 'admin@owoga.com' AND (enabled=1)

....


It seems like you have not set up authmysqlrc properly. Such as
MYSQL_MAILDIR_FIELD concat(home,'/',maildir)
because your select statement
SELECT id, crypt, "", uid, gid, "/var/spool/mail/virtual", "", "", name, "" FROM users WHERE id = 'admin@owoga.com' AND (enabled=1)
should have been more like:
SELECT id, crypt, "", uid, gid, home, concat(home,'/',maildir), "", name, "" FROM users WHERE id = 'admin@owoga.com' AND (enabled=1)

If you intend to receive mail as xxx@domain1.com, then make sure you list domain1.com in the domains table. And if you prefer subdomains such as localhost.domain1.com as well make sure you list localhost.domain1.com in your domains as well, but you should perhaps just alias @localhost to @domain1.com?

yes, that makes perfect sense, I will alias @localhost to one of the virtual domains right away. :p

Hello,

I have just followed the Flurdy tutorial to set up a complete mail server successfully.

I programmed a simple PHP web application to manage domains and accounts.

The application is attached to this message, if someone is interested.

The application is not authenticated, so it must be protected using some web server mechanism, like AuthConfig in Apache.

I am following the OP tutorial and I just finished the basic setup. Upon testing it via telnet, I get the followng error. Can someone tell me where to look at this point.
451 4.3.5 Server configuration error
Here is the mail.log.
Aug 8 00:40:09 web-server postfix/smtpd[2022]: connect from localhost[127.0.0.1]
Aug 8 00:40:47 web-server postfix/smtpd[2022]: warning: unknown smtpd restriction: "permit_mynetwork"
Aug 8 00:40:47 web-server postfix/smtpd[2022]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 451 4.3.5 Server configuration error; from=<info@ducsu.com> to=<mailx@hotmail.com> proto=ESMTP helo=<web-server>
Aug 8 00:41:08 web-server postfix/smtpd[2022]: lost connection after RCPT from localhost[127.0.0.1]
Aug 8 00:41:08 web-server postfix/cleanup[2027]: E58752605BF: message-id=<20100807154108.E58752605BF@mail.domain.com>
Aug 8 00:41:09 web-server postfix/smtpd[2022]: disconnect from localhost[127.0.0.1]
Aug 8 00:41:09 web-server postfix/qmgr[1944]: E58752605BF: from=<double-bounce@mail.domain.com>, size=851, nrcpt=1 (queue active)
Aug 8 00:41:09 web-server postfix/virtual[2028]: E58752605BF: to=<root@localhost>, orig_to=<postmaster>, relay=virtual, delay=0.2, delays=0.11/0.01/0/0.08, dsn=2.0.0, status=sent (delivered to maildir)
Aug 8 00:41:09 web-server postfix/qmgr[1944]: E58752605BF: removed
Aug 8 00:47:55 web-server postfix/smtpd[2139]: connect from localhost[127.0.0.1]
Aug 8 00:48:47 web-server postfix/smtpd[2139]: warning: unknown smtpd restriction: "permit_mynetwork"
Aug 8 00:48:47 web-server postfix/smtpd[2139]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 451 4.3.5 Server configuration error; from=<info@domain.com> to=<mailx@hotmail.com> proto=ESMTP helo=<web-server>


I've checked my typo in the postfix/main.cf files and I don't see anything wrong. Please help as I need this mail server setup.

Edited: I corrected my issue. There was a typo in my log highlighted in bold. Fixed it and now I am able to test telnet with success. I tested 3 emails each going to different accounts (gmail, hotmail, and yahoo).
I received test emails from gmail and yahoo but not hotmail instantly. Do I have an error somewhere or it is just a delay from hotmail's end?

Hi,

I just setup a complete server configuration using this guide and (almost) everything is working. In fact, I thought it was complete until the last test as always :)

First : Ubuntu 10.04, Postfix with MySQL backend, Courier IMAP/POP, SMTP (authentificated) but no SSL, Amavis with clamav and Postgrey.

I succeed in creating accounts, IMAP/SMTP/POP with them. Then I setup a production configuration for the production domain and the catchup alias is broken. I configure two regular accounts. The first paul is as regular as possible. The second elric is regular but I wish also that he receive the 'catchup' emails.

So I have this :
mysql> describe aliases
-> ;
+-------------+--------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------------+--------------+------+-----+---------+----------------+
| pkid | smallint(3) | NO | PRI | NULL | auto_increment |
| mail | varchar(120) | NO | UNI | | |
| destination | varchar(120) | NO | | | |
| enabled | tinyint(1) | NO | | 1 | |
+-------------+--------------+------+-----+---------+----------------+
4 rows in set (0.00 sec)

mysql> select * from aliases;
+------+------------------------+------------------------+---------+
| pkid | mail | destination | enabled |
+------+------------------------+------------------------+---------+
| 1 | postmaster@localhost | root@localhost | 1 |
| 2 | sysadmin@localhost | root@localhost | 1 |
| 3 | webmaster@localhost | root@localhost | 1 |
| 4 | abuse@localhost | root@localhost | 1 |
| 5 | root@localhost | root@localhost | 1 |
| 6 | @localhost | root@localhost | 1 |
| 7 | @localhost.localdomain | @localhost | 1 |
| 8 | @DOMAINNAME.fr | elric@DOMAINNAME.fr | 1 |
+------+------------------------+------------------------+---------+
8 rows in set (0.00 sec)
On the mail table, I have this:

mysql> describe users;
+-----------------+----------------------+------+-----+-------------------------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------------+----------------------+------+-----+-------------------------+-------+
| id | varchar(128) | NO | PRI | | |
| name | varchar(128) | NO | | | |
| uid | smallint(5) unsigned | NO | | 5000 | |
| gid | smallint(5) unsigned | NO | | 5000 | |
| home | varchar(255) | NO | | /var/spool/mail/virtual | |
| maildir | varchar(255) | NO | | blah/ | |
| enabled | tinyint(3) unsigned | NO | | 1 | |
| change_password | tinyint(3) unsigned | NO | | 1 | |
| clear | varchar(128) | NO | | ChangeMe | |
| crypt | varchar(128) | NO | | sdtrusfX0Jj66 | |
| quota | varchar(255) | NO | | | |
| procmailrc | varchar(128) | NO | | | |
| spamassassinrc | varchar(128) | NO | | | |
+-----------------+----------------------+------+-----+-------------------------+-------+
13 rows in set (0.00 sec)

mysql> select id, name, uid,gid, home, enabled from users where name like '%DOMAINNAME%';
+----------------------+----------------------+------+------+-------------------------+---------+
| id | name | uid | gid | home | enabled |
+----------------------+----------------------+------+------+-------------------------+---------+
| elric@DOMAINNAME.fr | elric@DOMAINNAME.fr | 5000 | 5000 | /var/spool/mail/virtual | 1 |
| paul@DOMAINNAME.fr | paul@DOMAINNAME.fr | 5000 | 5000 | /var/spool/mail/virtual | 1 |
+----------------------+----------------------+------+------+-------------------------+---------+

My main.cf configuration file

root@sd-22214:/etc/postfix# more main.cf
# This is already done in /etc/mailname
#myhostname= mail.example.com

smtpd_banner = $myhostname ESMTP $mail_name

# leave blank to do it yourself
relayhost =

inet_interfaces = all
mynetworks_style = host


# masquerade_domains = mail.example.com www.example.com !sub.dyndomain.com
masquerade_domains = mail.DOMAINNAME.fr www.DOMAINNAME.fr
# masquerade_exceptions = root

local_recipient_maps =
mydestination =

# how long if undelivered before sending warning update to sender
delay_warning_time = 4h
# will it be a permanent error or temporary
unknown_local_recipient_reject_code = 450
# how long to keep message on queue before return as failed.
# some have 3 days, I have 16 days as I am backup server for some people
# whom go on holiday with their server switched off.
maximal_queue_lifetime = 7d
# max and min time in seconds between retries if connection failed
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
# how long to wait when servers connect before receiving rest of data
smtp_helo_timeout = 60s
# how many address can be used in one message.
# effective stopper to mass spammers, accidental copy in whole address list
# but may restrict intentional mail shots.
smtpd_recipient_limit = 16
# how many error before back off.
smtpd_soft_error_limit = 3
# how many max errors before blocking it.
smtpd_hard_error_limit = 12


# Requirements for the HELO statement
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit

# Requirements for the sender details
# smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_u
nauth_pipelining, permit
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknow
n_sender_domain, reject_unauth_pipelining, permit

# Requirements for the connecting server
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dns
bl.njabl.org

# Requirement for the recipient address
smtpd_data_restrictions = reject_unauth_pipelining

smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipie
nt, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit

# require proper helo at connections
smtpd_helo_required = yes
# waste spammers time before rejecting them
smtpd_delay_reject = yes
disable_vrfy_command = yes

# not sure of the difference of the next two
# but they are needed for local aliasing
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
# this specifies where the virtual mailbox folders will be located
virtual_mailbox_base = /var/spool/mail/virtual
# this is for the mailbox location for each user
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
# and this is for aliases
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
# and this is for domain lookups
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
# this is how to connect to the domains (all virtual, but the option is there)
# not used yet
# transport_maps = mysql:/etc/postfix/mysql_transport.cf

# Changes for replace the virtual map par les vrais ids
#
# Block a reactiver
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
# this specifies where the virtual mailbox folders will be located
virtual_mailbox_base = /var/spool/mail/virtual
# End of block
#virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf
#virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf
# End of replacement block

content_filter = amavis:[127.0.0.1]:10024

# SASL
smtpd_sasl_auth_enable = yes
# If your potential clients use Outlook Express or other older clients
# this needs to be set to yes
broken_sasl_auth_clients = no
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
Of course, I checked and the aliases are working. It is like as soon as the catchup is present all the emails for this domain go to the catchall.

Does anyone have a clue for me?

Thanks in advance.

M.

I am following the OP tutorial and I just finished the basic setup. Upon testing it via telnet, I get the followng error. Can someone tell me where to look at this point.

Here is the mail.log.
Aug 8 00:40:09 web-server postfix/smtpd[2022]: connect from localhost[127.0.0.1]
Aug 8 00:40:47 web-server postfix/smtpd[2022]: warning: unknown smtpd restriction: "permit_mynetwork"
Aug 8 00:40:47 web-server postfix/smtpd[2022]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 451 4.3.5 Server configuration error; from=<info@ducsu.com> to=<mailx@hotmail.com> proto=ESMTP helo=<web-server>
Aug 8 00:41:08 web-server postfix/smtpd[2022]: lost connection after RCPT from localhost[127.0.0.1]
Aug 8 00:41:08 web-server postfix/cleanup[2027]: E58752605BF: message-id=<20100807154108.E58752605BF@mail.domain.com>
Aug 8 00:41:09 web-server postfix/smtpd[2022]: disconnect from localhost[127.0.0.1]
Aug 8 00:41:09 web-server postfix/qmgr[1944]: E58752605BF: from=<double-bounce@mail.domain.com>, size=851, nrcpt=1 (queue active)
Aug 8 00:41:09 web-server postfix/virtual[2028]: E58752605BF: to=<root@localhost>, orig_to=<postmaster>, relay=virtual, delay=0.2, delays=0.11/0.01/0/0.08, dsn=2.0.0, status=sent (delivered to maildir)
Aug 8 00:41:09 web-server postfix/qmgr[1944]: E58752605BF: removed
Aug 8 00:47:55 web-server postfix/smtpd[2139]: connect from localhost[127.0.0.1]
Aug 8 00:48:47 web-server postfix/smtpd[2139]: warning: unknown smtpd restriction: "permit_mynetwork"
Aug 8 00:48:47 web-server postfix/smtpd[2139]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 451 4.3.5 Server configuration error; from=<info@domain.com> to=<mailx@hotmail.com> proto=ESMTP helo=<web-server>


I've checked my typo in the postfix/main.cf files and I don't see anything wrong. Please help as I need this mail server setup.

Edited: I corrected my issue. There was a typo in my log highlighted in bold. Fixed it and now I am able to test telnet with success. I tested 3 emails each going to different accounts (gmail, hotmail, and yahoo).
I received test emails from gmail and yahoo but not hotmail instantly. Do I have an error somewhere or it is just a delay from hotmail's end?
I think it should be permit_mynetworks (with an S on the end)

I think it should be permit_mynetworks (with an S on the end)

Thank you. I got it fix now. My mail server seems to be working within my home network. I am able to send and receive emails.

I have followed the guide and the mail server seems to be working. I can send emails from squirrelmail but I cannot receive emails. I can only receive emails from the domains I have added.

I am able to telnet localhost 25 from the server fine. I can receive and sent mails fine. However, if I try to test send an email from my yahoo, gmail, or hotmail account, I don't receive it. Did I miss a step somewhere? I retrace the steps and it seems I have gotten them all. What log files can I see for emails coming in. I've tried looking at these below, but I don't see anything out of the ordinary.
I have setup an MX for my mail server and is sitting at zoneedit; I haven't input that ip in my settings. I don't know where actually. Would that be the cause of why emails are not coming in?

/var/log/system.log
/var/log/mail.log
/var/log/mysql.log
/var/log/apache2/access.log

Further checking the mail server and mail.log, I noticed I am getting a: Permission denied for ClamAV for all incoming mails. How can I fix this error. I did not touch any settings upon installing clamav by the way.
Aug 9 16:26:49 web-server postfix/pickup[25884]: 91D802605D5: uid=33 from=<www-data>
Aug 9 16:26:49 web-server postfix/cleanup[26229]: 91D802605D5: message-id=<20100809072649.91D802605D5@mail.ducsu.com>
Aug 9 16:26:49 web-server postfix/qmgr[25885]: 91D802605D5: from=<www-data@ducsu.com>, size=486, nrcpt=1 (queue active)
Aug 9 16:26:49 web-server amavis[25777]: (25777-01) ESMTP::10024 /var/lib/amavis/tmp/amavis-20100809T162649-25777: <www-data@ducsu.com> -> <info@ducsu.com> SIZE=486 Received: from mail.ducsu.com ([127.0.0.1]) by localhost (mail.ducsu.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <info@ducsu.com>; Mon, 9 Aug 2010 16:26:49 +0900 (JST)
Aug 9 16:26:49 web-server amavis[25777]: (25777-01) Checking: ZY7AEQ8VTSB0 <www-data@ducsu.com> -> <info@ducsu.com>
Aug 9 16:26:49 web-server amavis[25777]: (25777-01) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/lib/amavis/tmp/amavis-20100809T162649-25777/parts: lstat() failed: Permission denied. ERROR\n"
Aug 9 16:26:49 web-server amavis[25777]: (25777-01) (!)ClamAV-clamd av-scanner FAILED: CODE(0xb387078) unexpected , output="/var/lib/amavis/tmp/amavis-20100809T162649-25777/parts: lstat() failed: Permission denied. ERROR\n" at (eval 115) line 594.
Aug 9 16:26:49 web-server amavis[25777]: (25777-01) (!!)WARN: all primary virus scanners failed, considering backups
Aug 9 16:26:56 web-server postfix/smtpd[26258]: connect from localhost.localdomain[127.0.0.1]
Aug 9 16:26:56 web-server postfix/smtpd[26258]: 1BEDC260690: client=localhost.localdomain[127.0.0.1]
Aug 9 16:26:56 web-server postfix/cleanup[26229]: 1BEDC260690: message-id=<20100809072649.91D802605D5@mail.ducsu.com>
Aug 9 16:26:56 web-server postfix/qmgr[25885]: 1BEDC260690: from=<www-data@ducsu.com>, size=927, nrcpt=1 (queue active)
Aug 9 16:26:56 web-server amavis[25777]: (25777-01) FWD via SMTP: <www-data@ducsu.com> -> <info@ducsu.com>,BODY=7BIT 250 2.0.0 Ok, id=25777-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1BEDC260690
Aug 9 16:26:56 web-server amavis[25777]: (25777-01) Passed CLEAN, <www-data@ducsu.com> -> <info@ducsu.com>, Message-ID: <20100809072649.91D802605D5@mail.ducsu.com>, mail_id: ZY7AEQ8VTSB0, Hits: 0.01, size: 486, queued_as: 1BEDC260690, 6513 ms
Aug 9 16:26:56 web-server postfix/smtp[26231]: 91D802605D5: to=<info@ducsu.com>, orig_to=<weblog@ducsu.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=6.7, delays=0.12/0.02/0.01/6.5, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=25777-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1BEDC260690)
Aug 9 16:26:56 web-server postfix/qmgr[25885]: 91D802605D5: removed
Aug 9 16:26:56 web-server postfix/virtual[26259]: 1BEDC260690: to=<info@ducsu.com>, relay=virtual, delay=0.15, delays=0.07/0.02/0/0.06, dsn=2.0.0, status=sent (delivered to maildir)
Aug 9 16:26:56 web-server postfix/qmgr[25885]: 1BEDC260690: removed
Aug 9 16:31:56 web-server postfix/smtpd[26258]: timeout after END-OF-MESSAGE from localhost.localdomain[127.0.0.1]
Aug 9 16:31:56 web-server postfix/smtpd[26258]: disconnect from localhost.localdomain[127.0.0.1]

This is the log from clamav.log
Mon Aug 9 12:30:45 2010 -> WARNING: lstat() failed on: /var/lib/amavis/tmp/amavis-20100809T123045-23348/parts
Mon Aug 9 13:30:45 2010 -> SelfCheck: Database status OK.
Mon Aug 9 13:42:43 2010 -> WARNING: lstat() failed on: /var/lib/amavis/tmp/amavis-20100809T134243-23349/parts
Mon Aug 9 13:43:22 2010 -> WARNING: lstat() failed on: /var/lib/amavis/tmp/amavis-20100809T123045-23348/parts
Mon Aug 9 13:59:36 2010 -> WARNING: lstat() failed on: /var/lib/amavis/tmp/amavis-20100809T134243-23349/parts
Mon Aug 9 14:19:01 2010 -> WARNING: lstat() failed on: /var/lib/amavis/tmp/amavis-20100809T123045-23348/parts
Mon Aug 9 14:23:10 2010 -> WARNING: lstat() failed on: /var/lib/amavis/tmp/amavis-20100809T134243-23349/parts
Mon Aug 9 14:37:51 2010 -> SelfCheck: Database status OK.
Mon Aug 9 14:37:51 2010 -> WARNING: lstat() failed on: /var/lib/amavis/tmp/amavis-20100809T123045-23348/parts
Mon Aug 9 15:37:51 2010 -> SelfCheck: Database status OK.
Mon Aug 9 16:26:49 2010 -> WARNING: lstat() failed on: /var/lib/amavis/tmp/amavis-20100809T162649-25777/parts
Mon Aug 9 17:06:11 2010 -> SelfCheck: Database modification detected. Forcing reload.
Mon Aug 9 17:06:12 2010 -> Reading databases from /var/lib/clamav
Mon Aug 9 17:06:17 2010 -> Database correctly reloaded (813045 signatures)
Mon Aug 9 17:06:17 2010 -> WARNING: lstat() failed on: /var/lib/amavis/tmp/amavis-20100809T170611-25778/parts
Mon Aug 9 17:13:09 2010 -> WARNING: lstat() failed on: /var/lib/amavis/tmp/amavis-20100809T171309-27950/parts


I may found the answer; however, I am not sure what it is asking.
This is the link from wiki.clamav.net (WARNING: lstat() failed on: /var/lib/amavis/tmp/amavis-20100809T171309-27950/parts).

edit: solved
This link (http://wiki.clamav.net/bin/view/Main/FAQ#I_m_running_ClamAV_amavisd_new_a) explains it more clearly on how to fix the permission denied in clamav

You need to add this to /etc/group
amavis:x:105:clamav

Also, make sure you have this in /etc/clamav/clamd.conf
AllowSupplementaryGroups true

Restart clamav
sudo /etc/init.d/clamav-daemon restart

No real addition to this thread but I think I have to say this:
Thanks a million for this guide, I started using this configuration guide years ago (and yes implemented it in a corporate environment as well :D) and I am still happily using this configuration. Very good guide, very clear which results in a very stable and clean mail system which is easy to manage using phpmyadmin!

Relocation notice (http://flurdy.com/docs/postfix/#ext_reloc)
Anyone did this part? It says the sender will get a notice of new address.
When I tested mine, I didn't get a notice email but the new relocated address was sent. Not a big deal it didn't sent a notice to sender.

//Update
I read the solutions of Eihi and DonGonzo but none of them work for my, I realized that my sql query is not getting the concat(home,'/',maildir) field, but the line MYSQL_MAILDIR_FIELD concat(home,'/',maildir) is well formed. Any ideas??? Please!!!
Thanks
Here is the query:
SELECT id, crypt, "", uid, gid, home, "", "", name, "" FROM users WHERE id = 'user1@home.local' AND (enabled=1)
//

Hello, I'm having some issues with courier-imap, my server can recieve emails, courier creates the folder with the name of the account and put the email file inside but my client (thunderbird-evolution-out.express) can not get it, this is my log file

Aug 18 21:08:29 home imapd: chdir Maildir: No such file or directory
Aug 18 21:08:29 home imapd: user1@home.local: No such file or directoryThe folder user1@home.local exists and the folder Maildir do not exists, if I create it the client and the log do not show any error, but I still can get user1 emails.

I guess something is wrong with the MAILDIRPATH=Maildir line in Imapd file.

Any ideas?,

Thank you Flurdy for this great tutorial, hope someone can help with this problem.

Sorry for my terrible english.

Hmmmm,

I have spent about 3 days on this, and read everything I can find.](*,)

These logs show two attempts to send, the first from outlook express on windoze and the other from evolution.

Server is Ubuntu 10.04

Mail log shows.

Aug 20 01:13:37 zarquon postfix/smtpd[27947]: connect from unknown[190.255.90.53]
Aug 20 01:13:43 zarquon postfix/smtpd[27947]: NOQUEUE: reject: RCPT from unknown[190.255.90.53]: 554 5.7.1 <unknown[190.255.90.53]>: Client host rejected: Access denied; from=<MYNEWADDRESS@sellmatix.com> to=<MYOLDADDRESS@himatix.com> proto=SMTP helo=<slarti>
Aug 20 01:13:43 zarquon postfix/smtpd[27947]: disconnect from unknown[190.255.90.53]
Aug 20 01:14:37 zarquon postfix/smtpd[27947]: connect from unknown[190.255.90.53]
Aug 20 01:14:38 zarquon postfix/smtpd[27947]: disconnect from unknown[190.255.90.53]
Aug 20 01:14:55 zarquon postfix/anvil[27954]: statistics: max connection rate 2/60s for (smtp:190.255.90.53) at Aug 20 01:05:22
Aug 20 01:14:55 zarquon postfix/anvil[27954]: statistics: max connection count 2 for (smtp:190.255.90.53) at Aug 20 01:06:19

auth.log shows

Aug 20 01:06:19 zarquon postfix/smtpd[3209]: sql auxprop plugin using mysql engine
Aug 20 01:08:19 zarquon sshd[9873]: Accepted password for root from 190.255.90.53 port 57450 ssh2
Aug 20 01:08:19 zarquon sshd[9873]: pam_unix(sshd:session): session opened for user root by (uid=0)
Aug 20 01:09:01 zarquon CRON[15500]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug 20 01:09:03 zarquon CRON[15500]: pam_unix(cron:session): session closed for user root
Aug 20 01:10:44 zarquon sshd[9873]: Received disconnect from 190.255.90.53: 11: disconnected by user
Aug 20 01:10:44 zarquon sshd[9873]: pam_unix(sshd:session): session closed for user root
Aug 20 01:11:20 zarquon sshd[25847]: Accepted password for root from 190.255.90.53 port 47078 ssh2
Aug 20 01:11:20 zarquon sshd[25847]: pam_unix(sshd:session): session opened for user root by (uid=0)
Aug 20 01:17:01 zarquon CRON[21999]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug 20 01:17:01 zarquon CRON[21999]: pam_unix(cron:session): session closed for user root
mysql.log show

100820 1:12:32 189 Connect mail@localhost on maildb
190 Connect mail@localhost on maildb
189 Query SELECT destination FROM aliases WHERE mail='sellmatix.com' and enabled = 1
191 Connect mail@localhost on maildb
191 Query SELECT domain FROM domains WHERE domain='sellmatix.com' and enabled = 1
190 Query SELECT destination FROM aliases WHERE mail='sellmatix.com' and enabled = 1
192 Connect mail@localhost on maildb
192 Query SELECT domain FROM domains WHERE domain='sellmatix.com' and enabled = 1
100820 1:13:32 189 Quit
191 Quit
190 Quit
192 Quit
100820 1:13:43 193 Connect mail@localhost on maildb
193 Query SELECT destination FROM aliases WHERE mail='himatix.com' and enabled = 1
194 Connect mail@localhost on maildb
194 Query SELECT domain FROM domains WHERE domain='himatix.com' and enabled = 1
100820 1:14:43 193 Quit
194 Quit
/etc/postfix.main.cf is:-

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
myorigin = /etc/mailname
myhostname = mail.sellmatix.com

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

relayhost =
inet_protocols = all
inet_interfaces = all
#mynetworks_style = host
#mynetworks = 127.0.0.0/8
#mynetworks = all
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

#mydestination = sellmatix.com,localhost.sellmatix.com,localhost
local_recipient_maps =
mydestination =

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
delay_warning_time = 4h

readme_directory = no



unknown_local_recipient_reject_code = 450

#how long to keep in queue before return as failed
maximal_queue_lifetime = 7d

#min and max time in seconds between retries if connection failed
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s

#how long to wait when servers connect before receiving rest of data
smtp_helo_timeout = 60s

#how many addresses can be stored in one message
smtpd_recipient_limit = 16

#how many soft errors before back off
smtpd_soft_error_limit = 3

#how many hard errors before blocking it
smtpd_hard_error_limit = 12

#requirements for the HELO statement
#smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
#smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, permit

#requirements for sender details
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit

#requirements for the connecting server
#smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
smtpd_client_restrictions = permit_sasl_authenticated, reject

#requirements for recipient address
#smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:60000, permit

smtpd_data_restrictions = reject_unauth_pipelining

#require proper helo at connections
smtpd_helo_required = yes
# reject all connections from unauthenticated clients
smtpd_delay_reject = yes
#disable_vrfy_command = yes


# Virtual Mailbox Domain Settings
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases

#this specifies where the virtual mailbox folders will be located
virtual_mailbox_base = /var/spool/mail/virtual

#this is the for the mailbox location for each user
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf

#this is for the aliases
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf

#this is for the domain lookups
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf

#virtual_mailbox_limit = 51200000
#virtual_minimum_uid = 5000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_transport = virtual

#additional for quota support

virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Your maildir has overdrawn your diskspace quota, so you need to free up some space you clot.
virtual_overquota_bounce = yes

# SASL
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.


mailbox_size_limit = 0
recipient_delimiter = +
home_mailbox = Maildir/
Any ideas????

slarti42,
Have you checked if ur isp is not blocking port 25? Try relaying to your isp and see if that works.

slarti42,
Have you checked if ur isp is not blocking port 25? Try relaying to your isp and see if that works.


Thanks for the suggestion, but no, the ISP is NOT blocking port 25. I am using that all the time to connect to the old mail server.

Some progress...

/etc/init.d/saslauthd restart was generating an error, so I uninstalled sasl, and tried to reinstall, but that failed with and error:-
dpkg: syntax error: unknown user `amavis' in statoverride file

I had previously uninstalled amavis trying to eliminate possible causes. After removing the amavis entries in
/var/lib/dpkg/statoverride I was able to reinstall sasl clean, and, suddenly IMAP started working:D

But SMTP is still failing and auth.log now shows:-

Aug 20 17:14:05 zarquon postfix/smtpd[5402]: sql auxprop plugin using mysql engine
Aug 20 17:14:07 zarquon saslauthd[7187]: pam_mysql - MySQL error(You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id = 'MYNEWMAIL@sellmatix.com'' at line 1)
Aug 20 17:14:07 zarquon saslauthd[7187]: DEBUG: auth_pam: pam_authenticate failed: Error in service module
Aug 20 17:14:07 zarquon saslauthd[7187]: do_auth : auth failure: [user=MYNEWMAIL@sellmatix.com] [service=smtp] [realm=sellmatix.com] [mech=pam] [reason=PAM auth error]


That seems to be referring to /etc/postfix/sasl/smtpd.conf which contains:-



pwcheck_method: saslauthd
mech_list: plain login cram-md5 digest-md5
log_level: 7
allow_plaintext: true
auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: mail
sql_passwd: PASSWORD
sql_database: maildb
sql_select: select crypt from users where id='%u@%r' and enabled = 1



Any ideas?

SOLVED!

Missing "table=users" in /etc/pam.d/smtp

Checking my apache error log, I noticed this error. I have no idea what this means. Any one?
[Sun Aug 22 08:12:29 2010] [error] [client 127.0.0.1] PHP Notice: unserialize(): Error at offset 255 of 255 bytes in /usr/share/squirrelmail/functions/strings.php on line 1284, referer: http://mymaildomain.com/src/webmail.php

Does anyone know why postfix is not reading the smtp_sasl_password_maps entry?? ,my isp can not authenticated my mails because postfix is not geting the data from sasl_passwd.db. I´m at this point since 4 days ago, any ideas are welcome!
PLEASE someone give a hand on this !!!!!!!!!!
this is my configuration file


myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
# this specifies where the virtual mailbox folders will be located
virtual_mailbox_base = /var/spool/mail/virtual
# this is for the mailbox location for each user
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
# and this is for aliases
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
# and this is for domain lookups
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
# this is how to connect to the domains (all virtual, but the option is there)
# not used yet
# transport_maps = mysql:/etc/postfix/mysql_transport.cf

virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

myorigin = /etc/mailname
mydestination =
local_recipient_maps =
relayhost = mail.myiso.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
mynetworks_style = host

##relay
smtp_sasl_auth_enabled = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
##
smtp_sasl_mechanism_filter = login
##
# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
delay_warning_time = 4h
unknown_local_recipient_reject_code = 450
maximal_queue_lifetime = 7d
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
smtp_helo_timeout = 60s
smtp_recipient_limit = 16
smtp_soft_error_limit = 3
smtpd_hard_error_limit = 12

# Requirements for the HELO statement
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
# Requirements for the sender details
#smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
# Add permit_sasl_authenticated to you existing
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
# Requirements for the connecting server
#smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
smtpd_client_restrictions =
# Requirement for the recipient address
#smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit smtpd_data_restrictions = reject_unauth_pipelining
#smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit
# Add permit_sasl_authenticated to you existing
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit
# require proper helo at connections
smtpd_helo_required = yes
# waste spammers time before rejecting them
smtpd_delay_reject = yes
disable_vrfy_command = yes

readme_directory = no

# TLS parameters
#smtp_use_tls = no
smtp_tls_security_level = may
#smtpd_use_tls=yes
smtpd_tls_security_level = may
#smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.



content_filter = amavis:[127.0.0.1]:10024

# SASL
smtpd_sasl_auth_enable = yes
## If your potential clients use Outlook Express or other older clients
## this needs to be set to yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
##smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = smtpd
smtpd_sasl_password_maps = hash:/etc/postfix/sasl_passwd

After following the howto By flurdy
I checked mail.log


to=<ghost@domain.net>, relay=local, delay=43, delays=43/0.01/0/0.07, dsn=2.0.0, status=sent (delivered to maildir)


In how to if this received it mail was sent
But the folder to be created in /var/mail/virtual was not created that is ghost.
How can one troubleshoot this problem?

This tutorial is sourceforge works perfectly. I used it on Friday to setup a webmail server

http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-ubuntu-10.04

I had problems with the one at the begining of this thread.

flurdy, maybe, would be good, if you write in the tutorial, that PTR DNS record is needed to send e-mail to some mail servers. And that setting PTR record is not just like setting regular DNS records, to set PTR contact to IP address owner is needed.

Yes - because I need to buy a new mouse with a wheel that doesn't paste when I spin it :p


Well, at least check your post carefully before you hit the send button....inaccurate postings make for a lot of 'noise' as well as
wasted time. What could have been addresses with a single exchange took 5....

I got a weird problem now. My mail server was running fine until today when I used thunderbird to sent mail outside my network. The log shows that my router(GOD) is rejecting the mail? Relay access denied. I haven't changed any settings, other than updated my router's firwmare. Is there a setting in the router that I should look for? I don't understand why thunderbird is showing logs about my router where if I use squirrelmail webgui, it doesn't and my mail sent fine.

Sep 1 23:37:10 web-server postfix/smtp[831]: D0033261268: to=<xxxx@ducsu.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.1, delays=0.14/0.01/0/0.9, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=30126-07, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as B43D7260726)
Sep 1 23:37:10 web-server postfix/smtp[831]: D0033261268: to=<xxxx@gmail.com>, orig_to=<xxx@ducsu.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.1,delays=0.14/0.01/0/0.9, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=30126-07, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as B43D7260726)
Sep 1 23:37:10 web-server postfix/qmgr[1837]: D0033261268: removed
Sep 1 23:37:10 web-server postfix/virtual[836]: B43D7260726: to=<xxx@ducsu.com>, relay=virtual, delay=0.18, delays=0.08/0.03/0/0.07, dsn=2.0.0, status=sent (delivered to maildir)
Sep 1 23:37:10 web-server postfix/smtp[835]: B43D7260726: to=<xxx@gmail.com>,relay=smtp.xxx.xxx.xx.jp[125.206.148.148]:25, delay=0.26 delays=0.08/0.04/0.06/0.09, dsn=2.0.0, status=sent (250 Ok: queued as E26872324)
Sep 1 23:37:11 web-server postfix/qmgr[1837]: B43D7260726: removed
Sep 1 23:38:15 web-server postfix/smtpd[32669]: connect from GOD[192.168.1.1]
Sep 1 23:38:15 web-server postfix/smtpd[32669]: NOQUEUE: reject: RCPT from GOD[192.168.1.1]: 554 5.7.1 <xxxx@hotmail.com>: Relay access denied; from=<xxxx@ducsu.com> to=<xxxx@hotmail.com> proto=ESMTP helo=<[127.0.0.1]>
Sep 1 23:39:00 web-server postfix/smtpd[32669]: disconnect from GOD[192.168.1.1]

FYI for those of you using this great tutorial. When setting up shorewall, the files in /usr/share/doc/shorewall-common/default-config/ have moved to /usr/share/doc/shorewall/default-config/

Hi I was trying to download all the programs i need from your How to guide but i am having some problems with two of them.


1: Authentication: Cyrus SASL
2: Encryption: TLS

I cant seem to find the downloads for these program any help would be great

many thanks nick

Hi.

Thanks for an excellent guide for setting up a complete mail-server.

I have followed your guide and now has a complete mail server set up.

Now I am thinking about backup... Yes, backup... I mean, since the server holds all my e-mails (And I have quite many) maybe I should implement a backup system.

Problem is, I don't know anything about doing so....

Anybody out there with any ideas of how to to backup the e-mails stored on the server ?

Sincerely,

Martin B.


A how to for a complete step by step guide to install, configure and run
a mail server on a GNU / Linux system

The server includes theses programs:
Ubuntu + Postfix + Courier IMAP + MySQL + Amavisd-new + SpamAssassin + ClamAV + SASL + TLS + SquirrelMail + Postgrey

The configuration worked well for me but the spam detection is so hypersensitive that it's marking internal mail as spam. Is there a way to easily disable spam checking for mail originating from users logged in locally?

Yes you can setup the level of detection in SpamAssassin.

Sorry I just got home and Im too tired to think straight pass the Yes

I build an E-mail server following the Step by step guide to install Postfix. All works fine. Thnx for that.
Except one thing is keeping my busy for two whole days now.
HOW DO I OPEN MORE PORTS?
I added ports in the /etc/shorewall/rules, i see them back in iptables --list-rules but it's not coming through.
SSH is going fine. But ping 10.1.0.x is unreachable.
I build a base Ubuntu server in the same 10.76.70.x than i dont have a problem to reach.

# Shorewall version 4 - Rules File
#
# For information on the settings in this file, type "man shorewall-rules"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-rules.html
#
################################################## ################################################## ################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ESTABLISHED
#SECTION RELATED
#SECTION NEW
#
SSH/ACCEPT net $FW
Ping/ACCEPT net $FW

# Permit all ICMP traffic FROM the firewall TO the net zone
ACCEPT $FW net icmp
# mail lines
SMTP/ACCEPT net $FW
SMTPS/ACCEPT net $FW
Submission/ACCEPT net $FW
IMAP/ACCEPT net $FW
IMAPS/ACCEPT net $FW
#web Web/
ACCEPT net $FW
# ntlmaps
ACCEPT net $FW tcp 5865
ACCEPT net $FW udp 5865
################################################## #############################

I learned to put my networks in the /etc/shorewall/zones
loc eth0:10.1.0.0/24,10.70.76.0/24
The port I want to open in /etc/shorewall/rules
ACCEPT loc $FW tcp 5865
ACCEPT $FW loc tcp 5865
Restart shorewall
/etc/init.d/shorewall restart
For me this works.

MYSQL_MAILDIR_FIELD concat(home,'/',maildir)
made my day ;-)
I am Happy!!!!
thanks

First of all I'd like to thank so much for flurdy's great tutorial and all the other help from the posts in this thread!

I've on very specific and short question left: Is it possible to allow IMAP and/or POP3 protocol specifically for each user?
It may happen that I don't want some user to use space on my server and for that only allow him to use the POP3-protocol.

I'd really appreciate some help :-)

I've noticed clamav has issue an update recommendation version of 96.5. We are currently at 9.6.3. Has anyone updated their clamav app, if so can you provided a run down on how you upgrade and reconfigure the mail server to scan your emails? I failed to make it work.

As someone who is considering coming from a Windows Mail Server to Linux, this looks a great guide.

Couple of questions :

can inbound mail be filtered and stopped using a simple if "EHLO/HELO doesn't contain . " drop and blacklist

Can we do IMAP Filtering, check headers, body and subject and then move specific matching mail to a users IMAP / SubFolder ?

Last one. Is there an option for a simple GUI for the logs ?

Thanks

Thanks for a great tutorial, Flurdy!

I have managed to complement Flurdy's tutorial such that virtual transport is swapped for maildrop and spam is automatically delivered to a spam folder.

It is based on the excellent tutorial by Flurdy and complemented by parts of the tutorial found here: http://daemonforums.org/showthread.php?t=193

The latter tutorial also contains methods to implement vacation messaging.

If in doubt, check out the forementioned tutorial.

Here's what I did:

Complete Flurdy's tutorial and install maildrop

uncomment in main.cf:
transport_maps = mysql:/etc/postfix/mysql_transport.cfand add
maildrop_destination_recipient_limit = 1Master.cf file should contain the following line, change the user field to virtual:
maildrop unix - n n - - pipe
flags=DRhu user=virtual argv=/usr/bin/maildrop -d ${recipient}create mysql_transport.cf file and set the correct owner and permissions:
user=mail
password=changeme
dbname=maildb
table=domains
select_field=transport
where_field=domain
hosts=127.0.0.1
additional_conditions = and enabled = 1
create:
# cd /var/spool/mail/virtual/
# chmod +s /usr/bin/maildrop
# touch .mailfilter
# chmod 600 .mailfilter
# mkdir mailfilters
# chmod 700 mailfilters
# chown -R virtual:virtual .mailfilter mailfilterstest maildrop and check logs:
echo "test" | maildrop -V 9 -d you@example.comEdit the ...virtual/.mailfilter file (haven't tested this bit):
# Deliver to Inbox or Spam box (create spam box if it does not exist)
if (/^X-Spam-Flag: YES/:h)
{
`test -d $DEFAULT/.junkmail`
if ($RETURNCODE == 1)
{
`/usr/bin/maildirmake -f junkmail $DEFAULT`
`echo "junkmail" >> $DEFAULT/subscriptions`
}
exception {
to "$DEFAULT/.junkmail"
}
# if all else fails, do regular delivery
exception {
to "$DEFAULT"
}
}
Now use phpmyadmin and change domain transport field from "virtual:" to "maildrop:"

Restart postfix, check log files and pray :)

Much of the code here is curtesy of hamba from daemonforums.org

Hope this helps!

Cheers, Villu


Hello,
I've installed a mailserver followinhg Flurdy's document. Thanks Flurdy.
Next i have followed your instructions about maildrop, but I'm unable to make it working.

Before all, I've have a doubt:

during the install of the mailserver the package it's not installed.

what package do you have used: ?

maildrop or courier-maildrop

I've tried both with two differenent result.
Using courier-maildrop, when i execute the test:
echo "test" | maildrop -V 9 -d myemail@mydomain

in the mailbox i get a mail

as soon i change the transport in mysql from "virtual:" to "maildrop:"
I don't get anymore mail i sent to myself.

on the mail log there is: delivered via maildrop service

What I noticed, under the directory: /var/spool/mail/virtual a file called "Maildir" get created and it's containing the mail i sent.


Any idea ?

Thanks
regards
federico

Thanks for a great tutorial, Flurdy!

I have managed to complement Flurdy's tutorial such that virtual transport is swapped for maildrop and spam is automatically delivered to a spam folder.

It is based on the excellent tutorial by Flurdy and complemented by parts of the tutorial found here: http://daemonforums.org/showthread.php?t=193

The latter tutorial also contains methods to implement vacation messaging.

If in doubt, check out the forementioned tutorial.

Here's what I did:

Complete Flurdy's tutorial and install maildrop

uncomment in main.cf:
transport_maps = mysql:/etc/postfix/mysql_transport.cfand add
maildrop_destination_recipient_limit = 1Master.cf file should contain the following line, change the user field to virtual:
maildrop unix - n n - - pipe
flags=DRhu user=virtual argv=/usr/bin/maildrop -d ${recipient}create mysql_transport.cf file and set the correct owner and permissions:
user=mail
password=changeme
dbname=maildb
table=domains
select_field=transport
where_field=domain
hosts=127.0.0.1
additional_conditions = and enabled = 1
create:
# cd /var/spool/mail/virtual/
# chmod +s /usr/bin/maildrop
# touch .mailfilter
# chmod 600 .mailfilter
# mkdir mailfilters
# chmod 700 mailfilters
# chown -R virtual:virtual .mailfilter mailfilterstest maildrop and check logs:
echo "test" | maildrop -V 9 -d you@example.comEdit the ...virtual/.mailfilter file (haven't tested this bit):
# Deliver to Inbox or Spam box (create spam box if it does not exist)
if (/^X-Spam-Flag: YES/:h)
{
`test -d $DEFAULT/.junkmail`
if ($RETURNCODE == 1)
{
`/usr/bin/maildirmake -f junkmail $DEFAULT`
`echo "junkmail" >> $DEFAULT/subscriptions`
}
exception {
to "$DEFAULT/.junkmail"
}
# if all else fails, do regular delivery
exception {
to "$DEFAULT"
}
}
Now use phpmyadmin and change domain transport field from "virtual:" to "maildrop:"

Restart postfix, check log files and pray :)

Much of the code here is curtesy of hamba from daemonforums.org

Hope this helps!

Cheers, Villu
Hello,
I've installed a mailserver followinhg Flurdy's document. Thanks Flurdy.
Next i have followed your instructions about maildrop, but I'm unable to make it working.

Before all, I've have a doubt:

during the install of the mailserver the package it's not installed.

what package do you have used: ?

maildrop or courier-maildrop

I've tried both with two differenent result.
Using courier-maildrop, when i execute the test:
echo "test" | maildrop -V 9 -d myemail@mydomain

in the mailbox i get a mail

as soon i change the transport in mysql from "virtual:" to "maildrop:"
I don't get anymore mail i sent to myself.

on the mail log there is: delivered via maildrop service

What I noticed, under the directory: /var/spool/mail/virtual a file called "Maildir" get created and it's containing the mail i sent.


Any idea ?

Thanks
regards
federico

I've gone through the tutorial up to where all the basics should be up and running. From the server box itself I can telnet in and send email. I can receive email. I can see my received email from a client machine in Thunderbird. But I cannot send email from Thunderbird. I get "The mail server responded: 5.7.1 <test@destination.com>: Relay access denied. Please check the message recipient test@destination.com and try again.". I'm guessing that it's not the recipient that's really causing the problem - I think that courier isn't talking nicely to postfix. I've turned on verbose debugging in postfix/smtpd and I see this sort of conversation going on:


EHLO [192.168.1.2]
> unknown[80.175.115.177]: 250-bagpuss.localdomain
> unknown[80.175.115.177]: 250-PIPELINING
> unknown[80.175.115.177]: 250-SIZE 10240000
match_list_match: unknown: no match
match_list_match: 80.175.115.177: no match
> unknown[80.175.115.177]: 250-ETRN
> unknown[80.175.115.177]: 250-ENHANCEDSTATUSCODES
> unknown[80.175.115.177]: 250-8BITMIME
> unknown[80.175.115.177]: 250 DSN
< unknown[80.175.115.177]: MAIL FROM:<sender@mynewdomain.com> SIZE=454
extract_addr: input: <sender@mynewdomain.com>
smtpd_check_addr: addr=sender@mynewdomain.com
connect to subsystem private/rewrite
send attr request = rewrite
send attr rule = local
send attr address = sender@mynewdomain.com
private/rewrite socket: wanted attribute: flags
input attribute name: flags
input attribute value: 0
private/rewrite socket: wanted attribute: address
input attribute name: address
input attribute value: sender@mynewdomain.com
private/rewrite socket: wanted attribute: (list terminator)
input attribute name: (end)
rewrite_clnt: local: sender@mynewdomain.com -> sender@mynewdomain.com
send attr request = resolve
send attr sender =
send attr address = sender@mynewdomain.com
private/rewrite socket: wanted attribute: flags
input attribute name: flags
input attribute value: 0
private/rewrite socket: wanted attribute: transport
input attribute name: transport
input attribute value: virtual
private/rewrite socket: wanted attribute: nexthop
input attribute name: nexthop
input attribute value: mynewdomain.com
private/rewrite socket: wanted attribute: recipient
input attribute name: recipient
input attribute value: sender@mynewdomain.com
private/rewrite socket: wanted attribute: flags
input attribute name: flags
input attribute value: 1024
private/rewrite socket: wanted attribute: (list terminator)
input attribute name: (end)
resolve_clnt: `' -> `sender@mynewdomain.com' -> transp=`virtual' host=`mynewdomain.com' rcpt=`sender@mynewdomain.com' flags= class=virtual
ctable_locate: install entry key sender@mynewdomain.com
extract_addr: in: <sender@mynewdomain.com>, result: sender@mynewdomain.com
fsspace: .: block size 1024, blocks free 3696436
smtpd_check_queue: blocks 1024 avail 3696436 min_free 0 msg_size_limit 10240000
> unknown[80.175.115.177]: 250 2.1.0 Ok
< unknown[80.175.115.177]: RCPT TO:<test@destination.com>
extract_addr: input: <test@destination.com>
smtpd_check_addr: addr=test@destination.com
send attr request = rewrite
send attr rule = local
send attr address = test@destination.com
private/rewrite socket: wanted attribute: flags
input attribute name: flags
input attribute value: 0
private/rewrite socket: wanted attribute: address
input attribute name: address
input attribute value: test@destination.com
private/rewrite socket: wanted attribute: (list terminator)
input attribute name: (end)
rewrite_clnt: local: test@destination.com -> test@destination.com
send attr request = resolve
send attr sender =
send attr address = test@destination.com
private/rewrite socket: wanted attribute: flags
input attribute name: flags
input attribute value: 0
private/rewrite socket: wanted attribute: transport
input attribute name: transport
input attribute value: smtp
private/rewrite socket: wanted attribute: nexthop
input attribute name: nexthop
input attribute value: techie.com
private/rewrite socket: wanted attribute: recipient
input attribute name: recipient
input attribute value: test@destination.com
input attribute value: test@destination.com
private/rewrite socket: wanted attribute: flags
input attribute name: flags
input attribute value: 4096
private/rewrite socket: wanted attribute: (list terminator)
input attribute name: (end)
resolve_clnt: `' -> `test@destination.com' -> transp=`smtp' host=`techie.com' rcpt=`test@destination.com' flags= class=default
ctable_locate: install entry key test@destination.com
extract_addr: in: <test@destination.com>, result: test@destination.com
send attr request = rewrite
send attr rule = local
send attr address = double-bounce
private/rewrite socket: wanted attribute: flags
input attribute name: flags
input attribute value: 0
private/rewrite socket: wanted attribute: address
input attribute name: address
input attribute value: double-bounce@mynewdomain.com
private/rewrite socket: wanted attribute: (list terminator)
input attribute name: (end)
rewrite_clnt: local: double-bounce -> double-bounce@mynewdomain.com
>>> START Recipient address RESTRICTIONS <<<
generic_checks: name=permit_mynetworks
permit_mynetworks: unknown 80.175.115.177
match_hostname: unknown ~? 127.0.0.0/8
match_hostaddr: 80.175.115.177 ~? 127.0.0.0/8
match_hostname: unknown ~? [::ffff:127.0.0.0]/104
match_hostaddr: 80.175.115.177 ~? [::ffff:127.0.0.0]/104
match_hostname: unknown ~? [::1]/128
match_hostaddr: 80.175.115.177 ~? [::1]/128
match_list_match: unknown: no match
match_list_match: 80.175.115.177: no match
generic_checks: name=permit_mynetworks status=0
generic_checks: name=reject_unauth_destination
reject_unauth_destination: test@destination.com
permit_auth_destination: test@destination.com
ctable_locate: leave existing entry key test@destination.com
NOQUEUE: reject: RCPT from unknown[80.175.115.177]: 554 5.7.1 <test@destination.com>: Relay access denied; from=<sender@mynewdomain.com> to=<test@destination.com> proto=ESMTP helo=<[192.168.1.2]>

I think this is trying to tell me that courier isn't successfully starting a TLS session. But I'm not really sure. If not - why would that be? Your input much appreciated.

[ >>> START Recipient address RESTRICTIONS <<<
generic_checks: name=permit_mynetworks
permit_mynetworks: unknown 80.175.115.177
match_hostname: unknown ~? 127.0.0.0/8
match_hostaddr: 80.175.115.177 ~? 127.0.0.0/8
match_hostname: unknown ~? [::ffff:127.0.0.0]/104
match_hostaddr: 80.175.115.177 ~? [::ffff:127.0.0.0]/104
match_hostname: unknown ~? [::1]/128
match_hostaddr: 80.175.115.177 ~? [::1]/128
match_list_match: unknown: no match
match_list_match: 80.175.115.177: no match
generic_checks: name=permit_mynetworks status=0
generic_checks: name=reject_unauth_destination
reject_unauth_destination: test@destination.com
permit_auth_destination: test@destination.com
ctable_locate: leave existing entry key test@destination.com
NOQUEUE: reject: RCPT from unknown[80.175.115.177]: 554 5.7.1 <test@destination.com>: Relay access denied; from=<sender@mynewdomain.com> to=<test@destination.com> proto=ESMTP helo=<[192.168.1.2]>[/CODE]

I think this is trying to tell me that courier isn't successfully starting a TLS session. But I'm not really sure. If not - why would that be? Your input much appreciated.


Hello,
for a test purpose, i think you can just add the Ip address (80.175.115.177) or the subnet where you are coming 80.175.115.0/24 in the file /etc/postfix/main.cf and reload postfix sudo /etc/init.d/postfix reload


mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 80.175.115.177/32

This shoudl fix your issue, since the address will be considered a local address and not blocked by the restriction. Obviously this is not a good config for a production server.

Hope this help.
Regards
Federico

Huge thanks for this Federico - I can't tell you what a pleasure it is just to see something working. Quite right this is not enough for a production system, though.

What I can't quite understand - cos there are a few bits where Flurdy's doc is just a tiny bit vague - having got to the minimally configured stage should I be able to use a mail client to send mail using smtp/starttls or is that only going to be possible once I've got all the sasl stuff configured up?

Because now I don't know whether to try and debug my current setup or to push on with the next area of work in the doc.

Many thanks, beautiful people.

Hello,
I've followed all the Flurdy's document and he did really a big work.
I've been able to make working almost everything listed there, except SASL, since I think I've not understood what password to use. Anyhow, i do not want use SASL for users authentication. TLS/SSL would be ok and it do not require SASL.
To answer to your question: Yes you will be able to implement smtp/starttls/ssl. Without Sasl
Regards
Federico

fedef63:

Did you ever got maildrop to work? If so which of the maildrop version you used? I am about to setup this up and would like to know the steps. Thanks.

Hi Duceduc,
unfortunately I've not been able to make Maildrop working, in the post #364 or 365 above indeed I'm asking help about, since the document lack of some informations..example what maildrop has been used if courier-maildrop or standalone package..
the doc i followed is linked to Flurdy's document...
here the link http://ubuntuforums.org/showpost.php?p=7278296&postcount=223
it is in the same in my post post above

Regards

Huge thanks for this Federico - I can't tell you what a pleasure it is just to see something working. Quite right this is not enough for a production system, though.

What I can't quite understand - cos there are a few bits where Flurdy's doc is just a tiny bit vague - having got to the minimally configured stage should I be able to use a mail client to send mail using smtp/starttls or is that only going to be possible once I've got all the sasl stuff configured up?

Because now I don't know whether to try and debug my current setup or to push on with the next area of work in the doc.

Many thanks, beautiful people.

Hi,
I wish just to tell you, that I've also Sasl working.
The value in the field "user" and "password" in the file /etc/pam.d/smtp are the same used to access maildb. And now it 's working.
I was thinking i must select "use crypted password" in the smtp panel of thunderbird. probably it was a bad assumption.

Mar 2 00:00:27 mail postfix/smtpd[2940]: 4508DC150E: client=unknown[192.168.254.2], sasl_method=PLAIN, sasl_username=pluto@xxx.it

Regards

I'm curious—is everyone implementing this guide on EC2 using 'small' instances? Has anyone tried on a 'micro' instance, or any other size? If so, please share.

I'm curious—is everyone implementing this guide on EC2 using 'small' instances? Has anyone tried on a 'micro' instance, or any other size? If so, please share.

My current server postfix servers on ec2 are all micro. The memory footprint of postfix++ is tiny.

Hi,

Firstly, I would like to give a big Kudos to flurdy for an excellent how to.

I am relatively a beginner Ubuntu user, and was currently tasked to create a mail server for our small office. The how-to was a great resource for this project.

Initally, I was able to make the setup work until the Basic setup, I tested everything and it works: using telnet to EHLO and send mail, using webmail both within the network and outside the network, and even using Outlook on my Windoze laptop, again both from inside and outside the network.

My problem arose when I proceeded to the Advanced Mail Setup. Everything still seems to be working except when using a mail client on another PC. When using Thunderbird on the server to test, I can send and receive mail without any problems. When using Outlook or Thunderbird on my laptop, I can't login, but webmail (and even telnet) on the same laptop works. Upon setting up Thunderbird, it can automatically detect the servers, IMAP on port 143 and SMTP on port 25, but cannot login to the server. I'm guessing authentication is causing the problems. I've been working on this for days now and reading on different posts and sites, but still with no luck.

I can post the config files if anyone should need it. Any help would be greatly appreciated.

Thanks again for the invaluable how-to.


jlsm

Bump.

Hope someone could help. I really need this coz i've driven to a blank right now.

Thanks.

jlsm

Hi,
I wish just to tell you, that I've also Sasl working.
The value in the field "user" and "password" in the file /etc/pam.d/smtp are the same used to access maildb. And now it 's working.
I was thinking i must select "use crypted password" in the smtp panel of thunderbird. probably it was a bad assumption.

Mar 2 00:00:27 mail postfix/smtpd[2940]: 4508DC150E: client=unknown[192.168.254.2], sasl_method=PLAIN, sasl_username=pluto@xxx.it

Regards

If somebody using roundcube after SASL is enabled, if using SMTPS port 465 to send mail will get an error SMTP Error 554.
To solve it..here the few changes required in roundcube config:

// use this host for sending mails.
// to use SSL connection, set ssl://smtp.host.com
// if left blank, the PHP mail() function is used
// Use %h variable as replacement for user's IMAP hostname
$rcmail_config['smtp_server'] = 'ssl://localhost';

// SMTP port (default is 25; 465 for SSL)
$rcmail_config['smtp_port'] = 465;
// SMTP username (if required) if you use %u as the username RoundCube
// will use the current username for login
$rcmail_config['smtp_user'] = '%u';
// SMTP password (if required) if you use %p as the password RoundCube
// will use the current user's password for login
$rcmail_config['smtp_pass'] = '%p';
// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use
// best server supported one)
$rcmail_config['smtp_auth_type'] = 'PLAIN';

Hi jlsm,
please post your postifx config: master.cf and main.cf ,
and /etc/shorewall/rules

Do you have enabled the ports required in the firewall (shorewall) ?

I'm not an expert but i will have a look if I can Help.
regards
Federico

Thanks so much for looking into this Federico.

I also tried using clear passwd, but it's still not authenticating. I was able to make it work using POP3, but not using SASL, i'm afraid it might be prone to attacks or interception.

I'm still working on a testbed, not the production server yet, until I'm sure it is secure and stable.

Following are the main and master config files, as well the the shorewall rules.

I removed some of the commented lines in the config files (not all to retain section breaks)

main.cf

myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

append_dot_mydomain = no

readme_directory = no

smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes

btree:${data_directory}/smtpd_scache
btree:${data_directory}/smtp_scache


myhostname = subdomain.domain.com #I used a subdomain with an A and MX record, registered at freedns.afraid.org
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination =
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
home_mailbox = Maildir/
mailbox_command =

mynetworks_style = host

masquerade_domains = mail.subdomain.domain.com
masquerade_exceptions = root

local_recipient_maps =

delay_warning_time = 4h

unknown_local_recipient_reject_code = 450

maximal_queue_lifetime = 3d
bounce_queue_lifetime = 3d

minimal_backoff_time = 900s
maximal_backoff_time = 1800s

smtp_helo_timeout = 60s

smtpd_recipient_limit = 16

smtpd_soft_error_limit = 3

smtpd_hard_error_limit = 12

smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit

smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit

smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org

smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit
smtpd_data_restrictions = reject_unauth_pipelining

smtpd_helo_required = yes

smtpd_delay_reject = yes
disable_vrfy_command = yes
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
option is there)

virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
inet_protocols = all

content_filter = amavis:[127.0.0.1]:10024
Secure mail server, authentication section

smtpd_sasl_auth_enable = no # I changed this to no to accept clear passwd

broken_sasl_auth_clients = no
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =


master.cf

================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - - - - smtpd
submission inet n - n - - smtpd
# -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject_unauth_destination, reject
-o smtpd_sasl_security_options=noanonymous,noplaintex t
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject
-o smtpd_sasl_security_options=noanonymous,noplaintex t
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd


pickup fifo n - - 60 1 pickup

#### added below 'pickup' transport service as prescribed by the tutorial
-o content_filter=
-o receive_override_options=no_header_body_checks
#### end of addition

cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ================================================== ==================
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
================================================== ==================
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

#### This section is added as prescribed in the tutorial
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20

#### Continuation of added section
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_ unknown_recipient_checks
#### End of added section


shorewall rules
#
# Shorewall version 4 - Rules File
#
# For information on the settings in this file, type "man shorewall-rules"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-rules.html
#
################################################## ################################################## ################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ESTABLISHED
#SECTION RELATED
SECTION NEW
SSH/ACCEPT net $FW

Ping/ACCEPT net $FW

# Permit all ICMP traffic FROM the firewall TO the net zone
ACCEPT $FW net icmp

# mail lines
SMTP/ACCEPT net $FW
SMTPS/ACCEPT net $FW
Submission/ACCEPT net $FW
IMAP/ACCEPT net $FW
IMAPS/ACCEPT net $FW
POP3/ACCEPT net $FW

#web
Web/ACCEPT net $FW


Again, thank you for taking time to look into this. Kindly let me know if you need anything else.


jlsm

I followed the basic Dovecot+Postfix+SquirrelMail how-tos over at help.ubuntu.com and I now have a sandbox, internal only email server. Very easy to setup, I figured it would be something extremely complicated TBH. I'm not tempted to buy a domain name and SSL to try and get to work with it.

Thanks so much for looking into this Federico.

I also tried using clear passwd, but it's still not authenticating. I was able to make it work using POP3, but not using SASL, i'm afraid it might be prone to attacks or interception.

I'm still working on a testbed, not the production server yet, until I'm sure it is secure and stable.

Following are the main and master config files, as well the the shorewall rules.

I removed some of the commented lines in the config files (not all to retain section breaks)

main.cf

myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

append_dot_mydomain = no

readme_directory = no

smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes

btree:${data_directory}/smtpd_scache
btree:${data_directory}/smtp_scache


myhostname = subdomain.domain.com #I used a subdomain with an A and MX record, registered at freedns.afraid.org
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination =
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
home_mailbox = Maildir/
mailbox_command =

mynetworks_style = host

masquerade_domains = mail.subdomain.domain.com
masquerade_exceptions = root

local_recipient_maps =

delay_warning_time = 4h

unknown_local_recipient_reject_code = 450

maximal_queue_lifetime = 3d
bounce_queue_lifetime = 3d

minimal_backoff_time = 900s
maximal_backoff_time = 1800s

smtp_helo_timeout = 60s

smtpd_recipient_limit = 16

smtpd_soft_error_limit = 3

smtpd_hard_error_limit = 12

smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit

smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit

smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org

smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit
smtpd_data_restrictions = reject_unauth_pipelining

smtpd_helo_required = yes

smtpd_delay_reject = yes
disable_vrfy_command = yes
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
option is there)

virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
inet_protocols = all

content_filter = amavis:[127.0.0.1]:10024
Secure mail server, authentication section

smtpd_sasl_auth_enable = no # I changed this to no to accept clear passwd

broken_sasl_auth_clients = no
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =


master.cf

================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - - - - smtpd
submission inet n - n - - smtpd
# -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject_unauth_destination, reject
-o smtpd_sasl_security_options=noanonymous,noplaintex t
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject
-o smtpd_sasl_security_options=noanonymous,noplaintex t
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd


pickup fifo n - - 60 1 pickup

#### added below 'pickup' transport service as prescribed by the tutorial
-o content_filter=
-o receive_override_options=no_header_body_checks
#### end of addition

cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ================================================== ==================
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
================================================== ==================
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

#### This section is added as prescribed in the tutorial
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20

#### Continuation of added section
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_ unknown_recipient_checks
#### End of added section


shorewall rules
#
# Shorewall version 4 - Rules File
#
# For information on the settings in this file, type "man shorewall-rules"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-rules.html
#
################################################## ################################################## ################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ESTABLISHED
#SECTION RELATED
SECTION NEW
SSH/ACCEPT net $FW

Ping/ACCEPT net $FW

# Permit all ICMP traffic FROM the firewall TO the net zone
ACCEPT $FW net icmp

# mail lines
SMTP/ACCEPT net $FW
SMTPS/ACCEPT net $FW
Submission/ACCEPT net $FW
IMAP/ACCEPT net $FW
IMAPS/ACCEPT net $FW
POP3/ACCEPT net $FW

#web
Web/ACCEPT net $FW


Again, thank you for taking time to look into this. Kindly let me know if you need anything else.


jlsm


Hi,

I had a look to your configuration and the only strange things i seen so far are: (on /etc/postfix/main.cf)

>home_mailbox = Maildir/

>mailbox_command =

>inet_protocols = all

>smtpd_sasl_auth_enable = no # I changed this to no to accept clear passwd




my working SASL is configured as the guide.

etc/postfix/main.cf
# SASL
smtpd_sasl_auth_enable = yes
# If your potential clients use Outlook Express or other older clients
# this needs to be set to yes
broken_sasl_auth_clients = no
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =

/etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login cram-md5 digest-md5
log_level: 7
allow_plaintext: true
auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: mail
sql_passw: mailPASSWORD
sql_database: maildb
sql_select: select crypt from users where id='%u@%r' and enabled = 1

/etc/pam.d/smtp
auth required pam_mysql.so user=mail passwd=mailPASSWORD host=127.0.0.1 db=maildb table=users usercolumn=id passwdcolumn=crypt crypt=1
account sufficient pam_mysql.so user=mail passwd=mailPASSWORD host=127.0.0.1 db=maildb table=users usercolumn=id passwdcolumn=crypt crypt=1


what do you see in the logs when trying to connect ?

tail -f /var/log/mail.log

must be something helpful there ...

I would aso suggest to ad your local network to the end of this setting in main.cf

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

If SASL is not working i doubt you can connect from other computer without your local network there.


Regards

Hi again fed,

I'm out of the office right now where I have my mail server testbed. I'll post the mail.log when I get back next week. Hope you can still help me by then.

Thanks.

jlsm

Followed the Guide and setup virtuals, so the postconf -n output does not show everything, I guess

I have tested the server internal via telnet and it works.

As my ISP blocks inbound smtp I'm using Mail Reflector to forward the mails to my server

Following are some of the errors I get

Mar 20 10:25:18 MusicPc postfix/smtpd[6861]: NOQUEUE: reject: RCPT from mail1.no-ip.com[204.16.252.100]: 451 4.3.5 Server configuration problem; from=<thelists@optusnet.com.au> to=<poldi@zudiewiener.com> proto=ESMTP helo=<mail1.no-ip.com>
Mar 20 10:25:18 MusicPc postfix/smtpd[6861]: disconnect from mail1.no-ip.com[204.16.252.100]
Mar 20 10:26:58 MusicPc postfix/smtpd[6861]: connect from mail1.no-ip.com[204.16.252.100]
Mar 20 10:27:00 MusicPc postfix/smtpd[6864]: lost connection after UNKNOWN from localhost[127.0.0.1]
Mar 20 10:27:00 MusicPc postfix/smtpd[6864]: disconnect from localhost[127.0.0.1]


Postfix config is
-------------------------------
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
disable_vrfy_command = yes
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
local_recipient_maps =
mailbox_size_limit = 0
maximal_backoff_time = 8000s
maximal_queue_lifetime = 7d
message_size_limit = 102400
minimal_backoff_time = 1000s
mydestination =
myhostname = ml.zudiewiener.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks_style = host
myorigin = /etc/mailname
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
smtp_helo_timeout = 60s
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_limit = 40
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10025, permit
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
smtpd_soft_error_limit = 3
smtpd_tls_cert_file = /etc/postfix/postfix.cert
smtpd_tls_key_file = /etc/postfix/postfix.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 450
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_uid_maps = static:5000
-------------------------------------

the domains in mysql are localhost, localhost.localdomain, zudiewiener.com, ml.zudiewiener.com

Appreciate any help in solving this.

Thanks

I have been using this guide and I am at the point where I was doing the mysql setup where the instructions read:

# If not already done (in package installation)...
mysqladmin -u root password new_password
# log in as root
mysql -u root -p
# then enter password for the root account when prompted Enter password:
# then we create the mail database
create database maildb;
# then we create a new user: "mail"
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
ON maildb.* TO 'mail'@'localhost' IDENTIFIED by 'mailPASSWORD';
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
ON maildb.* TO 'mail'@'%' IDENTIFIED by 'mailPASSWORD';
exit;

Well, I have never edited a mysql input so I didn't know much about it. I had messed up on one of the lines didn't put in a semi-colon. I tried to retype the line to fix it. But I couldn't tell if that worked. Then even "exit;" didn't do anything. I finally couldn't figure out how to change anything so I thought I'd just quit the terminal window and start again.

But when I get back into mysql I can't create database maildb; because it already exists.

How do I approach getting back on track here?

Hello,
do the following:
mysql -u root -p
when asked type the password you have used during setup
drop database maildb;
create database maildb;

GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP ON maildb.* TO 'mail'@'localhost' IDENTIFIED by 'mailPASSWORD'; GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP ON maildb.* TO 'mail'@'%' IDENTIFIED by 'mailPASSWORD'; exit;

whith it you will create the maildb DB
next
mysql -u mail -p maildb
as password type mailPASSWORD

next you can proceed adding the rest of the db setting

Regards
Fedef

Thanks.

Just got the book PHP & MySQL for Dummies to get that line "drop database maildb;"

I think I better do some reading to be my own email admin. =)

Why should you drop a database which is already there?

Correct me if I'm wrong but just don't recreate the database and just grant the user the appropriate rights.

Followed the Guide and setup virtuals, so the postconf -n output does not show everything, I guess

I have tested the server internal via telnet and it works.

As my ISP blocks inbound smtp I'm using Mail Reflector to forward the mails to my server

Following are some of the errors I get

Mar 20 10:25:18 MusicPc postfix/smtpd[6861]: NOQUEUE: reject: RCPT from mail1.no-ip.com[204.16.252.100]: 451 4.3.5 Server configuration problem; from=<thelists@optusnet.com.au> to=<poldi@zudiewiener.com> proto=ESMTP helo=<mail1.no-ip.com>
Mar 20 10:25:18 MusicPc postfix/smtpd[6861]: disconnect from mail1.no-ip.com[204.16.252.100]
Mar 20 10:26:58 MusicPc postfix/smtpd[6861]: connect from mail1.no-ip.com[204.16.252.100]
Mar 20 10:27:00 MusicPc postfix/smtpd[6864]: lost connection after UNKNOWN from localhost[127.0.0.1]
Mar 20 10:27:00 MusicPc postfix/smtpd[6864]: disconnect from localhost[127.0.0.1]


Postfix config is
-------------------------------
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
disable_vrfy_command = yes
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
local_recipient_maps =
mailbox_size_limit = 0
maximal_backoff_time = 8000s
maximal_queue_lifetime = 7d
message_size_limit = 102400
minimal_backoff_time = 1000s
mydestination =
myhostname = ml.zudiewiener.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks_style = host
myorigin = /etc/mailname
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
smtp_helo_timeout = 60s
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_limit = 40
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10025, permit
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
smtpd_soft_error_limit = 3
smtpd_tls_cert_file = /etc/postfix/postfix.cert
smtpd_tls_key_file = /etc/postfix/postfix.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 450
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_uid_maps = static:5000
-------------------------------------

the domains in mysql are localhost, localhost.localdomain, zudiewiener.com, ml.zudiewiener.com

Appreciate any help in solving this.

Thanks

Are you using SSL?

I'm at this point in the guide:

cd /etc/courier

openssl req -x509 -newkey rsa:1024 -keyout imapd.pem \ -out imapd.pem -nodes -days 999
I get the following error:

unknown option -out
req [options] <infile >outfile
I have no idea what to do. I'm stuck.

I should explain that the section being referred to in that question is in the section regarding encryption (TLS).

Also, on a side note, I am trying to add a CUPS print server to this same machine. Does anyone know the firewall settings that would need to be added to the shorewall settings listed in this guide to get it to work? I can't discover the shared printer here yet. Thanks.

I'm at this point in the guide:

cd /etc/courier

openssl req -x509 -newkey rsa:1024 -keyout imapd.pem \ -out imapd.pem -nodes -days 999 I get the following error:

unknown option -out
req [options] <infile >outfile
I have no idea what to do. I'm stuck.


This is what you want:

cd /etc/courier

openssl req -x509 -newkey rsa:1024 -keyout imapd.pem -out imapd.pem -nodes -days 999

I built a server using ami-c0ee06a9 and was seeing errors attributed to authdaemond.

mail.log.1:Apr 21 17:02:56 ip-10-212-82-179 authdaemond: SQL query: SELECT id, crypt, "", uid, gid, home, contact(home,'/',maildir), "", name, "" FROM users WHERE id = 'packard' AND (enabled=1)
mail.log.1:Apr 21 17:02:56 ip-10-212-82-179 authdaemond: mysql_query failed, reconnecting: FUNCTION maildb.contact does not exist
mail.log.1:Apr 21 17:02:56 ip-10-212-82-179 authdaemond: mysql_query failed second time, giving up: FUNCTION maildb.contact does not exist

I traced the problem to /etc/courier/authmysqlrc.
Original: MYSQL_MAILDIR_FIELD contact(home,'/',maildir)
Correction: MYSQL_MAILDIR_FIELD CONCAT(home,'/',maildir)

I guess this was noticed/posted about on page 30. Sorry for the duplicate info.

Has anyone figured out an elegant solution to the problem outlined by Ontolog and oziemike a few pages back that isn't reverting to storing plaintext passwords and dropping down to PLAIN and LOGIN auth methods?

There is a pretty major problem with the way MySQL's ENCRYPT() function is being used in conjunction with the mail server setups. Actually I had to revert to using the plaintext password for both Postfix and Courier. In the case of Postfix I also had to restrict the AUTH types to 'LOGIN' because programs that were using CRAM-MD5 were failing authentication. One major problem here is that ENCRYPT is using whatever the OS's low-level crypt() is which can be anything. Furthermore since we are not supplying any salt, the salt is random! So now we can't reproduce the crypted string since we don't know the salt.I found myself running into the same issues when trying to negotiate an authorized login via any method that was not LOGIN. For example, trying to login through roundcube:

Jun 14 01:59:03 authdaemond: received auth request, service=imap, authtype=cram-md5
Jun 14 01:59:03 authdaemond: authmysql: trying this module
Jun 14 01:59:03 authdaemond: cram: challenge=PDczQTVGNEI0NjI2NkVBQjE3NTQxMjY4QzYwMEFF QTRBQHNtdHAuZHJ1bmtiYWJpZXMuY29tPg==, response=Zm9ydW1zQGRydW5rYmFiaWVzLmNvbSBiNGVhOGI5Z ThlMzdjMDE3NjAxOWUxOTIyZGRjZTM5Nw==
Jun 14 01:59:03 authdaemond: cram: decoded challenge/response, username 'forums@xxxxx.com'
Jun 14 01:59:03 authdaemond: authmysqllib: connected. Versions: header 50137, client 50141, server 50141
Jun 14 01:59:03 authdaemond: SQL query: SELECT id, crypt, "", uid, gid, home, concat(home,'/',maildir), "", name, "" FROM users WHERE id = 'forums@xxxx.com' AND (enabled=1 )
Jun 14 01:59:03 authdaemond: authmysql: REJECT - try next module
Jun 14 01:59:03 authdaemond: FAIL, all modules rejected
Jun 14 01:59:03 imapd-ssl: LOGIN FAILED, method=CRAM-MD5, ip=[::1]
Jun 14 01:59:08 imapd-ssl: Disconnected, ip=[::1], time=5, starttls=1
Also, when trying to send a mass e-mail through my phpBB3 setup with any auth method other than LOGIN, I get:

Jun 14 02:09:41 postfix/smtpd[1985]: connect from xxxxx.com[127.0.1.1]
Jun 14 02:09:41 postfix/smtpd[1985]: warning: SASL authentication failure: no secret in database
Jun 14 02:09:41 postfix/smtpd[1985]: warning: xxxx.com[127.0.1.1]: SASL CRAM-MD5 authentication failed: authentication failure
Jun 14 02:09:41 postfix/smtpd[1985]: lost connection after AUTH from xxxxx.com[127.0.1.1]
Jun 14 02:09:41 postfix/smtpd[1985]: disconnect from xxxx.com[127.0.1.1]
I must say, I'm a little disappointed that:

1) the problems were brought up ~10 pages ago and kind of faded away with out any more dialogue about them
2) I spent the better part of 4 days scouring my configuration and setup thinking I did something wrong and just stumbled on those tidbits... haha.

Thoughts?

*Edit: As an edit, I just wanted to reiterate that, although not a newcomer to computing in any facet, I'm very new to ubuntu and mailservers in general so I wanted to ensure that my server and it's users would be free from possible malicious activity. Thanks.

*Edit 2: Does 11.04 better support this deployment? I noticed in earlier pages people were claiming no issues with 9.xx ubuntu but as soon as they upgraded to 10.xx problems started.

My mail server currently can't make any folders. It is only creating the inbox. If I try to create a folder remotely I get an error, and if I try to e-mail I get an error saying something along the lines of, "Could not create sendmail folder." Has anyone experienced this? Can someone help me with this? Thanks.

Bump.

I've also run into the CRAM problem mentioned above when setting up SASL/TLS on an Ubuntu 10.04 machine (64 bit). Is there a current best recommendation to work around this problem? Is SASL actually necessary when TLS is required for all connections? There is a strong desire to use an Ubuntu LTS release when setting up a mail server, but has anyone checked yet to see if this problem persists with Ubuntu 11.04?

I've also run into the CRAM problem mentioned above when setting up SASL/TLS on an Ubuntu 10.04 machine (64 bit). Is there a current best recommendation to work around this problem?

I just disabled CRAM-MD5 in the courier-imap config and all seems to be running smooth; whether or not that is a smart solution, I can't really answer that. I do have a webmail client running and this is the only way I could make it work, but the data isn't sensitive and as long as the passwords aren't transmitted in plaintext I'm ok with it.

Is SASL actually necessary when TLS is required for all connections?

I was thinking the same thing; per my understanding, SASL is just another layer of protection... a compliment if you will. Most of us are paranoid enough to probably want maximum security though, lol.

There is a strong desire to use an Ubuntu LTS release when setting up a mail server, but has anyone checked yet to see if this problem persists with Ubuntu 11.04?

My thoughts exactly. I haven't cause I run a completely headless server sans an ethernet connection, so upgrading is a bit of a hassle. However, if it would enable a ramp up in security I'd almost definitely do it.

With that said, my knowledge of all of this is probably amateur at best compared to some of those lurking out there, and I was hoping we could suck some of those folk in here to answer some of these concerns.

It would be useful if you started your guide with :


Customise the editor you want

export $EDITOR=nano



Then through out the document use

$EDITOR something something something

instead of assuming people want to use vi...

vi makes me rage HARD. I want to kill kittens when i use it.

SO valuable information .i also searching for these valuable informations.

I followed your instructions on the tutorial however when I want to send an email not from the server (using an email client) I get rejected:
Jun 30 00:54:30 servername postfix/smtpd[32289]: NOQUEUE: reject: RCPT from --.kava.lt[my-ip]: 554 5.7.1 <--@gmail.com>: Relay access denied; from=<karolis@--.ie> to=<--@gmail.com> proto=ESMTP helo=<[server-ip]>


# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = --.ie
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = --.ie
mydestination =
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
mynetworks_style = host
local_recipient_maps =

# how long if undelivered before sending warning update to sender
delay_warning_time = 4h
# will it be a permanent error or temporary
unknown_local_recipient_reject_code = 450
# how long to keep message on queue before return as failed.
# some have 3 days, I have 16 days as I am backup server for some people
# whom go on holiday with their server switched off.
maximal_queue_lifetime = 7d
# max and min time in seconds between retries if connection failed
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
# how long to wait when servers connect before receiving rest of data
smtp_helo_timeout = 60s
# how many address can be used in one message.
# effective stopper to mass spammers, accidental copy in whole address list
# but may restrict intentional mail shots.
smtpd_recipient_limit = 16
# how many error before back off.
smtpd_soft_error_limit = 3
# how many max errors before blocking it.
smtpd_hard_error_limit = 12

# Requirements for the HELO statement
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
# Requirements for the sender details
smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
# Requirements for the connecting server
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
# Requirement for the recipient address
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, perm$
smtpd_data_restrictions = reject_unauth_pipelining

# require proper helo at connections
smtpd_helo_required = yes
# waste spammers time before rejecting them
smtpd_delay_reject = yes
disable_vrfy_command = yes

# not sure of the difference of the next two
# but they are needed for local aliasing
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
# this specifies where the virtual mailbox folders will be located
virtual_mailbox_base = /var/spool/mail/virtual
# this is for the mailbox location for each user
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
# and this is for aliases
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
# and this is for domain lookups
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
# this is how to connect to the domains (all virtual, but the option is there)
# not used yet
# transport_maps = mysql:/etc/postfix/mysql_transport.cf

virtual_uid_maps = static:5000
virtual_gid_maps = static:5000


What should be changed so that sending email via client would be possible? Not only for me but for registered users in the database

After getting the described server setup working I discovered that Courier has a hardcoded IMAP namespace which the default Android email client does not handle properly. Because Android is a strong requirement for my server I have decided to replace Courier with Dovecot.

So far I'm having trouble getting started in how to configure Dovecot for the same MySQL based authentication described in this article with Ubuntu 10.04. Does anyone know if a variation of this article exists with Dovecot support?

I am trying to do the same with Dovecot.

I am following this guide: http://wiki.dovecot.org/HowTo/DovecotLDAPostfixAdminMySQL

I am trying to meld it with Flurdy's tutorial but so far I am having no luck. This guide has a poor explanation of the variables it needs.

So far I do have Dovecot talking to MySQL, but I still can't authorize any accounts against my database.

EDIT

It's now working. Two things that were stopping me:

1. Make sure "disable_plaintext_auth = no" It makes no sense to try debugging your server while using certificates. You can do that stuff after your SMTP, IMAP, and POP3 servers are working correctly
2. Your crypt field must have used MD5() and not encrypt() like in Flurdy's guide.

Here are the two query's I modified to work with Flurdy's database model.

user_query = SELECT concat('/var/spool/mail/virtual/', maildir) as home, concat('maildir:/var/spool/mail/virtual/', maildir) as mail, 5000 as uid, 5000 as gid, concat('maildir:storage=', quota) AS quota FROM users WHERE id = '%u' AND enabled = '1'

password_query = SELECT id as user, crypt as password, concat('/var/spool/mail/virtual/', maildir) as userdb_home, concat('maildir:/var/spool/mail/virtual/', maildir) as userdb_mail, uid as userdb_uid, gid as userdb_gid FROM users WHERE id = '%u' AND enabled = '1'

I hope that helps. Follow the guide I linked very carefully and you should be able to figure it out. If anyone wants a more detailed explanation to supplement Flurdy's guide then I will make one.

EDIT2

After working more with Dovecot, I feel I have to mention a few more things:

3. "disable_plaintext_auth = no" should only be off if you are using TLS, and even then you should be hashing your password.
4. Don't use MD5, since it has inherit weaknesses. Use Dovecot's SSHA256 scheme. It is safer, however, I am having difficulty making it compatible with other programs.

Right now I am trying to get Dovecot to use a custom scheme. If anyone has experience with Hash functions, Crypt, and libc let me know please.

EDIT3

Also, one big plus to using Dovecot is you do not need saslauthd. One less application is one less point of failure IMO.

Hi delaTorre - did you ever get an answer or figure out the reason behind :
Aug 18 21:08:29 home imapd: chdir Maildir: No such file or directory
Aug 18 21:08:29 home imapd: user1@home.local: No such file or directory

I have the same problem.
Thanks,
David

Sorry.

Hello.
I will like to know how resolve this problem.

I'm a newbee. Your guide is extremely helpfull thank you.
I have a running apache server on my machine. I am afraid of messing up so I skipped setting up firewall for now.

I managed to set up Courier IMAP. I can log in through imap but when I try to send mails, I get:
Dec 17 13:09:13 mygitarapp postfix/smtpd[24035]: connect from unknown[88.235.53.100]
Dec 17 13:09:13 mygitarapp postfix/smtpd[24035]: NOQUEUE: reject_warning: RCPT from unknown[88.235.53.100]: 504 5.5.2 <ArGoNNB>: Helo command rejected: need fully-qualified hostname; from=<gunman@mygitar.com> to=<c@gri.in> proto=ESMTP helo=<ArGoNNB>
Dec 17 13:09:13 mygitarapp postfix/smtpd[24035]: NOQUEUE: reject: RCPT from unknown[88.235.53.100]: 554 5.7.1 <c@gri.in>: Relay access denied; from=<gunman@mygitar.com> to=<c@gri.in> proto=ESMTP helo=<ArGoNNB>
Dec 17 13:09:13 mygitarapp postfix/smtpd[24035]: NOQUEUE: reject_warning: RCPT from unknown[88.235.53.100]: 504 5.5.2 <ArGoNNB>: Helo command rejected: need fully-qualified hostname; from=<gunman@mygitar.com> to=<c@gri.in> proto=ESMTP helo=<ArGoNNB>
Dec 17 13:09:13 mygitarapp postfix/smtpd[24035]: NOQUEUE: reject: RCPT from unknown[88.235.53.100]: 554 5.7.1 <c@gri.in>: Relay access denied; from=<gunman@mygitar.com> to=<c@gri.in> proto=ESMTP helo=<ArGoNNB>
Dec 17 13:09:13 mygitarapp postfix/smtpd[24035]: NOQUEUE: reject_warning: RCPT from unknown[88.235.53.100]: 504 5.5.2 <ArGoNNB>: Helo command rejected: need fully-qualified hostname; from=<gunman@mygitar.com> to=<hctopcu@gmail.com> proto=ESMTP helo=<ArGoNNB>
Dec 17 13:09:13 mygitarapp postfix/smtpd[24035]: NOQUEUE: reject: RCPT from unknown[88.235.53.100]: 554 5.7.1 <hctopcu@gmail.com>: Relay access denied; from=<gunman@mygitar.com> to=<hctopcu@gmail.com> proto=ESMTP helo=<ArGoNNB>
Dec 17 13:09:14 mygitarapp postfix/smtpd[24035]: disconnect from unknown[88.235.53.100]I can't understand why a client need to have a hostname. (As I said I'm a rookie)

I will like to know how resolve this problem.

Hiya, I'm trying to get a hang on this.. But there's a lof of stuff I don't understand.
Well..
I followed the guide, but for some reason it's not working.
I only did the first part so far (the basic setup) and without firewall (It's a cloud server and I can change firewall setting elsewhere).
For now I have not restricted port 25 at all.

Anyway, I tried to use telnet to send a mail as the guide tell you to, but something is wrong.
Here's the result of the tails

root@ubuntu:/# tail -f /var/log/mail.log
Sep 22 14:21:29 ubuntu postfix/qmgr[12335]: 7D23A21C1E: removed
Sep 22 14:21:57 ubuntu postfix/smtpd[20677]: disconnect from localhost[127.0.0.1]
Sep 22 14:26:32 ubuntu imapd: Connection, ip=[::ffff:127.0.0.1]
Sep 22 14:28:11 ubuntu postfix/smtpd[20792]: warning: 186.213.77.50: hostname 186.213.77.50.static.host.gvt.net.br verification failed: Name or service not known
Sep 22 14:28:11 ubuntu postfix/smtpd[20792]: connect from unknown[186.213.77.50]
Sep 22 14:28:33 ubuntu postfix/smtpd[20792]: lost connection after UNKNOWN from unknown[186.213.77.50]
Sep 22 14:28:33 ubuntu postfix/smtpd[20792]: disconnect from unknown[186.213.77.50]
Sep 22 14:31:53 ubuntu postfix/anvil[20793]: statistics: max connection rate 1/60s for (smtp:186.213.77.50) at Sep 22 17:28:11
Sep 22 14:31:53 ubuntu postfix/anvil[20793]: statistics: max connection count 1 for (smtp:186.213.77.50) at Sep 22 17:28:11
Sep 22 14:31:53 ubuntu postfix/anvil[20793]: statistics: max cache size 1 at Sep 22 17:28:11
Sep 22 14:54:12 ubuntu postfix/smtpd[21121]: connect from localhost[127.0.0.1]
Sep 22 14:56:28 ubuntu postfix/smtpd[21121]: 58A6B21B62: client=localhost[127.0.0.1]
Sep 22 14:56:38 ubuntu postfix/cleanup[21138]: 58A6B21B62: message-id=<20110922175628.58A6B21B62@mail.envisionenglish.com .br>
Sep 22 14:56:38 ubuntu postfix/qmgr[12335]: 58A6B21B62: from=<kristianbbach@gmail.com>, size=360, nrcpt=1 (queue active)
Sep 22 14:56:38 ubuntu postfix/virtual[21142]: 58A6B21B62: to=<klaus/@envisionenglish.com.br>, orig_to=<klaus@envisionenglish.com.br>, relay=virtual, delay=41, delays=41/0.02/0/0.05, dsn=5.1.1, status=bounced (unknown user: "klaus/@envisionenglish.com.br")
Sep 22 14:56:38 ubuntu postfix/cleanup[21138]: CC51B21C12: message-id=<20110922175638.CC51B21C12@mail.envisionenglish.com .br>
Sep 22 14:56:38 ubuntu postfix/qmgr[12335]: CC51B21C12: from=<>, size=2376, nrcpt=1 (queue active)
Sep 22 14:56:38 ubuntu postfix/bounce[21144]: 58A6B21B62: sender non-delivery notification: CC51B21C12
Sep 22 14:56:38 ubuntu postfix/qmgr[12335]: 58A6B21B62: removed
Sep 22 14:56:41 ubuntu postfix/smtp[21145]: CC51B21C12: to=<kristianbbach@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.45.27]:25, delay=2.6, delays=0.01/0.02/0.96/1.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1316714201 i16si4239653yba.88)
Sep 22 14:56:41 ubuntu postfix/qmgr[12335]: CC51B21C12: removed
Sep 22 14:56:43 ubuntu postfix/smtpd[21121]: disconnect from localhost[127.0.0.1]



And:

* Documentation: https://help.ubuntu.com/
You have new mail.
Last login: Thu Sep 22 17:17:25 2011 from 186.213.77.50
root@ubuntu:~# tail -f /var/log/mysql.log

(there's nothing happening)



Could anyone guide me to a way to fix this?
One thing I noticed is that it seems to add "/" after the recipients name for some reason...

Could it be a rights problem?

root@ubuntu:/# ls -l /var/mail/virtual
total 0
root@ubuntu:/# ls -l /var/mail/
total 8
-rw------- 1 root mail 1444 2011-09-22 16:01 root
drwxr-sr-x 2 virtual virtual 4096 2011-09-22 16:44 virtual
root@ubuntu:/#

I'm getting more and more sure the problem is with the trailing slash since postfix appears to be able to send emails.
I received the following in my private inbox:
FROM: Mail Delivery System <MAILER-DAEMON@envisionenglish.com.br>

Reporting-MTA: dns; mail.envisionenglish.com.br
X-Postfix-Queue-ID: 7FF8421B62
X-Postfix-Sender: rfc822; kristianbbach@gmail.com
Arrival-Date: Thu, 22 Sep 2011 21:33:38 +0000 (UTC)

Final-Recipient: rfc822; klaus/@envisionenglish.com.br
Original-Recipient: rfc822;klaus@envisionenglish.com.br
Action: failed
Status: 5.1.1
Diagnostic-Code: X-Postfix; unknown user: "klaus/@envisionenglish.com.br"

To anyone having problems with this guide, I suggest considering installing Ubuntu server 10.04.3 LTS and Virtualmin. Virtualmin gives you a browser type front-end for managing your web-server, mail-server and much more. Read this guide (http://ubuntuforums.org/showthread.php?t=1197883) for starters.

NOTE: If you do follow the guide, when you get to the section where you are told to do the following:-sudo ./install.sh

... after the Virtualmin installation script has completed successfully, you will need to perform the following commands:-sudo update-rc.d webmin defaults
sudo update-rc.d usermin defaults
... this is because Virtualmin also installs Webmin 1.560 and Usermin 1.480 - for which the Upstart Jobs for both are slightly bugged and the latter two commands rectify this (see this thread (http://www.virtualmin.com/node/19092)).

Addendum: Since posting this, I notice that Virualmin has been updated from version 3.87 to 3.88, but I'm unsure if this eliminates the need to run the extra commands. The best thing to do (after running the install script) is to try accessing the browser interface first:-https://your_server_ip:10000... if you get an error - then run the extra commands.
HTH.

Sounds like it's worth a try... Thanks for the tip :)

Addendum: Since posting this, I notice that Virualmin has been updated from version 3.87 to 3.88, but I'm unsure if this eliminates the need to run the extra commands. The best thing to do (after running the install script) is to try accessing the browser interface first:-https://your_server_ip:10000... if you get an error - then run the extra commands.
HTH.

For me it appears to run smoothly without these extra commands

For me it appears to run smoothly without these extra commands

That's really odd - I just performed a clean install of Ubuntu server 10.04.3 and Virtualmin 3.88 GPL on a virtual-machine and found I still had to perform the extra commands to fix the upstart jobs for Webmin and Usermin.

Any further queries regarding this should be discussed in this thread (https://www.virtualmin.com/node/19581) and this thread (http://www.virtualmin.com/node/19092) in the Virtualmin forums, or at least a separate Ubuntu thread, so as not to go off topic.

Followed the 10th version (Ubuntu 10.04) for setting up basic mail server.
Moving to the Authentication: Cyrus SASL client section and SASL.

Can't get past the following error...
mail.log:Sep 26 10:02:20 rougserver postfix/smtpd[16920]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
saslauthd is running...
18919 ? Ss 0:00 /usr/sbin/saslauthd -a pam -r -c -m /var/spool/postfix/var/run/saslauthd -n 5
Here's the socket...
auth.log:Sep 27 13:34:07 rougserver saslauthd[18919]: ipc_init : listening on socket: /var/spool/postfix/var/run/saslauthd/mux
master.cf has the saslauthd running in chroot...
smtp inet n - - - - smtpd -v

I'm at a loss this point to understand why smtpd does not find saslauthd...
Any suggestions much appreciated...

Update the subject to be the error...
Found out what the problem was...
I had set
queue_directory = /mnt/rougshare/spool/postfix
in main.cf
I followed flurdy's directions and setup as in my post saslauthd directory (-m option) to run out of
/var/spool/postfix/var/run/saslauthd
Need to be out of
/mnt/rougshare/spool/postfix/var/run/saslauthd
I had changed them to be off my boot disk to my raid array.
May want to include in a future update of your guide the change to where the mail and queue directories are.
It would be very helpful if smtpd also put the directory in the warning. I saw many posts on this warning that would have been easier to resolve if the directories were printed. Maybe I should make this change to postfix and submit it? :)

One addition problem I noted that was not discussed in the setup.
Courier-imap does not setup its own maildirs for new accounts.
That has to be done manually for every added account.
Courier has a command call maildirmake that can be used to setup new maildirs as you add new accounts. This is especially meaningful for imap to get the sent, drafts and trash folders in place which are the defaults maildirmake setups up. I also found out for mac outlook 2011, it requires a Junk E-mail folder to be created. That can be done through the maildirmake -f command.

Once I had an empty mailbox setup correctly, it was easier just to do a "cp -a" for that mailbox when I created new users. Interested in if their is any more integrated way - e.g. from a sql web interface with php to do all this every time a user is added.

Hello flurdy,

First of all thanks for great tutorial, it really helped me setting up my mailserver.

I have two suggestions for tutorial. First one is that you didn't cover Courier POP and installing/settingup Courier POP packages, I had to do that manually and to open POP3 and POP3S in shorewall.

The second is that most of the spam servers check reverse DNS when sending email and you didn't cover that (I had to set up bind with reverse dns for that).

Nevertheless, this is the best tutorial I have seen for creating mailserver, thank you!

Been wanting to set one of these up! Definitely coming in handy.

One addition problem I noted that was not discussed in the setup.
Courier-imap does not setup its own maildirs for new accounts.
That has to be done manually for every added account.
Courier has a command call maildirmake that can be used to setup new maildirs as you add new accounts. This is especially meaningful for imap to get the sent, drafts and trash folders in place which are the defaults maildirmake setups up. I also found out for mac outlook 2011, it requires a Junk E-mail folder to be created. That can be done through the maildirmake -f command.

Once I had an empty mailbox setup correctly, it was easier just to do a "cp -a" for that mailbox when I created new users. Interested in if their is any more integrated way - e.g. from a sql web interface with php to do all this every time a user is added.

Creating the folders manually is not neccessary.
As long as the root exists postfix will create these folders once each user receives its first email.(http://flurdy.com/docs/postfix/#app_faq)

However as you state the additional folders courier uses will not be created by postfix as it does not use them. But those extra ones can be created by eg roundcube or squirrelmail by default: in http://flurdy.com/docs/postfix/#ext_round the
$rcmail_config['create_default_folders'] = TRUE;

A while ago before getting started I purchased the official "book of postfix" and taken time to read thru the ubuntu documentation for postfix. And i've installed all of the necessary/related packages. Presently I have postfix configured as an "internet site"; mail service for my primary (default) server/hostname "server.example.net", "localhost", etc..

Bind9/DNS, zone files, everything is all set.

My primary (default) server/hostname is set up on a dedicated box with about 20 dedicated ip's - though only a few are currently in-use -- (3) websites w/dedicated ip's + SSL.

Just to be clear, let me illustrate:
"server.example.NET" = primary server/hostname + dns zone file; 170.160.150.140
"example.COM" = website #1 + dns zone file; 170.160.150.141
"pretendco.com" = website #2 + dns zone file; 170.160.150.142
"greedyco.com" = website #3 + dns zone file; 170.160.150.143

I just recently added "imap.example.com" + "smtp.example.com" + corresponding zone file entries, each with its own unique/dedicated ip. So in-addition to above, now I've got:
"imap.example.net" + entry added to corresponding dns zone file; 170.160.150.144
"smtp.example.net" + entry added to corresponding dns zone file; 170.160.150.145

Here's my question:
Up to this point I've been using google's (mx) to provide mail service for all of the above domains + dns zone files with corresponding google mx entries. I suppose what I'm trying to do here - essentially replicate google's configuration (imap.gmail.com, smtp.gmail.com) on my server with postfix/courier - allowing me to send and receive mail(boxes) from my desktop mail program configured with my own server(s) "imap.example.net, smtp.example.net" to send and receive mail(boxes) -- not google's (imap;smtp.gmail.com).

Does that make sense?
In your own words, can anyone kindly help explain how I can accomplish this?
Please, please, no links to documentation or blogs filled with garbage advertising.
Greatly appreciated! Thanks y'all!

Thanks for the excellent documentation - I've been working to replace a dying mail server with a new one and this has been invaluable! I have one problem, however, that I'm hoping has an obvious solution.

I relay all my incoming (home) email to my work address via my ISP. My current email server (built a long time ago using standard packages and another Postfix HowTo) works fine (if one overlooks the dying hardware :)), but the new setup keeps giving me 553 rejections when I try to relay. I *think* the root of the problem is found in this representative message from mail.log, which appears just prior to the 553 errors:

Nov 24 11:03:44 mailhost postfix/qmgr[7878]: 21F2DC1F21: from=<>, size=9657, nrcpt=1 (queue active)

Note the "from=<>" entry - as far as I can tell, on my working server this field isn't blank but shows my home email (which is, in turn, a valid address as far as my ISP is concerned). So as far as I can tell I'm passing an empty MAIL FROM field to the relay host and being rejected.

Is there an obvious reason why the from address would be empty? I've attempted to do side-by-side comparison of my working setup (particularly on the various SASL parameters, which are in agreement), but the old setup uses .procmailrc as the fowarding mechanism while the new setup uses the mysql aliases approach. This may be a red herring, but my own skills in this area are limited so I really don't know where to look to try to solve.

Here (http://scripturi-instalare-ubuntu.blogspot.com/2011/10/in-lucru-un-server-de-mail-in-4-minute.html#more) you can find a script that installs and configures postfix-courier-SquirrelMail in 4 minutes. Perhaps you are useful for someone ...

Here (http://scripturi-instalare-ubuntu.blogspot.com/2011/10/in-lucru-un-server-de-mail-in-4-minute.html#more) you can find a script that installs and configures postfix-courier-SquirrelMail in 4 minutes. Perhaps you are useful for someone ...
Should anyone need to translate the page the link leads to; it's in Romanian.

It is not difficult ...
Download the script from HERE (https://docs.google.com/open?id=0BzdgJBgHUlPrNTQ1ZmFkZGItOTczYS00NjYxLTk2M jQtNDEyYjA2ZTY0NjJm) ;
make it executable (ex: sudo chmod +x /home/servermail ),
change the content lines from 105 to 125
launch script execution (ex: sudo /home/servermail )

... or you can write in Google http://scripturi-instalare-ubuntu.blogspot.com/2011/10/in-lucru-un-server-de-mail-in-4-minute.html and then click Translate Page.

The script will install and configure postfix - courier - SquirrelMail. After that you have a fully functional mail server.

Hey, I'm having trouble getting the basic mail server running. I can telnet in but when I try to send an email the "RCPT TO:" portion denies it no matter what I type in. Below is the tail of the mail log:

Dec 15 12:13:20 zero postfix/smtpd[2304]: connect from localhost.localdomain[127.0.0.1]
Dec 15 12:14:05 zero postfix/smtpd[2304]: NOQUEUE: reject: RCPT from localhost.localdomain[127.0.0.1]: 554 5.7.1 <localhost.localdomain[127.0.0.1]>: Client host rejected: Access denied; from=<master@zero.local> to=<jripeastwest@yahoo.com> proto=ESMTP helo=<zero.local>
Dec 15 12:14:05 zero postfix/smtpd[2304]: warning: restriction `rbl_client' after `reject' is ignored
Dec 15 12:14:08 zero postfix/smtpd[2304]: disconnect from localhost.localdomain[127.0.0.1]

My username on the box is "master" and my hostname is zero.local
The firewall is closed as per the instructions.

Below is my main.cf


# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
myorigin= zero.local


smtpd_banner = $myhostname ESMTP Welcome, XNasty at your service.....
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname =zero.local
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = zero.local, zero, localhost.localdomain, localhost
relayhost =smtp-server.nyc.rr.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
mynetworks_style = host
masquerade_domains =
masquerade_exceptions = rootlocal_recipient_maps =
mydestination =

# MAIL SETTINGS

delay_warning_time = 4h
unknown_local_recipient_reject_code = 450
maximal_queue_lifetime = 7d
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
smtp_helo_timeout = 60s
smtpd_recipient_limit = 16
smtpd_soft_error_limit = 3
smtpd_hard_error_limit = 12


# RESTRICTIONS

smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
#

smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit


smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org

smtpd_recipient_restrictions = reject_unauth_pipelinig, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit

smtpd_data_restrictions = reject_unauth_pipelining

smptd_helo_required = yes

smptd_delay_reject = yes

disable_vrfy_command = yes

#######

alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000


I'd love to get this running. Not sure what the next step is to get this past the testing phase.

Any help is appreciated..

Thank you.

Now it tells me to add users and domains. It says # Use phpMyAdmin or command line mysql
INSERT INTO domains (domain) VALUES
('localhost'),
('localhost.localdomain');I don't know how to do that. What do it mean by "Use phpMyAdmin? Or command line mysql? How do I do that? What should I do?

echo "USE maildb;" > /home/createdb
echo "INSERT INTO domains (domain) VALUES ('$domeniulmeu');" >> /home/createdb
echo "quit" >> /home/createdb
mysql -uroot -p$passroot </home/createdb
where :
$domeniulmeu = yours domain name (ex: ubuntuforums.org)
$passroot = password for MySQL root user

i install ubuntu 11.10 32bit server.
i can send email using php script

my webmail client (http://www.afterlogic.com) and roundcube is successfully installed.


my problem is how to create a email account?

any one can help me?

****UPDATE: FIXED****
Hopefully this will save someone else some time. Did I miss this step in the tutorial or something?
Looking back on it... this should have been a pretty easy fix.
On the last line of
/etc/courier/imapd-ssl
I changed
MAILDIRPATH=Maildir
to
MAILDIRPATH=/var/spool/mail/virtual


That has saved me some time thanks!:KS

Hello,

First, thanks for the thorough howto. It really helps to see examples of how to do things.

I used this howto to install a mail server on my Ubuntu 11.10 system. I had a working system until I upgraded from Ubuntu 10, and lost the ability to boot off my main drive. I had to reinstall from the CD to get a working system back, and I lost my original mail system.

I can telnet into the system and connect to ports 25 and 143 if I use 'localhost'. When I try to telnet in using my FQDN, I get 'telnet: Unable to connect to remote host: Connection refused'.

I tried using tail on the mysql and mail log files. I see activity on the mail log when I try via telnet, but no activity at all on the mysql log.

I read through the Shorewall documentation and cannot see where that could be causing my problems.

Another strange thing that might be syptomatic - my Apache web server was working on the Ubuntu machine, and was accessible from the Ubuntu machine and other Windows machines on my local network until I started with this installation. Now, it apparently is accessible only from the Internet - I had a friend access it while I was unable to load the pages.

Any idea how to proceed? I am starting to suffer from email withdrawal.

Found one problem - my bind9 config files had some comments in them that were being interpreted as errors. Bind9 is working now.

I can access my website on 127.0.0.1, but still not from outside.

Reloaded Ubuntu from scratch and went through the install again. Everything works properly from localhost, but I cannot access anything from outside the Linux machine.

I installed gufw and turned off the firewall - still cannot access from outside.

Telnet localhost works - telnet <FQDN> works. Telnet to my Internet IP fails.

Some config files -

/etc/hosts:

127.0.0.1 localdomain.localhost localhost
192.168.0.200 ckenterprises.ckent.org smtp

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
/etc/interfaces:

auto lo
iface lo inet loopback
pre-up iptables-restore < /etc/iptables.rules
post-down iptables-restore < /etc/iptables.downrules

auto eth0
iface eth0 inet static
address 192.168.0.200
network 192.168.0.0
netmask 255.255.255.0
broadcast 192.168.0.255
gateway 192.168.0.2
/etc/hostname:

<my.full.domain>
Any help would be very appreciated.

In case it helps:

root@ckuecker:/home/chuck# ifconfig
eth0 Link encap:Ethernet HWaddr 00:18:4d:71:ad:69
inet addr:192.168.0.200 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::218:4dff:fe71:ad69/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:24592 errors:0 dropped:0 overruns:0 frame:0
TX packets:18626 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:15637039 (15.6 MB) TX bytes:2852932 (2.8 MB)
Interrupt:11 Base address:0xe800

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4596 errors:0 dropped:0 overruns:0 frame:0
TX packets:4596 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:217754 (217.7 KB) TX bytes:217754 (217.7 KB)

Further information - I can get Thunderbird to connect to the servers using 127.0.0.1, but it keeps telling me my email password is invalid.

From looking at log activity, I think the system is receiving emails from outside servers, so if I can access this system locally i can at least delete my spam and send emails out. Ultimately, I need to be able to access the system from any computer on my local network, as I host email for several people.

OK. I am in the home stretch, I think. Disabling the firewall with iptables -F allowed my webserver to work, and I was able to send email from Thunderbird on both my local Windows machine and from this Ubuntu machine. Email sent from outside gets into the /var/mail/virtual/<user> folder, and I can look at it with gedit and see my messages.

What I can't do - yet - is connect with Thunderbird to read what's in the mailbox. Thunderbird wants a password, and tells me it's incorrect when I supply the password I used in the setup process.

So, what I need now is to find out where postfix hides that password, and gedit to send those accumulating emails out to Thunderbird, and I can put this mess to bed.

Then, I need to re-enable a proper firewall.

So yesterday we followed the tutorial and managed to setup a core/simple mailserver.
All in all it does what we would expect the server to do.
It can receive emails and store them under the associated virtual user accounts.
It's also able to match different mail aliases against each other using the mysql tables etc.
But concerning outgoing/forwarding emails we got a peculiar problem.
If we locally run telnet on our server, we can emulate another machine requesting to send/forward mails for us, like that:

helo we.are.an.extern.server.com
-> 250 ourserver.net
mail from: d.k@googlemail.com
-> 250 2.1.0 Ok
rcpt to: antares@lazias.com
-> 250 2.1.5 Ok
data
-> End data with <CR><LF>.<CR><LF>
somerandomtext
foobar
.
-> 250 2.0.0 Ok queued as 9E05517F808B
quit
-> 221 2.0.0 Bye
Moments later antares@lzias.com (antares@lazias.com) will be resolved to cdomi@web.de and the testmail will be received in that (extern) mailbox.
Now if we contact our server via telnet from an EXTERN machine and run the exact same commands our server will respond in the exact same way, it will try to send out the created mail to cdomi@web.de but awkwardly enough when we login on that extern mailbox the mail is never received.
Now if we look into the logfiles of our server, we can see that our mailserver seems to be doing the exact same thing, trying to sent/forward a mail to cdomi@web.de and it doesn't seem to have any troubles doing so.
Here the corresponding logfile entries:

Jan 27 16:20:46 ourserver postfix/smtpd[15487]: connect from localhost.localdomain[127.0.0.1]
Jan 27 16:23:21 ourserver postfix/smtpd[15487]: 9E05517F808B: client=localhost.localdomain[127.0.0.1]
Jan 27 16:24:58 ourserver postfix/cleanup[15492]: 9E05517F808B: message-id=<20120127152321.9E05517F808B@ourserver.net>
Jan 27 16:24:58 ourserver postfix/qmgr[9946]: 9E05517F808B: from=<d.k@googlemail.com>, size=392, nrcpt=1 (queue active)
Jan 27 16:24:59 ourserver postfix/smtp[15496]: 9E05517F808B: to=<cdomi@web.de>, orig_to=<antares@lzias.com>, relay=mx-ha01.web.de[217.72.192.149]:25, delay=170, delays=170/0.01/0.07/0.15, dsn=2.0.0, status=sent (250 OK id=1Rqnff-0003jD-00)
Jan 27 16:24:59 ourserver postfix/qmgr[9946]: 9E05517F808B: removed
Jan 27 16:26:59 ourserver postfix/smtpd[15487]: disconnect from localhost.localdomain[127.0.0.1]


Jan 27 16:33:56 ourserver postfix/smtpd[15511]: connect from mail-wi0-f176.google.com[209.85.212.176]
Jan 27 16:33:58 ourserver postfix/smtpd[15511]: 5BC9117F808B: client=mail-wi0-f176.google.com[209.85.212.176]
Jan 27 16:33:58 ourserver postfix/cleanup[15514]: 5BC9117F808B: message-id=<4F22C3E5.2060602@googlemail.com>
Jan 27 16:33:58 ourserver postfix/qmgr[9946]: 5BC9117F808B: from=<d.k@googlemail.com>, size=1649, nrcpt=1 (queue active)
Jan 27 16:33:58 ourserver postfix/smtp[15515]: 5BC9117F808B: to=<cdomi@web.de>, orig_to=<antares@lzias.com>, relay=mx-ha02.web.de[217.72.192.188]:25, delay=2.3, delays=2.2/0.01/0.06/0.05, dsn=2.0.0, status=sent (250 OK id=1RqnoM-0000Kh-00)
Jan 27 16:33:58 ourserver postfix/qmgr[9946]: 5BC9117F808B: removed
As we can easily see the server does handle both request in the same way, only one mail will actually reach cdomi@web.de while the other one won't.

Could anyone explain us how that comes? or atleast give us a hint?
Does the web.de mailserver reject our (server's) attempt to forward an email (for whatever reasons) while it seems to be ok with it being the original creator of an email?
How could we check whether the mail gets rejected later after postfix sent it out confidently?

Any help would be appreciated,
regards Antares

hi,
can I get a VPS for this or its better to do it on my home computer?
since I have a really bad internet connection and I want my server to be up 24/7 I want to deploy it on a VPS.
is it possible? it is very different or just a bit?

I got the mail server setup and and it seems to be sending mails but I have this error fro spamd that it cannot create defaults_prefs. Here is my log.
Feb 13 01:48:37 revomix spamd[19468]: prefork: child states: II
Feb 13 01:48:44 revomix postfix/smtpd[19473]: connect from localhost.localdomain[127.0.0.1]
Feb 13 01:49:07 revomix postfix/smtpd[19473]: 1B5F384118B: client=localhost.localdomain[127.0.0.1]
Feb 13 01:49:11 revomix postfix/cleanup[19476]: 1B5F384118B: message-id=<20120212164907.1B5F384118B@mail.ducsu.com>
Feb 13 01:49:11 revomix postfix/qmgr[14379]: 1B5F384118B: from=<support@ducsu.com>, size=325, nrcpt=1 (queue active)
Feb 13 01:49:11 revomix spamd[19469]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39918
Feb 13 01:49:11 revomix spamd[19469]: spamd: setuid to spamfilter succeeded
Feb 13 01:49:11 revomix spamd[19469]: spamd: creating default_prefs: /home/spamfilter/.spamassassin/user_prefs
Feb 13 01:49:11 revomix spamd[19469]: spamd: failed to create readable default_prefs: /home/spamfilter/.spamassassin/user_prefs
Feb 13 01:49:11 revomix spamd[19469]: spamd: processing message <20120212164907.1B5F384118B@mail.ducsu.com> for spamfilter:5001
Feb 13 01:49:12 revomix spamd[19469]: spamd: clean message (1.9/2.0) for spamfilter:5001 in 0.3 seconds, 350 bytes.
Feb 13 01:49:12 revomix spamd[19469]: spamd: result: . 1 - ALL_TRUSTED,MISSING_HEADERS,MISSING_SUBJECT,TVD_SP ACE_RATIO scantime=0.3,size=350,user=spamfilter,uid=5001,req uired_score=2.0,rhost=localhost.localdomain,raddr= 127.0.0.1,rport=39918,mid=<20120212164907.1B5F384118B@mail.ducsu.com>,autolearn=no
Feb 13 01:49:12 revomix postfix/pickup[14378]: 29CFF841190: uid=5001 from=<support@ducsu.com>
Feb 13 01:49:12 revomix postfix/pipe[19477]: 1B5F384118B: to=<noreply@ducsu.com>, relay=spamfilter, delay=15, delays=14/0/0/0.36, dsn=2.0.0, status=sent (delivered via spamfilter service)
Feb 13 01:49:12 revomix postfix/qmgr[14379]: 1B5F384118B: removed
Feb 13 01:49:12 revomix postfix/cleanup[19476]: 29CFF841190: message-id=<20120212164907.1B5F384118B@mail.ducsu.com>
Feb 13 01:49:12 revomix spamd[19468]: prefork: child states: II
Feb 13 01:49:12 revomix postfix/qmgr[14379]: 29CFF841190: from=<support@ducsu.com>, size=672, nrcpt=1 (queue active)
Feb 13 01:49:12 revomix postfix/smtpd[19487]: connect from localhost.localdomain[127.0.0.1]
Feb 13 01:49:12 revomix postfix/smtpd[19487]: 4666D84118B: client=localhost.localdomain[127.0.0.1]
Feb 13 01:49:12 revomix postfix/cleanup[19476]: 4666D84118B: message-id=<20120212164907.1B5F384118B@mail.ducsu.com>
Feb 13 01:49:12 revomix postfix/smtpd[19487]: disconnect from localhost.localdomain[127.0.0.1]
Feb 13 01:49:12 revomix postfix/qmgr[14379]: 4666D84118B: from=<support@ducsu.com>, size=1067, nrcpt=1 (queue active)
Feb 13 01:49:12 revomix amavis[912]: (00912-16) Passed CLEAN, [127.0.0.1] <support@ducsu.com> -> <noreply@ducsu.com>, Message-ID: <20120212164907.1B5F384118B@mail.ducsu.com>, mail_id: HeSBLkNyca6R, Hits: -, size: 672, queued_as: 4666D84118B, 115 ms
Feb 13 01:49:12 revomix postfix/smtp[19485]: 29CFF841190: to=<noreply@ducsu.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.21, delays=0.08/0.01/0/0.12, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4666D84118B)
Feb 13 01:49:12 revomix postfix/qmgr[14379]: 29CFF841190: removed
Feb 13 01:49:12 revomix postfix/virtual[19488]: 4666D84118B: to=<noreply@ducsu.com>, relay=virtual, delay=0.09, delays=0.04/0/0/0.04, dsn=2.0.0, status=sent (delivered to maildir)
Feb 13 01:49:12 revomix postfix/qmgr[14379]: 4666D84118B: removed
Feb 13 01:53:32 revomix postfix/smtpd[19473]: disconnect from localhost.localdomain[127.0.0.1]

I got the above post fix by creating a .spamassassin folder in /home/spamfilter/. Assign spamd owner to that folder. Gave permission to write.

sudo mkdir /home/spamfilter/.spamassassin
sudo chmod 775 /home/spamfilter/.spamassassin
sudo chown spamd:spamd /home/spamfilter/

If you don't have spamd as a user yet. Create one with no shell.

sudo groupadd spamd
sudo useradd -g spamd -s /bin/false -d /home/spamfilter/.spamassassin

My other problem is this error whenever I start spamassassin.

Mon Feb 13 03:46:29 2012 [22333] info: config: failed to parse line, skipping, i n "/etc/spamassassin/local.cf": use_dcc 0

Hey, i'm following your guide,but i'm concerned with the following code in the mysql database section

CREATE TABLE `users` (
`id` varchar(128) NOT NULL default '',
`name` varchar(128) NOT NULL default '',
`uid` smallint(5) unsigned NOT NULL default '5000',
`gid` smallint(5) unsigned NOT NULL default '5000',
`home` varchar(255) NOT NULL default '/var/spool/mail/virtual',
`maildir` varchar(255) NOT NULL default 'blah/',
`enabled` tinyint(3) unsigned NOT NULL default '1',
`change_password` tinyint(3) unsigned NOT NULL default '1',
`clear` varchar(128) NOT NULL default 'ChangeMe',
`crypt` varchar(128) NOT NULL default 'sdtrusfX0Jj66',
`quota` varchar(255) NOT NULL default '',
`procmailrc` varchar(128) NOT NULL default '',
`spamassassinrc` varchar(128) NOT NULL default '',
PRIMARY KEY (`id`),
UNIQUE KEY `id` (`id`)
) ;


specifically:
`clear` varchar(128) NOT NULL default 'ChangeMe',
and
`maildir` varchar(255) NOT NULL default 'blah/',

What is this blah/ and ChangeMe
Should I change these to something else?

I seem to be having trouble with installing some of the packages.

A fair few have come back with "Couldn't find any package whose name of description matched "packagenamehere"

I am using Ubuntu 11.10, does that make a difference?

check your software sources.
http://flurdy.com/docs/postfix/#install_repos
which packages can't you find?
I seem to be having trouble with installing some of the packages.

A fair few have come back with "Couldn't find any package whose name of description matched "packagenamehere"

I am using Ubuntu 11.10, does that make a difference?

My sources.list is showing main, universe, restricted and multiverse, in ubuntu 9.04 and later they are all enabled by default.

The following are packages it stated "Couldn't find any package whose name or description matched "packagenamehere"

libgsasl7 libauthen-sasl-cyrus-perl
postgrey
ShoreWall
Courier



The Entire command line for ClamAV says "No packages will be installed, upgraded, or removed", the same for amavis & spamassassin.

Any help would be greatly appreciated :)

Outlook and self-signed certificates

These are the steps I took to stop the annoying pop up from MS Outlook constantly asking to allow the security certificate from my email server. Warning: I am a novice user so please verify that these steps are secure before using them on your system.

First, I create a working directory. I use a directory in the home path but you may want to place them somewhere else. I am the only user/administrator of my server so I consider this directory secure.
cd ~
mkdir certs
cd certs
sudo chmod 700 .Generate a key file. This will ask you to create a password. You will only need to remember this password for the next two steps.
sudo openssl genrsa -des3 -out server.key 1024Sample output:
Generating RSA private key, 1024 bit long modulus
.................................................+ +++++
.++++++
e is 65537 (0x10001)
Enter pass phrase for server.key: somepass
Verifying - Enter pass phrase for server.key: somepass

Create your self-signed certificate file. This will ask for the password that you used in the last step along with some other questions about your location. For "Common Name (eg, YOUR name) []:" you must enter your server's FQDN.
sudo openssl req -new -x509 -nodes -sha256 -days 3650 -key server.key -out server.crt
Sample output:
Enter pass phrase for server.key: somepass
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:WI
Locality Name (eg, city) []:Milwaukee
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Some Company
Organizational Unit Name (eg, section) []:IT Department
Common Name (eg, YOUR name) []:mail.domain.com (this must be the FQDN)
Email Address []:postmasters@domain.com

Remove the password from "server.key"
cp server.key server.key.orig
sudo openssl rsa -in server.key.orig -out server.key
Sample output:
Enter pass phrase for server.key.orig: somepass
writing RSA key

Generate a public file for clients. This will prompt for a password. If you want your clients to have to enter a password when they install this certificate enter something here. If not, leave it blank.
sudo openssl pkcs12 -export -in server.crt -inkey server.key -out Outlook.p12
Sample output:
Enter Export Password: clientpassword
Verifying - Enter Export Password: clientpassword

I'm certain there is a better way to do this next step but I couldn't figure out the correct switch for the openssl command so I did this to create the certificate in pem format.
cp server.crt server.pem
cat server.key >> server.pem
I then modified main.cf to use the new certificates.
sudo vi /etc/postfix/main.cfsmtpd_tls_cert_file = /home/username/certs/server.crt
smtpd_tls_key_file = /home/username/certs/server.key
Also modified imapd-ssl to use the same certificates.
sudo vi /etc/courier/imapd-sslTLS_CERTFILE=/home/username/certs/server.pem
TLS_TRUSTCERTS=/home/username/certs
You must restart affected services for the changes to take place on your server.

Provide the file "Outlook.p12" to your clients. They should be able to start installation of this certificate by double clicking or right click and install. If you used a password to create Outlook.p12 you must provide it to your clients and they must enter it when they install the certificate. The certificate must be stored in the "Trusted Root Certification Authorities" during the installation of the certificate (choose "Place certs in following store" not "Automatic ....")

It would be nice if Outlook would allow this file to be sent in an email but it doesn't. You will have to zip it to send or set it up on some web/ftp server somewhere.

I successfully setup the mail server and am able to send and receive via the telnet test. However, I cannot setup my mail client (thunderbird) to send outgoing mails. I can receive just fine. It maybe my smtp settings are incorrect.

In the thunderbird smtp settings. I have the following.

server name: mail.mydomain.com
port: 25
connection security: starttls
authentication method: no authentication
user name: somename@mydomain.com

When I try to send a test mail, I get the following errors.

error from thunderbird.

An error occurred while sending mail. The mail server responded: 5.7.1 <somename@yahoo.com>: Relay access denied. Please check the message recipient someone@yahoo.com and try again.


error log in my mail.log


May 20 10:34:54 revomix postfix/smtpd[19016]: connect from unknown[192.168.1.1]
May 20 10:34:54 revomix postfix/smtpd[18991]: disconnect from unknown[192.168.1.1]
May 20 10:34:54 revomix postfix/smtpd[19016]: setting up TLS connection from unknown[192.168.1.1]
May 20 10:34:54 revomix postfix/smtpd[19016]: Anonymous TLS connection established from unknown[192.168.1.1]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
May 20 10:34:54 revomix postfix/smtpd[19016]: NOQUEUE: reject: RCPT from unknown[192.168.1.1]: 554 5.7.1 <somename@yahoo.com>: Relay access denied; from=<somename@mydomain.com> to=<somename@yahoo.com> proto=ESMTP helo=<[127.0.0.1]>

Thank you for this tutorial.

http://flurdy.com/docs/postfix/

Its about a year since I started following this tutorial.
At first it seems like it will not work coz you will got lots of errors. But after several tailing/testing/telnet I finally built an impregnable mail server. And since then I haven't encounter any problem.

I'm in your debt. Cheers! :popcorn:

Hey, i'm following your guide,but i'm concerned with the following code in the mysql database section

CREATE TABLE `users` (
`id` varchar(128) NOT NULL default '',
`name` varchar(128) NOT NULL default '',
`uid` smallint(5) unsigned NOT NULL default '5000',
`gid` smallint(5) unsigned NOT NULL default '5000',
`home` varchar(255) NOT NULL default '/var/spool/mail/virtual',
`maildir` varchar(255) NOT NULL default 'blah/',
`enabled` tinyint(3) unsigned NOT NULL default '1',
`change_password` tinyint(3) unsigned NOT NULL default '1',
`clear` varchar(128) NOT NULL default 'ChangeMe',
`crypt` varchar(128) NOT NULL default 'sdtrusfX0Jj66',
`quota` varchar(255) NOT NULL default '',
`procmailrc` varchar(128) NOT NULL default '',
`spamassassinrc` varchar(128) NOT NULL default '',
PRIMARY KEY (`id`),
UNIQUE KEY `id` (`id`)
) ;


specifically:
`clear` varchar(128) NOT NULL default 'ChangeMe',
and
`maildir` varchar(255) NOT NULL default 'blah/',

What is this blah/ and ChangeMe
Should I change these to something else?
`maildir` varchar(255) NOT NULL default 'blah/',
You have to change blah/ with a proper directory name.

What I did is:
emailadd@example.com - this is my email address
emailadd/ - this is the name of directory.

You have to change it all the time when you create new account/user.

`clear` varchar(128) NOT NULL default 'ChangeMe', -- I just ignore this, leave it as is.

l have same problem , l am unable to login at squirrelmail
Any one has idea ?