PDA

View Full Version : Howto: set up a mail server in Ubuntu



Pages : 1 [2] 3

q.dinar
December 29th, 2009, 12:33 PM
hello
INSERT INTO users (id,name,maildir,crypt) VALUES ('xandros@blobber.org','xandros','xandros/', encrypt('apassword') );
/var/mail/virtual/xandros/ is created for that, is not it? why not something like /var/mail/virtual/blobber.org/xandros/ ? what to do if i want 2 separate maildirs for name in 2 domains ? just create user with such maildir in mysql query?

2009-12-30 18:22 utc+3 :
there are also 40-policy_banks and 21-ubuntu_defaults files in /etc/amavis/conf.d in ubuntu 9.10 .

2009-12-31 17:41 utc+3 :
flurdy, in previous edition you say to create postfix certificate myself in /etc/postfix/ , in the current edition you say to use /etc/ssl/certs/ssl-cert-snakeoil.pem i have looked that directory , no such file there but many certificate files, i think, does not this mean that i should use one of them?

2010-01-01 14:58 utc+3 : i have made this yesterday. thank you. postgrey makes it to receive mail longer, i am going to disable it.

2010-01-01 20:51 utc+3 : one bug of this in ubuntu 9.10 is that "virtual" user has appeared on the login screen.

krak3n
December 31st, 2009, 04:40 PM
Hi Guys

New to the forum :D

I've been following the 9th edition and got the basic setup done.

I am able to send and receive email through telnet, however I am having problems with getting a mail client (e.g Thunderbird) to send email via smtp.

Here is my /etc/postfix/main.cf



alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
delay_warning_time = 4h
disable_vrfy_command = yes
inet_interfaces = all
local_recipient_maps =
mailbox_size_limit = 0
maximal_backoff_time = 8000s
maximal_queue_lifetime = 7d
minimal_backoff_time = 1000s
mydestination =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks_style = host
myorigin = chris-reeves.com
readme_directory = no
recipient_delimiter = +
relayhost =
smtp_helo_timeout = 60s
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_limit = 16
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
smtpd_soft_error_limit = 3
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 450
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf


The mail client is able to connect and receive emails via IMAP, but when it comes to SMTP sending it fails, this is what I get in the /var/log/mail.log



Dec 31 15:37:01 localhost postfix/smtpd[6393]: warning: 92.11.7.17: hostname host-92-11-7-17.as43234.net verification failed: Name or service not known
Dec 31 15:37:01 localhost postfix/smtpd[6393]: connect from unknown[92.11.7.17]
Dec 31 15:37:01 localhost postfix/smtpd[6393]: disconnect from unknown[92.11.7.17]


I've followed the guide to the letter, so I'm a little confused as to why it's not able to send emails via SMPT. :confused:

Any help guys?

Thanks

Chris

benjamin_888
January 6th, 2010, 09:08 AM
I have some question with the shorewall configuration part which is vi /etc/shorewall/rules

SSH/ACCEPT net $FW

I am confused with the entry above,the entry above should insert into which column?

After that,it said once the server is working, go back to vi /etc/shorewall/rules
how do i know the server is working or not? Anybody knows?

and the open business part is really confusing,
I have no idea how to insert the entries into it,can anybody shows me the screen shot or guidance so that i can understand?

tq.

q.dinar
January 8th, 2010, 05:32 PM
hello. i have read shorewall manuals once, may be when reading this how-to, but i could not understand easily, (and i had not installed mail with this how-to that time), then iptables seemed easier to me, and now i use iptables and i left shorewall configuration part of this how-to.

Tube Shark
January 28th, 2010, 10:14 PM
Need of a little help. I am setting up email server on ubuntu desktop 9.10 and following the tutorial (I think). I didn't install shorewall cause i'm using the firewall in the router. I can send no problem and when I try to telnet from the server from itself to receive an email I get "status=bounced (mail for domain.com loops back to myself) in the mail.log folder. It seems to be getting rejected before the system can receive the email. I'm not seeing any other errors, but they may come once the email gets through.

Please help running out of stuff to read.

Thanks

lisati
January 29th, 2010, 07:34 AM
Need of a little help. I am setting up email server on ubuntu desktop 9.10 and following the tutorial (I think). I didn't install shorewall cause i'm using the firewall in the router. I can send no problem and when I try to telnet from the server from itself to receive an email I get "status=bounced (mail for domain.com loops back to myself) in the mail.log folder. It seems to be getting rejected before the system can receive the email. I'm not seeing any other errors, but they may come once the email gets through.

Please help running out of stuff to read.

Thanks

Might be a good idea to start a new thread in the server section of the forum or ask the staff to move your query from the "outdated tutorials" section of the forum.

(No clue comes to mind why your telnet might be bouncing..... possibly a problem with your how your "hosts" information is configured)

Tube Shark
January 29th, 2010, 02:17 PM
Thanks lisati I'll do that.

harry_bk
February 4th, 2010, 10:51 AM
Hello everybody,
I am trying to set up a mail server on ubuntu 9.10 Server installed on VMware. In order to do that, I chose postfix and I followed the following tutorial (http://flurdy.com/docs/postfix/). But after I finished the setup, I am not able to run the basic server. The problem is that I have to setup the mail server for an entreprise where I'm doing my internship. First I just wanted to test it locaally before being able to bind it to a future Internet web site. I don't really know what's wrong with my basic setup. By the way I haven't set the DNS and I don't know if it's mandatory to do that even for local tests. Also, the machine is under dhcp. I'm also trying to install and set another mail server called Zimbra as someone advised me to, but as many people succeeded in installing and running Postfix, I really want to know what's wrong with my configuration. Below, you'll find some commands I typed and the results.

flurdy
February 4th, 2010, 11:04 AM
Hello everybody,
I am trying to set up a mail server on ubuntu 9.10 Server installed on VMware. In order to do that, I chose postfix and I followed the following tutorial (http://flurdy.com/docs/postfix/). But after I finished the setup, I am not able to run the basic server. The problem is that I have to setup the mail server for an entreprise where I'm doing my internship. First I just wanted to test it locaally before being able to bind it to a future Internet web site. I don't really know what's wrong with my basic setup. By the way I haven't set the DNS and I don't know if it's mandatory to do that even for local tests. Also, the machine is under dhcp. I'm also trying to install and set another mail server called Zimbra as someone advised me to, but as many people succeeded in installing and running Postfix, I really want to know what's wrong with my configuration. Below, you'll find some commands I typed and the results.

in your attached screenshots it says: status:sent(delivered to mailbox)

So your postfix works.
(The rbl errors are due to dns but the server still works.)

harry_bk
February 5th, 2010, 10:49 AM
Thanks a lot flurdy,Now it's ok I send and receive local messages. But when I tried to send messages to external domains like my gmail address it doesn't work as expected although I put the smtp address of my ISP in the relayhost case. What could be the problem??

lisati
February 5th, 2010, 10:52 AM
Thanks a lot flurdy,Now it's ok I send and receive local messages. But when I tried to send messages to external domains like my gmail address it doesn't work as expected although I put the smtp address of my ISP in the relayhost case. What could be the problem??

Does your ISP block port 25?

harry_bk
February 5th, 2010, 04:21 PM
I don't know if my ISP blocks port 25, but I'm going to check it right now

benjamin_888
February 7th, 2010, 04:38 PM
Hi Flurdy,

I am very confused in adding users and domains part.

First, is it I need to log in to mysql database using mysql -u root -p?

Then just follow whatever the instruction in that particular part?

Second, is it I only can test my email server after adding users and domains?

I have nearly finish my basic email server setup, just have a bit problem with firewall part.

Hope you can answer my question as soon as possible, so that i can solve my project faster. thank you very much.

flurdy
February 16th, 2010, 11:47 AM
Ive updated the SASL section of flurdy.com/docs/postfix/ (http://flurdy.com/docs/postfix/) to properly explain how to use password that are encrypted in the database.

flurdy
February 16th, 2010, 11:56 AM
hi flurdy,

i am very confused in adding users and domains part.

First, is it i need to log in to mysql database using mysql -u root -p?

Then just follow whatever the instruction in that particular part?

Second, is it i only can test my email server after adding users and domains?

I have nearly finish my basic email server setup, just have a bit problem with firewall part.

Hope you can answer my question as soon as possible, so that i can solve my project faster. Thank you very much.


1)
Are you asking of you need to log in as root in the configuring the database or the add user section?

For the add domains and users section you log in as the mail user. But you can log in as root as well.

For adding domains and users you have to add the required ones.

Then modify the examples for normal users to suit your requirements.

2)
You can test your server without user etc. Especially not needed early on when you are simply testing if the server is up and can connect etc and not worried if the emails are rejected or not.

But eventually you will need domains and users otherwise testing will always reject your emails. So you need them quite early.

flurdy
February 16th, 2010, 12:02 PM
Still no idea why my tutorial at some point was moved to the "outdated tutorial" forum, but nevermind.

mcfly1204
February 16th, 2010, 10:01 PM
I have gone through this tutorial and have just about everything working. I can send/receive mail via postfix using telnet. I can connect an email client, Thunderbird, from another system in the same network. I can receive mail in the mail client. However, I cannot send mail while using the mail client. I receive the following error in /mail.log:


Feb 16 14:56:40 pg4 postfix/smtpd[4837]: connect from unknown[172.20.X.XXXX]
Feb 16 14:56:40 pg4 postfix/smtpd[4837]: setting up TLS connection from unknown[172.20.X.XXXX]
Feb 16 14:56:40 pg4 postfix/smtpd[4837]: TLS connection established from unknown[172.20.X.XXXX]: SSLv3 with cipher DHE-RSA-... (256/256 bits)
Feb 16 14:56:40 pg4 postfix/smtpd[4837]: warning: SASL authentication failure: no secret in database
Feb 16 14:56:40 pg4 postfix/smtpd[4837]: warning: unknown[172.20.X.XXXX]: SASL CRAM-MD5 authentication failed
Feb 16 14:56:43 pg4 postfix/smtpd[4837]: warning: SASL authentication failure: no secret in database
Feb 16 14:56:43 pg4 postfix/smtpd[4837]: warning: unknown[172.20.X.XXXX]: SASL CRAM-MD5 authentication failed
Feb 16 14:56:45 pg4 postfix/smtpd[4837]: disconnect from unknown[172.20.X.XXXX]

When I try to send a message in Thunderbird, I get a prompt telling me the password for the server is incorrect. If I reenter what should be the correct password, I receive the prompt again.

Any thoughts?

flurdy
February 17th, 2010, 04:48 PM
I have gone through this tutorial and have just about everything working. I can send/receive mail via postfix using telnet. I can connect an email client, Thunderbird, from another system in the same network. I can receive mail in the mail client. However, I cannot send mail while using the mail client. I receive the following error in /mail.log:


Feb 16 14:56:40 pg4 postfix/smtpd[4837]: connect from unknown[172.20.X.XXXX]
Feb 16 14:56:40 pg4 postfix/smtpd[4837]: setting up TLS connection from unknown[172.20.X.XXXX]
Feb 16 14:56:40 pg4 postfix/smtpd[4837]: TLS connection established from unknown[172.20.X.XXXX]: SSLv3 with cipher DHE-RSA-... (256/256 bits)
Feb 16 14:56:40 pg4 postfix/smtpd[4837]: warning: SASL authentication failure: no secret in database
Feb 16 14:56:40 pg4 postfix/smtpd[4837]: warning: unknown[172.20.X.XXXX]: SASL CRAM-MD5 authentication failed
Feb 16 14:56:43 pg4 postfix/smtpd[4837]: warning: SASL authentication failure: no secret in database
Feb 16 14:56:43 pg4 postfix/smtpd[4837]: warning: unknown[172.20.X.XXXX]: SASL CRAM-MD5 authentication failed
Feb 16 14:56:45 pg4 postfix/smtpd[4837]: disconnect from unknown[172.20.X.XXXX]

When I try to send a message in Thunderbird, I get a prompt telling me the password for the server is incorrect. If I reenter what should be the correct password, I receive the prompt again.

Any thoughts?

I updated the SASL authentication a few days ago.
Check if it solves your problem. Such as adding postfix to sasl user etc.

mcfly1204
February 17th, 2010, 08:01 PM
I updated the SASL authentication a few days ago.
Check if it solves your problem. Such as adding postfix to sasl user etc.

I noticed that you updated the SASL portion and was eager to walk through it hoping it would resolve my issue... Unfortunately it did not.

three_jeeps
February 18th, 2010, 09:15 PM
A general question:
Is there a version of the tutorial for 8.04 that describes how to set up an outgoing only mail server? (Ideally for ppl who have comcast or verizon as their ISP?)

OR

A 'bare bones' version that does both outgoing and incoming?

Thanks for any help....
-John

nu_gen68
February 19th, 2010, 08:05 AM
First off, I'm kind of a noob with ubuntu, but I'll try my best to explain my problem.

I followed your tutorial and everything works great.

My problem is that I am trying to add a plug-in for Squirrelmail, so that a user can change their password instead of changing it through SQL. So, I am trying to set up 'Change SQL Password' plugin from squirrelmail.org, I installed the compatibility plug-in as well. So far, I have the plug-in installed, but when squirrelmail accesses the SQL database it can't compare the old password properly to change it.

id: root@localhost
pw: 1234

The configuration file for Change SQL Password, the main lines:
accesses the SQL database:
$csp_dsn = 'mysl://mail:****@localhost/maildb';
looks up password to compare:
$lookup_password_query = 'SELECT count(*) FROM users WHERE id = "%1" AND crypt = %4';
encryption method:
$password_encryption = 'MYSQLENCRYPT';
salt static and query are set to: nothing

MySQL Log:
210 Connect mail@localhost on
210 Init DB maildb
210 Init DB maildb
209 Query SELECT count(*) FROM users WHERE id = "root@localhost" AND crypt = encrypt("1234")
209 Quit

Squirrelmail responds with "Your old password does not match".

Thanks

benjamin_888
February 21st, 2010, 11:55 AM
1)
Are you asking of you need to log in as root in the configuring the database or the add user section?

For the add domains and users section you log in as the mail user. But you can log in as root as well.

For adding domains and users you have to add the required ones.

Then modify the examples for normal users to suit your requirements.

2)
You can test your server without user etc. Especially not needed early on when you are simply testing if the server is up and can connect etc and not worried if the emails are rejected or not.

But eventually you will need domains and users otherwise testing will always reject your emails. So you need them quite early.


thank you flurdy, how can i know my server is up or not?

oziemike
February 25th, 2010, 05:05 PM
Have been running Flurdy's mail server for about 3 years based on Ubuntu 6.06 and thought it about time to get up to a newer version. So loaded up 9.10 server and followed it thru step by step. I am running it on the bench off the Interenet for testing purpose. Before the advanced setup it seemed to be sending and receiving OK. I had imported the old databases from 6.06 (MySQL)

With the advanced setup, the moment another mail server tries to connect or I even do a telnet localhost 25 I get:

Feb 26 01:15:46 mail postfix/smtpd[4219]: warning: SASL per-process initialization failed: generic failure
Feb 26 01:15:46 mail postfix/smtpd[4219]: fatal: SASL per-process initialization failed
Feb 26 01:15:47 mail postfix/master[4211]: warning: process /usr/lib/postfix/smtpd pid 4219 exit status 1
Feb 26 01:15:47 mail postfix/master[4211]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

After that the server is locked up and starting and stopping it is the only way to get it back.

I have gone over and over the setup and still can't find any config problems. Can anyone point me in the right direct where I may have slipped up??

Mike

jvdl85
February 28th, 2010, 08:01 PM
Hi,
I have used your site to setup a mail sever. but I have run in to some problems.
IMAP isnt working as it should. The mail log keeps giving me the error mail imapd: chdir Maildir: No such file or directory.
I have added data succesfuly and postfix and mysql seems seems to work fine.
I know this because I have tested via telnet and sended mails succesfully also the user directories were made.
Also the squirrelmail site says ERROR: ERROR: connection dropped by IMAP server.
Does anyone know what is configured maybe wrong?
I followed the documentation to the point.




This is from the mail.log

Feb 28 07:47:14 mail imapd: Connection, ip=[::ffff:192.168.2.15]
Feb 28 07:47:14 mail imapd: chdir Maildir: No such file or directory
Feb 28 07:47:14 mail imapd: jeroen: No such file or directory
Feb 28 07:47:48 mail imapd: Connection, ip=[::ffff:192.168.2.15]
Feb 28 07:47:48 mail imapd: chdir Maildir: No such file or directory
Feb 28 07:47:48 mail imapd: jeroen: No such file or directory




root@mail:/var/mail/virtual# pwd
/var/mail/virtual
root@mail:/var/mail/virtual# ls -ltra
total 20
drwxrwsr-x 3 root mail 4096 2010-02-27 14:43 ..
drwx--S--- 5 virtual virtual 4096 2010-02-27 15:47 test
drwx--S--- 5 virtual virtual 4096 2010-02-27 15:49 jeroen
drwxr-sr-x 5 virtual virtual 4096 2010-02-28 03:19 .
drwx--S--- 5 virtual virtual 4096 2010-02-28 03:19 joyce


root@mail:/var/mail/virtual/jeroen# pwd
/var/mail/virtual/jeroen
root@mail:/var/mail/virtual/jeroen# ls -ltra
total 20
drwx--S--- 2 virtual virtual 4096 2010-02-27 15:49 cur
drwx--S--- 5 virtual virtual 4096 2010-02-27 15:49 .
drwx--S--- 2 virtual virtual 4096 2010-02-28 03:10 tmp
drwx--S--- 2 virtual virtual 4096 2010-02-28 03:10 new
drwxr-sr-x 5 virtual virtual 4096 2010-02-28 03:19 ..


root@mail:/var/mail/virtual/jeroen/new# pwd
/var/mail/virtual/jeroen/new
root@mail:/var/mail/virtual/jeroen/new# ls -ltra
total 20
-rw------- 1 virtual virtual 425 2010-02-27 15:49
267282160.Vfc00I548fM177362.mail
drwx--S--- 5 virtual virtual 4096 2010-02-27 15:49 ..
-rw------- 1 virtual virtual 3298 2010-02-27 15:51 1267282314.Vfc00I54a0M170046.mail
-rw------- 1 virtual virtual 3831 2010-02-28 03:10 1267323030.Vfc00I54b2M855278.mail
drwx--S--- 2 virtual virtual 4096 2010-02-28 03:10 .




vi /etc/courier/authmysqlrc

MYSQL_HOME_FIELD home
##NAME: MYSQL_NAME_FIELD:0
#
# The user's name (optional)
MYSQL_NAME_FIELD name
##NAME: MYSQL_MAILDIR_FIELD:0
#
# This is an optional field, and can be used to specify an arbitrary
# location of the maildir for the account, which normally defaults to
# $HOME/Maildir (where $HOME is read from MYSQL_HOME_FIELD).
#
# You still need to provide a MYSQL_HOME_FIELD, even if you uncomment this
# out.
#
MYSQL_MAILDIR_FIELD concat(home,'/',maildir)


Iff more info is required then let me know, I'm really stuck. Also googled the problem but did'nt get any wiser.

from the FAQ section
Squirrelmail does not allow me to log in

This is due to many things. Most are due to skipping too fast forward, ignoring test sections (http://flurdy.com/docs/postfix/#test) etc.


Answers:

Does postfix (http://flurdy.com/docs/postfix/#config-simple-mta) work?
No point trying to run before you can crawl. Send emails to recipients on your server, tail mail.log to see if everything is okay.
Often mysql (http://flurdy.com/docs/postfix/#config-simple-database) is not configured properly, check the mysql logs (http://flurdy.com/docs/postfix/#test) for activity.
Yes postfix works and i see activity in the mysql.log
Also the user dir's are made.


Have they ever received an email?
If not they can not log into squirrelmail as the email folders will not yet exist.
Yes as you can see above

Does Courier (http://flurdy.com/docs/postfix/#config-simple-imap) work?
If it doesn't then you have still got some more setup to do.
Yes trying with telnet shows.


telnet localhost 143
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION] Courier-IMAP ready. Copyright 1998-2008 Double Precision, Inc. See COPYING for distribution information.

telnet localhost 10024
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready




ps -ef |grep courier
root 13243 1 0 Feb27 ? 00:00:00 /usr/sbin/courierlogger -pid=/var/run/courier/authdaemon/pid -start /usr/lib/courier/courier-authlib/authdaemond
root 13244 13243 0 Feb27 ? 00:00:00 /usr/lib/courier/courier-authlib/authdaemond
root 13254 13244 0 Feb27 ? 00:00:00 /usr/lib/courier/courier-authlib/authdaemond
root 13255 13244 0 Feb27 ? 00:00:00 /usr/lib/courier/courier-authlib/authdaemond
root 13256 13244 0 Feb27 ? 00:00:00 /usr/lib/courier/courier-authlib/authdaemond
root 13257 13244 0 Feb27 ? 00:00:00 /usr/lib/courier/courier-authlib/authdaemond
root 13258 13244 0 Feb27 ? 00:00:00 /usr/lib/courier/courier-authlib/authdaemond
root 13318 1 0 Feb27 ? 00:00:00 /usr/sbin/courierlogger -pid=/var/run/courier/imapd.pid -start -name=imapd /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=20 -nodnslookup -noidentlookup 143 /usr/lib/courier/courier/imaplogin /usr/bin/imapd Maildir
root 13319 13318 0 Feb27 ? 00:00:00 /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=20 -nodnslookup -noidentlookup 143 /usr/lib/courier/courier/imaplogin /usr/bin/imapd Maildir
root 13374 1 0 Feb27 ? 00:00:00 /usr/sbin/courierlogger -pid=/var/run/courier/imapd-ssl.pid -start -name=imapd-ssl /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=20 -nodnslookup -noidentlookup 993 /usr/bin/couriertls -server -tcpd /usr/lib/courier/courier/imaplogin /usr/bin/imapd Maildir
root 13375 13374 0 Feb27 ? 00:00:00 /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=20 -nodnslookup -noidentlookup 993 /usr/bin/couriertls -server -tcpd /usr/lib/courier/courier/imaplogin /usr/bin/imapd Maildir
root 30095 30074 0 08:34 pts/1 00:00:00 grep courier




If all above is okay, then it may be a problem with your Squirrelmail setup (http://flurdy.com/docs/postfix/#config-extra-webmail).
Check empty spaces in squirrelmail mysql setup. More details in test section (http://flurdy.com/docs/postfix/#test).
Email folders do not exist

Mentioned many times in this guide and forums.


Answers:

Have they received an email?
If not they you can not log into squirrelmail as the email folders will not yet exist. When receiving their first email, postfix will create all the neccessary folders. If it does not your postfix setup is broken.
user dir's are made see above.

Greetz

flurdy
February 28th, 2010, 11:09 PM
@jvdl85

Your setup certainly seems fine.
And the fact that the mail folders are created when receiving emails and that you can send indicates postfix is fine.

The courier bit also seems correct...


The only thing I would check is the sql logs. What happens there when you try to login read emails via imap?

q.dinar
March 1st, 2010, 05:01 PM
i have question. i know that ssl works when i use squirrelmail. how can i know whether it works between mail servers when they send mail with smtp protocol. if i send message to a server that does not support ssl, do i see in log that mail is sent without ssl.
if target server does not trust my certificate, it can refuse mail or accept it anyway? can it ask to get it unciphered instead of getting it untrusted?

oziemike
March 2nd, 2010, 11:21 AM
Flurdy

I would certainly appreciate any pointers from my entry about 3 posts back, if you have the time??

Mike

fade2gray
March 2nd, 2010, 03:12 PM
I've been considering upgrading from 8.04 to 9.10.

Is this possible without breaking my mailserver?

I will be making a PING image of the system drive before attempting, but which files should I backup for an easy setup should I find it necessary to perform a clean install?

Thanks.

tiercel
March 3rd, 2010, 04:34 AM
< < < SOLVED! ...well, at least working. Feedback certainly appreciated, see below > > >

Okay... I'm going mad with a problem that crops up for me after the basic part of the setup.

I've worked through the tutorial up through Courier, and am testing the basic mail server. I can successfully telnet localhost 25 to send a mail to a recipient on the machine. When I attempt to telnet mymachine 25 from anywhere else, the telnet just hangs and eventually times out.

I can SSH into mymachine just fine from the outside world so it's presumably not some kind of DNS issue (I'm using ddclient + DynDNS to route to my DMZ'd machine behind a DSL router).

I figured maybe this was a firewall issue of some sort but if I use mymachine to surf to www.canyouseeme.org, it reports to mymachine that it can see port 25 just fine. Furthermore, /var/log/syslog or mail.log cheerfully reports a SMTP port connection from www.no-ip.com:


postfix/smtpd[14144]: connect from www.no-ip.com[204.16.252.112]
postfix/smtpd[14144]: lost connection after CONNECT from www.no-ip.com[204.16.252.112]
postfix/smtpd[14144]: disconnect from www.no-ip.com[204.16.252.112]

Whatever they are doing is apparently able to connect just fine to the SMTP port, but telnet can't. I tried deactivating shorewall altogether (and deactivating ufw as well, in case that was blocking anything) and got the same result. (Needless to say, actually sending email to a user@mymachine results in said email vanishing into a black hole, unless I sent it from mymachine using telnet localhost.)

I'm really bamboozled. This guide to setting up a mail server looks great, I just can't figure out what I've done wrong / haven't done that would result in an error like this.

Appreciate any help you can offer! Thanks.

----------

< < < EDIT: Solution > > >

Gahhhh. I guess this is what I get for trusting blindly in web-based port testers... it looks like it's just the "your ISP is blocking port 25 thing." I changed the incoming port to 2525 and it seems to be accessible now. I don't know if this is the cleanest way to solve this problem -- I've heard different chatter about using 587 or enforcing secure SMTP so I'm certainly still open to suggestions/criticism!

What I did:

Open Shorewall port 2525: edit /etc/shorewall/rules, add:


#Accept from anyone on the net
ACCEPT net $FW tcp 2525

Get Postfix to listen on port 2525: edit /etc/postfix/master.cf, change:


smtp inet n - - - - smtpdto
2525 inet n - - - - smtpd

Get DynDNS MailHop Relay to relay incoming mail to port 2525.

mcfly1204
March 10th, 2010, 10:43 PM
I was struggling to get SASL working, and then noticed that the following command would simply hang.

telnet localhost 25
I proceeded to copy over my existing main.cf file with main.cf.debian, made all changes noted in the walkthrough, and the above command continues to hang. I can view the following in mail.log.

Mar 10 16:40:50 host4 postfix/smtpd[5030]: warning: SASL per-process initialization failed: generic failure
Mar 10 16:40:50 host4 postfix/smtpd[5030]: fatal: SASL per-process initialization failed
Mar 10 16:40:51 host4 postfix/master[4679]: warning: process /usr/lib/postfix/smtpd pid 5030 exit status 1
Mar 10 16:40:51 host4 postfix/master[4679]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

**edit**
Added main.cf and master.cf for reference.

dcstar
March 12th, 2010, 06:12 AM
A general question:
Is there a version of the tutorial for 8.04 that describes how to set up an outgoing only mail server? (Ideally for ppl who have comcast or verizon as their ISP?)


Ubuntu comes with an "outgoing" mail server installed by default - postfix.

All you may need to do is:

sudo dpkg-reconfigure postfix
and make sure it is set to "Internet", then edit the /etc/postfix/main.cf file with a relayhost (if you want your ISP's SMTP server to do the work).

Set you mail clients to use your system for outgoing mail and it should work. Can't get much simpler than that.

lisati
March 12th, 2010, 06:15 AM
I was struggling to get SASL working, and then noticed that the following command would simply hang.

I proceeded to copy over my existing main.cf file with main.cf.debian, made all changes noted in the walkthrough, and the above command continues to hang. I can view the following in mail.log.


**edit**
Added main.cf and master.cf for reference.

Is port 25 blocked from the machine you're running the telnet command on to your server?

mcfly1204
March 12th, 2010, 02:57 PM
Is port 25 blocked from the machine you're running the telnet command on to your server?

No, port 25 is not blocked. I even ran iptables -F to flush all the rules. I feel my issue has to be connected to the two files I posted given postfix is bound to 25.

q.dinar
March 16th, 2010, 07:57 AM
i have got this error after i sent a mail:

host ***[***] said: 550 Access denied
- Invalid HELO name (See RFC2821 4.1.1.1) (in reply to MAIL FROM command)

this is mail from MAILER-DAEMON@***(mydomain).

mcfly1204
March 16th, 2010, 01:29 PM
i have got this error after i sent a mail:

host ***[***] said: 550 Access denied
- Invalid HELO name (See RFC2821 4.1.1.1) (in reply to MAIL FROM command)

this is mail from MAILER-DAEMON@***(mydomain).

Can you post a copy of your main.cf file?

q.dinar
March 16th, 2010, 06:42 PM
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = dinar-desktop
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
#mydestination = kukmara.ru, dinar-desktop, localhost.localdomain, localhost
#As we will be using virtual domains, these need to be empty. http://flurdy.com/docs/postfix/
mydestination =
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

# http://flurdy.com/docs/postfix/ :
# how long if undelivered before sending warning update to sender
delay_warning_time = 4h
# will it be a permanent error or temporary
unknown_local_recipient_reject_code = 450
# how long to keep message on queue before return as failed.
# some have 3 days, I have 16 days as I am backup server for some people
# whom go on holiday with their server switched off.
maximal_queue_lifetime = 7d
# max and min time in seconds between retries if connection failed
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
# how long to wait when servers connect before receiving rest of data
smtp_helo_timeout = 60s
# how many address can be used in one message.
# effective stopper to mass spammers, accidental copy in whole address list
# but may restrict intentional mail shots.
smtpd_recipient_limit = 16
# how many error before back off.
smtpd_soft_error_limit = 3
# how many max errors before blocking it.
smtpd_hard_error_limit = 12
# Requirements for the HELO statement
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit

# Requirements for the sender details
#smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, #reject_unauth_pipelining, permit
#smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, #reject_unauth_pipelining, permit
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit

# Requirements for the connecting server
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org

# Requirement for the recipient address
#smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, #reject_unknown_recipient_domain, reject_unauth_destination, permit
#smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, #reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service #inet:127.0.0.1:10023, permit
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit

smtpd_data_restrictions = reject_unauth_pipelining
# require proper helo at connections
smtpd_helo_required = yes
# waste spammers time before rejecting them
smtpd_delay_reject = yes
disable_vrfy_command = yes
# not sure of the difference of the next two
# but they are needed for local aliasing
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
# this specifies where the virtual mailbox folders will be located
virtual_mailbox_base = /var/spool/mail/virtual
# this is for the mailbox location for each user
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
# and their user id
virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf
# and group id
virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf
# and this is for aliases
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
# and this is for domain lookups
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
# this is how to connect to the domains (all virtual, but the option is there)
# not used yet
# transport_maps = mysql:/etc/postfix/mysql_transport.cf

#http://flurdy.com/docs/postfix/
content_filter = amavis:[127.0.0.1]:10024

#http://flurdy.com/docs/postfix/edition5.html
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
#smtpd_sasl_path = /etc/postfix/sasl:/usr/lib/sasl2
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =

#http://flurdy.com/docs/postfix/edition5.html#conf_auth
#smtpd_use_tls = yes
#smtpd_tls_cert_file = /etc/postfix/postfix.cert
#smtpd_tls_key_file = /etc/postfix/postfix.key
#smtpd_data_restrictions = reject_unauth_pipelining

#http://flurdy.com/docs/postfix/#config-secure-auth
# TLS parameters
#smtp_use_tls = no
smtp_tls_security_level = may
#smtpd_use_tls=yes
smtpd_tls_security_level = may
#smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
#smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_tls_cert_file = /etc/postfix/postfix.cert
smtpd_tls_key_file = /etc/postfix/postfix.key
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

lisati
March 16th, 2010, 11:06 PM
i have got this error after i sent a mail:

host ***[***] said: 550 Access denied
- Invalid HELO name (See RFC2821 4.1.1.1) (in reply to MAIL FROM command)

this is mail from MAILER-DAEMON@***(mydomain).

What this says to me is that the receiving system thinks that your system is introducing itself in a way that the receiving system doesn't like. I had a look at the main.cf file you posted, and suspect the following line might need to be changed (someone else might be able to confirm or correct):

myhostname = dinar-desktop
On my system I have it set to reflect the name people would use in email addresses and when accessing my website.

steev182
March 24th, 2010, 11:26 PM
I'm unable to connect using IMAP, what could I have done wrong?


Mar 24 22:20:10 sweb00 authdaemond: received auth request, service=imap, authtype=login
Mar 24 22:20:10 sweb00 authdaemond: authmysql: trying this module
Mar 24 22:20:10 sweb00 authdaemond: authmysqllib: connected. Versions: header 50075, client 50083, server 50137
Mar 24 22:20:10 sweb00 authdaemond: SQL query: SELECT id, "", clear, uid, gid, home, concat(home,'/',maildir), "", name, "" FROM users WHERE id = 'steve' AND (enabled=1)
Mar 24 22:20:10 sweb00 imapd: LOGIN FAILED, user=steve, ip=[my home ip]
Mar 24 22:20:10 sweb00 authdaemond: zero rows returned
Mar 24 22:20:10 sweb00 authdaemond: no password available to compare
Mar 24 22:20:10 sweb00 authdaemond: authmysql: REJECT - try next module
Mar 24 22:20:10 sweb00 authdaemond: FAIL, all modules rejected
Mar 24 22:20:15 sweb00 imapd: LOGOUT, ip=[my home ip], rcvd=63, sent=499

steev182
March 25th, 2010, 12:41 PM
I fixed one problem, logging in, I needed to change 'user' to 'name' in authdaemonrc. But now it looks like I can't send, so will look through the settings I added for SASL - AHHH

steev182
March 25th, 2010, 02:58 PM
My problem now:

Mar 25 13:55:53 sweb00 imapd-ssl: Failed to connect to socket /tmp/fam--
Mar 25 13:56:26 sweb00 imapd-ssl: last message repeated 3 times
Mar 25 13:56:26 sweb00 postfix/smtpd[27826]: warning: SASL per-process initialization failed: generic failure
Mar 25 13:56:26 sweb00 postfix/smtpd[27826]: fatal: SASL per-process initialization failed
Mar 25 13:56:27 sweb00 postfix/master[27666]: warning: process /usr/lib/postfix/smtpd pid 27826 exit status 1
Mar 25 13:56:27 sweb00 postfix/master[27666]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

mcfly1204
March 25th, 2010, 04:15 PM
My current setup consists of Exchange 2003 processing email for domain A. We have been sending/receiving for an additional domain, domain B, for a few years now, but the setup is clunky given I have distribution lists setup for the domain B email addresses.

I have setup a postfix box on the same network as the Exchange server to host email for domain B. My, I would love to say only, main issue is that I need to be able to send emails from domain A to (Exchange) to domain B (postfix). How do I go about this? Do I need appropriate DNS records for both boxes given the messages are not leaving the network?

steev182
March 25th, 2010, 06:59 PM
OK, Here are my config files, if another set of eyes can look and see what I've done wrong...

main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# SASL
smtpd_sasl_auth_enable = yes
# If your potential clients use Outlook Express or other older clients
# this needs to be set to yes
broken_sasl_auth_clients = no
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =

# TLS parameters
#smtp_use_tls = no
smtp_tls_security_level = may
#smtpd_use_tls=yes
smtpd_tls_security_level = may
#smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mail.stevemulcahy.co.uk
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = stevemulcahy.co.uk
local_recipient_maps =
mydestination =
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
mynetworks_style = host
# how long if undelivered before sending warning update to sender
delay_warning_time = 4h
# will it be a permanent error or temporary
unknown_local_recipient_reject_code = 450
# how long to keep message on queue before return as failed.
# some have 3 days, I have 16 days as I am backup server for some people
# whom go on holiday with their server switched off.
maximal_queue_lifetime = 7d
# max and min time in seconds between retries if connection failed
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
# how long to wait when servers connect before receiving rest of data
smtp_helo_timeout = 60s
# how many address can be used in one message.
# effective stopper to mass spammers, accidental copy in whole address list
# but may restrict intentional mail shots.
smtpd_recipient_limit = 16
# how many error before back off.
smtpd_soft_error_limit = 3
# how many max errors before blocking it.
smtpd_hard_error_limit = 12
# Requirements for the HELO statement
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
# Requirements for the sender details
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
# Requirement for the recipient address
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit
smtpd_helo_required = yes
# waste spammers time before rejecting them
smtpd_delay_reject = yes
disable_vrfy_command = yes
# not sure of the difference of the next two
# but they are needed for local aliasing
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
# this specifies where the virtual mailbox folders will be located
virtual_mailbox_base = /var/spool/mail/virtual
# this is for the mailbox location for each user
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
# and their user id
virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf
# and group id
virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf
# and this is for aliases
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
# and this is for domain lookups
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
# this is how to connect to the domains (all virtual, but the option is there)
# not used yet
# transport_maps = mysql:/etc/postfix/mysql_transport.cf
content_filter = amavis:[127.0.0.1]:10024


master.cf:

#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - - - - smtpd
submission inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
# if you do not want to restrict it encryption only, comment out next line
#-o smtpd_tls_auth_only=yes
# -o smtpd_tls_security_level=encrypt
# -o header_checks=
# -o body_checks=
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject_unauth_destination,reject
-o smtpd_sasl_security_options=noanonymous,noplaintex t
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject
-o smtpd_sasl_security_options=noanonymous,noplaintex t
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
-o content_filter=
-o receive_override_options=no_header_body_checks
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ================================================== ==================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ================================================== ==================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_ unknown_recipient_checks


smtpd.conf:

pwcheck_method: saslauthd
mech_list: plain login cram-md5 digest-md5
log_level: 7
allow_plaintext: true
auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: mail
sql_passw : ------
sql_database: maildb
sql_select: select crypt from users where id='%u@%r' and enabled = 1

Any ideas?

fernandoch
March 26th, 2010, 12:46 AM
Can this tutorial be used for a home mail server for testing? What do I need? Does it work with a static IP that I have at home?

I have a domain registered, but then what? Should I create this smtp.domain.name?

Can anyone give me answers to these questions?

Thank you.

q.dinar
March 26th, 2010, 12:30 PM
yes, it work with static ip. your domain should have mx record pointing to your ip.
"smtp." subdomain is not needed if main domain points with "mx" to your ip. (main domain can point with "A" record to other ip or to your ip. also any subdomain can point to different ips with A and Mx , A to serve sites, MX to serve mail.)

q.dinar
March 28th, 2010, 12:46 PM
another error when 10 mb mail sent to me:

Mar 28 15:02:59 dinar-desktop postfix/smtpd[7681]: connect from forward9.mail.yandex.net[77.88.61.48]
Mar 28 15:03:00 dinar-desktop postfix/smtpd[7681]: lost connection after EHLO from forward9.mail.yandex.net[77.88.61.48]
Mar 28 15:03:00 dinar-desktop postfix/smtpd[7681]: disconnect from forward9.mail.yandex.net[77.88.61.48]
Mar 28 15:06:20 dinar-desktop postfix/anvil[7684]: statistics: max connection rate 1/60s for (smtp:77.88.61.48) at Mar 28 15:02:59
Mar 28 15:06:20 dinar-desktop postfix/anvil[7684]: statistics: max connection count 1 for (smtp:77.88.61.48) at Mar 28 15:02:59
Mar 28 15:06:20 dinar-desktop postfix/anvil[7684]: statistics: max cache size 1 at Mar 28 15:02:59
Mar 28 15:16:15 dinar-desktop postfix/smtpd[7728]: connect from forward9.mail.yandex.net[77.88.61.48]
Mar 28 15:16:16 dinar-desktop postfix/smtpd[7728]: lost connection after EHLO from forward9.mail.yandex.net[77.88.61.48]
Mar 28 15:16:16 dinar-desktop postfix/smtpd[7728]: disconnect from forward9.mail.yandex.net[77.88.61.48]

harrysand
April 1st, 2010, 01:53 AM
Im trying to follow this guide and ran into a problem when installing SASL. I was having trouble working with my repositories, could that be the problem?

Ran this.

:~$ sudo apt-get install libsasl2-modules libsasl2-modules-sql libgsasl7 \ libauthen-sasl-cyrus-perl sasl2-bin libpam-mysql
Reading package lists... Done
Building dependency tree
Reading state information... Done
libsasl2-modules is already the newest version.
E: Couldn't find package libauthen-sasl-cyrus-perl


Here is my sources.list file.

#
# deb cdrom:[Ubuntu-Server 9.10 _Karmic Koala_ - Release i386 (20091027.2)]/ karmic main restricted

#deb cdrom:[Ubuntu-Server 9.10 _Karmic Koala_ - Release i386 (20091027.2)]/ karmic main restricted
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.

deb http://us.archive.ubuntu.com/ubuntu/ karmic main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ karmic main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://us.archive.ubuntu.com/ubuntu/ karmic-updates main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ karmic-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://us.archive.ubuntu.com/ubuntu/ karmic universe
deb-src http://us.archive.ubuntu.com/ubuntu/ karmic universe
deb http://us.archive.ubuntu.com/ubuntu/ karmic-updates universe
deb-src http://us.archive.ubuntu.com/ubuntu/ karmic-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://us.archive.ubuntu.com/ubuntu/ karmic multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ karmic multiverse
deb http://us.archive.ubuntu.com/ubuntu/ karmic-updates multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ karmic-updates multiverse

## Uncomment the following two lines to add software from the 'backports'
## repository.
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
# deb http://us.archive.ubuntu.com/ubuntu/ karmic-backports main restricted universe multiverse
# deb-src http://us.archive.ubuntu.com/ubuntu/ karmic-backports main restricted universe multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
deb http://archive.canonical.com/ubuntu karmic partner
deb-src http://archive.canonical.com/ubuntu karmic partner

deb http://security.ubuntu.com/ubuntu karmic-security main restricted
deb-src http://security.ubuntu.com/ubuntu karmic-security main restricted
deb http://security.ubuntu.com/ubuntu karmic-security universe
deb-src http://security.ubuntu.com/ubuntu karmic-security universe
deb http://security.ubuntu.com/ubuntu karmic-security multiverse
deb-src http://security.ubuntu.com/ubuntu karmic-security multiverse

lucaspr
April 20th, 2010, 09:53 PM
I'm going read the whole thread if this question is already asked.. If that is the case sorry I asked ;)

But is it possible to forget about local users and just deliver all scanned mail to an exchange 2003 server? If so.. How?

BTW, thanx for the GREAT HOwTO!!

candoyo
April 24th, 2010, 06:26 AM
Hi Flurdy and everyone else!

Thanks a lot of writing this amazing guide. I really appreciate, it will make my life a lot easier :)

I have installed the AMI image into my AWS account. I have installed flurdy-amis/ubuntu-mail-server-webmail.
I can access phpmyadmin via the internet. But, I am not sure what's the user name and password for phpmyadmin? I also logged into the server via ssh but was not able to run mysqladmin command. It said I didn't have enough privileges to access mysqladmin. But I am logged in as root... why cant I use mysqladmin?

Any help wold be highly appreciated. Thanks again for the great work :)

-Shaq

candoyo
April 24th, 2010, 06:38 AM
Hi Flurdy and everyone else!

Thanks a lot of writing this amazing guide. I really appreciate, it will make my life a lot easier

I have installed the AMI image into my AWS account. I have installed flurdy-amis/ubuntu-mail-server-webmail.
I can access phpmyadmin via the internet. But, I am not sure what's the user name and password for phpmyadmin? I also logged into the server via ssh but was not able to run mysqladmin command. It said I didn't have enough privileges to access mysqladmin. But I am logged in as root... why cant I use mysqladmin?

Any help wold be highly appreciated. Thanks again for the great work

-Shaq

DonGonzo
May 3rd, 2010, 08:23 AM
Update:
This courier issue was resolved for me by editing /etc/courier/authmysqlrc


MYSQL_HOME_FIELD "/var/spool/mail/virtual"
...
MYSQL_MAILDIR_FIELD CONCAT(home,'/',maildir)


I seriously hope this helps someone else, it was driving me nuts.
/Update



Hello Flurdy et al,

I am having a problem identical to jvdl85. I have been stuck on it for a few hours now and haven't found a satisfactory answer... Postfix works, it created the directories, mail is in the directory &c &c.

The last I saw you mention to jvdl was to check mysql logs-



# tail /var/log/mysql/mysql.log
149 Query SHOW TABLES
149 Query SHOW FULL FIELDS IN `Permission`
149 Query SHOW COLLATION LIKE 'utf8_general_ci'
149 Query SHOW FULL FIELDS IN `Member`
149 Query SELECT `Member`.*, `Member`.ID, if(`Member`.ClassName,`Member`.ClassName,'Member') AS RecordClassName FROM `Member` WHERE (Member.ID = 1) ORDER BY Surname, FirstName LIMIT 1
149 Query UPDATE Member SET LastVisited = NOW() WHERE ID = 1
149 Quit
100503 0:11:10 150 Connect user@hostname on
150 Init DB mail_database
150 Query SELECT id, crypt, "", uid, gid, home, "", "", name, "" FROM users WHERE id = 'user@domain.ext'




#tail /var/log/mail.log
host authdaemond: received auth request, service=imap, authtype=login
host authdaemond: authmysql: trying this module
host authdaemond: SQL query: SELECT id, crypt, "", uid, gid, home, "", "", name, "" FROM users WHERE id = 'address@domain.ext'
host authdaemond: password matches successfully
host authdaemond: authmysql: sysusername=<null>, sysuserid=5000, sysgroupid=5000, homedir=/var/spool/mail/virtual, address=address@domain.ext, fullname=name, maildir=<null>, quota=<null>, options=<null>
host authdaemond: Authenticated: sysusername=<null>, sysuserid=5000, sysgroupid=5000, homedir=/var/spool/mail/virtual, address=address@domain.ext, fullname=name, maildir=<null>, quota=<null>, options=<null>
host imapd: chdir Maildir: No such file or directory


Any advice you can give me would be much appreciated! If any more information is needed, please let me know.


Thanks in advance,
Gonzo

kelrune
May 13th, 2010, 03:04 AM
I have set up my apache2 server and my SquirrelMail. as well as the many things i have seen in the first post. but i am running into the issue when i try and view it through a web browser. i cant seam to set up my SSL mod to get it running. any thoughts?

flemmingbjerke
May 14th, 2010, 12:43 PM
Works fine on debian. Two problems with SASL that should be relevant for ubuntu, too (at least 2):

1. The one problem is described here:
http://isp-control.net/forum/thread-8381-post-65998.html#pid65998
I had to remove:
check_policy_service inet:127.0.0.1:10023,
from:
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit

2. There may no be blanks af the variables in:
/etc/postfix/sasl/smtpd.conf

Finally, it is not clear TLS-encryption of sending requires SASL? I have earlier sat up TLS, but then I could not receive mails from other mailservers that did not like TLS-authentication. As Ivar writes:

"For the encryption of reading emails, it is Courier you need to configure. For sending, and beetwen server encryption it is Postfix."

It could be nice to have a description of how to set up encrypted sending without between server encryption.

But, thank you, for the nice howto!

flemmingbjerke
May 14th, 2010, 12:51 PM
....
Ran this.

:~$ ....
E: Couldn't find package libauthen-sasl-cyrus-perl

...

Yes, I had the same strange problem on debian. I ran:
aptitude search libauthen
and indeed the packet was in the repository. I copied the name of the package of from prompt in order to run
aptitude install libauthen-sasl-cyrus-perl
And: no problem! I think there must be some hidden code in the howto.

Mckormick
June 18th, 2010, 12:56 PM
Hi - all.. Thanks for the great guide, I have everything working except SMTP/SASL.

I think I am getting the same problem as Mcfly1204 was a few posts back:


Jun 18 13:41:29 de1 postfix/smtpd[24493]: connect from xxx
Jun 18 13:41:29 de1 postfix/smtpd[24493]: warning: SASL authentication failure: no secret in database
Jun 18 13:41:29 de1 postfix/smtpd[24493]: warning: xxx: SASL CRAM-MD5 authentication failed: authentication failure

I've checked and double checked all config against the guide. I think there may be a typo in the 10.04 version where in /etc/postfix/sasl/smtpd.conf


sql_passw: mailPASSWORD

should be


sql_passwd: mailPASSWORD

I've changed this but no luck.

Mcfly1204 - did you resolve this? Sorry if I missed the fix.

Thanks!

flurdy
June 18th, 2010, 01:06 PM
I think there may be a typo in the 10.04 version where in /etc/postfix/sasl/smtpd.conf


sql_passw: mailPASSWORD

should be


sql_passwd: mailPASSWORD



Hi,
sql_passw is the correct parameter, even if the other (sql_passwd) makes more sense. However I think both may even be supported now.

Mckormick
June 18th, 2010, 02:01 PM
ah ok, I'd just seen it as sql_passwd on other guides so I guess both are supported.

I changed it back but have the same issue. I can send email with no encrypted authentication but if I select encrypted in Thunderbird I cannot. I have a tail on mysql.log which doesn't seem to get hit so I don't think it is getting that far. My config is:



sudo adduser postfix sasl
The user `postfix' is already a member of `sasl'.

main.cf


smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks,warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain,reject_unauth_pipelin ing, permit

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

...

# SASL
smtpd_sasl_auth_enable = yes
# If your potential clients use Outlook Express or other older clients
# this needs to be set to yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =

# TLS parameters
#smtp_use_tls = no
smtp_tls_security_level = may
#smtpd_use_tls=yes
smtpd_tls_security_level = may
#smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_sasl_authenticated_header = yes


master.cf

smtp inet n - - - - smtpd
submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject_unauth_destination,reject
-o smtpd_sasl_security_options=noanonymous,noplaintex t
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject
-o smtpd_sasl_security_options=noanonymous,noplaintex t
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING


/etc/default/saslauthd


DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="pam"
MECH_OPTIONS=""pwcheck_method: saslauthd
mech_list: plain login cram-md5 digest-md5
log_level: 7
allow_plaintext: true
auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: mail
sql_passw: MY_MAIL_PASS
sql_database: maildb
sql_select: select crypt from users where id='%u@%r' and enabled = 1
THREADS=5
OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd"


/etc/pam.d/smtp

auth required pam_mysql.so user=mail passwd=PASSWORD host=127.0.0.1 db=maildb table=users usercolumn=id passwdcolumn=crypt crypt=1
account sufficient pam_mysql.so user=mail passwd=PASSWORD host=127.0.0.1 db=maildb table=users usercolumn=id passwdcolumn=crypt crypt=1


A tail on auth.og only shows


Jun 18 14:33:04 de1 postfix/smtpd[24787]: sql auxprop plugin using mysql engine

Again it doesn't get hit when I attempt to log on - the only change in the tailed logs is in mail.log



Jun 18 12:04:21 de1 postfix/smtpd[21601]: connect from xxx
Jun 18 12:04:21 de1 postfix/smtpd[21601]: warning: SASL authentication failure: no secret in database
Jun 18 12:04:21 de1 postfix/smtpd[21601]: warning: xxx: SASL CRAM-MD5 authentication failed: authentication failure
Jun 18 12:04:21 de1 postfix/smtpd[21601]: disconnect from xxx

Any help you can give would be great. Thanks!

flurdy
June 18th, 2010, 02:24 PM
Ps. You should mask you pw in the /etc/pam.d/smtp part of your post :)

And was your post of the /etc/default/saslauthd merged with /etc/postfix/sasl/smtpd.conf?

Mckormick
June 18th, 2010, 02:49 PM
oops! :redface:

The /etc/default/saslauthd is actually


DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="pam"
MECH_OPTIONS=""
mech_list: plain login cram-md5 digest-md5
log_level: 7
allow_plaintext: true
auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: mail
sql_passw: MY_MAIL_PASS
sql_database: maildb
sql_select: select crypt from users where id='%u@%r' and enabled = 1
THREADS=5
OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd"

The version in the post above was just cuz of a problem with my mouse button 3 (keeps pasting when rolling!) ](*,)

I've got a bit further now - I removed


smtpd_sasl_authenticated_header = yes

from main.cf and now from Thunderbird it works with these settings:


Port: 465
Secure Authentication: No
Connection Security: SSL/TLS

I'm not sure if this means it is working or whether I need to have


Secure Authentication: Yes

If I switch it to yes it no longer works.

Thanks!

flurdy
June 18th, 2010, 02:56 PM
:p

Any particular reason for why you have the contents of /etc/postfix/sasl/smtpd.conf in the middle of /etc/default/saslauthd ?? :confused:

Mckormick
June 18th, 2010, 03:05 PM
Yes - because I need to buy a new mouse with a wheel that doesn't paste when I spin it :p


DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd"


mech_list: plain login cram-md5 digest-md5
log_level: 7
allow_plaintext: true
auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: mail
sql_passw: MY_MAIL_PASS
sql_database: maildb
sql_select: select crypt from users where id='%u@%r' and enabled = 1

mcfly1204
June 20th, 2010, 05:10 PM
I have not had any luck with resolving that issue. At this point, I am waiting for the next edition of the guide in hopes that I can start from the beginning and work my way through it successfully.

tahiriman
June 21st, 2010, 04:11 PM
Hello,

How can i create other folder for sent, trash, drafts, ... mails in the maildir and onfigure courier imap to use them.

Thanks in advance

tahiriman
June 22nd, 2010, 09:39 AM
No idea?!!

oziemike
July 3rd, 2010, 07:00 AM
I have started again, this time using Ubuntu Server 10.04. I need to replace my old Ubuntu 6.06 server before the support runs out. I have set this one up on the bench to get it going before the swap over. I am getting the following error when trying to login from roundcube.

I did copy all the mail directories over from the old server and checked permissions etc, but keep getting this:

Jul 3 14:54:48 mail authdaemond: Installing libauthmysql
Jul 3 14:54:48 mail authdaemond: Installation complete: authmysql
Jul 3 14:54:49 mail postfix/master[1730]: daemon started -- version 2.7.0, configuration /etc/postfix
Jul 3 14:56:10 mail imapd-ssl: Connection, ip=[::1]
Jul 3 14:56:10 mail authdaemond: received auth request, service=imap, authtype=cram-md5
Jul 3 14:56:10 mail authdaemond: authmysql: trying this module
Jul 3 14:56:10 mail authdaemond: cram: challenge=PDFENDE0Q0M1REU3NDk2RjFDMjBDMUZFRkU4NTE1 QTA3QG1haWwudGJwbC5jb20uYXU+, response=b3ppZW1pa2VAdGJwbC5jb20uYXUgZDA0NmM2MmE0Y Tg2MDVhYmU2MzFlZTkyZGVkY2IwNTE=
Jul 3 14:56:10 mail authdaemond: cram: decoded challenge/response, username 'oziemike@tbpl.com.au'
Jul 3 14:56:10 mail authdaemond: authmysqllib: connected. Versions: header 50137, client 50141, server 50141
Jul 3 14:56:10 mail authdaemond: SQL query: SELECT id, crypt, "", uid, gid, "/var/spool/mail/virtual", CONCAT(home,'/',maildir), "", name, "" FROM users WHERE id = 'oziemike@tbpl.com.au' AND (enabled=1)
Jul 3 14:56:10 mail authdaemond: authmysql: REJECT - try next module
Jul 3 14:56:10 mail authdaemond: FAIL, all modules rejected
Jul 3 14:56:10 mail imapd-ssl: LOGIN FAILED, method=CRAM-MD5, ip=[::1]
Jul 3 14:56:15 mail imapd-ssl: Disconnected, ip=[::1], time=5, starttls=1

Roundcube naturally reports that the login failed.

Any help would be seriously appreciated.

Mike

Ontolog
July 15th, 2010, 12:29 AM
There is a pretty major problem with the way MySQL's ENCRYPT() function is being used in conjunction with the mail server setups. Actually I had to revert to using the plaintext password for both Postfix and Courier. In the case of Postfix I also had to restrict the AUTH types to 'LOGIN' because programs that were using CRAM-MD5 were failing authentication. One major problem here is that ENCRYPT is using whatever the OS's low-level crypt() is which can be anything. Furthermore since we are not supplying any salt, the salt is random! So now we can't reproduce the crypted string since we don't know the salt.

http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html#function_encrypt

liquid1911
July 16th, 2010, 04:37 PM
Did this just change with MySQL? I've spent the better part of 2 days pulling my hair out trying to understand *** was going on. I have it working fine on 9.10 and 9.04 boxes, but 10.04 boxes get no love.

Ontolog
July 16th, 2010, 04:48 PM
Did this just change with MySQL? I've spent the better part of 2 days pulling my hair out trying to understand *** was going on. I have it working fine on 9.10 and 9.04 boxes, but 10.04 boxes get no love.

It could very well be a difference in the way MySQL's ENCRYPT() worked in previous versions of Ubuntu vs. the way it works on 10.04. Again, since MySQL's ENCRYPT()'s behavior depends on the lower-level crypt() call, it can not be used reliably (unless you know exactly what crypt() is doing, you store your salt, etc).

Solutions:

a) Fall back to using the 'clear' field and switching passwords to cleartext in both Postfix and Courier. As long as you have TLS or SSL setup then the password won't be traveling over the network in cleartext. This is what I am doing.

b) Make a proper hash of the password and store that. Maybe use CRAM-MD5 for Postfix since that is pretty standard. Not sure what the standard hashing algorithms are for Courier. If I could choose any I would choose SHA-256 with random salt, and store the salt in the database along with the password to protect against rainbow table attacks.

:popcorn:

Ontolog
July 19th, 2010, 08:35 PM
UPDATE: Actually I took out the 'crypt' column from the 'users' table since I thought I no longer needed it. In fact Postfix is still using this column and authentication was failing without it. So I guess my own understanding of the situation is lacking! LOL :( but still, I had to turn off CRAM-MD5 to get the SMTP server to work with some clients.

liquid1911
July 23rd, 2010, 08:00 PM
Its definitely something wrong with 10.04. i followed the guide to a T, two or three times, same exact issue with the CRAM-MD5. I wiped the VM and stuck 9.10 on there, works perfectly fine with the guide. I too am lost as to what on earth is causing the crpyto to break, but something is.

matheszabi
July 25th, 2010, 03:28 AM
I have installed an Ubuntu 10.4. I want to install a mail server to this machine.
I have google -it 2h and I didn't find a free Linux mail server all in one pack!
I need to install like 7-10 software and configure properly, test it, which I can't from the first try, for sure. I don't want to became administrator, I hate this job.

Is there any mail server bundle with free software like XAMP for web developers?

flurdy
July 25th, 2010, 04:12 PM
Hello,

How can i create other folder for sent, trash, drafts, ... mails in the maildir and onfigure courier imap to use them.

Thanks in advance

Well I think it is more down to the mail client you use on top of courier. It is them that move/copy emails to sent,trash etc.

So e.g. if you run squirrelmail on top of courier then the option to create special folders must be true, which I believe it is by default.

However if your intention are not to use the default names, then you should tweak the IMAP_TRASHFOLDERNAME in /etc/courier/imapd and in your mail gui for all the default special folders.

Hope that answers your question?

flurdy
July 25th, 2010, 04:17 PM
Its definitely something wrong with 10.04. i followed the guide to a T, two or three times, same exact issue with the CRAM-MD5. I wiped the VM and stuck 9.10 on there, works perfectly fine with the guide. I too am lost as to what on earth is causing the crpyto to break, but something is.

Ill look into this issue as well as I am trying to help oziemike with this specific issue.

My main servers are still running 9.10, due to no time to migrate them yet, so I may not have tested the 10.04 properly. :0 However when I set up a 10.04 test server (the ec2 AMIs) I did not encounter any problems.

zoo0828
July 31st, 2010, 08:49 AM
Hi, guys,

it might be a stupid question but it bothers me so much.

I followed this guide setting up a mail server serving multiple virtual domains, say:
domain1.com, domain2.com, domain3.com

but as for these hostnames: what name should I use?
/etc/hostname
/etc/mailname
$myhostname inside /etc/postfix/main.cf

and consequently, what EHLO will postfix submit while sending out emails to external domains?

Any ideas and thoughts will be appreciated.

wangkeit
July 31st, 2010, 09:04 AM
how to connect the C programming language into MYSQL database..???

flurdy
July 31st, 2010, 10:22 AM
Hi, guys,

it might be a stupid question but it bothers me so much.

I followed this guide setting up a mail server serving multiple virtual domains, say:
domain1.com, domain2.com, domain3.com

but as for these hostnames: what name should I use?
/etc/hostname
/etc/mailname
$myhostname inside /etc/postfix/main.cf

and consequently, what EHLO will postfix submit while sending out emails to external domains?

Any ideas and thoughts will be appreciated.


There is no "right" answer, but you need to pick which is your "main" or infrastructure domain name, e.g. domain1.com, as the mail server will only respond with one fully qualified name.

Then choose a desired name for the server and set hostname as eg. myserver.domain1.com.

Mailname and myhostname should be the same name and could reflect it is mail server so I would set them to e.g.
mail.domain1.com. If you create your own SSL certificates, this is the name to use there as well.

If the server is only used as a mail server and nothing else then /etc/hostname could be mail.domain1.com as well.

zoo0828
July 31st, 2010, 11:22 AM
Great clarification, Ivar, thanks. :-)

Since the server is the only one also hosting LAMP services, I would better set all the hostnames to say, server.domain1.com

And it's a fantastic HOWTO, keep up the excellent work.

By the way, is it possible to include a few tips while using DOVECOT over Courier?

zoo0828
July 31st, 2010, 11:33 AM
Hi, Ivar,

One more question, :-) looks like the localdomain mail is not working properly, please refers to the following log.

Thought it's probably because of the hostname settings.
Tried to add an alias entry like this
@localhost.domain1.com ---> @localhost

--------------------------------------------------------------
Jul 31 12:34:12 server postfix/qmgr[2003]: F13B965A75: from=<rivers@server.domain1.com>, size=617, nrcpt=1 (queue active)
Jul 31 12:34:33 server postfix/smtp[2028]: connect to localhost.domain1.com[218.83.175.155]:25: Connection timed out
Jul 31 12:34:33 server postfix/smtp[2028]: F13B965A75: to=<root@localhost.domain1.com>, orig_to=<root@localhost>, relay=none, delay=21, delays=0.17/0.09/21/0, dsn=4.4.1, status=deferred (connect to localhost.domain1.com[218.83.175.155]:25: Connection timed out)
--------------------------------------------------------------

eihli
August 1st, 2010, 05:59 PM
****UPDATE: FIXED****
Hopefully this will save someone else some time. Did I miss this step in the tutorial or something?
Looking back on it... this should have been a pretty easy fix.
On the last line of
/etc/courier/imapd-ssl
I changed
MAILDIRPATH=Maildir
to
MAILDIRPATH=/var/spool/mail/virtual
********************


Thanks flurdy for the tutorial

I'm having a similar, if not the same, problem as DonGonzo and jvdl85.
When I try to login, I get:
ERROR: ERROR: Connection dropped by IMAP server.

This is on 10.04

*Note: I have deleted characters from the usernames/domain names, so ignore that part of the copy/paste.

One thing I have noticed (if it makes any difference) is that if I change "MAILDIRPATH=Maildir" to "MAILDIRPATH=/var/spool/mail/virtual", then I am able to telnet to localhost:143, login, and list the folders. But, the only folder listed when i do an "a list "INBOX" "*"", it only shows as having a "SENT" folder.

Thanks ahead of time for any help.

When I try to log in to squirrelmail, here is what I get:
mail.log

Aug 1 11:33:50 server1 imapd-ssl: Connection, ip=[::1]
Aug 1 11:33:50 server1 imapd-ssl: chdir Maildir: No such file or directory
Aug 1 11:33:50 server1 imapd-ssl: adn@oga.com: No such file or directory
mysql.log

100801 11:33:50 203 Connect mail@localhost on
203 Init DB maildb
203 Query SELECT id, crypt, "", uid, gid, "/var/spool/mail/virtual", "", "", name, "" FROM users WHERE id = 'admin@owoga.com' AND (enabled=1)
Dir of /var/spool/mail/virtual/admin:

root@server1:/var/spool/mail/virtual/admin# ls -a
. .. cur new tmp
There are several messages in new.

I have tried making DonGonzo's changes to authmysqlrc. I restarted all of the courier/postfix services (Don't know if that was necessary) but I continue to get the same errors.

Here is the entire process for a new username:
After I run the insert query for a new user:
mysql.log

100801 11:42:49 164 Query INSERT INTO users (id,name,maildir,crypt) VALUES ('dli@oga.com','dli','dli/', encrypt('password') )
After I send the new account an email:
mail.log:

Aug 1 11:45:54 server1 postfix/smtpd[29816]: connect from mail-iw0-f175.google.com[209.85.214.175]
Aug 1 11:45:54 server1 postfix/smtpd[29816]: 6E5FFD8334: client=mail-iw0-f175.google.com[209.85.214.175]
Aug 1 11:45:54 server1 postfix/cleanup[29820]: 6E5FFD8334: message-id=<AANLkTi=m9=bUvr9FViFqx5tULty9teYNFdF_wdn5UOU6@mail .gmail.com>
Aug 1 11:45:56 server1 postfix/qmgr[29704]: 6E5FFD8334: from=<lokah@gmail.com>, size=1832, nrcpt=1 (queue active)
Aug 1 11:45:56 server1 postfix/virtual[29821]: 6E5FFD8334: to=<di@oa.com>, relay=virtual, delay=2.1, delays=2/0.02/0/0.06, dsn=2.0.0, status=sent (delivered to maildir)
Aug 1 11:45:56 server1 postfix/qmgr[29704]: 6E5FFD8334: removed
mysql.log:

100801 11:45:54 204 Connect mail@localhost on maildb
204 Query SELECT destination FROM aliases WHERE mail='gmail.com' and enabled = 1
205 Connect mail@localhost on maildb
205 Query SELECT domain FROM domains WHERE domain='gmail.com' and enabled = 1
204 Query SELECT destination FROM aliases WHERE mail='oo.com' and enabled = 1
205 Query SELECT domain FROM domains WHERE domain='oga.com' and enabled = 1
206 Connect mail@localhost on maildb
206 Query SELECT destination FROM aliases WHERE mail='dli@oga.com' and enabled = 1
206 Query SELECT destination FROM aliases WHERE mail='dli' and enabled = 1
206 Query SELECT destination FROM aliases WHERE mail='@oa.com' and enabled = 1
207 Connect mail@localhost on maildb
207 Query SELECT maildir FROM users WHERE id='d@ga.com' and enabled = 1
208 Connect mail@localhost on maildb
208 Query SELECT destination FROM aliases WHERE mail='di@oa.com' and enabled = 1
Dir of /var/spool/mail/virtual:

root@server1:/var/spool/mail/virtual/d# ls -a
. .. cur new tmp
root@server1:/var/spool/mail/virtual/dli# cd new
root@server1:/var/spool/mail/virtual/dli/new# ls
1280681156.Vca01I1305f9M447310.server1.oa.com
When I try to login to SquirrelMail:
ERROR: ERROR: Connection dropped by IMAP server.

mail.log after trying to login:

Aug 1 11:45:56 server1 postfix/qmgr[29704]: 6E5FFD8334: removed
Aug 1 11:46:26 server1 postfix/smtpd[29816]: disconnect from mail-iw0-f175.google.com[209.85.214.175]
Aug 1 11:49:46 server1 postfix/anvil[29818]: statistics: max connection rate 1/60s for (smtp:209.85.214.175) at Aug 1 11:45:54
Aug 1 11:49:46 server1 postfix/anvil[29818]: statistics: max connection count 1 for (smtp:209.85.214.175) at Aug 1 11:45:54
Aug 1 11:49:46 server1 postfix/anvil[29818]: statistics: max cache size 1 at Aug 1 11:45:54
Aug 1 11:50:07 server1 imapd-ssl: Connection, ip=[::1]
Aug 1 11:50:07 server1 imapd-ssl: chdir Maildir: No such file or directory
Aug 1 11:50:07 server1 imapd-ssl: di@o.com: No such file or directory
mysql.log after trying to login:

100801 11:50:07 210 Connect mail@localhost on
210 Init DB maildb
210 Query SELECT id, crypt, "", uid, gid, home, "", "", name, "" FROM users WHERE id = 'li@a.com' AND (enabled=1)
Telnet to localhost:143:

root@server1:/var/log# telnet localhost 143
Trying ::1...
Connected to localhost.localdomain.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready. Copyright 1998-2008 Double Precision, Inc. See COPYING for distribution information.
a login di@oa.com password
* BYE [ALERT] Fatal error: No such file or directory: No such file or directory
Connection closed by foreign host.

flurdy
August 2nd, 2010, 03:16 PM
Hi, Ivar,

One more question, :-) looks like the localdomain mail is not working properly, please refers to the following log.

Thought it's probably because of the hostname settings.
Tried to add an alias entry like this
@localhost.domain1.com ---> @localhost

--------------------------------------------------------------
Jul 31 12:34:12 server postfix/qmgr[2003]: F13B965A75: from=<rivers@server.domain1.com>, size=617, nrcpt=1 (queue active)
Jul 31 12:34:33 server postfix/smtp[2028]: connect to localhost.domain1.com[218.83.175.155]:25: Connection timed out
Jul 31 12:34:33 server postfix/smtp[2028]: F13B965A75: to=<root@localhost.domain1.com>, orig_to=<root@localhost>, relay=none, delay=21, delays=0.17/0.09/21/0, dsn=4.4.1, status=deferred (connect to localhost.domain1.com[218.83.175.155]:25: Connection timed out)
--------------------------------------------------------------

If you intend to receive mail as xxx@domain1.com, then make sure you list domain1.com in the domains table. And if you prefer subdomains such as localhost.domain1.com as well make sure you list localhost.domain1.com in your domains as well, but you should perhaps just alias @localhost to @domain1.com?

flurdy
August 2nd, 2010, 03:28 PM
****UPDATE: FIXED****
Hopefully this will save someone else some time. Did I miss this step in the tutorial or something?
Looking back on it... this should have been a pretty easy fix.
On the last line of
/etc/courier/imapd-ssl
I changed
MAILDIRPATH=Maildir
to
MAILDIRPATH=/var/spool/mail/virtual
********************


Thanks flurdy for the tutorial

I'm having a similar, if not the same, problem as DonGonzo and jvdl85.
When I try to login, I get:
ERROR: ERROR: Connection dropped by IMAP server.

This is on 10.04

*Note: I have deleted characters from the usernames/domain names, so ignore that part of the copy/paste.

One thing I have noticed (if it makes any difference) is that if I change "MAILDIRPATH=Maildir" to "MAILDIRPATH=/var/spool/mail/virtual", then I am able to telnet to localhost:143, login, and list the folders. But, the only folder listed when i do an "a list "INBOX" "*"", it only shows as having a "SENT" folder.

Thanks ahead of time for any help.

When I try to log in to squirrelmail, here is what I get:
mail.log

Aug 1 11:33:50 server1 imapd-ssl: Connection, ip=[::1]
Aug 1 11:33:50 server1 imapd-ssl: chdir Maildir: No such file or directory
Aug 1 11:33:50 server1 imapd-ssl: adn@oga.com: No such file or directory
mysql.log

100801 11:33:50 203 Connect mail@localhost on
203 Init DB maildb
203 Query SELECT id, crypt, "", uid, gid, "/var/spool/mail/virtual", "", "", name, "" FROM users WHERE id = 'admin@owoga.com' AND (enabled=1)

....


It seems like you have not set up authmysqlrc properly. Such as

MYSQL_MAILDIR_FIELD concat(home,'/',maildir)
because your select statement

SELECT id, crypt, "", uid, gid, "/var/spool/mail/virtual", "", "", name, "" FROM users WHERE id = 'admin@owoga.com' AND (enabled=1)
should have been more like:

SELECT id, crypt, "", uid, gid, home, concat(home,'/',maildir), "", name, "" FROM users WHERE id = 'admin@owoga.com' AND (enabled=1)

zoo0828
August 2nd, 2010, 04:29 PM
If you intend to receive mail as xxx@domain1.com, then make sure you list domain1.com in the domains table. And if you prefer subdomains such as localhost.domain1.com as well make sure you list localhost.domain1.com in your domains as well, but you should perhaps just alias @localhost to @domain1.com?

yes, that makes perfect sense, I will alias @localhost to one of the virtual domains right away. :p

Jose Miguel Samper
August 7th, 2010, 04:27 PM
Hello,

I have just followed the Flurdy tutorial to set up a complete mail server successfully.

I programmed a simple PHP web application to manage domains and accounts.

The application is attached to this message, if someone is interested.

The application is not authenticated, so it must be protected using some web server mechanism, like AuthConfig in Apache.

duceduc
August 7th, 2010, 04:57 PM
I am following the OP tutorial and I just finished the basic setup. Upon testing it via telnet, I get the followng error. Can someone tell me where to look at this point.

451 4.3.5 Server configuration error
Here is the mail.log.

Aug 8 00:40:09 web-server postfix/smtpd[2022]: connect from localhost[127.0.0.1]
Aug 8 00:40:47 web-server postfix/smtpd[2022]: warning: unknown smtpd restriction: "permit_mynetwork"
Aug 8 00:40:47 web-server postfix/smtpd[2022]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 451 4.3.5 Server configuration error; from=<info@ducsu.com> to=<mailx@hotmail.com> proto=ESMTP helo=<web-server>
Aug 8 00:41:08 web-server postfix/smtpd[2022]: lost connection after RCPT from localhost[127.0.0.1]
Aug 8 00:41:08 web-server postfix/cleanup[2027]: E58752605BF: message-id=<20100807154108.E58752605BF@mail.domain.com>
Aug 8 00:41:09 web-server postfix/smtpd[2022]: disconnect from localhost[127.0.0.1]
Aug 8 00:41:09 web-server postfix/qmgr[1944]: E58752605BF: from=<double-bounce@mail.domain.com>, size=851, nrcpt=1 (queue active)
Aug 8 00:41:09 web-server postfix/virtual[2028]: E58752605BF: to=<root@localhost>, orig_to=<postmaster>, relay=virtual, delay=0.2, delays=0.11/0.01/0/0.08, dsn=2.0.0, status=sent (delivered to maildir)
Aug 8 00:41:09 web-server postfix/qmgr[1944]: E58752605BF: removed
Aug 8 00:47:55 web-server postfix/smtpd[2139]: connect from localhost[127.0.0.1]
Aug 8 00:48:47 web-server postfix/smtpd[2139]: warning: unknown smtpd restriction: "permit_mynetwork"
Aug 8 00:48:47 web-server postfix/smtpd[2139]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 451 4.3.5 Server configuration error; from=<info@domain.com> to=<mailx@hotmail.com> proto=ESMTP helo=<web-server>


I've checked my typo in the postfix/main.cf files and I don't see anything wrong. Please help as I need this mail server setup.

Edited: I corrected my issue. There was a typo in my log highlighted in bold. Fixed it and now I am able to test telnet with success. I tested 3 emails each going to different accounts (gmail, hotmail, and yahoo).
I received test emails from gmail and yahoo but not hotmail instantly. Do I have an error somewhere or it is just a delay from hotmail's end?

MoonArrow
August 8th, 2010, 09:50 AM
Hi,

I just setup a complete server configuration using this guide and (almost) everything is working. In fact, I thought it was complete until the last test as always :)

First : Ubuntu 10.04, Postfix with MySQL backend, Courier IMAP/POP, SMTP (authentificated) but no SSL, Amavis with clamav and Postgrey.

I succeed in creating accounts, IMAP/SMTP/POP with them. Then I setup a production configuration for the production domain and the catchup alias is broken. I configure two regular accounts. The first paul is as regular as possible. The second elric is regular but I wish also that he receive the 'catchup' emails.

So I have this :

mysql> describe aliases
-> ;
+-------------+--------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-------------+--------------+------+-----+---------+----------------+
| pkid | smallint(3) | NO | PRI | NULL | auto_increment |
| mail | varchar(120) | NO | UNI | | |
| destination | varchar(120) | NO | | | |
| enabled | tinyint(1) | NO | | 1 | |
+-------------+--------------+------+-----+---------+----------------+
4 rows in set (0.00 sec)

mysql> select * from aliases;
+------+------------------------+------------------------+---------+
| pkid | mail | destination | enabled |
+------+------------------------+------------------------+---------+
| 1 | postmaster@localhost | root@localhost | 1 |
| 2 | sysadmin@localhost | root@localhost | 1 |
| 3 | webmaster@localhost | root@localhost | 1 |
| 4 | abuse@localhost | root@localhost | 1 |
| 5 | root@localhost | root@localhost | 1 |
| 6 | @localhost | root@localhost | 1 |
| 7 | @localhost.localdomain | @localhost | 1 |
| 8 | @DOMAINNAME.fr | elric@DOMAINNAME.fr | 1 |
+------+------------------------+------------------------+---------+
8 rows in set (0.00 sec)
On the mail table, I have this:


mysql> describe users;
+-----------------+----------------------+------+-----+-------------------------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------------+----------------------+------+-----+-------------------------+-------+
| id | varchar(128) | NO | PRI | | |
| name | varchar(128) | NO | | | |
| uid | smallint(5) unsigned | NO | | 5000 | |
| gid | smallint(5) unsigned | NO | | 5000 | |
| home | varchar(255) | NO | | /var/spool/mail/virtual | |
| maildir | varchar(255) | NO | | blah/ | |
| enabled | tinyint(3) unsigned | NO | | 1 | |
| change_password | tinyint(3) unsigned | NO | | 1 | |
| clear | varchar(128) | NO | | ChangeMe | |
| crypt | varchar(128) | NO | | sdtrusfX0Jj66 | |
| quota | varchar(255) | NO | | | |
| procmailrc | varchar(128) | NO | | | |
| spamassassinrc | varchar(128) | NO | | | |
+-----------------+----------------------+------+-----+-------------------------+-------+
13 rows in set (0.00 sec)

mysql> select id, name, uid,gid, home, enabled from users where name like '%DOMAINNAME%';
+----------------------+----------------------+------+------+-------------------------+---------+
| id | name | uid | gid | home | enabled |
+----------------------+----------------------+------+------+-------------------------+---------+
| elric@DOMAINNAME.fr | elric@DOMAINNAME.fr | 5000 | 5000 | /var/spool/mail/virtual | 1 |
| paul@DOMAINNAME.fr | paul@DOMAINNAME.fr | 5000 | 5000 | /var/spool/mail/virtual | 1 |
+----------------------+----------------------+------+------+-------------------------+---------+

My main.cf configuration file


root@sd-22214:/etc/postfix# more main.cf
# This is already done in /etc/mailname
#myhostname= mail.example.com

smtpd_banner = $myhostname ESMTP $mail_name

# leave blank to do it yourself
relayhost =

inet_interfaces = all
mynetworks_style = host


# masquerade_domains = mail.example.com www.example.com !sub.dyndomain.com
masquerade_domains = mail.DOMAINNAME.fr www.DOMAINNAME.fr
# masquerade_exceptions = root

local_recipient_maps =
mydestination =

# how long if undelivered before sending warning update to sender
delay_warning_time = 4h
# will it be a permanent error or temporary
unknown_local_recipient_reject_code = 450
# how long to keep message on queue before return as failed.
# some have 3 days, I have 16 days as I am backup server for some people
# whom go on holiday with their server switched off.
maximal_queue_lifetime = 7d
# max and min time in seconds between retries if connection failed
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
# how long to wait when servers connect before receiving rest of data
smtp_helo_timeout = 60s
# how many address can be used in one message.
# effective stopper to mass spammers, accidental copy in whole address list
# but may restrict intentional mail shots.
smtpd_recipient_limit = 16
# how many error before back off.
smtpd_soft_error_limit = 3
# how many max errors before blocking it.
smtpd_hard_error_limit = 12


# Requirements for the HELO statement
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit

# Requirements for the sender details
# smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_u
nauth_pipelining, permit
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknow
n_sender_domain, reject_unauth_pipelining, permit

# Requirements for the connecting server
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dns
bl.njabl.org

# Requirement for the recipient address
smtpd_data_restrictions = reject_unauth_pipelining

smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipie
nt, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit

# require proper helo at connections
smtpd_helo_required = yes
# waste spammers time before rejecting them
smtpd_delay_reject = yes
disable_vrfy_command = yes

# not sure of the difference of the next two
# but they are needed for local aliasing
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
# this specifies where the virtual mailbox folders will be located
virtual_mailbox_base = /var/spool/mail/virtual
# this is for the mailbox location for each user
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
# and this is for aliases
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
# and this is for domain lookups
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
# this is how to connect to the domains (all virtual, but the option is there)
# not used yet
# transport_maps = mysql:/etc/postfix/mysql_transport.cf

# Changes for replace the virtual map par les vrais ids
#
# Block a reactiver
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
# this specifies where the virtual mailbox folders will be located
virtual_mailbox_base = /var/spool/mail/virtual
# End of block
#virtual_uid_maps = mysql:/etc/postfix/mysql_uid.cf
#virtual_gid_maps = mysql:/etc/postfix/mysql_gid.cf
# End of replacement block

content_filter = amavis:[127.0.0.1]:10024

# SASL
smtpd_sasl_auth_enable = yes
# If your potential clients use Outlook Express or other older clients
# this needs to be set to yes
broken_sasl_auth_clients = no
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
Of course, I checked and the aliases are working. It is like as soon as the catchup is present all the emails for this domain go to the catchall.

Does anyone have a clue for me?

Thanks in advance.

M.

lisati
August 8th, 2010, 09:56 AM
I am following the OP tutorial and I just finished the basic setup. Upon testing it via telnet, I get the followng error. Can someone tell me where to look at this point.

Here is the mail.log.

Aug 8 00:40:09 web-server postfix/smtpd[2022]: connect from localhost[127.0.0.1]
Aug 8 00:40:47 web-server postfix/smtpd[2022]: warning: unknown smtpd restriction: "permit_mynetwork"
Aug 8 00:40:47 web-server postfix/smtpd[2022]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 451 4.3.5 Server configuration error; from=<info@ducsu.com> to=<mailx@hotmail.com> proto=ESMTP helo=<web-server>
Aug 8 00:41:08 web-server postfix/smtpd[2022]: lost connection after RCPT from localhost[127.0.0.1]
Aug 8 00:41:08 web-server postfix/cleanup[2027]: E58752605BF: message-id=<20100807154108.E58752605BF@mail.domain.com>
Aug 8 00:41:09 web-server postfix/smtpd[2022]: disconnect from localhost[127.0.0.1]
Aug 8 00:41:09 web-server postfix/qmgr[1944]: E58752605BF: from=<double-bounce@mail.domain.com>, size=851, nrcpt=1 (queue active)
Aug 8 00:41:09 web-server postfix/virtual[2028]: E58752605BF: to=<root@localhost>, orig_to=<postmaster>, relay=virtual, delay=0.2, delays=0.11/0.01/0/0.08, dsn=2.0.0, status=sent (delivered to maildir)
Aug 8 00:41:09 web-server postfix/qmgr[1944]: E58752605BF: removed
Aug 8 00:47:55 web-server postfix/smtpd[2139]: connect from localhost[127.0.0.1]
Aug 8 00:48:47 web-server postfix/smtpd[2139]: warning: unknown smtpd restriction: "permit_mynetwork"
Aug 8 00:48:47 web-server postfix/smtpd[2139]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 451 4.3.5 Server configuration error; from=<info@domain.com> to=<mailx@hotmail.com> proto=ESMTP helo=<web-server>


I've checked my typo in the postfix/main.cf files and I don't see anything wrong. Please help as I need this mail server setup.

Edited: I corrected my issue. There was a typo in my log highlighted in bold. Fixed it and now I am able to test telnet with success. I tested 3 emails each going to different accounts (gmail, hotmail, and yahoo).
I received test emails from gmail and yahoo but not hotmail instantly. Do I have an error somewhere or it is just a delay from hotmail's end?
I think it should be permit_mynetworks (with an S on the end)

duceduc
August 8th, 2010, 03:29 PM
I think it should be permit_mynetworks (with an S on the end)

Thank you. I got it fix now. My mail server seems to be working within my home network. I am able to send and receive emails.

I have followed the guide and the mail server seems to be working. I can send emails from squirrelmail but I cannot receive emails. I can only receive emails from the domains I have added.

I am able to telnet localhost 25 from the server fine. I can receive and sent mails fine. However, if I try to test send an email from my yahoo, gmail, or hotmail account, I don't receive it. Did I miss a step somewhere? I retrace the steps and it seems I have gotten them all. What log files can I see for emails coming in. I've tried looking at these below, but I don't see anything out of the ordinary.
I have setup an MX for my mail server and is sitting at zoneedit; I haven't input that ip in my settings. I don't know where actually. Would that be the cause of why emails are not coming in?


/var/log/system.log
/var/log/mail.log
/var/log/mysql.log
/var/log/apache2/access.log

duceduc
August 9th, 2010, 08:58 AM
Further checking the mail server and mail.log, I noticed I am getting a: Permission denied for ClamAV for all incoming mails. How can I fix this error. I did not touch any settings upon installing clamav by the way.

Aug 9 16:26:49 web-server postfix/pickup[25884]: 91D802605D5: uid=33 from=<www-data>
Aug 9 16:26:49 web-server postfix/cleanup[26229]: 91D802605D5: message-id=<20100809072649.91D802605D5@mail.ducsu.com>
Aug 9 16:26:49 web-server postfix/qmgr[25885]: 91D802605D5: from=<www-data@ducsu.com>, size=486, nrcpt=1 (queue active)
Aug 9 16:26:49 web-server amavis[25777]: (25777-01) ESMTP::10024 /var/lib/amavis/tmp/amavis-20100809T162649-25777: <www-data@ducsu.com> -> <info@ducsu.com> SIZE=486 Received: from mail.ducsu.com ([127.0.0.1]) by localhost (mail.ducsu.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for <info@ducsu.com>; Mon, 9 Aug 2010 16:26:49 +0900 (JST)
Aug 9 16:26:49 web-server amavis[25777]: (25777-01) Checking: ZY7AEQ8VTSB0 <www-data@ducsu.com> -> <info@ducsu.com>
Aug 9 16:26:49 web-server amavis[25777]: (25777-01) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/lib/amavis/tmp/amavis-20100809T162649-25777/parts: lstat() failed: Permission denied. ERROR\n"
Aug 9 16:26:49 web-server amavis[25777]: (25777-01) (!)ClamAV-clamd av-scanner FAILED: CODE(0xb387078) unexpected , output="/var/lib/amavis/tmp/amavis-20100809T162649-25777/parts: lstat() failed: Permission denied. ERROR\n" at (eval 115) line 594.
Aug 9 16:26:49 web-server amavis[25777]: (25777-01) (!!)WARN: all primary virus scanners failed, considering backups
Aug 9 16:26:56 web-server postfix/smtpd[26258]: connect from localhost.localdomain[127.0.0.1]
Aug 9 16:26:56 web-server postfix/smtpd[26258]: 1BEDC260690: client=localhost.localdomain[127.0.0.1]
Aug 9 16:26:56 web-server postfix/cleanup[26229]: 1BEDC260690: message-id=<20100809072649.91D802605D5@mail.ducsu.com>
Aug 9 16:26:56 web-server postfix/qmgr[25885]: 1BEDC260690: from=<www-data@ducsu.com>, size=927, nrcpt=1 (queue active)
Aug 9 16:26:56 web-server amavis[25777]: (25777-01) FWD via SMTP: <www-data@ducsu.com> -> <info@ducsu.com>,BODY=7BIT 250 2.0.0 Ok, id=25777-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1BEDC260690
Aug 9 16:26:56 web-server amavis[25777]: (25777-01) Passed CLEAN, <www-data@ducsu.com> -> <info@ducsu.com>, Message-ID: <20100809072649.91D802605D5@mail.ducsu.com>, mail_id: ZY7AEQ8VTSB0, Hits: 0.01, size: 486, queued_as: 1BEDC260690, 6513 ms
Aug 9 16:26:56 web-server postfix/smtp[26231]: 91D802605D5: to=<info@ducsu.com>, orig_to=<weblog@ducsu.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=6.7, delays=0.12/0.02/0.01/6.5, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=25777-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1BEDC260690)
Aug 9 16:26:56 web-server postfix/qmgr[25885]: 91D802605D5: removed
Aug 9 16:26:56 web-server postfix/virtual[26259]: 1BEDC260690: to=<info@ducsu.com>, relay=virtual, delay=0.15, delays=0.07/0.02/0/0.06, dsn=2.0.0, status=sent (delivered to maildir)
Aug 9 16:26:56 web-server postfix/qmgr[25885]: 1BEDC260690: removed
Aug 9 16:31:56 web-server postfix/smtpd[26258]: timeout after END-OF-MESSAGE from localhost.localdomain[127.0.0.1]
Aug 9 16:31:56 web-server postfix/smtpd[26258]: disconnect from localhost.localdomain[127.0.0.1]

This is the log from clamav.log

Mon Aug 9 12:30:45 2010 -> WARNING: lstat() failed on: /var/lib/amavis/tmp/amavis-20100809T123045-23348/parts
Mon Aug 9 13:30:45 2010 -> SelfCheck: Database status OK.
Mon Aug 9 13:42:43 2010 -> WARNING: lstat() failed on: /var/lib/amavis/tmp/amavis-20100809T134243-23349/parts
Mon Aug 9 13:43:22 2010 -> WARNING: lstat() failed on: /var/lib/amavis/tmp/amavis-20100809T123045-23348/parts
Mon Aug 9 13:59:36 2010 -> WARNING: lstat() failed on: /var/lib/amavis/tmp/amavis-20100809T134243-23349/parts
Mon Aug 9 14:19:01 2010 -> WARNING: lstat() failed on: /var/lib/amavis/tmp/amavis-20100809T123045-23348/parts
Mon Aug 9 14:23:10 2010 -> WARNING: lstat() failed on: /var/lib/amavis/tmp/amavis-20100809T134243-23349/parts
Mon Aug 9 14:37:51 2010 -> SelfCheck: Database status OK.
Mon Aug 9 14:37:51 2010 -> WARNING: lstat() failed on: /var/lib/amavis/tmp/amavis-20100809T123045-23348/parts
Mon Aug 9 15:37:51 2010 -> SelfCheck: Database status OK.
Mon Aug 9 16:26:49 2010 -> WARNING: lstat() failed on: /var/lib/amavis/tmp/amavis-20100809T162649-25777/parts
Mon Aug 9 17:06:11 2010 -> SelfCheck: Database modification detected. Forcing reload.
Mon Aug 9 17:06:12 2010 -> Reading databases from /var/lib/clamav
Mon Aug 9 17:06:17 2010 -> Database correctly reloaded (813045 signatures)
Mon Aug 9 17:06:17 2010 -> WARNING: lstat() failed on: /var/lib/amavis/tmp/amavis-20100809T170611-25778/parts
Mon Aug 9 17:13:09 2010 -> WARNING: lstat() failed on: /var/lib/amavis/tmp/amavis-20100809T171309-27950/parts


I may found the answer; however, I am not sure what it is asking.
This is the link from wiki.clamav.net (WARNING: lstat() failed on: /var/lib/amavis/tmp/amavis-20100809T171309-27950/parts).

edit: solved
This link (http://wiki.clamav.net/bin/view/Main/FAQ#I_m_running_ClamAV_amavisd_new_a) explains it more clearly on how to fix the permission denied in clamav

You need to add this to /etc/group

amavis:x:105:clamav

Also, make sure you have this in /etc/clamav/clamd.conf

AllowSupplementaryGroups true

Restart clamav

sudo /etc/init.d/clamav-daemon restart

Fludizz
August 11th, 2010, 02:43 PM
No real addition to this thread but I think I have to say this:
Thanks a million for this guide, I started using this configuration guide years ago (and yes implemented it in a corporate environment as well :D) and I am still happily using this configuration. Very good guide, very clear which results in a very stable and clean mail system which is easy to manage using phpmyadmin!

duceduc
August 11th, 2010, 04:20 PM
Relocation notice (http://flurdy.com/docs/postfix/#ext_reloc)
Anyone did this part? It says the sender will get a notice of new address.
When I tested mine, I didn't get a notice email but the new relocated address was sent. Not a big deal it didn't sent a notice to sender.

delaTorre
August 19th, 2010, 01:30 AM
//Update
I read the solutions of Eihi and DonGonzo but none of them work for my, I realized that my sql query is not getting the concat(home,'/',maildir) field, but the line MYSQL_MAILDIR_FIELD concat(home,'/',maildir) is well formed. Any ideas??? Please!!!
Thanks
Here is the query:

SELECT id, crypt, "", uid, gid, home, "", "", name, "" FROM users WHERE id = 'user1@home.local' AND (enabled=1)
//

Hello, I'm having some issues with courier-imap, my server can recieve emails, courier creates the folder with the name of the account and put the email file inside but my client (thunderbird-evolution-out.express) can not get it, this is my log file


Aug 18 21:08:29 home imapd: chdir Maildir: No such file or directory
Aug 18 21:08:29 home imapd: user1@home.local: No such file or directoryThe folder user1@home.local exists and the folder Maildir do not exists, if I create it the client and the log do not show any error, but I still can get user1 emails.

I guess something is wrong with the MAILDIRPATH=Maildir line in Imapd file.

Any ideas?,

Thank you Flurdy for this great tutorial, hope someone can help with this problem.

Sorry for my terrible english.

slarti42
August 20th, 2010, 02:41 AM
Hmmmm,

I have spent about 3 days on this, and read everything I can find.](*,)

These logs show two attempts to send, the first from outlook express on ******* and the other from evolution.

Server is Ubuntu 10.04

Mail log shows.


Aug 20 01:13:37 zarquon postfix/smtpd[27947]: connect from unknown[190.255.90.53]
Aug 20 01:13:43 zarquon postfix/smtpd[27947]: NOQUEUE: reject: RCPT from unknown[190.255.90.53]: 554 5.7.1 <unknown[190.255.90.53]>: Client host rejected: Access denied; from=<MYNEWADDRESS@sellmatix.com> to=<MYOLDADDRESS@himatix.com> proto=SMTP helo=<slarti>
Aug 20 01:13:43 zarquon postfix/smtpd[27947]: disconnect from unknown[190.255.90.53]
Aug 20 01:14:37 zarquon postfix/smtpd[27947]: connect from unknown[190.255.90.53]
Aug 20 01:14:38 zarquon postfix/smtpd[27947]: disconnect from unknown[190.255.90.53]
Aug 20 01:14:55 zarquon postfix/anvil[27954]: statistics: max connection rate 2/60s for (smtp:190.255.90.53) at Aug 20 01:05:22
Aug 20 01:14:55 zarquon postfix/anvil[27954]: statistics: max connection count 2 for (smtp:190.255.90.53) at Aug 20 01:06:19

auth.log shows


Aug 20 01:06:19 zarquon postfix/smtpd[3209]: sql auxprop plugin using mysql engine
Aug 20 01:08:19 zarquon sshd[9873]: Accepted password for root from 190.255.90.53 port 57450 ssh2
Aug 20 01:08:19 zarquon sshd[9873]: pam_unix(sshd:session): session opened for user root by (uid=0)
Aug 20 01:09:01 zarquon CRON[15500]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug 20 01:09:03 zarquon CRON[15500]: pam_unix(cron:session): session closed for user root
Aug 20 01:10:44 zarquon sshd[9873]: Received disconnect from 190.255.90.53: 11: disconnected by user
Aug 20 01:10:44 zarquon sshd[9873]: pam_unix(sshd:session): session closed for user root
Aug 20 01:11:20 zarquon sshd[25847]: Accepted password for root from 190.255.90.53 port 47078 ssh2
Aug 20 01:11:20 zarquon sshd[25847]: pam_unix(sshd:session): session opened for user root by (uid=0)
Aug 20 01:17:01 zarquon CRON[21999]: pam_unix(cron:session): session opened for user root by (uid=0)
Aug 20 01:17:01 zarquon CRON[21999]: pam_unix(cron:session): session closed for user root
mysql.log show


100820 1:12:32 189 Connect mail@localhost on maildb
190 Connect mail@localhost on maildb
189 Query SELECT destination FROM aliases WHERE mail='sellmatix.com' and enabled = 1
191 Connect mail@localhost on maildb
191 Query SELECT domain FROM domains WHERE domain='sellmatix.com' and enabled = 1
190 Query SELECT destination FROM aliases WHERE mail='sellmatix.com' and enabled = 1
192 Connect mail@localhost on maildb
192 Query SELECT domain FROM domains WHERE domain='sellmatix.com' and enabled = 1
100820 1:13:32 189 Quit
191 Quit
190 Quit
192 Quit
100820 1:13:43 193 Connect mail@localhost on maildb
193 Query SELECT destination FROM aliases WHERE mail='himatix.com' and enabled = 1
194 Connect mail@localhost on maildb
194 Query SELECT domain FROM domains WHERE domain='himatix.com' and enabled = 1
100820 1:14:43 193 Quit
194 Quit
/etc/postfix.main.cf is:-


# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
myorigin = /etc/mailname
myhostname = mail.sellmatix.com

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

relayhost =
inet_protocols = all
inet_interfaces = all
#mynetworks_style = host
#mynetworks = 127.0.0.0/8
#mynetworks = all
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

#mydestination = sellmatix.com,localhost.sellmatix.com,localhost
local_recipient_maps =
mydestination =

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
delay_warning_time = 4h

readme_directory = no



unknown_local_recipient_reject_code = 450

#how long to keep in queue before return as failed
maximal_queue_lifetime = 7d

#min and max time in seconds between retries if connection failed
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s

#how long to wait when servers connect before receiving rest of data
smtp_helo_timeout = 60s

#how many addresses can be stored in one message
smtpd_recipient_limit = 16

#how many soft errors before back off
smtpd_soft_error_limit = 3

#how many hard errors before blocking it
smtpd_hard_error_limit = 12

#requirements for the HELO statement
#smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
#smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, permit

#requirements for sender details
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit

#requirements for the connecting server
#smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
smtpd_client_restrictions = permit_sasl_authenticated, reject

#requirements for recipient address
#smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:60000, permit

smtpd_data_restrictions = reject_unauth_pipelining

#require proper helo at connections
smtpd_helo_required = yes
# reject all connections from unauthenticated clients
smtpd_delay_reject = yes
#disable_vrfy_command = yes


# Virtual Mailbox Domain Settings
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases

#this specifies where the virtual mailbox folders will be located
virtual_mailbox_base = /var/spool/mail/virtual

#this is the for the mailbox location for each user
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf

#this is for the aliases
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf

#this is for the domain lookups
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf

#virtual_mailbox_limit = 51200000
#virtual_minimum_uid = 5000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_transport = virtual

#additional for quota support

virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Your maildir has overdrawn your diskspace quota, so you need to free up some space you clot.
virtual_overquota_bounce = yes

# SASL
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =

# TLS parameters
smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.


mailbox_size_limit = 0
recipient_delimiter = +
home_mailbox = Maildir/
Any ideas????

duceduc
August 20th, 2010, 03:29 AM
slarti42,
Have you checked if ur isp is not blocking port 25? Try relaying to your isp and see if that works.

slarti42
August 20th, 2010, 01:37 PM
slarti42,
Have you checked if ur isp is not blocking port 25? Try relaying to your isp and see if that works.


Thanks for the suggestion, but no, the ISP is NOT blocking port 25. I am using that all the time to connect to the old mail server.

slarti42
August 20th, 2010, 06:32 PM
Some progress...

/etc/init.d/saslauthd restart was generating an error, so I uninstalled sasl, and tried to reinstall, but that failed with and error:-
dpkg: syntax error: unknown user `amavis' in statoverride file

I had previously uninstalled amavis trying to eliminate possible causes. After removing the amavis entries in
/var/lib/dpkg/statoverride I was able to reinstall sasl clean, and, suddenly IMAP started working:D

But SMTP is still failing and auth.log now shows:-


Aug 20 17:14:05 zarquon postfix/smtpd[5402]: sql auxprop plugin using mysql engine
Aug 20 17:14:07 zarquon saslauthd[7187]: pam_mysql - MySQL error(You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id = 'MYNEWMAIL@sellmatix.com'' at line 1)
Aug 20 17:14:07 zarquon saslauthd[7187]: DEBUG: auth_pam: pam_authenticate failed: Error in service module
Aug 20 17:14:07 zarquon saslauthd[7187]: do_auth : auth failure: [user=MYNEWMAIL@sellmatix.com] [service=smtp] [realm=sellmatix.com] [mech=pam] [reason=PAM auth error]


That seems to be referring to /etc/postfix/sasl/smtpd.conf which contains:-




pwcheck_method: saslauthd
mech_list: plain login cram-md5 digest-md5
log_level: 7
allow_plaintext: true
auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: mail
sql_passwd: PASSWORD
sql_database: maildb
sql_select: select crypt from users where id='%u@%r' and enabled = 1



Any ideas?

slarti42
August 20th, 2010, 10:11 PM
SOLVED!

Missing "table=users" in /etc/pam.d/smtp

duceduc
August 22nd, 2010, 05:37 AM
Checking my apache error log, I noticed this error. I have no idea what this means. Any one?

[Sun Aug 22 08:12:29 2010] [error] [client 127.0.0.1] PHP Notice: unserialize(): Error at offset 255 of 255 bytes in /usr/share/squirrelmail/functions/strings.php on line 1284, referer: http://mymaildomain.com/src/webmail.php

delaTorre
August 25th, 2010, 03:02 AM
Does anyone know why postfix is not reading the smtp_sasl_password_maps entry?? ,my isp can not authenticated my mails because postfix is not geting the data from sasl_passwd.db. I´m at this point since 4 days ago, any ideas are welcome!
PLEASE someone give a hand on this !!!!!!!!!!
this is my configuration file



myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
# this specifies where the virtual mailbox folders will be located
virtual_mailbox_base = /var/spool/mail/virtual
# this is for the mailbox location for each user
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
# and this is for aliases
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
# and this is for domain lookups
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
# this is how to connect to the domains (all virtual, but the option is there)
# not used yet
# transport_maps = mysql:/etc/postfix/mysql_transport.cf

virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

myorigin = /etc/mailname
mydestination =
local_recipient_maps =
relayhost = mail.myiso.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
mynetworks_style = host

##relay
smtp_sasl_auth_enabled = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
##
smtp_sasl_mechanism_filter = login
##
# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
delay_warning_time = 4h
unknown_local_recipient_reject_code = 450
maximal_queue_lifetime = 7d
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
smtp_helo_timeout = 60s
smtp_recipient_limit = 16
smtp_soft_error_limit = 3
smtpd_hard_error_limit = 12

# Requirements for the HELO statement
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
# Requirements for the sender details
#smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
# Add permit_sasl_authenticated to you existing
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
# Requirements for the connecting server
#smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
smtpd_client_restrictions =
# Requirement for the recipient address
#smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit smtpd_data_restrictions = reject_unauth_pipelining
#smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit
# Add permit_sasl_authenticated to you existing
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit
# require proper helo at connections
smtpd_helo_required = yes
# waste spammers time before rejecting them
smtpd_delay_reject = yes
disable_vrfy_command = yes

readme_directory = no

# TLS parameters
#smtp_use_tls = no
smtp_tls_security_level = may
#smtpd_use_tls=yes
smtpd_tls_security_level = may
#smtpd_tls_auth_only = no
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.



content_filter = amavis:[127.0.0.1]:10024

# SASL
smtpd_sasl_auth_enable = yes
## If your potential clients use Outlook Express or other older clients
## this needs to be set to yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
##smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = smtpd
smtpd_sasl_password_maps = hash:/etc/postfix/sasl_passwd

10ghost
August 29th, 2010, 04:21 AM
After following the howto By flurdy
I checked mail.log



to=<ghost@domain.net>, relay=local, delay=43, delays=43/0.01/0/0.07, dsn=2.0.0, status=sent (delivered to maildir)


In how to if this received it mail was sent
But the folder to be created in /var/mail/virtual was not created that is ghost.
How can one troubleshoot this problem?

scrooge_74
August 29th, 2010, 07:17 AM
This tutorial is sourceforge works perfectly. I used it on Friday to setup a webmail server

http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-ubuntu-10.04

I had problems with the one at the begining of this thread.

q.dinar
August 31st, 2010, 11:08 PM
flurdy, maybe, would be good, if you write in the tutorial, that PTR DNS record is needed to send e-mail to some mail servers. And that setting PTR record is not just like setting regular DNS records, to set PTR contact to IP address owner is needed.

three_jeeps
September 1st, 2010, 01:23 AM
Yes - because I need to buy a new mouse with a wheel that doesn't paste when I spin it :p


Well, at least check your post carefully before you hit the send button....inaccurate postings make for a lot of 'noise' as well as
wasted time. What could have been addresses with a single exchange took 5....

duceduc
September 1st, 2010, 03:56 PM
I got a weird problem now. My mail server was running fine until today when I used thunderbird to sent mail outside my network. The log shows that my router(GOD) is rejecting the mail? Relay access denied. I haven't changed any settings, other than updated my router's firwmare. Is there a setting in the router that I should look for? I don't understand why thunderbird is showing logs about my router where if I use squirrelmail webgui, it doesn't and my mail sent fine.


Sep 1 23:37:10 web-server postfix/smtp[831]: D0033261268: to=<xxxx@ducsu.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.1, delays=0.14/0.01/0/0.9, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=30126-07, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as B43D7260726)
Sep 1 23:37:10 web-server postfix/smtp[831]: D0033261268: to=<xxxx@gmail.com>, orig_to=<xxx@ducsu.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.1,delays=0.14/0.01/0/0.9, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=30126-07, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as B43D7260726)
Sep 1 23:37:10 web-server postfix/qmgr[1837]: D0033261268: removed
Sep 1 23:37:10 web-server postfix/virtual[836]: B43D7260726: to=<xxx@ducsu.com>, relay=virtual, delay=0.18, delays=0.08/0.03/0/0.07, dsn=2.0.0, status=sent (delivered to maildir)
Sep 1 23:37:10 web-server postfix/smtp[835]: B43D7260726: to=<xxx@gmail.com>,relay=smtp.xxx.xxx.xx.jp[125.206.148.148]:25, delay=0.26 delays=0.08/0.04/0.06/0.09, dsn=2.0.0, status=sent (250 Ok: queued as E26872324)
Sep 1 23:37:11 web-server postfix/qmgr[1837]: B43D7260726: removed
Sep 1 23:38:15 web-server postfix/smtpd[32669]: connect from GOD[192.168.1.1]
Sep 1 23:38:15 web-server postfix/smtpd[32669]: NOQUEUE: reject: RCPT from GOD[192.168.1.1]: 554 5.7.1 <xxxx@hotmail.com>: Relay access denied; from=<xxxx@ducsu.com> to=<xxxx@hotmail.com> proto=ESMTP helo=<[127.0.0.1]>
Sep 1 23:39:00 web-server postfix/smtpd[32669]: disconnect from GOD[192.168.1.1]

phaZe~collapse
September 4th, 2010, 05:20 AM
FYI for those of you using this great tutorial. When setting up shorewall, the files in
/usr/share/doc/shorewall-common/default-config/ have moved to
/usr/share/doc/shorewall/default-config/

Sparky12488
September 17th, 2010, 06:32 PM
Hi I was trying to download all the programs i need from your How to guide but i am having some problems with two of them.


1: Authentication: Cyrus SASL
2: Encryption: TLS

I cant seem to find the downloads for these program any help would be great

many thanks nick

NightFlyer_
September 17th, 2010, 09:52 PM
Hi.

Thanks for an excellent guide for setting up a complete mail-server.

I have followed your guide and now has a complete mail server set up.

Now I am thinking about backup... Yes, backup... I mean, since the server holds all my e-mails (And I have quite many) maybe I should implement a backup system.

Problem is, I don't know anything about doing so....

Anybody out there with any ideas of how to to backup the e-mails stored on the server ?

Sincerely,

Martin B.



A how to for a complete step by step guide to install, configure and run
a mail server on a GNU / Linux system

The server includes theses programs:
Ubuntu + Postfix + Courier IMAP + MySQL + Amavisd-new + SpamAssassin + ClamAV + SASL + TLS + SquirrelMail + Postgrey

mmxbass
October 19th, 2010, 06:21 PM
The configuration worked well for me but the spam detection is so hypersensitive that it's marking internal mail as spam. Is there a way to easily disable spam checking for mail originating from users logged in locally?

scrooge_74
October 20th, 2010, 03:11 AM
Yes you can setup the level of detection in SpamAssassin.

Sorry I just got home and Im too tired to think straight pass the Yes

Nunana
October 21st, 2010, 04:03 PM
I build an E-mail server following the Step by step guide to install Postfix. All works fine. Thnx for that.
Except one thing is keeping my busy for two whole days now.
HOW DO I OPEN MORE PORTS?
I added ports in the /etc/shorewall/rules, i see them back in iptables --list-rules but it's not coming through.
SSH is going fine. But ping 10.1.0.x is unreachable.
I build a base Ubuntu server in the same 10.76.70.x than i dont have a problem to reach.


# Shorewall version 4 - Rules File
#
# For information on the settings in this file, type "man shorewall-rules"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-rules.html
#
################################################## ################################################## ################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ESTABLISHED
#SECTION RELATED
#SECTION NEW
#
SSH/ACCEPT net $FW
Ping/ACCEPT net $FW

# Permit all ICMP traffic FROM the firewall TO the net zone
ACCEPT $FW net icmp
# mail lines
SMTP/ACCEPT net $FW
SMTPS/ACCEPT net $FW
Submission/ACCEPT net $FW
IMAP/ACCEPT net $FW
IMAPS/ACCEPT net $FW
#web Web/
ACCEPT net $FW
# ntlmaps
ACCEPT net $FW tcp 5865
ACCEPT net $FW udp 5865
################################################## #############################

Nunana
October 22nd, 2010, 11:45 AM
I learned to put my networks in the /etc/shorewall/zones

loc eth0:10.1.0.0/24,10.70.76.0/24
The port I want to open in /etc/shorewall/rules

ACCEPT loc $FW tcp 5865
ACCEPT $FW loc tcp 5865
Restart shorewall

/etc/init.d/shorewall restart
For me this works.

cent.mox
October 25th, 2010, 09:46 PM
MYSQL_MAILDIR_FIELD concat(home,'/',maildir)
made my day ;-)
I am Happy!!!!
thanks

maxB2510
November 23rd, 2010, 03:26 PM
First of all I'd like to thank so much for flurdy's great tutorial and all the other help from the posts in this thread!

I've on very specific and short question left: Is it possible to allow IMAP and/or POP3 protocol specifically for each user?
It may happen that I don't want some user to use space on my server and for that only allow him to use the POP3-protocol.

I'd really appreciate some help :-)

duceduc
November 30th, 2010, 08:34 AM
I've noticed clamav has issue an update recommendation version of 96.5. We are currently at 9.6.3. Has anyone updated their clamav app, if so can you provided a run down on how you upgrade and reconfigure the mail server to scan your emails? I failed to make it work.

Tom_T
February 21st, 2011, 05:57 PM
As someone who is considering coming from a Windows Mail Server to Linux, this looks a great guide.

Couple of questions :

can inbound mail be filtered and stopped using a simple if "EHLO/HELO doesn't contain . " drop and blacklist

Can we do IMAP Filtering, check headers, body and subject and then move specific matching mail to a users IMAP / SubFolder ?

Last one. Is there an option for a simple GUI for the logs ?

Thanks

fedef63
February 27th, 2011, 01:58 PM
Thanks for a great tutorial, Flurdy!

I have managed to complement Flurdy's tutorial such that virtual transport is swapped for maildrop and spam is automatically delivered to a spam folder.

It is based on the excellent tutorial by Flurdy and complemented by parts of the tutorial found here: http://daemonforums.org/showthread.php?t=193

The latter tutorial also contains methods to implement vacation messaging.

If in doubt, check out the forementioned tutorial.

Here's what I did:

Complete Flurdy's tutorial and install maildrop

uncomment in main.cf:

transport_maps = mysql:/etc/postfix/mysql_transport.cfand add

maildrop_destination_recipient_limit = 1Master.cf file should contain the following line, change the user field to virtual:

maildrop unix - n n - - pipe
flags=DRhu user=virtual argv=/usr/bin/maildrop -d ${recipient}create mysql_transport.cf file and set the correct owner and permissions:

user=mail
password=changeme
dbname=maildb
table=domains
select_field=transport
where_field=domain
hosts=127.0.0.1
additional_conditions = and enabled = 1
create:

# cd /var/spool/mail/virtual/
# chmod +s /usr/bin/maildrop
# touch .mailfilter
# chmod 600 .mailfilter
# mkdir mailfilters
# chmod 700 mailfilters
# chown -R virtual:virtual .mailfilter mailfilterstest maildrop and check logs:

echo "test" | maildrop -V 9 -d you@example.comEdit the ...virtual/.mailfilter file (haven't tested this bit):

# Deliver to Inbox or Spam box (create spam box if it does not exist)
if (/^X-Spam-Flag: YES/:h)
{
`test -d $DEFAULT/.junkmail`
if ($RETURNCODE == 1)
{
`/usr/bin/maildirmake -f junkmail $DEFAULT`
`echo "junkmail" >> $DEFAULT/subscriptions`
}
exception {
to "$DEFAULT/.junkmail"
}
# if all else fails, do regular delivery
exception {
to "$DEFAULT"
}
}
Now use phpmyadmin and change domain transport field from "virtual:" to "maildrop:"

Restart postfix, check log files and pray :)

Much of the code here is curtesy of hamba from daemonforums.org

Hope this helps!

Cheers, Villu


Hello,
I've installed a mailserver followinhg Flurdy's document. Thanks Flurdy.
Next i have followed your instructions about maildrop, but I'm unable to make it working.

Before all, I've have a doubt:

during the install of the mailserver the package it's not installed.

what package do you have used: ?

maildrop or courier-maildrop

I've tried both with two differenent result.
Using courier-maildrop, when i execute the test:
echo "test" | maildrop -V 9 -d myemail@mydomain

in the mailbox i get a mail

as soon i change the transport in mysql from "virtual:" to "maildrop:"
I don't get anymore mail i sent to myself.

on the mail log there is: delivered via maildrop service

What I noticed, under the directory: /var/spool/mail/virtual a file called "Maildir" get created and it's containing the mail i sent.


Any idea ?

Thanks
regards
federico

fedef63
February 27th, 2011, 02:32 PM
Thanks for a great tutorial, Flurdy!

I have managed to complement Flurdy's tutorial such that virtual transport is swapped for maildrop and spam is automatically delivered to a spam folder.

It is based on the excellent tutorial by Flurdy and complemented by parts of the tutorial found here: http://daemonforums.org/showthread.php?t=193

The latter tutorial also contains methods to implement vacation messaging.

If in doubt, check out the forementioned tutorial.

Here's what I did:

Complete Flurdy's tutorial and install maildrop

uncomment in main.cf:

transport_maps = mysql:/etc/postfix/mysql_transport.cfand add

maildrop_destination_recipient_limit = 1Master.cf file should contain the following line, change the user field to virtual:

maildrop unix - n n - - pipe
flags=DRhu user=virtual argv=/usr/bin/maildrop -d ${recipient}create mysql_transport.cf file and set the correct owner and permissions:

user=mail
password=changeme
dbname=maildb
table=domains
select_field=transport
where_field=domain
hosts=127.0.0.1
additional_conditions = and enabled = 1
create:

# cd /var/spool/mail/virtual/
# chmod +s /usr/bin/maildrop
# touch .mailfilter
# chmod 600 .mailfilter
# mkdir mailfilters
# chmod 700 mailfilters
# chown -R virtual:virtual .mailfilter mailfilterstest maildrop and check logs:

echo "test" | maildrop -V 9 -d you@example.comEdit the ...virtual/.mailfilter file (haven't tested this bit):

# Deliver to Inbox or Spam box (create spam box if it does not exist)
if (/^X-Spam-Flag: YES/:h)
{
`test -d $DEFAULT/.junkmail`
if ($RETURNCODE == 1)
{
`/usr/bin/maildirmake -f junkmail $DEFAULT`
`echo "junkmail" >> $DEFAULT/subscriptions`
}
exception {
to "$DEFAULT/.junkmail"
}
# if all else fails, do regular delivery
exception {
to "$DEFAULT"
}
}
Now use phpmyadmin and change domain transport field from "virtual:" to "maildrop:"

Restart postfix, check log files and pray :)

Much of the code here is curtesy of hamba from daemonforums.org

Hope this helps!

Cheers, Villu
Hello,
I've installed a mailserver followinhg Flurdy's document. Thanks Flurdy.
Next i have followed your instructions about maildrop, but I'm unable to make it working.

Before all, I've have a doubt:

during the install of the mailserver the package it's not installed.

what package do you have used: ?

maildrop or courier-maildrop

I've tried both with two differenent result.
Using courier-maildrop, when i execute the test:
echo "test" | maildrop -V 9 -d myemail@mydomain

in the mailbox i get a mail

as soon i change the transport in mysql from "virtual:" to "maildrop:"
I don't get anymore mail i sent to myself.

on the mail log there is: delivered via maildrop service

What I noticed, under the directory: /var/spool/mail/virtual a file called "Maildir" get created and it's containing the mail i sent.


Any idea ?

Thanks
regards
federico

tonyofthewoods
February 27th, 2011, 05:09 PM
I've gone through the tutorial up to where all the basics should be up and running. From the server box itself I can telnet in and send email. I can receive email. I can see my received email from a client machine in Thunderbird. But I cannot send email from Thunderbird. I get "The mail server responded: 5.7.1 <test@destination.com>: Relay access denied. Please check the message recipient test@destination.com and try again.". I'm guessing that it's not the recipient that's really causing the problem - I think that courier isn't talking nicely to postfix. I've turned on verbose debugging in postfix/smtpd and I see this sort of conversation going on:



EHLO [192.168.1.2]
> unknown[80.175.115.177]: 250-bagpuss.localdomain
> unknown[80.175.115.177]: 250-PIPELINING
> unknown[80.175.115.177]: 250-SIZE 10240000
match_list_match: unknown: no match
match_list_match: 80.175.115.177: no match
> unknown[80.175.115.177]: 250-ETRN
> unknown[80.175.115.177]: 250-ENHANCEDSTATUSCODES
> unknown[80.175.115.177]: 250-8BITMIME
> unknown[80.175.115.177]: 250 DSN
< unknown[80.175.115.177]: MAIL FROM:<sender@mynewdomain.com> SIZE=454
extract_addr: input: <sender@mynewdomain.com>
smtpd_check_addr: addr=sender@mynewdomain.com
connect to subsystem private/rewrite
send attr request = rewrite
send attr rule = local
send attr address = sender@mynewdomain.com
private/rewrite socket: wanted attribute: flags
input attribute name: flags
input attribute value: 0
private/rewrite socket: wanted attribute: address
input attribute name: address
input attribute value: sender@mynewdomain.com
private/rewrite socket: wanted attribute: (list terminator)
input attribute name: (end)
rewrite_clnt: local: sender@mynewdomain.com -> sender@mynewdomain.com
send attr request = resolve
send attr sender =
send attr address = sender@mynewdomain.com
private/rewrite socket: wanted attribute: flags
input attribute name: flags
input attribute value: 0
private/rewrite socket: wanted attribute: transport
input attribute name: transport
input attribute value: virtual
private/rewrite socket: wanted attribute: nexthop
input attribute name: nexthop
input attribute value: mynewdomain.com
private/rewrite socket: wanted attribute: recipient
input attribute name: recipient
input attribute value: sender@mynewdomain.com
private/rewrite socket: wanted attribute: flags
input attribute name: flags
input attribute value: 1024
private/rewrite socket: wanted attribute: (list terminator)
input attribute name: (end)
resolve_clnt: `' -> `sender@mynewdomain.com' -> transp=`virtual' host=`mynewdomain.com' rcpt=`sender@mynewdomain.com' flags= class=virtual
ctable_locate: install entry key sender@mynewdomain.com
extract_addr: in: <sender@mynewdomain.com>, result: sender@mynewdomain.com
fsspace: .: block size 1024, blocks free 3696436
smtpd_check_queue: blocks 1024 avail 3696436 min_free 0 msg_size_limit 10240000
> unknown[80.175.115.177]: 250 2.1.0 Ok
< unknown[80.175.115.177]: RCPT TO:<test@destination.com>
extract_addr: input: <test@destination.com>
smtpd_check_addr: addr=test@destination.com
send attr request = rewrite
send attr rule = local
send attr address = test@destination.com
private/rewrite socket: wanted attribute: flags
input attribute name: flags
input attribute value: 0
private/rewrite socket: wanted attribute: address
input attribute name: address
input attribute value: test@destination.com
private/rewrite socket: wanted attribute: (list terminator)
input attribute name: (end)
rewrite_clnt: local: test@destination.com -> test@destination.com
send attr request = resolve
send attr sender =
send attr address = test@destination.com
private/rewrite socket: wanted attribute: flags
input attribute name: flags
input attribute value: 0
private/rewrite socket: wanted attribute: transport
input attribute name: transport
input attribute value: smtp
private/rewrite socket: wanted attribute: nexthop
input attribute name: nexthop
input attribute value: techie.com
private/rewrite socket: wanted attribute: recipient
input attribute name: recipient
input attribute value: test@destination.com
input attribute value: test@destination.com
private/rewrite socket: wanted attribute: flags
input attribute name: flags
input attribute value: 4096
private/rewrite socket: wanted attribute: (list terminator)
input attribute name: (end)
resolve_clnt: `' -> `test@destination.com' -> transp=`smtp' host=`techie.com' rcpt=`test@destination.com' flags= class=default
ctable_locate: install entry key test@destination.com
extract_addr: in: <test@destination.com>, result: test@destination.com
send attr request = rewrite
send attr rule = local
send attr address = double-bounce
private/rewrite socket: wanted attribute: flags
input attribute name: flags
input attribute value: 0
private/rewrite socket: wanted attribute: address
input attribute name: address
input attribute value: double-bounce@mynewdomain.com
private/rewrite socket: wanted attribute: (list terminator)
input attribute name: (end)
rewrite_clnt: local: double-bounce -> double-bounce@mynewdomain.com
>>> START Recipient address RESTRICTIONS <<<
generic_checks: name=permit_mynetworks
permit_mynetworks: unknown 80.175.115.177
match_hostname: unknown ~? 127.0.0.0/8
match_hostaddr: 80.175.115.177 ~? 127.0.0.0/8
match_hostname: unknown ~? [::ffff:127.0.0.0]/104
match_hostaddr: 80.175.115.177 ~? [::ffff:127.0.0.0]/104
match_hostname: unknown ~? [::1]/128
match_hostaddr: 80.175.115.177 ~? [::1]/128
match_list_match: unknown: no match
match_list_match: 80.175.115.177: no match
generic_checks: name=permit_mynetworks status=0
generic_checks: name=reject_unauth_destination
reject_unauth_destination: test@destination.com
permit_auth_destination: test@destination.com
ctable_locate: leave existing entry key test@destination.com
NOQUEUE: reject: RCPT from unknown[80.175.115.177]: 554 5.7.1 <test@destination.com>: Relay access denied; from=<sender@mynewdomain.com> to=<test@destination.com> proto=ESMTP helo=<[192.168.1.2]>

I think this is trying to tell me that courier isn't successfully starting a TLS session. But I'm not really sure. If not - why would that be? Your input much appreciated.

fedef63
February 28th, 2011, 06:03 PM
[ >>> START Recipient address RESTRICTIONS <<<
generic_checks: name=permit_mynetworks
permit_mynetworks: unknown 80.175.115.177
match_hostname: unknown ~? 127.0.0.0/8
match_hostaddr: 80.175.115.177 ~? 127.0.0.0/8
match_hostname: unknown ~? [::ffff:127.0.0.0]/104
match_hostaddr: 80.175.115.177 ~? [::ffff:127.0.0.0]/104
match_hostname: unknown ~? [::1]/128
match_hostaddr: 80.175.115.177 ~? [::1]/128
match_list_match: unknown: no match
match_list_match: 80.175.115.177: no match
generic_checks: name=permit_mynetworks status=0
generic_checks: name=reject_unauth_destination
reject_unauth_destination: test@destination.com
permit_auth_destination: test@destination.com
ctable_locate: leave existing entry key test@destination.com
NOQUEUE: reject: RCPT from unknown[80.175.115.177]: 554 5.7.1 <test@destination.com>: Relay access denied; from=<sender@mynewdomain.com> to=<test@destination.com> proto=ESMTP helo=<[192.168.1.2]>[/CODE]

I think this is trying to tell me that courier isn't successfully starting a TLS session. But I'm not really sure. If not - why would that be? Your input much appreciated.


Hello,
for a test purpose, i think you can just add the Ip address (80.175.115.177) or the subnet where you are coming 80.175.115.0/24 in the file /etc/postfix/main.cf and reload postfix sudo /etc/init.d/postfix reload


mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 80.175.115.177/32

This shoudl fix your issue, since the address will be considered a local address and not blocked by the restriction. Obviously this is not a good config for a production server.

Hope this help.
Regards
Federico

tonyofthewoods
February 28th, 2011, 10:15 PM
Huge thanks for this Federico - I can't tell you what a pleasure it is just to see something working. Quite right this is not enough for a production system, though.

What I can't quite understand - cos there are a few bits where Flurdy's doc is just a tiny bit vague - having got to the minimally configured stage should I be able to use a mail client to send mail using smtp/starttls or is that only going to be possible once I've got all the sasl stuff configured up?

Because now I don't know whether to try and debug my current setup or to push on with the next area of work in the doc.

Many thanks, beautiful people.

fedef63
February 28th, 2011, 10:59 PM
Hello,
I've followed all the Flurdy's document and he did really a big work.
I've been able to make working almost everything listed there, except SASL, since I think I've not understood what password to use. Anyhow, i do not want use SASL for users authentication. TLS/SSL would be ok and it do not require SASL.
To answer to your question: Yes you will be able to implement smtp/starttls/ssl. Without Sasl
Regards
Federico

duceduc
February 28th, 2011, 11:03 PM
fedef63:

Did you ever got maildrop to work? If so which of the maildrop version you used? I am about to setup this up and would like to know the steps. Thanks.

fedef63
March 1st, 2011, 09:04 PM
Hi Duceduc,
unfortunately I've not been able to make Maildrop working, in the post #364 or 365 above indeed I'm asking help about, since the document lack of some informations..example what maildrop has been used if courier-maildrop or standalone package..
the doc i followed is linked to Flurdy's document...
here the link http://ubuntuforums.org/showpost.php?p=7278296&postcount=223
it is in the same in my post post above

Regards

fedef63
March 2nd, 2011, 12:17 AM
Huge thanks for this Federico - I can't tell you what a pleasure it is just to see something working. Quite right this is not enough for a production system, though.

What I can't quite understand - cos there are a few bits where Flurdy's doc is just a tiny bit vague - having got to the minimally configured stage should I be able to use a mail client to send mail using smtp/starttls or is that only going to be possible once I've got all the sasl stuff configured up?

Because now I don't know whether to try and debug my current setup or to push on with the next area of work in the doc.

Many thanks, beautiful people.

Hi,
I wish just to tell you, that I've also Sasl working.
The value in the field "user" and "password" in the file /etc/pam.d/smtp are the same used to access maildb. And now it 's working.
I was thinking i must select "use crypted password" in the smtp panel of thunderbird. probably it was a bad assumption.

Mar 2 00:00:27 mail postfix/smtpd[2940]: 4508DC150E: client=unknown[192.168.254.2], sasl_method=PLAIN, sasl_username=pluto@xxx.it

Regards

khaeru
March 5th, 2011, 07:16 AM
I'm curious—is everyone implementing this guide on EC2 using 'small' instances? Has anyone tried on a 'micro' instance, or any other size? If so, please share.

flurdy
March 7th, 2011, 06:46 PM
I'm curious—is everyone implementing this guide on EC2 using 'small' instances? Has anyone tried on a 'micro' instance, or any other size? If so, please share.

My current server postfix servers on ec2 are all micro. The memory footprint of postfix++ is tiny.

jlsm
March 10th, 2011, 06:06 AM
Hi,

Firstly, I would like to give a big Kudos to flurdy for an excellent how to.

I am relatively a beginner Ubuntu user, and was currently tasked to create a mail server for our small office. The how-to was a great resource for this project.

Initally, I was able to make the setup work until the Basic setup, I tested everything and it works: using telnet to EHLO and send mail, using webmail both within the network and outside the network, and even using Outlook on my ******* laptop, again both from inside and outside the network.

My problem arose when I proceeded to the Advanced Mail Setup. Everything still seems to be working except when using a mail client on another PC. When using Thunderbird on the server to test, I can send and receive mail without any problems. When using Outlook or Thunderbird on my laptop, I can't login, but webmail (and even telnet) on the same laptop works. Upon setting up Thunderbird, it can automatically detect the servers, IMAP on port 143 and SMTP on port 25, but cannot login to the server. I'm guessing authentication is causing the problems. I've been working on this for days now and reading on different posts and sites, but still with no luck.

I can post the config files if anyone should need it. Any help would be greatly appreciated.

Thanks again for the invaluable how-to.


jlsm

jlsm
March 11th, 2011, 01:50 AM
Bump.

Hope someone could help. I really need this coz i've driven to a blank right now.

Thanks.

jlsm

fedef63
March 11th, 2011, 06:43 PM
Hi,
I wish just to tell you, that I've also Sasl working.
The value in the field "user" and "password" in the file /etc/pam.d/smtp are the same used to access maildb. And now it 's working.
I was thinking i must select "use crypted password" in the smtp panel of thunderbird. probably it was a bad assumption.

Mar 2 00:00:27 mail postfix/smtpd[2940]: 4508DC150E: client=unknown[192.168.254.2], sasl_method=PLAIN, sasl_username=pluto@xxx.it

Regards

If somebody using roundcube after SASL is enabled, if using SMTPS port 465 to send mail will get an error SMTP Error 554.
To solve it..here the few changes required in roundcube config:

// use this host for sending mails.
// to use SSL connection, set ssl://smtp.host.com
// if left blank, the PHP mail() function is used
// Use %h variable as replacement for user's IMAP hostname
$rcmail_config['smtp_server'] = 'ssl://localhost';

// SMTP port (default is 25; 465 for SSL)
$rcmail_config['smtp_port'] = 465;
// SMTP username (if required) if you use %u as the username RoundCube
// will use the current username for login
$rcmail_config['smtp_user'] = '%u';
// SMTP password (if required) if you use %p as the password RoundCube
// will use the current user's password for login
$rcmail_config['smtp_pass'] = '%p';
// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use
// best server supported one)
$rcmail_config['smtp_auth_type'] = 'PLAIN';

fedef63
March 11th, 2011, 06:51 PM
Hi jlsm,
please post your postifx config: master.cf and main.cf ,
and /etc/shorewall/rules

Do you have enabled the ports required in the firewall (shorewall) ?

I'm not an expert but i will have a look if I can Help.
regards
Federico

jlsm
March 14th, 2011, 06:39 AM
Thanks so much for looking into this Federico.

I also tried using clear passwd, but it's still not authenticating. I was able to make it work using POP3, but not using SASL, i'm afraid it might be prone to attacks or interception.

I'm still working on a testbed, not the production server yet, until I'm sure it is secure and stable.

Following are the main and master config files, as well the the shorewall rules.

I removed some of the commented lines in the config files (not all to retain section breaks)

main.cf


myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

append_dot_mydomain = no

readme_directory = no

smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes

btree:${data_directory}/smtpd_scache
btree:${data_directory}/smtp_scache


myhostname = subdomain.domain.com #I used a subdomain with an A and MX record, registered at freedns.afraid.org
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination =
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
home_mailbox = Maildir/
mailbox_command =

mynetworks_style = host

masquerade_domains = mail.subdomain.domain.com
masquerade_exceptions = root

local_recipient_maps =

delay_warning_time = 4h

unknown_local_recipient_reject_code = 450

maximal_queue_lifetime = 3d
bounce_queue_lifetime = 3d

minimal_backoff_time = 900s
maximal_backoff_time = 1800s

smtp_helo_timeout = 60s

smtpd_recipient_limit = 16

smtpd_soft_error_limit = 3

smtpd_hard_error_limit = 12

smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit

smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit

smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org

smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit
smtpd_data_restrictions = reject_unauth_pipelining

smtpd_helo_required = yes

smtpd_delay_reject = yes
disable_vrfy_command = yes
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
option is there)

virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
inet_protocols = all

content_filter = amavis:[127.0.0.1]:10024
Secure mail server, authentication section

smtpd_sasl_auth_enable = no # I changed this to no to accept clear passwd

broken_sasl_auth_clients = no
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =


master.cf


================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - - - - smtpd
submission inet n - n - - smtpd
# -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject_unauth_destination, reject
-o smtpd_sasl_security_options=noanonymous,noplaintex t
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject
-o smtpd_sasl_security_options=noanonymous,noplaintex t
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd


pickup fifo n - - 60 1 pickup

#### added below 'pickup' transport service as prescribed by the tutorial
-o content_filter=
-o receive_override_options=no_header_body_checks
#### end of addition

cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ================================================== ==================
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
================================================== ==================
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

#### This section is added as prescribed in the tutorial
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20

#### Continuation of added section
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_ unknown_recipient_checks
#### End of added section


shorewall rules

#
# Shorewall version 4 - Rules File
#
# For information on the settings in this file, type "man shorewall-rules"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-rules.html
#
################################################## ################################################## ################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ESTABLISHED
#SECTION RELATED
SECTION NEW
SSH/ACCEPT net $FW

Ping/ACCEPT net $FW

# Permit all ICMP traffic FROM the firewall TO the net zone
ACCEPT $FW net icmp

# mail lines
SMTP/ACCEPT net $FW
SMTPS/ACCEPT net $FW
Submission/ACCEPT net $FW
IMAP/ACCEPT net $FW
IMAPS/ACCEPT net $FW
POP3/ACCEPT net $FW

#web
Web/ACCEPT net $FW


Again, thank you for taking time to look into this. Kindly let me know if you need anything else.


jlsm

sixstorm
March 14th, 2011, 05:48 PM
I followed the basic Dovecot+Postfix+SquirrelMail how-tos over at help.ubuntu.com and I now have a sandbox, internal only email server. Very easy to setup, I figured it would be something extremely complicated TBH. I'm not tempted to buy a domain name and SSL to try and get to work with it.

fedef63
March 14th, 2011, 10:50 PM
Thanks so much for looking into this Federico.

I also tried using clear passwd, but it's still not authenticating. I was able to make it work using POP3, but not using SASL, i'm afraid it might be prone to attacks or interception.

I'm still working on a testbed, not the production server yet, until I'm sure it is secure and stable.

Following are the main and master config files, as well the the shorewall rules.

I removed some of the commented lines in the config files (not all to retain section breaks)

main.cf


myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

append_dot_mydomain = no

readme_directory = no

smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes

btree:${data_directory}/smtpd_scache
btree:${data_directory}/smtp_scache


myhostname = subdomain.domain.com #I used a subdomain with an A and MX record, registered at freedns.afraid.org
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination =
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
home_mailbox = Maildir/
mailbox_command =

mynetworks_style = host

masquerade_domains = mail.subdomain.domain.com
masquerade_exceptions = root

local_recipient_maps =

delay_warning_time = 4h

unknown_local_recipient_reject_code = 450

maximal_queue_lifetime = 3d
bounce_queue_lifetime = 3d

minimal_backoff_time = 900s
maximal_backoff_time = 1800s

smtp_helo_timeout = 60s

smtpd_recipient_limit = 16

smtpd_soft_error_limit = 3

smtpd_hard_error_limit = 12

smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit

smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit

smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org

smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10023, permit
smtpd_data_restrictions = reject_unauth_pipelining

smtpd_helo_required = yes

smtpd_delay_reject = yes
disable_vrfy_command = yes
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
option is there)

virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
inet_protocols = all

content_filter = amavis:[127.0.0.1]:10024
Secure mail server, authentication section

smtpd_sasl_auth_enable = no # I changed this to no to accept clear passwd

broken_sasl_auth_clients = no
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =


master.cf


================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - - - - smtpd
submission inet n - n - - smtpd
# -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject_unauth_destination, reject
-o smtpd_sasl_security_options=noanonymous,noplaintex t
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject
-o smtpd_sasl_security_options=noanonymous,noplaintex t
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd


pickup fifo n - - 60 1 pickup

#### added below 'pickup' transport service as prescribed by the tutorial
-o content_filter=
-o receive_override_options=no_header_body_checks
#### end of addition

cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ================================================== ==================
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
================================================== ==================
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

#### This section is added as prescribed in the tutorial
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20

#### Continuation of added section
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_ unknown_recipient_checks
#### End of added section


shorewall rules

#
# Shorewall version 4 - Rules File
#
# For information on the settings in this file, type "man shorewall-rules"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-rules.html
#
################################################## ################################################## ################################################
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME
# PORT PORT(S) DEST LIMIT GROUP
#SECTION ESTABLISHED
#SECTION RELATED
SECTION NEW
SSH/ACCEPT net $FW

Ping/ACCEPT net $FW

# Permit all ICMP traffic FROM the firewall TO the net zone
ACCEPT $FW net icmp

# mail lines
SMTP/ACCEPT net $FW
SMTPS/ACCEPT net $FW
Submission/ACCEPT net $FW
IMAP/ACCEPT net $FW
IMAPS/ACCEPT net $FW
POP3/ACCEPT net $FW

#web
Web/ACCEPT net $FW


Again, thank you for taking time to look into this. Kindly let me know if you need anything else.


jlsm


Hi,

I had a look to your configuration and the only strange things i seen so far are: (on /etc/postfix/main.cf)

>home_mailbox = Maildir/

>mailbox_command =

>inet_protocols = all

>smtpd_sasl_auth_enable = no # I changed this to no to accept clear passwd




my working SASL is configured as the guide.

etc/postfix/main.cf
# SASL
smtpd_sasl_auth_enable = yes
# If your potential clients use Outlook Express or other older clients
# this needs to be set to yes
broken_sasl_auth_clients = no
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =

/etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login cram-md5 digest-md5
log_level: 7
allow_plaintext: true
auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: mail
sql_passw: mailPASSWORD
sql_database: maildb
sql_select: select crypt from users where id='%u@%r' and enabled = 1

/etc/pam.d/smtp
auth required pam_mysql.so user=mail passwd=mailPASSWORD host=127.0.0.1 db=maildb table=users usercolumn=id passwdcolumn=crypt crypt=1
account sufficient pam_mysql.so user=mail passwd=mailPASSWORD host=127.0.0.1 db=maildb table=users usercolumn=id passwdcolumn=crypt crypt=1


what do you see in the logs when trying to connect ?

tail -f /var/log/mail.log

must be something helpful there ...

I would aso suggest to ad your local network to the end of this setting in main.cf

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

If SASL is not working i doubt you can connect from other computer without your local network there.


Regards

jlsm
March 16th, 2011, 03:27 AM
Hi again fed,

I'm out of the office right now where I have my mail server testbed. I'll post the mail.log when I get back next week. Hope you can still help me by then.

Thanks.

jlsm

lister171254
March 20th, 2011, 12:34 AM
Followed the Guide and setup virtuals, so the postconf -n output does not show everything, I guess

I have tested the server internal via telnet and it works.

As my ISP blocks inbound smtp I'm using Mail Reflector to forward the mails to my server

Following are some of the errors I get

Mar 20 10:25:18 MusicPc postfix/smtpd[6861]: NOQUEUE: reject: RCPT from mail1.no-ip.com[204.16.252.100]: 451 4.3.5 Server configuration problem; from=<thelists@optusnet.com.au> to=<poldi@zudiewiener.com> proto=ESMTP helo=<mail1.no-ip.com>
Mar 20 10:25:18 MusicPc postfix/smtpd[6861]: disconnect from mail1.no-ip.com[204.16.252.100]
Mar 20 10:26:58 MusicPc postfix/smtpd[6861]: connect from mail1.no-ip.com[204.16.252.100]
Mar 20 10:27:00 MusicPc postfix/smtpd[6864]: lost connection after UNKNOWN from localhost[127.0.0.1]
Mar 20 10:27:00 MusicPc postfix/smtpd[6864]: disconnect from localhost[127.0.0.1]


Postfix config is
-------------------------------
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
disable_vrfy_command = yes
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
local_recipient_maps =
mailbox_size_limit = 0
maximal_backoff_time = 8000s
maximal_queue_lifetime = 7d
message_size_limit = 102400
minimal_backoff_time = 1000s
mydestination =
myhostname = ml.zudiewiener.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks_style = host
myorigin = /etc/mailname
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
smtp_helo_timeout = 60s
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_limit = 40
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10025, permit
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
smtpd_soft_error_limit = 3
smtpd_tls_cert_file = /etc/postfix/postfix.cert
smtpd_tls_key_file = /etc/postfix/postfix.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 450
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_uid_maps = static:5000
-------------------------------------

the domains in mysql are localhost, localhost.localdomain, zudiewiener.com, ml.zudiewiener.com

Appreciate any help in solving this.

Thanks

2briancox
March 24th, 2011, 08:13 PM
I have been using this guide and I am at the point where I was doing the mysql setup where the instructions read:

# If not already done (in package installation)...
mysqladmin -u root password new_password
# log in as root
mysql -u root -p
# then enter password for the root account when prompted Enter password:
# then we create the mail database
create database maildb;
# then we create a new user: "mail"
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
ON maildb.* TO 'mail'@'localhost' IDENTIFIED by 'mailPASSWORD';
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
ON maildb.* TO 'mail'@'%' IDENTIFIED by 'mailPASSWORD';
exit;

Well, I have never edited a mysql input so I didn't know much about it. I had messed up on one of the lines didn't put in a semi-colon. I tried to retype the line to fix it. But I couldn't tell if that worked. Then even "exit;" didn't do anything. I finally couldn't figure out how to change anything so I thought I'd just quit the terminal window and start again.

But when I get back into mysql I can't create database maildb; because it already exists.

How do I approach getting back on track here?

fedef63
March 25th, 2011, 09:33 PM
Hello,
do the following:
mysql -u root -p
when asked type the password you have used during setup
drop database maildb;
create database maildb;

GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP ON maildb.* TO 'mail'@'localhost' IDENTIFIED by 'mailPASSWORD'; GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP ON maildb.* TO 'mail'@'%' IDENTIFIED by 'mailPASSWORD'; exit;

whith it you will create the maildb DB
next
mysql -u mail -p maildb
as password type mailPASSWORD

next you can proceed adding the rest of the db setting

Regards
Fedef

2briancox
March 25th, 2011, 11:03 PM
Thanks.

Just got the book PHP & MySQL for Dummies to get that line "drop database maildb;"

I think I better do some reading to be my own email admin. =)

lucaspr
March 28th, 2011, 06:11 PM
Why should you drop a database which is already there?

Correct me if I'm wrong but just don't recreate the database and just grant the user the appropriate rights.

lucaspr
March 28th, 2011, 06:20 PM
Followed the Guide and setup virtuals, so the postconf -n output does not show everything, I guess

I have tested the server internal via telnet and it works.

As my ISP blocks inbound smtp I'm using Mail Reflector to forward the mails to my server

Following are some of the errors I get

Mar 20 10:25:18 MusicPc postfix/smtpd[6861]: NOQUEUE: reject: RCPT from mail1.no-ip.com[204.16.252.100]: 451 4.3.5 Server configuration problem; from=<thelists@optusnet.com.au> to=<poldi@zudiewiener.com> proto=ESMTP helo=<mail1.no-ip.com>
Mar 20 10:25:18 MusicPc postfix/smtpd[6861]: disconnect from mail1.no-ip.com[204.16.252.100]
Mar 20 10:26:58 MusicPc postfix/smtpd[6861]: connect from mail1.no-ip.com[204.16.252.100]
Mar 20 10:27:00 MusicPc postfix/smtpd[6864]: lost connection after UNKNOWN from localhost[127.0.0.1]
Mar 20 10:27:00 MusicPc postfix/smtpd[6864]: disconnect from localhost[127.0.0.1]


Postfix config is
-------------------------------
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
disable_vrfy_command = yes
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
local_recipient_maps =
mailbox_size_limit = 0
maximal_backoff_time = 8000s
maximal_queue_lifetime = 7d
message_size_limit = 102400
minimal_backoff_time = 1000s
mydestination =
myhostname = ml.zudiewiener.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks_style = host
myorigin = /etc/mailname
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
smtp_helo_timeout = 60s
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_hard_error_limit = 12
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_limit = 40
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, check_policy_service inet:127.0.0.1:10025, permit
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
smtpd_soft_error_limit = 3
smtpd_tls_cert_file = /etc/postfix/postfix.cert
smtpd_tls_key_file = /etc/postfix/postfix.key
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 450
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_uid_maps = static:5000
-------------------------------------

the domains in mysql are localhost, localhost.localdomain, zudiewiener.com, ml.zudiewiener.com

Appreciate any help in solving this.

Thanks

Are you using SSL?

2briancox
April 6th, 2011, 07:22 PM
I'm at this point in the guide:


cd /etc/courier

openssl req -x509 -newkey rsa:1024 -keyout imapd.pem \ -out imapd.pem -nodes -days 999
I get the following error:


unknown option -out
req [options] <infile >outfile
I have no idea what to do. I'm stuck.

2briancox
April 10th, 2011, 08:01 PM
I should explain that the section being referred to in that question is in the section regarding encryption (TLS).

Also, on a side note, I am trying to add a CUPS print server to this same machine. Does anyone know the firewall settings that would need to be added to the shorewall settings listed in this guide to get it to work? I can't discover the shared printer here yet. Thanks.

cazador2011
April 13th, 2011, 03:28 PM
I'm at this point in the guide:


cd /etc/courier

openssl req -x509 -newkey rsa:1024 -keyout imapd.pem \ -out imapd.pem -nodes -days 999 I get the following error:


unknown option -out
req [options] <infile >outfile
I have no idea what to do. I'm stuck.


This is what you want:


cd /etc/courier

openssl req -x509 -newkey rsa:1024 -keyout imapd.pem -out imapd.pem -nodes -days 999

spackard
April 26th, 2011, 01:04 AM
I built a server using ami-c0ee06a9 and was seeing errors attributed to authdaemond.

mail.log.1:Apr 21 17:02:56 ip-10-212-82-179 authdaemond: SQL query: SELECT id, crypt, "", uid, gid, home, contact(home,'/',maildir), "", name, "" FROM users WHERE id = 'packard' AND (enabled=1)
mail.log.1:Apr 21 17:02:56 ip-10-212-82-179 authdaemond: mysql_query failed, reconnecting: FUNCTION maildb.contact does not exist
mail.log.1:Apr 21 17:02:56 ip-10-212-82-179 authdaemond: mysql_query failed second time, giving up: FUNCTION maildb.contact does not exist

I traced the problem to /etc/courier/authmysqlrc.
Original: MYSQL_MAILDIR_FIELD contact(home,'/',maildir)
Correction: MYSQL_MAILDIR_FIELD CONCAT(home,'/',maildir)

I guess this was noticed/posted about on page 30. Sorry for the duplicate info.

glacebeast
June 14th, 2011, 07:26 AM
Has anyone figured out an elegant solution to the problem outlined by Ontolog and oziemike a few pages back that isn't reverting to storing plaintext passwords and dropping down to PLAIN and LOGIN auth methods?


There is a pretty major problem with the way MySQL's ENCRYPT() function is being used in conjunction with the mail server setups. Actually I had to revert to using the plaintext password for both Postfix and Courier. In the case of Postfix I also had to restrict the AUTH types to 'LOGIN' because programs that were using CRAM-MD5 were failing authentication. One major problem here is that ENCRYPT is using whatever the OS's low-level crypt() is which can be anything. Furthermore since we are not supplying any salt, the salt is random! So now we can't reproduce the crypted string since we don't know the salt.I found myself running into the same issues when trying to negotiate an authorized login via any method that was not LOGIN. For example, trying to login through roundcube:


Jun 14 01:59:03 authdaemond: received auth request, service=imap, authtype=cram-md5
Jun 14 01:59:03 authdaemond: authmysql: trying this module
Jun 14 01:59:03 authdaemond: cram: challenge=PDczQTVGNEI0NjI2NkVBQjE3NTQxMjY4QzYwMEFF QTRBQHNtdHAuZHJ1bmtiYWJpZXMuY29tPg==, response=Zm9ydW1zQGRydW5rYmFiaWVzLmNvbSBiNGVhOGI5Z ThlMzdjMDE3NjAxOWUxOTIyZGRjZTM5Nw==
Jun 14 01:59:03 authdaemond: cram: decoded challenge/response, username 'forums@xxxxx.com'
Jun 14 01:59:03 authdaemond: authmysqllib: connected. Versions: header 50137, client 50141, server 50141
Jun 14 01:59:03 authdaemond: SQL query: SELECT id, crypt, "", uid, gid, home, concat(home,'/',maildir), "", name, "" FROM users WHERE id = 'forums@xxxx.com' AND (enabled=1 )
Jun 14 01:59:03 authdaemond: authmysql: REJECT - try next module
Jun 14 01:59:03 authdaemond: FAIL, all modules rejected
Jun 14 01:59:03 imapd-ssl: LOGIN FAILED, method=CRAM-MD5, ip=[::1]
Jun 14 01:59:08 imapd-ssl: Disconnected, ip=[::1], time=5, starttls=1
Also, when trying to send a mass e-mail through my phpBB3 setup with any auth method other than LOGIN, I get:


Jun 14 02:09:41 postfix/smtpd[1985]: connect from xxxxx.com[127.0.1.1]
Jun 14 02:09:41 postfix/smtpd[1985]: warning: SASL authentication failure: no secret in database
Jun 14 02:09:41 postfix/smtpd[1985]: warning: xxxx.com[127.0.1.1]: SASL CRAM-MD5 authentication failed: authentication failure
Jun 14 02:09:41 postfix/smtpd[1985]: lost connection after AUTH from xxxxx.com[127.0.1.1]
Jun 14 02:09:41 postfix/smtpd[1985]: disconnect from xxxx.com[127.0.1.1]
I must say, I'm a little disappointed that:

1) the problems were brought up ~10 pages ago and kind of faded away with out any more dialogue about them
2) I spent the better part of 4 days scouring my configuration and setup thinking I did something wrong and just stumbled on those tidbits... haha.

Thoughts?

*Edit: As an edit, I just wanted to reiterate that, although not a newcomer to computing in any facet, I'm very new to ubuntu and mailservers in general so I wanted to ensure that my server and it's users would be free from possible malicious activity. Thanks.

*Edit 2: Does 11.04 better support this deployment? I noticed in earlier pages people were claiming no issues with 9.xx ubuntu but as soon as they upgraded to 10.xx problems started.

highbomber
June 20th, 2011, 01:48 AM
My mail server currently can't make any folders. It is only creating the inbox. If I try to create a folder remotely I get an error, and if I try to e-mail I get an error saying something along the lines of, "Could not create sendmail folder." Has anyone experienced this? Can someone help me with this? Thanks.

highbomber
June 20th, 2011, 04:30 PM
Bump.

sprior
June 22nd, 2011, 06:45 PM
I've also run into the CRAM problem mentioned above when setting up SASL/TLS on an Ubuntu 10.04 machine (64 bit). Is there a current best recommendation to work around this problem? Is SASL actually necessary when TLS is required for all connections? There is a strong desire to use an Ubuntu LTS release when setting up a mail server, but has anyone checked yet to see if this problem persists with Ubuntu 11.04?

glacebeast
June 22nd, 2011, 08:37 PM
I've also run into the CRAM problem mentioned above when setting up SASL/TLS on an Ubuntu 10.04 machine (64 bit). Is there a current best recommendation to work around this problem?

I just disabled CRAM-MD5 in the courier-imap config and all seems to be running smooth; whether or not that is a smart solution, I can't really answer that. I do have a webmail client running and this is the only way I could make it work, but the data isn't sensitive and as long as the passwords aren't transmitted in plaintext I'm ok with it.


Is SASL actually necessary when TLS is required for all connections?

I was thinking the same thing; per my understanding, SASL is just another layer of protection... a compliment if you will. Most of us are paranoid enough to probably want maximum security though, lol.


There is a strong desire to use an Ubuntu LTS release when setting up a mail server, but has anyone checked yet to see if this problem persists with Ubuntu 11.04?

My thoughts exactly. I haven't cause I run a completely headless server sans an ethernet connection, so upgrading is a bit of a hassle. However, if it would enable a ramp up in security I'd almost definitely do it.

With that said, my knowledge of all of this is probably amateur at best compared to some of those lurking out there, and I was hoping we could suck some of those folk in here to answer some of these concerns.

airtonix
June 23rd, 2011, 07:29 AM
It would be useful if you started your guide with :



Customise the editor you want


export $EDITOR=nano



Then through out the document use


$EDITOR something something something

instead of assuming people want to use vi...

vi makes me rage HARD. I want to kill kittens when i use it.

mikeleonard
June 23rd, 2011, 01:11 PM
SO valuable information .i also searching for these valuable informations.

karka91
June 30th, 2011, 12:03 AM
I followed your instructions on the tutorial however when I want to send an email not from the server (using an email client) I get rejected:

Jun 30 00:54:30 servername postfix/smtpd[32289]: NOQUEUE: reject: RCPT from --.kava.lt[my-ip]: 554 5.7.1 <--@gmail.com>: Relay access denied; from=<karolis@--.ie> to=<--@gmail.com> proto=ESMTP helo=<[server-ip]>



# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = --.ie
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = --.ie
mydestination =
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
mynetworks_style = host
local_recipient_maps =

# how long if undelivered before sending warning update to sender
delay_warning_time = 4h
# will it be a permanent error or temporary
unknown_local_recipient_reject_code = 450
# how long to keep message on queue before return as failed.
# some have 3 days, I have 16 days as I am backup server for some people
# whom go on holiday with their server switched off.
maximal_queue_lifetime = 7d
# max and min time in seconds between retries if connection failed
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
# how long to wait when servers connect before receiving rest of data
smtp_helo_timeout = 60s
# how many address can be used in one message.
# effective stopper to mass spammers, accidental copy in whole address list
# but may restrict intentional mail shots.
smtpd_recipient_limit = 16
# how many error before back off.
smtpd_soft_error_limit = 3
# how many max errors before blocking it.
smtpd_hard_error_limit = 12

# Requirements for the HELO statement
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
# Requirements for the sender details
smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
# Requirements for the connecting server
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
# Requirement for the recipient address
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, perm$
smtpd_data_restrictions = reject_unauth_pipelining

# require proper helo at connections
smtpd_helo_required = yes
# waste spammers time before rejecting them
smtpd_delay_reject = yes
disable_vrfy_command = yes

# not sure of the difference of the next two
# but they are needed for local aliasing
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
# this specifies where the virtual mailbox folders will be located
virtual_mailbox_base = /var/spool/mail/virtual
# this is for the mailbox location for each user
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
# and this is for aliases
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
# and this is for domain lookups
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
# this is how to connect to the domains (all virtual, but the option is there)
# not used yet
# transport_maps = mysql:/etc/postfix/mysql_transport.cf

virtual_uid_maps = static:5000
virtual_gid_maps = static:5000


What should be changed so that sending email via client would be possible? Not only for me but for registered users in the database

sprior
July 4th, 2011, 02:56 AM
After getting the described server setup working I discovered that Courier has a hardcoded IMAP namespace which the default Android email client does not handle properly. Because Android is a strong requirement for my server I have decided to replace Courier with Dovecot.

So far I'm having trouble getting started in how to configure Dovecot for the same MySQL based authentication described in this article with Ubuntu 10.04. Does anyone know if a variation of this article exists with Dovecot support?

highbomber
July 31st, 2011, 11:11 PM
I am trying to do the same with Dovecot.

I am following this guide: http://wiki.dovecot.org/HowTo/DovecotLDAPostfixAdminMySQL

I am trying to meld it with Flurdy's tutorial but so far I am having no luck. This guide has a poor explanation of the variables it needs.

So far I do have Dovecot talking to MySQL, but I still can't authorize any accounts against my database.

EDIT

It's now working. Two things that were stopping me:

1. Make sure "disable_plaintext_auth = no" It makes no sense to try debugging your server while using certificates. You can do that stuff after your SMTP, IMAP, and POP3 servers are working correctly
2. Your crypt field must have used MD5() and not encrypt() like in Flurdy's guide.

Here are the two query's I modified to work with Flurdy's database model.

user_query = SELECT concat('/var/spool/mail/virtual/', maildir) as home, concat('maildir:/var/spool/mail/virtual/', maildir) as mail, 5000 as uid, 5000 as gid, concat('maildir:storage=', quota) AS quota FROM users WHERE id = '%u' AND enabled = '1'

password_query = SELECT id as user, crypt as password, concat('/var/spool/mail/virtual/', maildir) as userdb_home, concat('maildir:/var/spool/mail/virtual/', maildir) as userdb_mail, uid as userdb_uid, gid as userdb_gid FROM users WHERE id = '%u' AND enabled = '1'

I hope that helps. Follow the guide I linked very carefully and you should be able to figure it out. If anyone wants a more detailed explanation to supplement Flurdy's guide then I will make one.

EDIT2

After working more with Dovecot, I feel I have to mention a few more things:

3. "disable_plaintext_auth = no" should only be off if you are using TLS, and even then you should be hashing your password.
4. Don't use MD5, since it has inherit weaknesses. Use Dovecot's SSHA256 scheme. It is safer, however, I am having difficulty making it compatible with other programs.

Right now I am trying to get Dovecot to use a custom scheme. If anyone has experience with Hash functions, Crypt, and libc let me know please.

EDIT3

Also, one big plus to using Dovecot is you do not need saslauthd. One less application is one less point of failure IMO.

dfansler
August 16th, 2011, 01:21 AM
Hi delaTorre - did you ever get an answer or figure out the reason behind :
Aug 18 21:08:29 home imapd: chdir Maildir: No such file or directory
Aug 18 21:08:29 home imapd: user1@home.local: No such file or directory

I have the same problem.
Thanks,
David

crnieto05
September 21st, 2011, 02:50 PM
Sorry.

crnieto05
September 21st, 2011, 02:54 PM
Hello.
I will like to know how resolve this problem.

crnieto05
September 21st, 2011, 03:27 PM
I'm a newbee. Your guide is extremely helpfull thank you.
I have a running apache server on my machine. I am afraid of messing up so I skipped setting up firewall for now.

I managed to set up Courier IMAP. I can log in through imap but when I try to send mails, I get:

Dec 17 13:09:13 mygitarapp postfix/smtpd[24035]: connect from unknown[88.235.53.100]
Dec 17 13:09:13 mygitarapp postfix/smtpd[24035]: NOQUEUE: reject_warning: RCPT from unknown[88.235.53.100]: 504 5.5.2 <ArGoNNB>: Helo command rejected: need fully-qualified hostname; from=<gunman@mygitar.com> to=<c@gri.in> proto=ESMTP helo=<ArGoNNB>
Dec 17 13:09:13 mygitarapp postfix/smtpd[24035]: NOQUEUE: reject: RCPT from unknown[88.235.53.100]: 554 5.7.1 <c@gri.in>: Relay access denied; from=<gunman@mygitar.com> to=<c@gri.in> proto=ESMTP helo=<ArGoNNB>
Dec 17 13:09:13 mygitarapp postfix/smtpd[24035]: NOQUEUE: reject_warning: RCPT from unknown[88.235.53.100]: 504 5.5.2 <ArGoNNB>: Helo command rejected: need fully-qualified hostname; from=<gunman@mygitar.com> to=<c@gri.in> proto=ESMTP helo=<ArGoNNB>
Dec 17 13:09:13 mygitarapp postfix/smtpd[24035]: NOQUEUE: reject: RCPT from unknown[88.235.53.100]: 554 5.7.1 <c@gri.in>: Relay access denied; from=<gunman@mygitar.com> to=<c@gri.in> proto=ESMTP helo=<ArGoNNB>
Dec 17 13:09:13 mygitarapp postfix/smtpd[24035]: NOQUEUE: reject_warning: RCPT from unknown[88.235.53.100]: 504 5.5.2 <ArGoNNB>: Helo command rejected: need fully-qualified hostname; from=<gunman@mygitar.com> to=<hctopcu@gmail.com> proto=ESMTP helo=<ArGoNNB>
Dec 17 13:09:13 mygitarapp postfix/smtpd[24035]: NOQUEUE: reject: RCPT from unknown[88.235.53.100]: 554 5.7.1 <hctopcu@gmail.com>: Relay access denied; from=<gunman@mygitar.com> to=<hctopcu@gmail.com> proto=ESMTP helo=<ArGoNNB>
Dec 17 13:09:14 mygitarapp postfix/smtpd[24035]: disconnect from unknown[88.235.53.100]I can't understand why a client need to have a hostname. (As I said I'm a rookie)

I will like to know how resolve this problem.

KriBaBa
September 22nd, 2011, 07:51 PM
Hiya, I'm trying to get a hang on this.. But there's a lof of stuff I don't understand.
Well..
I followed the guide, but for some reason it's not working.
I only did the first part so far (the basic setup) and without firewall (It's a cloud server and I can change firewall setting elsewhere).
For now I have not restricted port 25 at all.

Anyway, I tried to use telnet to send a mail as the guide tell you to, but something is wrong.
Here's the result of the tails


root@ubuntu:/# tail -f /var/log/mail.log
Sep 22 14:21:29 ubuntu postfix/qmgr[12335]: 7D23A21C1E: removed
Sep 22 14:21:57 ubuntu postfix/smtpd[20677]: disconnect from localhost[127.0.0.1]
Sep 22 14:26:32 ubuntu imapd: Connection, ip=[::ffff:127.0.0.1]
Sep 22 14:28:11 ubuntu postfix/smtpd[20792]: warning: 186.213.77.50: hostname 186.213.77.50.static.host.gvt.net.br verification failed: Name or service not known
Sep 22 14:28:11 ubuntu postfix/smtpd[20792]: connect from unknown[186.213.77.50]
Sep 22 14:28:33 ubuntu postfix/smtpd[20792]: lost connection after UNKNOWN from unknown[186.213.77.50]
Sep 22 14:28:33 ubuntu postfix/smtpd[20792]: disconnect from unknown[186.213.77.50]
Sep 22 14:31:53 ubuntu postfix/anvil[20793]: statistics: max connection rate 1/60s for (smtp:186.213.77.50) at Sep 22 17:28:11
Sep 22 14:31:53 ubuntu postfix/anvil[20793]: statistics: max connection count 1 for (smtp:186.213.77.50) at Sep 22 17:28:11
Sep 22 14:31:53 ubuntu postfix/anvil[20793]: statistics: max cache size 1 at Sep 22 17:28:11
Sep 22 14:54:12 ubuntu postfix/smtpd[21121]: connect from localhost[127.0.0.1]
Sep 22 14:56:28 ubuntu postfix/smtpd[21121]: 58A6B21B62: client=localhost[127.0.0.1]
Sep 22 14:56:38 ubuntu postfix/cleanup[21138]: 58A6B21B62: message-id=<20110922175628.58A6B21B62@mail.envisionenglish.com .br>
Sep 22 14:56:38 ubuntu postfix/qmgr[12335]: 58A6B21B62: from=<kristianbbach@gmail.com>, size=360, nrcpt=1 (queue active)
Sep 22 14:56:38 ubuntu postfix/virtual[21142]: 58A6B21B62: to=<klaus/@envisionenglish.com.br>, orig_to=<klaus@envisionenglish.com.br>, relay=virtual, delay=41, delays=41/0.02/0/0.05, dsn=5.1.1, status=bounced (unknown user: "klaus/@envisionenglish.com.br")
Sep 22 14:56:38 ubuntu postfix/cleanup[21138]: CC51B21C12: message-id=<20110922175638.CC51B21C12@mail.envisionenglish.com .br>
Sep 22 14:56:38 ubuntu postfix/qmgr[12335]: CC51B21C12: from=<>, size=2376, nrcpt=1 (queue active)
Sep 22 14:56:38 ubuntu postfix/bounce[21144]: 58A6B21B62: sender non-delivery notification: CC51B21C12
Sep 22 14:56:38 ubuntu postfix/qmgr[12335]: 58A6B21B62: removed
Sep 22 14:56:41 ubuntu postfix/smtp[21145]: CC51B21C12: to=<kristianbbach@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.45.27]:25, delay=2.6, delays=0.01/0.02/0.96/1.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1316714201 i16si4239653yba.88)
Sep 22 14:56:41 ubuntu postfix/qmgr[12335]: CC51B21C12: removed
Sep 22 14:56:43 ubuntu postfix/smtpd[21121]: disconnect from localhost[127.0.0.1]



And:


* Documentation: https://help.ubuntu.com/
You have new mail.
Last login: Thu Sep 22 17:17:25 2011 from 186.213.77.50
root@ubuntu:~# tail -f /var/log/mysql.log

(there's nothing happening)



Could anyone guide me to a way to fix this?
One thing I noticed is that it seems to add "/" after the recipients name for some reason...

Could it be a rights problem?


root@ubuntu:/# ls -l /var/mail/virtual
total 0
root@ubuntu:/# ls -l /var/mail/
total 8
-rw------- 1 root mail 1444 2011-09-22 16:01 root
drwxr-sr-x 2 virtual virtual 4096 2011-09-22 16:44 virtual
root@ubuntu:/#

KriBaBa
September 22nd, 2011, 08:25 PM
I'm getting more and more sure the problem is with the trailing slash since postfix appears to be able to send emails.
I received the following in my private inbox:
FROM: Mail Delivery System <MAILER-DAEMON@envisionenglish.com.br>

Reporting-MTA: dns; mail.envisionenglish.com.br
X-Postfix-Queue-ID: 7FF8421B62
X-Postfix-Sender: rfc822; kristianbbach@gmail.com
Arrival-Date: Thu, 22 Sep 2011 21:33:38 +0000 (UTC)

Final-Recipient: rfc822; klaus/@envisionenglish.com.br
Original-Recipient: rfc822;klaus@envisionenglish.com.br
Action: failed
Status: 5.1.1
Diagnostic-Code: X-Postfix; unknown user: "klaus/@envisionenglish.com.br"

fade2gray
September 23rd, 2011, 01:58 AM
To anyone having problems with this guide, I suggest considering installing Ubuntu server 10.04.3 LTS and Virtualmin. Virtualmin gives you a browser type front-end for managing your web-server, mail-server and much more. Read this guide (http://ubuntuforums.org/showthread.php?t=1197883) for starters.

NOTE: If you do follow the guide, when you get to the section where you are told to do the following:-
sudo ./install.sh

... after the Virtualmin installation script has completed successfully, you will need to perform the following commands:-
sudo update-rc.d webmin defaults
sudo update-rc.d usermin defaults
... this is because Virtualmin also installs Webmin 1.560 and Usermin 1.480 - for which the Upstart Jobs for both are slightly bugged and the latter two commands rectify this (see this thread (http://www.virtualmin.com/node/19092)).

Addendum: Since posting this, I notice that Virualmin has been updated from version 3.87 to 3.88, but I'm unsure if this eliminates the need to run the extra commands. The best thing to do (after running the install script) is to try accessing the browser interface first:-
https://your_server_ip:10000... if you get an error - then run the extra commands.
HTH.

KriBaBa
September 23rd, 2011, 03:00 AM
Sounds like it's worth a try... Thanks for the tip :)

KriBaBa
September 23rd, 2011, 03:12 PM
Addendum: Since posting this, I notice that Virualmin has been updated from version 3.87 to 3.88, but I'm unsure if this eliminates the need to run the extra commands. The best thing to do (after running the install script) is to try accessing the browser interface first:-
https://your_server_ip:10000... if you get an error - then run the extra commands.
HTH.

For me it appears to run smoothly without these extra commands

fade2gray
September 23rd, 2011, 04:45 PM
For me it appears to run smoothly without these extra commands

That's really odd - I just performed a clean install of Ubuntu server 10.04.3 and Virtualmin 3.88 GPL on a virtual-machine and found I still had to perform the extra commands to fix the upstart jobs for Webmin and Usermin.

Any further queries regarding this should be discussed in this thread (https://www.virtualmin.com/node/19581) and this thread (http://www.virtualmin.com/node/19092) in the Virtualmin forums, or at least a separate Ubuntu thread, so as not to go off topic.

rougueboy
September 27th, 2011, 09:28 PM
Followed the 10th version (Ubuntu 10.04) for setting up basic mail server.
Moving to the Authentication: Cyrus SASL client section and SASL.

Can't get past the following error...
mail.log:Sep 26 10:02:20 rougserver postfix/smtpd[16920]: warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
saslauthd is running...
18919 ? Ss 0:00 /usr/sbin/saslauthd -a pam -r -c -m /var/spool/postfix/var/run/saslauthd -n 5
Here's the socket...
auth.log:Sep 27 13:34:07 rougserver saslauthd[18919]: ipc_init : listening on socket: /var/spool/postfix/var/run/saslauthd/mux
master.cf has the saslauthd running in chroot...
smtp inet n - - - - smtpd -v

I'm at a loss this point to understand why smtpd does not find saslauthd...
Any suggestions much appreciated...

rougueboy
September 29th, 2011, 07:41 PM
Update the subject to be the error...
Found out what the problem was...
I had set
queue_directory = /mnt/rougshare/spool/postfix
in main.cf
I followed flurdy's directions and setup as in my post saslauthd directory (-m option) to run out of
/var/spool/postfix/var/run/saslauthd
Need to be out of
/mnt/rougshare/spool/postfix/var/run/saslauthd
I had changed them to be off my boot disk to my raid array.
May want to include in a future update of your guide the change to where the mail and queue directories are.
It would be very helpful if smtpd also put the directory in the warning. I saw many posts on this warning that would have been easier to resolve if the directories were printed. Maybe I should make this change to postfix and submit it? :)

rougueboy
October 1st, 2011, 02:43 AM
One addition problem I noted that was not discussed in the setup.
Courier-imap does not setup its own maildirs for new accounts.
That has to be done manually for every added account.
Courier has a command call maildirmake that can be used to setup new maildirs as you add new accounts. This is especially meaningful for imap to get the sent, drafts and trash folders in place which are the defaults maildirmake setups up. I also found out for mac outlook 2011, it requires a Junk E-mail folder to be created. That can be done through the maildirmake -f command.

Once I had an empty mailbox setup correctly, it was easier just to do a "cp -a" for that mailbox when I created new users. Interested in if their is any more integrated way - e.g. from a sql web interface with php to do all this every time a user is added.

trenje
October 11th, 2011, 11:55 AM
Hello flurdy,

First of all thanks for great tutorial, it really helped me setting up my mailserver.

I have two suggestions for tutorial. First one is that you didn't cover Courier POP and installing/settingup Courier POP packages, I had to do that manually and to open POP3 and POP3S in shorewall.

The second is that most of the spam servers check reverse DNS when sending email and you didn't cover that (I had to set up bind with reverse dns for that).

Nevertheless, this is the best tutorial I have seen for creating mailserver, thank you!

The Sorrow
October 12th, 2011, 07:18 PM
Been wanting to set one of these up! Definitely coming in handy.

flurdy
November 10th, 2011, 01:00 PM
One addition problem I noted that was not discussed in the setup.
Courier-imap does not setup its own maildirs for new accounts.
That has to be done manually for every added account.
Courier has a command call maildirmake that can be used to setup new maildirs as you add new accounts. This is especially meaningful for imap to get the sent, drafts and trash folders in place which are the defaults maildirmake setups up. I also found out for mac outlook 2011, it requires a Junk E-mail folder to be created. That can be done through the maildirmake -f command.

Once I had an empty mailbox setup correctly, it was easier just to do a "cp -a" for that mailbox when I created new users. Interested in if their is any more integrated way - e.g. from a sql web interface with php to do all this every time a user is added.

Creating the folders manually is not neccessary.
As long as the root exists postfix will create these folders once each user receives its first email.(http://flurdy.com/docs/postfix/#app_faq)

However as you state the additional folders courier uses will not be created by postfix as it does not use them. But those extra ones can be created by eg roundcube or squirrelmail by default: in http://flurdy.com/docs/postfix/#ext_round the

$rcmail_config['create_default_folders'] = TRUE;

gestalts
November 24th, 2011, 05:51 AM
A while ago before getting started I purchased the official "book of postfix" and taken time to read thru the ubuntu documentation for postfix. And i've installed all of the necessary/related packages. Presently I have postfix configured as an "internet site"; mail service for my primary (default) server/hostname "server.example.net", "localhost", etc..

Bind9/DNS, zone files, everything is all set.

My primary (default) server/hostname is set up on a dedicated box with about 20 dedicated ip's - though only a few are currently in-use -- (3) websites w/dedicated ip's + SSL.

Just to be clear, let me illustrate:
"server.example.NET" = primary server/hostname + dns zone file; 170.160.150.140
"example.COM" = website #1 + dns zone file; 170.160.150.141
"pretendco.com" = website #2 + dns zone file; 170.160.150.142
"greedyco.com" = website #3 + dns zone file; 170.160.150.143

I just recently added "imap.example.com" + "smtp.example.com" + corresponding zone file entries, each with its own unique/dedicated ip. So in-addition to above, now I've got:
"imap.example.net" + entry added to corresponding dns zone file; 170.160.150.144
"smtp.example.net" + entry added to corresponding dns zone file; 170.160.150.145

Here's my question:
Up to this point I've been using google's (mx) to provide mail service for all of the above domains + dns zone files with corresponding google mx entries. I suppose what I'm trying to do here - essentially replicate google's configuration (imap.gmail.com, smtp.gmail.com) on my server with postfix/courier - allowing me to send and receive mail(boxes) from my desktop mail program configured with my own server(s) "imap.example.net, smtp.example.net" to send and receive mail(boxes) -- not google's (imap;smtp.gmail.com).

Does that make sense?
In your own words, can anyone kindly help explain how I can accomplish this?
Please, please, no links to documentation or blogs filled with garbage advertising.
Greatly appreciated! Thanks y'all!

dstein766
November 24th, 2011, 09:10 PM
Thanks for the excellent documentation - I've been working to replace a dying mail server with a new one and this has been invaluable! I have one problem, however, that I'm hoping has an obvious solution.

I relay all my incoming (home) email to my work address via my ISP. My current email server (built a long time ago using standard packages and another Postfix HowTo) works fine (if one overlooks the dying hardware :)), but the new setup keeps giving me 553 rejections when I try to relay. I *think* the root of the problem is found in this representative message from mail.log, which appears just prior to the 553 errors:

Nov 24 11:03:44 mailhost postfix/qmgr[7878]: 21F2DC1F21: from=<>, size=9657, nrcpt=1 (queue active)

Note the "from=<>" entry - as far as I can tell, on my working server this field isn't blank but shows my home email (which is, in turn, a valid address as far as my ISP is concerned). So as far as I can tell I'm passing an empty MAIL FROM field to the relay host and being rejected.

Is there an obvious reason why the from address would be empty? I've attempted to do side-by-side comparison of my working setup (particularly on the various SASL parameters, which are in agreement), but the old setup uses .procmailrc as the fowarding mechanism while the new setup uses the mysql aliases approach. This may be a red herring, but my own skills in this area are limited so I really don't know where to look to try to solve.

georgian_craciun
November 26th, 2011, 01:05 PM
Here (http://scripturi-instalare-ubuntu.blogspot.com/2011/10/in-lucru-un-server-de-mail-in-4-minute.html#more) you can find a script that installs and configures postfix-courier-SquirrelMail in 4 minutes. Perhaps you are useful for someone ...

fade2gray
November 26th, 2011, 02:12 PM
Here (http://scripturi-instalare-ubuntu.blogspot.com/2011/10/in-lucru-un-server-de-mail-in-4-minute.html#more) you can find a script that installs and configures postfix-courier-SquirrelMail in 4 minutes. Perhaps you are useful for someone ...
Should anyone need to translate the page the link leads to; it's in Romanian.

georgian_craciun
November 26th, 2011, 03:51 PM
It is not difficult ...
Download the script from HERE (https://docs.google.com/open?id=0BzdgJBgHUlPrNTQ1ZmFkZGItOTczYS00NjYxLTk2M jQtNDEyYjA2ZTY0NjJm) ;
make it executable (ex: sudo chmod +x /home/servermail ),
change the content lines from 105 to 125
launch script execution (ex: sudo /home/servermail )

... or you can write in Google http://scripturi-instalare-ubuntu.blogspot.com/2011/10/in-lucru-un-server-de-mail-in-4-minute.html and then click Translate Page.

The script will install and configure postfix - courier - SquirrelMail. After that you have a fully functional mail server.

jspiegel187
December 15th, 2011, 06:25 PM
Hey, I'm having trouble getting the basic mail server running. I can telnet in but when I try to send an email the "RCPT TO:" portion denies it no matter what I type in. Below is the tail of the mail log:

Dec 15 12:13:20 zero postfix/smtpd[2304]: connect from localhost.localdomain[127.0.0.1]
Dec 15 12:14:05 zero postfix/smtpd[2304]: NOQUEUE: reject: RCPT from localhost.localdomain[127.0.0.1]: 554 5.7.1 <localhost.localdomain[127.0.0.1]>: Client host rejected: Access denied; from=<master@zero.local> to=<jripeastwest@yahoo.com> proto=ESMTP helo=<zero.local>
Dec 15 12:14:05 zero postfix/smtpd[2304]: warning: restriction `rbl_client' after `reject' is ignored
Dec 15 12:14:08 zero postfix/smtpd[2304]: disconnect from localhost.localdomain[127.0.0.1]

My username on the box is "master" and my hostname is zero.local
The firewall is closed as per the instructions.

Below is my main.cf


# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
myorigin= zero.local


smtpd_banner = $myhostname ESMTP Welcome, XNasty at your service.....
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname =zero.local
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = zero.local, zero, localhost.localdomain, localhost
relayhost =smtp-server.nyc.rr.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
mynetworks_style = host
masquerade_domains =
masquerade_exceptions = rootlocal_recipient_maps =
mydestination =

# MAIL SETTINGS

delay_warning_time = 4h
unknown_local_recipient_reject_code = 450
maximal_queue_lifetime = 7d
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
smtp_helo_timeout = 60s
smtpd_recipient_limit = 16
smtpd_soft_error_limit = 3
smtpd_hard_error_limit = 12


# RESTRICTIONS

smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
#

smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit


smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org

smtpd_recipient_restrictions = reject_unauth_pipelinig, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit

smtpd_data_restrictions = reject_unauth_pipelining

smptd_helo_required = yes

smptd_delay_reject = yes

disable_vrfy_command = yes

#######

alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
virtual_mailbox_base = /var/spool/mail/virtual
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000


I'd love to get this running. Not sure what the next step is to get this past the testing phase.

Any help is appreciated..

TJRana
December 25th, 2011, 09:19 PM
Thank you.

georgian_craciun
December 28th, 2011, 09:30 AM
Now it tells me to add users and domains. It says
# Use phpMyAdmin or command line mysql
INSERT INTO domains (domain) VALUES
('localhost'),
('localhost.localdomain');I don't know how to do that. What do it mean by "Use phpMyAdmin? Or command line mysql? How do I do that? What should I do?


echo "USE maildb;" > /home/createdb
echo "INSERT INTO domains (domain) VALUES ('$domeniulmeu');" >> /home/createdb
echo "quit" >> /home/createdb
mysql -uroot -p$passroot </home/createdb
where :
$domeniulmeu = yours domain name (ex: ubuntuforums.org)
$passroot = password for MySQL root user

rhyancute
January 10th, 2012, 01:18 PM
i install ubuntu 11.10 32bit server.
i can send email using php script

my webmail client (http://www.afterlogic.com) and roundcube is successfully installed.


my problem is how to create a email account?

any one can help me?

jongers
January 19th, 2012, 07:13 AM
****UPDATE: FIXED****
Hopefully this will save someone else some time. Did I miss this step in the tutorial or something?
Looking back on it... this should have been a pretty easy fix.
On the last line of
/etc/courier/imapd-ssl
I changed
MAILDIRPATH=Maildir
to
MAILDIRPATH=/var/spool/mail/virtual


That has saved me some time thanks!:KS

ckuecker
January 24th, 2012, 03:38 AM
Hello,

First, thanks for the thorough howto. It really helps to see examples of how to do things.

I used this howto to install a mail server on my Ubuntu 11.10 system. I had a working system until I upgraded from Ubuntu 10, and lost the ability to boot off my main drive. I had to reinstall from the CD to get a working system back, and I lost my original mail system.

I can telnet into the system and connect to ports 25 and 143 if I use 'localhost'. When I try to telnet in using my FQDN, I get 'telnet: Unable to connect to remote host: Connection refused'.

I tried using tail on the mysql and mail log files. I see activity on the mail log when I try via telnet, but no activity at all on the mysql log.

I read through the Shorewall documentation and cannot see where that could be causing my problems.

Another strange thing that might be syptomatic - my Apache web server was working on the Ubuntu machine, and was accessible from the Ubuntu machine and other Windows machines on my local network until I started with this installation. Now, it apparently is accessible only from the Internet - I had a friend access it while I was unable to load the pages.

Any idea how to proceed? I am starting to suffer from email withdrawal.

ckuecker
January 24th, 2012, 01:08 PM
Found one problem - my bind9 config files had some comments in them that were being interpreted as errors. Bind9 is working now.

I can access my website on 127.0.0.1, but still not from outside.

ckuecker
January 25th, 2012, 04:29 PM
Reloaded Ubuntu from scratch and went through the install again. Everything works properly from localhost, but I cannot access anything from outside the Linux machine.

I installed gufw and turned off the firewall - still cannot access from outside.

Telnet localhost works - telnet <FQDN> works. Telnet to my Internet IP fails.

Some config files -

/etc/hosts:


127.0.0.1 localdomain.localhost localhost
192.168.0.200 ckenterprises.ckent.org smtp

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
/etc/interfaces:


auto lo
iface lo inet loopback
pre-up iptables-restore < /etc/iptables.rules
post-down iptables-restore < /etc/iptables.downrules

auto eth0
iface eth0 inet static
address 192.168.0.200
network 192.168.0.0
netmask 255.255.255.0
broadcast 192.168.0.255
gateway 192.168.0.2
/etc/hostname:


<my.full.domain>
Any help would be very appreciated.

ckuecker
January 25th, 2012, 04:34 PM
In case it helps:


root@ckuecker:/home/chuck# ifconfig
eth0 Link encap:Ethernet HWaddr 00:18:4d:71:ad:69
inet addr:192.168.0.200 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::218:4dff:fe71:ad69/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:24592 errors:0 dropped:0 overruns:0 frame:0
TX packets:18626 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:15637039 (15.6 MB) TX bytes:2852932 (2.8 MB)
Interrupt:11 Base address:0xe800

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4596 errors:0 dropped:0 overruns:0 frame:0
TX packets:4596 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:217754 (217.7 KB) TX bytes:217754 (217.7 KB)

ckuecker
January 25th, 2012, 10:45 PM
Further information - I can get Thunderbird to connect to the servers using 127.0.0.1, but it keeps telling me my email password is invalid.

From looking at log activity, I think the system is receiving emails from outside servers, so if I can access this system locally i can at least delete my spam and send emails out. Ultimately, I need to be able to access the system from any computer on my local network, as I host email for several people.

ckuecker
January 26th, 2012, 11:07 PM
OK. I am in the home stretch, I think. Disabling the firewall with iptables -F allowed my webserver to work, and I was able to send email from Thunderbird on both my local Windows machine and from this Ubuntu machine. Email sent from outside gets into the /var/mail/virtual/<user> folder, and I can look at it with gedit and see my messages.

What I can't do - yet - is connect with Thunderbird to read what's in the mailbox. Thunderbird wants a password, and tells me it's incorrect when I supply the password I used in the setup process.

So, what I need now is to find out where postfix hides that password, and gedit to send those accumulating emails out to Thunderbird, and I can put this mess to bed.

Then, I need to re-enable a proper firewall.

AntaresDaha
January 27th, 2012, 04:45 PM
So yesterday we followed the tutorial and managed to setup a core/simple mailserver.
All in all it does what we would expect the server to do.
It can receive emails and store them under the associated virtual user accounts.
It's also able to match different mail aliases against each other using the mysql tables etc.
But concerning outgoing/forwarding emails we got a peculiar problem.
If we locally run telnet on our server, we can emulate another machine requesting to send/forward mails for us, like that:


helo we.are.an.extern.server.com
-> 250 ourserver.net
mail from: d.k@googlemail.com
-> 250 2.1.0 Ok
rcpt to: antares@lazias.com
-> 250 2.1.5 Ok
data
-> End data with <CR><LF>.<CR><LF>
somerandomtext
foobar
.
-> 250 2.0.0 Ok queued as 9E05517F808B
quit
-> 221 2.0.0 Bye
Moments later antares@lzias.com (antares@lazias.com) will be resolved to cdomi@web.de and the testmail will be received in that (extern) mailbox.
Now if we contact our server via telnet from an EXTERN machine and run the exact same commands our server will respond in the exact same way, it will try to send out the created mail to cdomi@web.de but awkwardly enough when we login on that extern mailbox the mail is never received.
Now if we look into the logfiles of our server, we can see that our mailserver seems to be doing the exact same thing, trying to sent/forward a mail to cdomi@web.de and it doesn't seem to have any troubles doing so.
Here the corresponding logfile entries:


Jan 27 16:20:46 ourserver postfix/smtpd[15487]: connect from localhost.localdomain[127.0.0.1]
Jan 27 16:23:21 ourserver postfix/smtpd[15487]: 9E05517F808B: client=localhost.localdomain[127.0.0.1]
Jan 27 16:24:58 ourserver postfix/cleanup[15492]: 9E05517F808B: message-id=<20120127152321.9E05517F808B@ourserver.net>
Jan 27 16:24:58 ourserver postfix/qmgr[9946]: 9E05517F808B: from=<d.k@googlemail.com>, size=392, nrcpt=1 (queue active)
Jan 27 16:24:59 ourserver postfix/smtp[15496]: 9E05517F808B: to=<cdomi@web.de>, orig_to=<antares@lzias.com>, relay=mx-ha01.web.de[217.72.192.149]:25, delay=170, delays=170/0.01/0.07/0.15, dsn=2.0.0, status=sent (250 OK id=1Rqnff-0003jD-00)
Jan 27 16:24:59 ourserver postfix/qmgr[9946]: 9E05517F808B: removed
Jan 27 16:26:59 ourserver postfix/smtpd[15487]: disconnect from localhost.localdomain[127.0.0.1]


Jan 27 16:33:56 ourserver postfix/smtpd[15511]: connect from mail-wi0-f176.google.com[209.85.212.176]
Jan 27 16:33:58 ourserver postfix/smtpd[15511]: 5BC9117F808B: client=mail-wi0-f176.google.com[209.85.212.176]
Jan 27 16:33:58 ourserver postfix/cleanup[15514]: 5BC9117F808B: message-id=<4F22C3E5.2060602@googlemail.com>
Jan 27 16:33:58 ourserver postfix/qmgr[9946]: 5BC9117F808B: from=<d.k@googlemail.com>, size=1649, nrcpt=1 (queue active)
Jan 27 16:33:58 ourserver postfix/smtp[15515]: 5BC9117F808B: to=<cdomi@web.de>, orig_to=<antares@lzias.com>, relay=mx-ha02.web.de[217.72.192.188]:25, delay=2.3, delays=2.2/0.01/0.06/0.05, dsn=2.0.0, status=sent (250 OK id=1RqnoM-0000Kh-00)
Jan 27 16:33:58 ourserver postfix/qmgr[9946]: 5BC9117F808B: removed
As we can easily see the server does handle both request in the same way, only one mail will actually reach cdomi@web.de while the other one won't.

Could anyone explain us how that comes? or atleast give us a hint?
Does the web.de mailserver reject our (server's) attempt to forward an email (for whatever reasons) while it seems to be ok with it being the original creator of an email?
How could we check whether the mail gets rejected later after postfix sent it out confidently?

Any help would be appreciated,
regards Antares

AmirM
February 10th, 2012, 01:18 PM
hi,
can I get a VPS for this or its better to do it on my home computer?
since I have a really bad internet connection and I want my server to be up 24/7 I want to deploy it on a VPS.
is it possible? it is very different or just a bit?

duceduc
February 12th, 2012, 06:24 PM
I got the mail server setup and and it seems to be sending mails but I have this error fro spamd that it cannot create defaults_prefs. Here is my log.

Feb 13 01:48:37 revomix spamd[19468]: prefork: child states: II
Feb 13 01:48:44 revomix postfix/smtpd[19473]: connect from localhost.localdomain[127.0.0.1]
Feb 13 01:49:07 revomix postfix/smtpd[19473]: 1B5F384118B: client=localhost.localdomain[127.0.0.1]
Feb 13 01:49:11 revomix postfix/cleanup[19476]: 1B5F384118B: message-id=<20120212164907.1B5F384118B@mail.ducsu.com>
Feb 13 01:49:11 revomix postfix/qmgr[14379]: 1B5F384118B: from=<support@ducsu.com>, size=325, nrcpt=1 (queue active)
Feb 13 01:49:11 revomix spamd[19469]: spamd: connection from localhost.localdomain [127.0.0.1] at port 39918
Feb 13 01:49:11 revomix spamd[19469]: spamd: setuid to spamfilter succeeded
Feb 13 01:49:11 revomix spamd[19469]: spamd: creating default_prefs: /home/spamfilter/.spamassassin/user_prefs
Feb 13 01:49:11 revomix spamd[19469]: spamd: failed to create readable default_prefs: /home/spamfilter/.spamassassin/user_prefs
Feb 13 01:49:11 revomix spamd[19469]: spamd: processing message <20120212164907.1B5F384118B@mail.ducsu.com> for spamfilter:5001
Feb 13 01:49:12 revomix spamd[19469]: spamd: clean message (1.9/2.0) for spamfilter:5001 in 0.3 seconds, 350 bytes.
Feb 13 01:49:12 revomix spamd[19469]: spamd: result: . 1 - ALL_TRUSTED,MISSING_HEADERS,MISSING_SUBJECT,TVD_SP ACE_RATIO scantime=0.3,size=350,user=spamfilter,uid=5001,req uired_score=2.0,rhost=localhost.localdomain,raddr= 127.0.0.1,rport=39918,mid=<20120212164907.1B5F384118B@mail.ducsu.com>,autolearn=no
Feb 13 01:49:12 revomix postfix/pickup[14378]: 29CFF841190: uid=5001 from=<support@ducsu.com>
Feb 13 01:49:12 revomix postfix/pipe[19477]: 1B5F384118B: to=<noreply@ducsu.com>, relay=spamfilter, delay=15, delays=14/0/0/0.36, dsn=2.0.0, status=sent (delivered via spamfilter service)
Feb 13 01:49:12 revomix postfix/qmgr[14379]: 1B5F384118B: removed
Feb 13 01:49:12 revomix postfix/cleanup[19476]: 29CFF841190: message-id=<20120212164907.1B5F384118B@mail.ducsu.com>
Feb 13 01:49:12 revomix spamd[19468]: prefork: child states: II
Feb 13 01:49:12 revomix postfix/qmgr[14379]: 29CFF841190: from=<support@ducsu.com>, size=672, nrcpt=1 (queue active)
Feb 13 01:49:12 revomix postfix/smtpd[19487]: connect from localhost.localdomain[127.0.0.1]
Feb 13 01:49:12 revomix postfix/smtpd[19487]: 4666D84118B: client=localhost.localdomain[127.0.0.1]
Feb 13 01:49:12 revomix postfix/cleanup[19476]: 4666D84118B: message-id=<20120212164907.1B5F384118B@mail.ducsu.com>
Feb 13 01:49:12 revomix postfix/smtpd[19487]: disconnect from localhost.localdomain[127.0.0.1]
Feb 13 01:49:12 revomix postfix/qmgr[14379]: 4666D84118B: from=<support@ducsu.com>, size=1067, nrcpt=1 (queue active)
Feb 13 01:49:12 revomix amavis[912]: (00912-16) Passed CLEAN, [127.0.0.1] <support@ducsu.com> -> <noreply@ducsu.com>, Message-ID: <20120212164907.1B5F384118B@mail.ducsu.com>, mail_id: HeSBLkNyca6R, Hits: -, size: 672, queued_as: 4666D84118B, 115 ms
Feb 13 01:49:12 revomix postfix/smtp[19485]: 29CFF841190: to=<noreply@ducsu.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.21, delays=0.08/0.01/0/0.12, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 4666D84118B)
Feb 13 01:49:12 revomix postfix/qmgr[14379]: 29CFF841190: removed
Feb 13 01:49:12 revomix postfix/virtual[19488]: 4666D84118B: to=<noreply@ducsu.com>, relay=virtual, delay=0.09, delays=0.04/0/0/0.04, dsn=2.0.0, status=sent (delivered to maildir)
Feb 13 01:49:12 revomix postfix/qmgr[14379]: 4666D84118B: removed
Feb 13 01:53:32 revomix postfix/smtpd[19473]: disconnect from localhost.localdomain[127.0.0.1]

duceduc
February 13th, 2012, 04:05 AM
I got the above post fix by creating a .spamassassin folder in /home/spamfilter/. Assign spamd owner to that folder. Gave permission to write.


sudo mkdir /home/spamfilter/.spamassassin
sudo chmod 775 /home/spamfilter/.spamassassin
sudo chown spamd:spamd /home/spamfilter/

If you don't have spamd as a user yet. Create one with no shell.


sudo groupadd spamd
sudo useradd -g spamd -s /bin/false -d /home/spamfilter/.spamassassin

My other problem is this error whenever I start spamassassin.


Mon Feb 13 03:46:29 2012 [22333] info: config: failed to parse line, skipping, i n "/etc/spamassassin/local.cf": use_dcc 0

spezticle
March 24th, 2012, 01:28 AM
Hey, i'm following your guide,but i'm concerned with the following code in the mysql database section


CREATE TABLE `users` (
`id` varchar(128) NOT NULL default '',
`name` varchar(128) NOT NULL default '',
`uid` smallint(5) unsigned NOT NULL default '5000',
`gid` smallint(5) unsigned NOT NULL default '5000',
`home` varchar(255) NOT NULL default '/var/spool/mail/virtual',
`maildir` varchar(255) NOT NULL default 'blah/',
`enabled` tinyint(3) unsigned NOT NULL default '1',
`change_password` tinyint(3) unsigned NOT NULL default '1',
`clear` varchar(128) NOT NULL default 'ChangeMe',
`crypt` varchar(128) NOT NULL default 'sdtrusfX0Jj66',
`quota` varchar(255) NOT NULL default '',
`procmailrc` varchar(128) NOT NULL default '',
`spamassassinrc` varchar(128) NOT NULL default '',
PRIMARY KEY (`id`),
UNIQUE KEY `id` (`id`)
) ;


specifically:

`clear` varchar(128) NOT NULL default 'ChangeMe',
and

`maildir` varchar(255) NOT NULL default 'blah/',

What is this blah/ and ChangeMe
Should I change these to something else?

Solitary_
April 11th, 2012, 10:41 PM
I seem to be having trouble with installing some of the packages.

A fair few have come back with "Couldn't find any package whose name of description matched "packagenamehere"

I am using Ubuntu 11.10, does that make a difference?

spezticle
April 11th, 2012, 11:05 PM
check your software sources.
http://flurdy.com/docs/postfix/#install_repos
which packages can't you find?

I seem to be having trouble with installing some of the packages.

A fair few have come back with "Couldn't find any package whose name of description matched "packagenamehere"

I am using Ubuntu 11.10, does that make a difference?

Solitary_
April 12th, 2012, 05:21 PM
My sources.list is showing main, universe, restricted and multiverse, in ubuntu 9.04 and later they are all enabled by default.

The following are packages it stated "Couldn't find any package whose name or description matched "packagenamehere"

libgsasl7 libauthen-sasl-cyrus-perl
postgrey
ShoreWall
Courier



The Entire command line for ClamAV says "No packages will be installed, upgraded, or removed", the same for amavis & spamassassin.

Solitary_
April 14th, 2012, 04:00 PM
Any help would be greatly appreciated :)

WinterWren
May 3rd, 2012, 06:09 PM
Outlook and self-signed certificates

These are the steps I took to stop the annoying pop up from MS Outlook constantly asking to allow the security certificate from my email server. Warning: I am a novice user so please verify that these steps are secure before using them on your system.

First, I create a working directory. I use a directory in the home path but you may want to place them somewhere else. I am the only user/administrator of my server so I consider this directory secure.

cd ~
mkdir certs
cd certs
sudo chmod 700 .Generate a key file. This will ask you to create a password. You will only need to remember this password for the next two steps.

sudo openssl genrsa -des3 -out server.key 1024Sample output:
Generating RSA private key, 1024 bit long modulus
.................................................+ +++++
.++++++
e is 65537 (0x10001)
Enter pass phrase for server.key: somepass
Verifying - Enter pass phrase for server.key: somepass

Create your self-signed certificate file. This will ask for the password that you used in the last step along with some other questions about your location. For "Common Name (eg, YOUR name) []:" you must enter your server's FQDN.

sudo openssl req -new -x509 -nodes -sha256 -days 3650 -key server.key -out server.crt
Sample output:
Enter pass phrase for server.key: somepass
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:WI
Locality Name (eg, city) []:Milwaukee
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Some Company
Organizational Unit Name (eg, section) []:IT Department
Common Name (eg, YOUR name) []:mail.domain.com (this must be the FQDN)
Email Address []:postmasters@domain.com

Remove the password from "server.key"

cp server.key server.key.orig
sudo openssl rsa -in server.key.orig -out server.key
Sample output:
Enter pass phrase for server.key.orig: somepass
writing RSA key

Generate a public file for clients. This will prompt for a password. If you want your clients to have to enter a password when they install this certificate enter something here. If not, leave it blank.

sudo openssl pkcs12 -export -in server.crt -inkey server.key -out Outlook.p12
Sample output:
Enter Export Password: clientpassword
Verifying - Enter Export Password: clientpassword

I'm certain there is a better way to do this next step but I couldn't figure out the correct switch for the openssl command so I did this to create the certificate in pem format.

cp server.crt server.pem
cat server.key >> server.pem
I then modified main.cf to use the new certificates.

sudo vi /etc/postfix/main.cf
smtpd_tls_cert_file = /home/username/certs/server.crt
smtpd_tls_key_file = /home/username/certs/server.key
Also modified imapd-ssl to use the same certificates.

sudo vi /etc/courier/imapd-ssl
TLS_CERTFILE=/home/username/certs/server.pem
TLS_TRUSTCERTS=/home/username/certs
You must restart affected services for the changes to take place on your server.

Provide the file "Outlook.p12" to your clients. They should be able to start installation of this certificate by double clicking or right click and install. If you used a password to create Outlook.p12 you must provide it to your clients and they must enter it when they install the certificate. The certificate must be stored in the "Trusted Root Certification Authorities" during the installation of the certificate (choose "Place certs in following store" not "Automatic ....")

It would be nice if Outlook would allow this file to be sent in an email but it doesn't. You will have to zip it to send or set it up on some web/ftp server somewhere.

duceduc
May 20th, 2012, 02:47 AM
I successfully setup the mail server and am able to send and receive via the telnet test. However, I cannot setup my mail client (thunderbird) to send outgoing mails. I can receive just fine. It maybe my smtp settings are incorrect.

In the thunderbird smtp settings. I have the following.

server name: mail.mydomain.com
port: 25
connection security: starttls
authentication method: no authentication
user name: somename@mydomain.com

When I try to send a test mail, I get the following errors.

error from thunderbird.


An error occurred while sending mail. The mail server responded: 5.7.1 <somename@yahoo.com>: Relay access denied. Please check the message recipient someone@yahoo.com and try again.


error log in my mail.log



May 20 10:34:54 revomix postfix/smtpd[19016]: connect from unknown[192.168.1.1]
May 20 10:34:54 revomix postfix/smtpd[18991]: disconnect from unknown[192.168.1.1]
May 20 10:34:54 revomix postfix/smtpd[19016]: setting up TLS connection from unknown[192.168.1.1]
May 20 10:34:54 revomix postfix/smtpd[19016]: Anonymous TLS connection established from unknown[192.168.1.1]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
May 20 10:34:54 revomix postfix/smtpd[19016]: NOQUEUE: reject: RCPT from unknown[192.168.1.1]: 554 5.7.1 <somename@yahoo.com>: Relay access denied; from=<somename@mydomain.com> to=<somename@yahoo.com> proto=ESMTP helo=<[127.0.0.1]>

darkspook
May 24th, 2012, 07:10 AM
Thank you for this tutorial.

http://flurdy.com/docs/postfix/

Its about a year since I started following this tutorial.
At first it seems like it will not work coz you will got lots of errors. But after several tailing/testing/telnet I finally built an impregnable mail server. And since then I haven't encounter any problem.

I'm in your debt. Cheers! :popcorn:

darkspook
May 24th, 2012, 07:29 AM
Hey, i'm following your guide,but i'm concerned with the following code in the mysql database section


CREATE TABLE `users` (
`id` varchar(128) NOT NULL default '',
`name` varchar(128) NOT NULL default '',
`uid` smallint(5) unsigned NOT NULL default '5000',
`gid` smallint(5) unsigned NOT NULL default '5000',
`home` varchar(255) NOT NULL default '/var/spool/mail/virtual',
`maildir` varchar(255) NOT NULL default 'blah/',
`enabled` tinyint(3) unsigned NOT NULL default '1',
`change_password` tinyint(3) unsigned NOT NULL default '1',
`clear` varchar(128) NOT NULL default 'ChangeMe',
`crypt` varchar(128) NOT NULL default 'sdtrusfX0Jj66',
`quota` varchar(255) NOT NULL default '',
`procmailrc` varchar(128) NOT NULL default '',
`spamassassinrc` varchar(128) NOT NULL default '',
PRIMARY KEY (`id`),
UNIQUE KEY `id` (`id`)
) ;


specifically:

`clear` varchar(128) NOT NULL default 'ChangeMe',
and

`maildir` varchar(255) NOT NULL default 'blah/',

What is this blah/ and ChangeMe
Should I change these to something else?

`maildir` varchar(255) NOT NULL default 'blah/',
You have to change blah/ with a proper directory name.

What I did is:
emailadd@example.com - this is my email address
emailadd/ - this is the name of directory.

You have to change it all the time when you create new account/user.


`clear` varchar(128) NOT NULL default 'ChangeMe', -- I just ignore this, leave it as is.

theluli
May 25th, 2012, 10:15 PM
l have same problem , l am unable to login at squirrelmail
Any one has idea ?

sprior
June 18th, 2012, 03:56 AM
Back in reply# 223 Villu was nice enough to post instructions on getting maildrop to work with Flurdy's guide. I think I've found a minor correction. I'm setting up the mailserver on Ubuntu 12.04.

After I made the maildrop changes I could no longer receive mail which had been working before. I think that in the maildrop line added to master.cf the part at the end:

-d ${recipient}

Only works when the to address of the email matches the userid in the user table - if the to address is redirected by an alias to a different userid I think this would fail.
I changed it to:

-d ${user}

and things stated working again. In my case this was necessary because in my user table I don't use a full email address for the userid, I just use a simple username (I had to made config changes elsewhere to account for this), however this pointed out to me that the previous config wasn't being translated through the aliases table.

sprior
June 18th, 2012, 04:20 AM
Just FYI is anyone is trying to follow the Flurdy guide with Ubuntu 11.* to 12.04, there is one change I noticed that needed to be made to the section on setting up SASL.

In the file:
/etc/postfix/sasl/smtpd.conf

the line:
auxprop_plugin: mysql

needs to be changed to:
auxprop_plugin: sql

dbileck
June 23rd, 2012, 02:10 AM
Also, when configuring SASL in Ubuntu 12.04 in /etc/postfix/sasl/smtpd.conf "sql_passw" should be "sql_passwd".

dchen
June 26th, 2012, 01:00 AM
Just FYI is anyone is trying to follow the Flurdy guide with Ubuntu 11.* to 12.04, there is one change I noticed that needed to be made to the section on setting up SASL.

In the file:
/etc/postfix/sasl/smtpd.conf

the line:
auxprop_plugin: mysql

needs to be changed to:
auxprop_plugin: sql

How successful did you follow the current Flurdy guide to build for 12.04 ? I'm trying to, but not sure if ALL info can apply to 12.04 lts server !

Another question: do you know if the Flurdy guide can apply to build for a Local domain in which the existing Linux users have their own mailboxes in ~/Maildir for example (Not the Virtual domain) ?

j_data
July 15th, 2012, 08:09 AM
Hi,

I have followed this guide up until the point where it is strongly suggested that we test everything thoroughly before continuing.


I can send mail to any domain on my local network and it works, however, if I try to send mail to a domain outside my network I just see errors in mail.log that say:

No route to host.

any help would be greatly appreciated.

Thank you,
-Jason

agiom
August 20th, 2012, 03:24 PM
Hi,

I installed the mail server following your advices and everything is working perfectly excepting one stuff : imap attachment downloads. There are very slow. With pop or squirrel it's ok and speed is normal but with imap even for one mega it took too much time and then the connection times out.

Did you already meet this problem? Thanks for help!

Tim from agiom.

ken_ham
August 28th, 2012, 09:07 PM
Hi,
I can send mail to any domain on my local network and it works, however, if I try to send mail to a domain outside my network I just see errors in mail.log that say:

No route to host.


It's been a while, so you've probably already solved your problem, but that looks likely to be a problem with your networking in general, rather than Postfix in particular.

In this case you could try testing your networking by running:



ping google.com


from the command line, if the everything is working there should be a response. Next I would try editing /etc/postfix/master.cf and change the smtp line so it looks like this:



smtp inet n - - - - smtpd -v


Save and restart Postfix, try to send the mail again, then check mail.log for the output, that may include some clues as to what went wrong.

Ron Jones
October 13th, 2012, 06:01 PM
Aside from posts http://ubuntuforums.org/showpost.php?p=12035520&postcount=450 and http://ubuntuforums.org/showpost.php?p=12035520&postcount=450

Has anyone had success with the 10th edition of http://flurdy.com/docs/postfix/index.html using Ubuntu Server 12.04 LTS?

If so, are there any additional steps or 'gotchas' to be aware of?

And, is there a link to the 11th edition (draft) on the flurdy site (above)?

Thanks,

Jones

Oguz286
January 2nd, 2013, 12:53 AM
So I've followed the guide as well, and everything seems to work except for one thing.

I cannot send mails from the server when I have

-o smtpd_client_restrictions=permit_sasl_authenticate d,reject

in /etc/postfix/master.cf. Buf if I remove the ',reject' part:

-o smtpd_client_restrictions=permit_sasl_authenticate d

then I can send mails. /var/log/mail.log states:


postfix/smtpd[8346]: connect from localhost[127.0.0.1]
postfix/smtpd[8346]: Anonymous TLS connection established from localhost[127.0.0.1]: TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
postfix/smtpd[8346]: E4BDA62BD: client=localhost[127.0.0.1]
postfix/cleanup[8351]: E4BDA62BD: message-id=<6258d6190d2ece5e505c78b4d0894c84@blablabla.com>
postfix/qmgr[8340]: E4BDA62BD: from=<oguz286@blablabla.com>, size=700, nrcpt=1 (queue active)
postfix/smtpd[8346]: disconnect from localhost[127.0.0.1]
imapd-ssl: LOGOUT, user=oguz286@localhost, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=696, sent=654, time=1, starttls=1
postfix/smtp[8354]: E4BDA62BD: to=<bla@gmail.com>, relay=gmail-smtp-in.l.google.com[2a00:1450:400c:c03::1a]:25, delay=0.87, delays=0.24/0.05/0.13/0.45, dsn=2.0.0, status=sent (250 2.0.0 OK 1357083867 w5si63967327wjx.48)
postfix/qmgr[8340]: E4BDA62BD: removed

As you can see an anonymous TLS connection is being made, whereas I thought that that my mail user should 'login' and authenticate.

With the reject part, mail.log contains:


imapd-ssl: Connection, ip=[::ffff:127.0.0.1]
imapd-ssl: LOGIN, user=oguz286@localhost, ip=[::ffff:127.0.0.1], port=[52331], protocol=IMAP
postfix/smtpd[8050]: connect from localhost[127.0.0.1]
postfix/smtpd[8050]: Anonymous TLS connection established from localhost[127.0.0.1]: TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
postfix/smtpd[8050]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 554 5.7.1 <localhost[127.0.0.1]>: Client host rejected: Access denied; from=<oguz286@blablabla.com> to=<bla@gmail.com> proto=ESMTP helo=<blablabla.com>
postfix/smtpd[8050]: disconnect from localhost[127.0.0.1]

Hours of searching on the web got me nowhere :( Does anyone have a clue as what's going on here?

bovo13
March 13th, 2013, 10:39 AM
If this is logged when you try to send from roundcube then you need to set following things:
vi /etc/roundcube/main.inc.php
$rcmail_config['smtp_server'] = 'ssl://localhost';
$rcmail_config['smtp_port'] = 465;
$rcmail_config['smtp_user'] = '%u';
$rcmail_config['smtp_pass'] = '%p';


Hope this will help.

bovo13
March 13th, 2013, 10:43 AM
Has anyone installed PostVis Admin in addition of this tutorial?

dakong27
April 15th, 2013, 07:42 PM
Hi All--I followed Flurdy's guide for Ubuntu 12.04, though I have Ubuntu 12.10 64-bit. Everything works but I cannot send from a mail client or Squirrelmail. I've been tweaking and googling and tail-ing logs for a solid week and can't crack it, so I'm hoping you folks can help me out.

My /etc/postfix/main.cf:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
#smtpd_use_tls=no
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mail.me.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = me.com
mydestination = mail.me.com, me-main.Datian, localhost.Datian, localhost
#mydestination =
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128,192.168.2.0/24
mailbox_command =
mailbox_size_limit = 30000000
recipient_delimiter = +
inet_interfaces = all

masquerade_domains = mail.me.com
local_recipient_maps =

# how long if undelivered before sending warning update to sender
delay_warning_time = 4h
# will it be a permanent error or temporary
unknown_local_recipient_reject_code = 450
# how long to keep message on queue before return as failed.
# some have 3 days, I have 16 days as I am backup server for some people
# whom go on holiday with their server switched off.
maximal_queue_lifetime = 7d
# max and min time in seconds between retries if connection failed
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
# how long to wait when servers connect before receiving rest of data
smtp_helo_timeout = 60s
# how many address can be used in one message.
# effective stopper to mass spammers, accidental copy in whole address list
# but may restrict intentional mail shots.
smtpd_recipient_limit = 16
# how many error before back off.
smtpd_soft_error_limit = 3
# how many max errors before blocking it.
smtpd_hard_error_limit = 12

# Requirements for the HELO statement
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname,
reject_invalid_hostname, permit
# Requirements for the sender details
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
# Requirements for the connecting server
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org,
reject_rbl_client blackholes.easynet.nl,
reject_rbl_client dnsbl.njabl.org
# Requirement for the recipient address
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_pipelining,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unauth_destination, permit
smtpd_data_restrictions = reject_unauth_pipelining

# require proper helo at connections
smtpd_helo_required = yes
# waste spammers time before rejecting them
smtpd_delay_reject = yes
disable_vrfy_command = yes

# not sure of the difference of the next two
# but they are needed for local aliasing
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
# this specifies where the virtual mailbox folders will be located
virtual_mailbox_base = /var/spool/mail/virtual
# this is for the mailbox location for each user
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
# and this is for aliases
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
# and this is for domain lookups
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
# this is how to connect to the domains (all virtual, but the option is there)
# not used yet
# transport_maps = mysql:/etc/postfix/mysql_transport.cf

virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
home_mailbox = Maildir/


#SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = cyrus
#smtpd_sasl_path=/etc/postfix/sasl:/usr/lib/sasl2
smtpd_sasl_path= smtpd
# If your potential clients use Outlook Express or other older clients
# this needs to be set to yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =

#SCP: adding this to try to correct ERROR: IMAP dropped the connection
mailbox_transport = virtual

my /etc/postfix/master.cf:

#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - n - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp -v
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - y - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ================================================== ==================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ================================================== ==================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ================================================== ==================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ================================================== ==================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ================================================== ==================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ================================================== ==================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

submission inet n - y - - smtpd
-o smtpd_sasl_auth_enable=yes
# if you do not want to restrict it encryption only, comment out next line<
-o smtpd_tls_auth_only=yes
# -o smtpd_tls_security_level=encrypt
# -o header_checks=
# -o body_checks=<
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject_unauth_destination,reject
-o smtpd_sasl_security_options=noanonymous,noplaintex t
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING<
smtps inet n - y - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject
-o smtpd_sasl_security_options=noanonymous,noplaintex t
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy

My /etc/postfix/sasl/smtp.conf:

pwcheck_method: saslauthd
#mech_list: plain login pam
#mech_list: plain login
mech_list: plain login cram-md5 digest-md5
#saslauthd_path: /var/run/saslauthd/mux
#saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
#authdaemond_path: /var/spool/authdaemon/socket
log_level: 7
allow_plaintext: true
auxprop_plugin: sql
#auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: localhost
#sql_hostnames: 127.0.0.1
sql_user: mail
#sql_passw: password
sql_passwd: password
sql_database: maildb
#sql_select: select crypt from users where id='%u@%r' and enabled=1
sql_select: select crypt from users where id='%u' and enabled=1

My /var/log/mail.log:

Apr 15 14:07:18 me-main postfix/smtpd[18339]: connect from dsl081-198-066.nyc2.dsl.isp.net[8.8.8.8]
Apr 15 14:07:23 me-main postfix/smtpd[18339]: warning: dsl081-198-066.nyc2.dsl.isp.net[8.8.8.8]: SASL PLAIN authentication failed: generic failure
Apr 15 14:07:25 me-main postfix/smtpd[18339]: disconnect from dsl081-198-066.nyc2.dsl.isp.net[8.8.8.8]
Apr 15 14:10:45 me-main postfix/anvil[18341]: statistics: max connection rate 1/60s for (submission:8.8.8.8) at Apr 15 14:07:18
Apr 15 14:10:45 me-main postfix/anvil[18341]: statistics: max connection count 1 for (submission:8.8.8.8) at Apr 15 14:07:18
Apr 15 14:10:45 me-main postfix/anvil[18341]: statistics: max cache size 1 at Apr 15 14:07:18

My /var/log/auth.log:

Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin trying to open db 'maildb' on host 'localhost'
Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin could not connect to host localhost
Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin couldn't connect to any host
Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin Parse the username user@me.com
Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin try and connect to a host
Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin trying to open db 'maildb' on host 'localhost'
Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin could not connect to host localhost
Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin couldn't connect to any host

I've read everything I can get my hands on from Falko Timme's threads, explored the possibility chroot being at the source of my troubles, and even tried downgrading sasl per an earlier guide for Ubuntu 11.10, but I'm getting nowhere. I'm really stumped, so any help would be much appreciated.

bovo13
April 15th, 2013, 08:30 PM
Try to use 127.0.0.1 for sql_hostname in smtp.conf

Hi All--I followed Flurdy's guide for Ubuntu 12.04, though I have Ubuntu 12.10 64-bit. Everything works but I cannot send from a mail client or Squirrelmail. I've been tweaking and googling and tail-ing logs for a solid week and can't crack it, so I'm hoping you folks can help me out.

My /etc/postfix/main.cf:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
#smtpd_use_tls=no
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mail.me.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = me.com
mydestination = mail.me.com, me-main.Datian, localhost.Datian, localhost
#mydestination =
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128,192.168.2.0/24
mailbox_command =
mailbox_size_limit = 30000000
recipient_delimiter = +
inet_interfaces = all

masquerade_domains = mail.me.com
local_recipient_maps =

# how long if undelivered before sending warning update to sender
delay_warning_time = 4h
# will it be a permanent error or temporary
unknown_local_recipient_reject_code = 450
# how long to keep message on queue before return as failed.
# some have 3 days, I have 16 days as I am backup server for some people
# whom go on holiday with their server switched off.
maximal_queue_lifetime = 7d
# max and min time in seconds between retries if connection failed
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
# how long to wait when servers connect before receiving rest of data
smtp_helo_timeout = 60s
# how many address can be used in one message.
# effective stopper to mass spammers, accidental copy in whole address list
# but may restrict intentional mail shots.
smtpd_recipient_limit = 16
# how many error before back off.
smtpd_soft_error_limit = 3
# how many max errors before blocking it.
smtpd_hard_error_limit = 12

# Requirements for the HELO statement
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname,
reject_invalid_hostname, permit
# Requirements for the sender details
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
# Requirements for the connecting server
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org,
reject_rbl_client blackholes.easynet.nl,
reject_rbl_client dnsbl.njabl.org
# Requirement for the recipient address
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_pipelining,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unauth_destination, permit
smtpd_data_restrictions = reject_unauth_pipelining

# require proper helo at connections
smtpd_helo_required = yes
# waste spammers time before rejecting them
smtpd_delay_reject = yes
disable_vrfy_command = yes

# not sure of the difference of the next two
# but they are needed for local aliasing
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
# this specifies where the virtual mailbox folders will be located
virtual_mailbox_base = /var/spool/mail/virtual
# this is for the mailbox location for each user
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
# and this is for aliases
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
# and this is for domain lookups
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
# this is how to connect to the domains (all virtual, but the option is there)
# not used yet
# transport_maps = mysql:/etc/postfix/mysql_transport.cf

virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
home_mailbox = Maildir/


#SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = cyrus
#smtpd_sasl_path=/etc/postfix/sasl:/usr/lib/sasl2
smtpd_sasl_path= smtpd
# If your potential clients use Outlook Express or other older clients
# this needs to be set to yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =

#SCP: adding this to try to correct ERROR: IMAP dropped the connection
mailbox_transport = virtual

my /etc/postfix/master.cf:

#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - n - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp -v
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - y - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ================================================== ==================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ================================================== ==================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ================================================== ==================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ================================================== ==================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ================================================== ==================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ================================================== ==================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

submission inet n - y - - smtpd
-o smtpd_sasl_auth_enable=yes
# if you do not want to restrict it encryption only, comment out next line<
-o smtpd_tls_auth_only=yes
# -o smtpd_tls_security_level=encrypt
# -o header_checks=
# -o body_checks=<
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject_unauth_destination,reject
-o smtpd_sasl_security_options=noanonymous,noplaintex t
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING<
smtps inet n - y - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject
-o smtpd_sasl_security_options=noanonymous,noplaintex t
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy

My /etc/postfix/sasl/smtp.conf:

pwcheck_method: saslauthd
#mech_list: plain login pam
#mech_list: plain login
mech_list: plain login cram-md5 digest-md5
#saslauthd_path: /var/run/saslauthd/mux
#saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
#authdaemond_path: /var/spool/authdaemon/socket
log_level: 7
allow_plaintext: true
auxprop_plugin: sql
#auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: localhost
#sql_hostnames: 127.0.0.1
sql_user: mail
#sql_passw: password
sql_passwd: password
sql_database: maildb
#sql_select: select crypt from users where id='%u@%r' and enabled=1
sql_select: select crypt from users where id='%u' and enabled=1

My /var/log/mail.log:

Apr 15 14:07:18 me-main postfix/smtpd[18339]: connect from dsl081-198-066.nyc2.dsl.isp.net[8.8.8.8]
Apr 15 14:07:23 me-main postfix/smtpd[18339]: warning: dsl081-198-066.nyc2.dsl.isp.net[8.8.8.8]: SASL PLAIN authentication failed: generic failure
Apr 15 14:07:25 me-main postfix/smtpd[18339]: disconnect from dsl081-198-066.nyc2.dsl.isp.net[8.8.8.8]
Apr 15 14:10:45 me-main postfix/anvil[18341]: statistics: max connection rate 1/60s for (submission:8.8.8.8) at Apr 15 14:07:18
Apr 15 14:10:45 me-main postfix/anvil[18341]: statistics: max connection count 1 for (submission:8.8.8.8) at Apr 15 14:07:18
Apr 15 14:10:45 me-main postfix/anvil[18341]: statistics: max cache size 1 at Apr 15 14:07:18

My /var/log/auth.log:

Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin trying to open db 'maildb' on host 'localhost'
Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin could not connect to host localhost
Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin couldn't connect to any host
Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin Parse the username user@me.com
Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin try and connect to a host
Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin trying to open db 'maildb' on host 'localhost'
Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin could not connect to host localhost
Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin couldn't connect to any host

I've read everything I can get my hands on from Falko Timme's threads, explored the possibility chroot being at the source of my troubles, and even tried downgrading sasl per an earlier guide for Ubuntu 11.10, but I'm getting nowhere. I'm really stumped, so any help would be much appreciated.

m_gustafsson
July 2nd, 2013, 09:03 AM
Hi,

thanks for a very nice guide!
I have one issue that I can't seem to solve.

If I log in locally with telnet on my mail server and try to send an email to root@localhost it looks to me like the email address is mapped to root@localhost.mydomain.com. I would have expected that it should be mapped to root@mydomain.com. In my mail log I see this:


Jul 2 09:56:31 mailserver postfix/smtp[8085]: A966FCC046F: to=<root@localhost.mydomin.com>, orig_to=<root@localhost>, relay=127.0.0.1[127.0.0.1]:10024, delay=18, delays=12/0.02/0/5.5, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as B508ECC1167)


The mail does not arrive in /var/mail/virtual/root/new.

My aliases table looks like follows:


mysql> select * from aliases;
+------+---------------------------------------+---------------------------------+---------+
| pkid | mail | destination | enabled |
+------+---------------------------------------+---------------------------------+---------+
| 1 | postmaster@localhost | root@localhost | 1 |
| 2 | sysadmin@localhost | root@localhost | 1 |
| 3 | webmaster@localhost | root@localhost | 1 |
| 4 | abuse@localhost | root@localhost | 1 |
| 5 | root@localhost | root@mydomain.com | 1 |
| 6 | @localhost | @mydomain.com | 1 |
| 7 | @localhost.localdomain | @localhost | 1 |
| 8 | @mydomain.com | postmaster@localhost | 1 |
| 9 | postmaster@mydomain.com | postmaster@localhost | 1 |
| 10 | abuse@mydomain.com | abuse@localhost | 1 |
| 11 | mats@mydomain.com | mats@mydomain.com | 1 |
+------+---------------------------------------+---------------------------------+---------+


My users table:



mysql> select * from users;
+---------------------------------+------+------+------+-------------------------+---------+---------+-----------------+----------+-------------------------+-------+------------+----------------+
| id | name | uid | gid | home | maildir | enabled | change_password | clear | crypt | quota | procmailrc | spamassassinrc |
+---------------------------------+------+------+------+-------------------------+---------+---------+-----------------+----------+-------------------------+-------+------------+----------------+
| mats@mydomain.com | mats | 5000 | 5000 | /var/spool/mail/virtual | mats/ | 1 | 1 | ChangeMe | *************** | | | |
| root@mydomain.com | root | 5000 | 5000 | /var/spool/mail/virtual | root/ | 1 | 1 | ChangeMe | ************ | | | |
+---------------------------------+------+------+------+-------------------------+---------+---------+-----------------+----------+-------------------------+-------+------------+----------------+


My domains table:


mysql> select * from domains;
+------+----------------------------+-----------+---------+
| pkid | domain | transport | enabled |
+------+----------------------------+-----------+---------+
| 1 | localhost | virtual: | 1 |
| 2 | localhost.localdomain | virtual: | 1 |
| 3 | mydomain.com | virtual: | 1 |
| 4 | mydomain.com | virtual: | 1 |
+------+----------------------------+-----------+---------+


If I try to email to postmaster@localhost it will be mapped to postmaster@localhost.mydomain.com while I would have expected it to be mapped to root@localhost and then to root@mydomain.com.
An email to mats@localhost will be mapped to mats@localhost.mydomain.com, while an email sent to mats@mydomain.com is delivered to mats@mydomain.com, as I would expect.

Any idea on what I am doing wrong? Why is "localhost" being added to the addresses?

Many thanks for any help.

/Mats

flurdy
July 5th, 2013, 11:18 PM
Hi,


My aliases table looks like follows:


mysql> select * from aliases;
+------+---------------------------------------+---------------------------------+---------+
| pkid | mail | destination | enabled |
+------+---------------------------------------+---------------------------------+---------+
| 1 | postmaster@localhost | root@localhost | 1 |
| 2 | sysadmin@localhost | root@localhost | 1 |
| 3 | webmaster@localhost | root@localhost | 1 |
| 4 | abuse@localhost | root@localhost | 1 |
| 5 | root@localhost | root@mydomain.com | 1 |
| 6 | @localhost | @mydomain.com | 1 |
| 7 | @localhost.localdomain | @localhost | 1 |
| 8 | @mydomain.com | postmaster@localhost | 1 |
| 9 | postmaster@mydomain.com | postmaster@localhost | 1 |
| 10 | abuse@mydomain.com | abuse@localhost | 1 |
| 11 | mats@mydomain.com | mats@mydomain.com | 1 |
+------+---------------------------------------+---------------------------------+---------+





If this is your aliases table I think you have some cyclical routing.

root@localhost goes to root@mydomain.com
root@mydomain.com is not specified but is caught by catchall @mydomain.com
@mydomain.com goes to postmaster@localhost
postmaster@localhost goes to root@localhost and round again...

m_gustafsson
July 8th, 2013, 08:01 AM
If this is your aliases table I think you have some cyclical routing.

root@localhost goes to root@mydomain.com
root@mydomain.com is not specified but is caught by catchall @mydomain.com
@mydomain.com goes to postmaster@localhost
postmaster@localhost goes to root@localhost and round again...

Thanks for the reply :P. I see your point and I will correct this.

By the way, do you have any clue to my other question, see below:


An email to mats@localhost will be mapped to mats@localhost.mydomain.com (https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=mats@localhost.mydomain.com), while an email sent to mats@mydomain.com (https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=mats@mydomain.com) is delivered to mats@mydomain.com (https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=mats@mydomain.com), as I would expect.
Any idea on what I am doing wrong? Why is "localhost" being added to the addresses?


I could only think of my /etc/mailname, /etc/hosts and /etc/hostname being involved here, and they looks like this:


$ cat /etc/mailname
server4.mydomain.com

$ cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.0.13 server4.mydomain.com server4


# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

$ cat /etc/hostname
server4.mydomain.com





Best regards, Mats

wmellema
July 9th, 2013, 09:39 PM
Hello setting up my first email server using the awesome HowTo. I'm setting it up on a vanilla Ubuntu machine on Amazon AWS. I ran into a problem during testing. I can receive OK but when I try to send I see this error message in the mail log:

Jul 9 18:37:10 ip-172-31-45-190 postfix/smtp[10432]: D5DD56DAAA: to=<xxxxxx@gmail.com>, relay=email-smtp.us-east-1.amazonaws.com[107.21.238.216]:25, delay=87, delays=86/0.01/0.38/0.08, dsn=5.0.0, status=bounced (host email-smtp.us-east-1.amazonaws.com[107.21.238.216] said: 530 Authentication required (in reply to MAIL FROM command)).

This is what appears in the terminal window:

ubuntu@ip-172-31-45-190:~/121mailr$ openssl s_client -crlf -quiet -connect email-smtp.us-east-1.amazonaws.com:465
depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5
verify error:num=20:unable to get local issuer certificate
verify return:0
220 email-smtp.amazonaws.com ESMTP SimpleEmailService-376766033
421 Timeout waiting for data from client.

This isn't mentioned in the How To. I've googled it but haven't found anything helpful. It pauses briefly at the "220" line, before displaying the "421 line so I'm guessing it's waiting for my SMTP credentials or something? This isn't mentioned in the How To so I'm wondering if I missed a configuration step or if there's one missing? Thanks in advance for the help.

UPDATE: I just realized why it's not covered in the How To. I'm using Amazon SES for outbound mail. Anyone know how to configure for this? Thanks.

UPDATE2: SOLVED OK figured it out myself. Sometimes it helps to go do something else for a while and come back to it : )
Here's where I found the info about configuring postfix to use SES for outgoing mail (http://docs.aws.amazon.com/ses/latest/DeveloperGuide/postfix.html)

m_gustafsson
July 10th, 2013, 08:28 AM
An email to mats@localhost will be mapped to mats@localhost.mydomain.com (https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=mats@localhost.mydomain.com), while an email sent to mats@mydomain.com (https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=mats@mydomain.com) is delivered to mats@mydomain.com (https://mail.google.com/mail/?view=cm&fs=1&tf=1&to=mats@mydomain.com), as I would expect.
Any idea on what I am doing wrong? Why is "localhost" being added to the addresses?


I can now send emails to mats@mydomain.com, mats@localhost, root@localhost and postmaster@localhost. What I did was to set my domains, aliases and users tables as below:



mysql> select * from domains;
+------+----------------------------+-----------+---------+
| pkid | domain | transport | enabled |
+------+----------------------------+-----------+---------+
| 9 | mydomain.com | virtual: | 1 |
+------+----------------------------+-----------+---------+

mysql> select * from aliases;
+------+---------------------------------------+-----------------------------+---------+
| pkid | mail | destination | enabled |
+------+---------------------------------------+-----------------------------+---------+
| 8 | @localhost.mydomain.com | @mydomain.com | 1 |
| 9 | postmaster@mydomain.com | root@localhost | 1 |

mysql> select * from users;
+---------------------------------+------+------+------+-------------------------+---------+---------+-----------------+----------+-------------------------+-------+------------+----------------+
| id | name | uid | gid | home | maildir | enabled | change_password | clear | crypt | quota | procmailrc | spamassassinrc |
+---------------------------------+------+------+------+-------------------------+---------+---------+-----------------+----------+-------------------------+-------+------------+----------------+
| mats@mydomain.com | mats | 5000 | 5000 | /var/spool/mail/virtual | mats/ | 1 | 1 | ChangeMe | *********************** | | | |
| root@mydomain.com | root | 5000 | 5000 | /var/spool/mail/virtual | root/ | 1 | 1 | ChangeMe | ******************* | | | |
+---------------------------------+------+------+------+-------------------------+---------+---------+-----------------+----------+-------------------------+-------+------------+----------------+



So, as I understand it, everything sent to "xxx@localhost" gets mapped to "xxx@localhost.mydomain.com" (do not know why). Thus an email sent to postmaster@localhost will, through the aliases tables, get mapped to: postmaster@mydomain.com -> root@localhost -> root@localhost.mydomain.com -> root@mydomain.com. root@mydomain.com will then be delivered to the user root.

Don't know if I am totally at lost now, but it seems to work like this.

/Mats

m_gustafsson
July 17th, 2013, 10:17 PM
Hi,
I have decided to go for RoundCube for my webmail.
When configuring RoundCube I understand that it sets up its own database and that that database does not match with the one set up in this guide, e.g. the users tables.
Is there a "recommended" way to deal with this? Do you use the database created by RoundCube and put it into use for postfix through the main.cf file, or is there a way to get RoundCube to use another database, for example the database set up in this guide?
Or, have I done a mistake configuring RoundCube, when using (in Ubuntu):


# dpkg-reconfigure roundcube-core


Mats

m_gustafsson
July 19th, 2013, 11:16 PM
Hi,
I have decided to go for RoundCube for my webmail.
When configuring RoundCube I understand that it sets up its own database and that that database does not match with the one set up in this guide, e.g. the users tables.
Is there a "recommended" way to deal with this? Do you use the database created by RoundCube and put it into use for postfix through the main.cf file, or is there a way to get RoundCube to use another database, for example the database set up in this guide?
Or, have I done a mistake configuring RoundCube, when using (in Ubuntu):


# dpkg-reconfigure roundcube-core


Mats

The reason for my question above was that I could not log in to roundcube using my "mail" user. When looking into the mail log I saw that there was a mismatch in the field name of the users table, i.e. the field name carrying my email address was "id" while roundcube was asking for "username". I then misunderstood the way the databases are used, hence my question.
Anyway, tonight I modified the field name of my users table:


mysql> alter table users change id username varchar (128);

After that I was able to log in.

/Mats

m_gustafsson
July 31st, 2013, 10:44 AM
Dakong27,

did you find a solution to your problem?
I believe that I have a similar issue.
If I remove the line:
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject
from my master.cf I am able to send emails (from RoundCube). Is it the same in your case?
Btw, I think it should be "permit_sasl_authenticated", it looks like you have "permit_sasl_authenticate d", with a space before "d".

/M


Hi All--I followed Flurdy's guide for Ubuntu 12.04, though I have Ubuntu 12.10 64-bit. Everything works but I cannot send from a mail client or Squirrelmail. I've been tweaking and googling and tail-ing logs for a solid week and can't crack it, so I'm hoping you folks can help me out.

My /etc/postfix/main.cf:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
#smtpd_use_tls=no
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mail.me.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = me.com
mydestination = mail.me.com, me-main.Datian, localhost.Datian, localhost
#mydestination =
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128,192.168.2.0/24
mailbox_command =
mailbox_size_limit = 30000000
recipient_delimiter = +
inet_interfaces = all

masquerade_domains = mail.me.com
local_recipient_maps =

# how long if undelivered before sending warning update to sender
delay_warning_time = 4h
# will it be a permanent error or temporary
unknown_local_recipient_reject_code = 450
# how long to keep message on queue before return as failed.
# some have 3 days, I have 16 days as I am backup server for some people
# whom go on holiday with their server switched off.
maximal_queue_lifetime = 7d
# max and min time in seconds between retries if connection failed
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
# how long to wait when servers connect before receiving rest of data
smtp_helo_timeout = 60s
# how many address can be used in one message.
# effective stopper to mass spammers, accidental copy in whole address list
# but may restrict intentional mail shots.
smtpd_recipient_limit = 16
# how many error before back off.
smtpd_soft_error_limit = 3
# how many max errors before blocking it.
smtpd_hard_error_limit = 12

# Requirements for the HELO statement
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname,
reject_invalid_hostname, permit
# Requirements for the sender details
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
# Requirements for the connecting server
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org,
reject_rbl_client blackholes.easynet.nl,
reject_rbl_client dnsbl.njabl.org
# Requirement for the recipient address
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_pipelining,
reject_non_fqdn_recipient, reject_unknown_recipient_domain,
reject_unauth_destination, permit
smtpd_data_restrictions = reject_unauth_pipelining

# require proper helo at connections
smtpd_helo_required = yes
# waste spammers time before rejecting them
smtpd_delay_reject = yes
disable_vrfy_command = yes

# not sure of the difference of the next two
# but they are needed for local aliasing
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
# this specifies where the virtual mailbox folders will be located
virtual_mailbox_base = /var/spool/mail/virtual
# this is for the mailbox location for each user
virtual_mailbox_maps = mysql:/etc/postfix/mysql_mailbox.cf
# and this is for aliases
virtual_alias_maps = mysql:/etc/postfix/mysql_alias.cf
# and this is for domain lookups
virtual_mailbox_domains = mysql:/etc/postfix/mysql_domains.cf
# this is how to connect to the domains (all virtual, but the option is there)
# not used yet
# transport_maps = mysql:/etc/postfix/mysql_transport.cf

virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
home_mailbox = Maildir/


#SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = cyrus
#smtpd_sasl_path=/etc/postfix/sasl:/usr/lib/sasl2
smtpd_sasl_path= smtpd
# If your potential clients use Outlook Express or other older clients
# this needs to be set to yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =

#SCP: adding this to try to correct ERROR: IMAP dropped the connection
mailbox_transport = virtual

my /etc/postfix/master.cf:

#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ================================================== ========================
smtp inet n - n - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp -v
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - y - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ================================================== ==================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ================================================== ==================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ================================================== ==================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ================================================== ==================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ================================================== ==================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ================================================== ==================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

submission inet n - y - - smtpd
-o smtpd_sasl_auth_enable=yes
# if you do not want to restrict it encryption only, comment out next line<
-o smtpd_tls_auth_only=yes
# -o smtpd_tls_security_level=encrypt
# -o header_checks=
# -o body_checks=<
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject_unauth_destination,reject
-o smtpd_sasl_security_options=noanonymous,noplaintex t
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING<
smtps inet n - y - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject
-o smtpd_sasl_security_options=noanonymous,noplaintex t
-o smtpd_sasl_tls_security_options=noanonymous
# -o milter_macro_daemon_name=ORIGINATING
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy

My /etc/postfix/sasl/smtp.conf:

pwcheck_method: saslauthd
#mech_list: plain login pam
#mech_list: plain login
mech_list: plain login cram-md5 digest-md5
#saslauthd_path: /var/run/saslauthd/mux
#saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux
#authdaemond_path: /var/spool/authdaemon/socket
log_level: 7
allow_plaintext: true
auxprop_plugin: sql
#auxprop_plugin: mysql
sql_engine: mysql
sql_hostnames: localhost
#sql_hostnames: 127.0.0.1
sql_user: mail
#sql_passw: password
sql_passwd: password
sql_database: maildb
#sql_select: select crypt from users where id='%u@%r' and enabled=1
sql_select: select crypt from users where id='%u' and enabled=1

My /var/log/mail.log:

Apr 15 14:07:18 me-main postfix/smtpd[18339]: connect from dsl081-198-066.nyc2.dsl.isp.net[8.8.8.8]
Apr 15 14:07:23 me-main postfix/smtpd[18339]: warning: dsl081-198-066.nyc2.dsl.isp.net[8.8.8.8]: SASL PLAIN authentication failed: generic failure
Apr 15 14:07:25 me-main postfix/smtpd[18339]: disconnect from dsl081-198-066.nyc2.dsl.isp.net[8.8.8.8]
Apr 15 14:10:45 me-main postfix/anvil[18341]: statistics: max connection rate 1/60s for (submission:8.8.8.8) at Apr 15 14:07:18
Apr 15 14:10:45 me-main postfix/anvil[18341]: statistics: max connection count 1 for (submission:8.8.8.8) at Apr 15 14:07:18
Apr 15 14:10:45 me-main postfix/anvil[18341]: statistics: max cache size 1 at Apr 15 14:07:18

My /var/log/auth.log:

Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin trying to open db 'maildb' on host 'localhost'
Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin could not connect to host localhost
Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin couldn't connect to any host
Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin Parse the username user@me.com
Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin try and connect to a host
Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin trying to open db 'maildb' on host 'localhost'
Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin could not connect to host localhost
Apr 15 14:07:23 me-main postfix/smtpd[18339]: sql plugin couldn't connect to any host

I've read everything I can get my hands on from Falko Timme's threads, explored the possibility chroot being at the source of my troubles, and even tried downgrading sasl per an earlier guide for Ubuntu 11.10, but I'm getting nowhere. I'm really stumped, so any help would be much appreciated.

gidden2
August 1st, 2013, 01:21 AM
I can send mail from local Squaremail but i cant send mail from thunderbird / other remote mail client.

in /var/log/mail.log:
Aug 1 01:41:41 mail postfix/smtpd[6729]: warning: SASL authentication failure: incorrect digest response
Aug 1 01:41:41 mail postfix/smtpd[6729]: warning: ******[***.***.***.***]: SASL CRAM-MD5 authentication failed: authentication failure
in /var/log/auth.log:
Aug 1 01:41:41 mail postfix/smtpd[6729]: sql plugin Parse the username mydomain@mydomain.com
Aug 1 01:41:41 mail postfix/smtpd[6729]: sql plugin try and connect to a host
Aug 1 01:41:41 mail postfix/smtpd[6729]: sql plugin trying to open db 'maildb' on host '127.0.0.1'
Aug 1 01:41:41 mail postfix/smtpd[6729]: begin transaction
Aug 1 01:41:41 mail postfix/smtpd[6729]: sql plugin create statement from userPassword mydomain mydomain.com
Aug 1 01:41:41 mail postfix/smtpd[6729]: sql plugin doing query select crypt from users where id='mydomain@mydomain.com' and enabled = 1;
Aug 1 01:41:41 mail postfix/smtpd[6729]: sql plugin create statement from cmusaslsecretCRAM-MD5 mydomain mydomain.com
Aug 1 01:41:41 mail postfix/smtpd[6729]: sql plugin doing query select crypt from users where id='mydomain@mydomain.com' and enabled = 1;
Aug 1 01:41:41 mail postfix/smtpd[6729]: commit transaction
Aug 1 01:41:41 mail postfix/smtpd[6729]: sql plugin Parse the username mydomain@mydomain.com
Aug 1 01:41:41 mail postfix/smtpd[6729]: sql plugin try and connect to a host
Aug 1 01:41:41 mail postfix/smtpd[6729]: sql plugin trying to open db 'maildb' on host '127.0.0.1'

cfgs:
/etc/postfix/main.cf
http://paste.ubuntu.com/5934610/
/etc/postfix/master.cf
http://paste.ubuntu.com/5934613/
/etc/postfix/sasl/smtpd.conf
http://paste.ubuntu.com/5934617/
/etc/pam.d/smtp
http://paste.ubuntu.com/5934623/
/etc/courier/imapd
http://paste.ubuntu.com/5954496/

m_gustafsson
August 4th, 2013, 09:44 PM
gidden2,

I can send mail from RoundCube (have not tried SquirrelMail), but not from Thunderbird and I see the same in my mail.log and auth.log as you describe.
May I ask what you have set the parameter "IMAP_CAPABILITY" to in /etc/courier/imapd? Mine is set to:

IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE"

/Mats

gidden2
August 6th, 2013, 10:57 AM
hi m_gustafsson,

I added full /etc/courier/imapd to my previous post. In that parameter I have this :

IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE"

m_gustafsson
August 6th, 2013, 04:11 PM
gidden2,

I think I got it working on my end now and I can now send emails from both Thunderbird and my iPad via my own server.

I started out by changing my outgoing server in Thunderbird to the local IP of my mail server and tried different combinations of ports etc. When that was working I switched back to the real domain name of my server and then it just worked. Don't know if you have the same problem as I had, and if the client settings are your problem as well.
Anyway, I ended up with the following settings in Thunderbird.

IMAP server
Port: 993
Connection security: SSL/TLS
Authentication method: Normal password

SMTP server
Port: 465
Connection security: SSL/TLS
Authentication method: Normal password

I can hardly believe that it is actually working now, after weeks of work, so I guess that it will not work when I wake up tomorrow ;)

/Mats

chibikun
September 4th, 2013, 09:32 AM
Hi there!

First of all I want to express my thanks and respect to the people that provide such great source of information and share knowledge. Kudos to flurdy! I have the set up running since 2 years perfectly.

Just recently I came across the 8 character limitation due to the encrypt() I guess. Now I want to change to stronger passwords but am not really sure what to do. I tried just to use md5() in the sql to encrypt differently but it does not seem to work in the backend (I see that the password is encrypted differently in the db though).

has anyone some hints for me? I have the super standard setup as per flurdys guide.

Thanks a lot!

David

alex119
October 7th, 2013, 12:14 AM
Thanks for this great tutorial: http://flurdy.com/docs/postfix/
That was a big help.

Only two little things, I stumbled on when going through step by step, starting off with Bitnami Tomcat/MySQL AMI:
- "sudo adduser clamav amavis" you should not try to create the clamav user before clamAV is installed, else installation of clamAV will break. So move this one down to clamAV procedure.
- Amavis: "content_filter = amavis:[127.0.0.1]:10024" should be 10025 (or also 10024 in the master.cf)

ST@R*T
October 8th, 2013, 04:34 AM
Thanks for this great tutorial: http://flurdy.com/docs/postfix/
That really appreciate.
I want to ask one question. I configured all configuration and testing them step by step. When i configure SASL, that's working. I can send mail and recieve mail too and i can enter too my roundcube webmail. Then next i configure TLS. I can't enter to my roundcube using my client user and password. ROundcube says "connection to imap server failed" That is my log file
/var/log/mail.log
email imapd: Connection, ip=[::ffff:192.168.30.30]
email imapd: LOGOUT, ip=[::ffff:192.168.30.30], rcvd=14, sent=353

ST@R*T
October 8th, 2013, 06:19 AM
Here's my netstat and iptable status
root@email:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:submission *:* LISTEN 1966/master
tcp 0 0 localhost:spamd *:* LISTEN 1316/spamd.pid
tcp 0 0 *:http *:* LISTEN 2051/apache2
tcp 0 0 *:ssmtp *:* LISTEN 1966/master
tcp 0 0 *:ssh *:* LISTEN 651/sshd
tcp 0 0 *:smtp *:* LISTEN 1966/master
tcp 0 0 localhost:10023 *:* LISTEN 1301/postgrey.pid -
tcp 0 0 localhost:10024 *:* LISTEN 1279/amavisd (maste
tcp 0 0 localhost:10025 *:* LISTEN 1966/master
tcp 0 0 localhost:mysql *:* LISTEN 1093/mysqld
tcp 0 52 192.168.30.30:ssh 192.168.30.31:54957 ESTABLISHED 2087/sshd: test [pr
tcp6 0 0 [::]:submission [::]:* LISTEN 1966/master
tcp6 0 0 [::]:imap2 [::]:* LISTEN 1834/couriertcpd
tcp6 0 0 [::]:ssmtp [::]:* LISTEN 1966/master
tcp6 0 0 [::]:ssh [::]:* LISTEN 651/sshd
tcp6 0 0 [::]:smtp [::]:* LISTEN 1966/master
tcp6 0 0 [::]:imaps [::]:* LISTEN 1862/couriertcpd




root@email:~# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
dynamic all -- anywhere anywhere ctstate INVALID,NEW
net2fw all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Shorewall:INPUT:REJECT:"
reject all -- anywhere anywhere [goto]

Chain FORWARD (policy DROP)
target prot opt source destination
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Shorewall:FORWARD:REJECT:"
reject all -- anywhere anywhere [goto]

Chain OUTPUT (policy DROP)
target prot opt source destination
fw2net all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Reject all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Shorewall:OUTPUT:REJECT:"
reject all -- anywhere anywhere [goto]

Chain Broadcast (2 references)
target prot opt source destination
DROP all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST
DROP all -- anywhere anywhere ADDRTYPE match dst-type ANYCAST
DROP all -- anywhere base-address.mcast.net/4

Chain Drop (1 references)
target prot opt source destination
all -- anywhere anywhere
reject tcp -- anywhere anywhere tcp dpt:auth /* Auth */
Broadcast all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed /* Needed ICMP types */
ACCEPT icmp -- anywhere anywhere icmp time-exceeded /* Needed ICMP types */
Invalid all -- anywhere anywhere
DROP udp -- anywhere anywhere multiport dports loc-srv,microsoft-ds /* SMB */
DROP udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn /* SMB */
DROP udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535 /* SMB */
DROP tcp -- anywhere anywhere multiport dports loc-srv,netbios-ssn,microsoft-ds /* SMB */
DROP udp -- anywhere anywhere udp dpt:1900 /* UPnP */
NotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain /* Late DNS Replies */

Chain Invalid (2 references)
target prot opt source destination
DROP all -- anywhere anywhere ctstate INVALID

Chain NotSyn (2 references)
target prot opt source destination
DROP tcp -- anywhere anywhere tcpflags:! FIN,SYN,RST,ACK/SYN

Chain Reject (3 references)
target prot opt source destination
all -- anywhere anywhere
reject tcp -- anywhere anywhere tcp dpt:auth /* Auth */
Broadcast all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp fragmentation-needed /* Needed ICMP types */
ACCEPT icmp -- anywhere anywhere icmp time-exceeded /* Needed ICMP types */
Invalid all -- anywhere anywhere
reject udp -- anywhere anywhere multiport dports loc-srv,microsoft-ds /* SMB */
reject udp -- anywhere anywhere udp dpts:netbios-ns:netbios-ssn /* SMB */
reject udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535 /* SMB */
reject tcp -- anywhere anywhere multiport dports loc-srv,netbios-ssn,microsoft-ds /* SMB */
DROP udp -- anywhere anywhere udp dpt:1900 /* UPnP */
NotSyn tcp -- anywhere anywhere
DROP udp -- anywhere anywhere udp spt:domain /* Late DNS Replies */

Chain dynamic (3 references)
target prot opt source destination

Chain eth0_fwd (0 references)
target prot opt source destination
dynamic all -- anywhere anywhere ctstate INVALID,NEW
smurfs all -- anywhere anywhere ctstate INVALID,NEW
tcpflags tcp -- anywhere anywhere

Chain fw2net (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain logdrop (0 references)
target prot opt source destination
DROP all -- anywhere anywhere

Chain logflags (5 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info ip-options prefix "Shorewall:logflags:DROP:"
DROP all -- anywhere anywhere

Chain logreject (0 references)
target prot opt source destination
reject all -- anywhere anywhere

Chain net2fw (1 references)
target prot opt source destination
dynamic all -- anywhere anywhere ctstate INVALID,NEW
smurfs all -- anywhere anywhere ctstate INVALID,NEW
ACCEPT udp -- anywhere anywhere udp dpts:bootps:bootpc
tcpflags tcp -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh /* SSH */
ACCEPT icmp -- anywhere anywhere icmp echo-request /* Ping */
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp /* SMTP */
ACCEPT tcp -- anywhere anywhere tcp dpt:ssmtp /* SMTPS */
ACCEPT tcp -- anywhere anywhere tcp dpt:submission /* Submission */
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2 /* IMAP */
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps /* IMAPS */
ACCEPT tcp -- anywhere anywhere tcp dpt:http /* Web */
ACCEPT tcp -- anywhere anywhere tcp dpt:https /* Web */
Drop all -- anywhere anywhere
LOG all -- anywhere anywhere LOG level info prefix "Shorewall:net2fw:DROP:"
DROP all -- anywhere anywhere

Chain reject (10 references)
target prot opt source destination
DROP all -- anywhere anywhere ADDRTYPE match src-type BROADCAST
DROP all -- base-address.mcast.net/4 anywhere
DROP igmp -- anywhere anywhere
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere reject-with icmp-host-unreachable
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain shorewall (0 references)
target prot opt source destination

Chain smurflog (2 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level info prefix "Shorewall:smurfs:DROP:"
DROP all -- anywhere anywhere

Chain smurfs (2 references)
target prot opt source destination
RETURN all -- 0.0.0.0 anywhere
smurflog all -- anywhere anywhere [goto] ADDRTYPE match src-type BROADCAST
smurflog all -- base-address.mcast.net/4 anywhere [goto]

Chain tcpflags (2 references)
target prot opt source destination
logflags tcp -- anywhere anywhere [goto] tcpflags: FIN,SYN,RST,PSH,ACK,URG/FIN,PSH,URG
logflags tcp -- anywhere anywhere [goto] tcpflags: FIN,SYN,RST,PSH,ACK,URG/NONE
logflags tcp -- anywhere anywhere [goto] tcpflags: SYN,RST/SYN,RST
logflags tcp -- anywhere anywhere [goto] tcpflags: FIN,SYN/FIN,SYN
logflags tcp -- anywhere anywhere [goto] tcp spt:0flags: FIN,SYN,RST,ACK/SYN

oliver6
November 12th, 2013, 12:32 AM
gidden2,

I think I got it working on my end now and I can now send emails from both Thunderbird and my iPad via my own server.

I started out by changing my outgoing server in Thunderbird to the local IP of my mail server and tried different combinations of ports etc. When that was working I switched back to the real domain name of my server and then it just worked. Don't know if you have the same problem as I had, and if the client settings are your problem as well.
Anyway, I ended up with the following settings in Thunderbird.

IMAP server
Port: 993
Connection security: SSL/TLS
Authentication method: Normal password

SMTP server
Port: 465
Connection security: SSL/TLS
Authentication method: Normal password

I can hardly believe that it is actually working now, after weeks of work, so I guess that it will not work when I wake up tomorrow ;)

/Mats

I got thunderbird working with this settings too, but how can i get rid of the "normal password" authentication method? I strictly followed the tutorial and got the impression that it would allow me to use encrypted autentication, like CRAM-MD5 instead of "normal password". Is this assumtion correct or did i misunderstood and "normal password" is the way to go?

If it should allow to use encrypted authentication, what are the parts in the tutorial i should take a closer look?
Btw. i added CRAM-MD5 to the imap_capability in the /etc/courier/imapd.

I tried roundcube and even here i can only use "LOGIN" as authentication method, but the roundcube detects that there should be CRAM-MP5 availabe (probably because it is enabled in courier) but resulting in "login failed".

I even looked in the courier documentation and it says that CRAM-MD5 authentication only works with plain passwords in the database, but if i understand correctly whats described in the tutorial that there is a workaround using SASL and PAM, i did whats described in the tutorial but either i made a mistake or it did not work.

Can someone help me?

tehownt
November 26th, 2013, 02:36 PM
First, thanks _a lot_ for the guide, I followed it and it worked nearly flawlessly. I only had issues with SASL and Roundcube playing nice together (over TLS), which seems to be the main headache anyways :)

Maybe it's because the guide does non-TLS config first and then specifies changes to have a TLS config but since the final configuration states that the smtps/submission listener should restrict to sasl authenticated (logical) and does not allow unauthenticated local webclients by default I had to change a couple of things.

Of course, I could have just added


permit_mynetworks to
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject_unauth_destination,reject in /etc/postfix/master.cf for both smtps and submission, but it would not have been as clean.

Instead, I first changed the submission to launch in chroot, since the guide does not have it chrooted. Plus submission on port 587 is much newer than smtps on port 465 and should be used for Roundcube.

In /etc/postfix/master.cf use the following line (remove the second 'n' from the guide).

submission inet n - - - - smtpd

Then make sure that in /etc/default/saslauthd you follow the guide (The different path for the socket are described just above in the same file):

OPTIONS="-r -c -m /var/spool/postfix/var/run/saslauthd"

Then Roundcube needs to be modified in order to use submission on the correct port, and this is the big difference : authenticate itself.

So in main.inc.php (whatever your location is, if you're using Ubuntu 12.04 LTS and do not want the old 0.7.x version, you can just use a manual installation following Roundcube's own guide and point your webserver to it).


$rcmail_config['smtp_server'] = 'tls://localhost';
$rcmail_config['smtp_port'] = 587;
$rcmail_config['smtp_user'] = '%u';
$rcmail_config['smtp_pass'] = '%p';
$rcmail_config['smtp_auth_type'] = 'LOGIN';

- You must use tls:// for port 587 and ssl:// for port 465 since they are different protocols and won't work interchangeably.
- You must tell Roundcube to give login/pw info to the smtp server, otherwise it will not be authenticated and since you only allow sasl authenticated clients, it will fail.
- The only method that worked for me was "LOGIN", using CRAM-MD5 or MD5-DIGEST had the pam authentication fail (I guess maybe because it's stored in the DB as a crypt token derived directly from a plaintext and not from an MD5 digest but I might be wrong). Eventhough this is not the most secure login type since it's basically plaintext/base64, it goes through TLS (if you force submission TLS only as described in the guide) and therefore shouldn't be that much of an issue.

If anyone has a way to get any of the digest method to work, please do reply.

Also things to consider that weren't mentionned in the guide :

- Make sure /etc/pam.d/smtp is empty from anything else than what the guide mentions.

- You can test SASL with testsaslauthd command such as

testsaslauthd testsaslauthd -r <DOMAIN> -u <USER_WITHOUT_@DOMAIN> -p '<CLEARTEXT_PASSWORD>' -f /var/spool/postfix/var/run/saslauthd/mux -s smtp
and see what goes on in sasl (/var/log/mail.log), the pam.d (/var/log/auth.log) module and mysql (/var/log/mysql/mysql.log) database getting hit with the SELECT query.

- Some options that are worth considering since they help a lot debugging postfix :


debug_peer_list=<IP_OF_PEER_TO_DEBUG>
debug_peer_level=3

One last thing concerning the guide, at one point the term 'apassword' is used for both the mail users themselves (when generating the encrypt/salted string) and the database user for the maildb (virtual hosts files etc.), it could become a bit confusing.

oliver6
November 28th, 2013, 04:11 AM
@tehownt
hey, could you please check if your post is related to my question i posted right above it? I am not sure if i understand what you wrote but it seems related to me. Does it solve my problem?

forsakenrider
November 30th, 2013, 04:24 AM
This seems like the best tutorial on the net! I've been pulling my hair out for days though. Took me forever to figure out my ISP blocks port 25!

I have a service with my dynamic DNS provider that should solve just this problem, an e-mail port forwarder. I can use a different port like 2525 or 26. Im not sure how to implement this with postfix. I have tried "relayhost = waterlowphotography.com:2525" But it doesnt seem to work. Does anyone know what I should do? I have started my install fresh and am now at the first "test" point after a simple server install.

roberto32
February 9th, 2014, 03:32 PM
try to forward port at your router - outside 2526 WAN : inside (LAN) 25

roberto32
February 9th, 2014, 03:37 PM
I edited the configuration files restart postfix and this is what i get
Feb 09 15:26:01 linux-clui.site postfix/sendmail[30911]: fatal: chdir /var/spool/postfix : No such file or directory

but that directory exists maybe some permission issue?
ls -la /var/spool/postfix
/var/spool/postfix:
total 0
drwxr-xr-x 1 root root 166 Nov 6 16:36 .
drwxr-xr-x 1 root root 138 Jan 20 12:48 ..
drwx------ 1 postfix root 0 Oct 18 15:11 active
drwx------ 1 postfix root 0 Oct 18 15:11 bounce
drwx------ 1 postfix root 0 Oct 18 15:11 corrupt
drwx------ 1 postfix root 0 Oct 18 15:11 defer
drwx------ 1 postfix root 0 Oct 18 15:11 deferred
drwx------ 1 postfix root 0 Oct 18 15:11 flush
drwx------ 1 postfix root 0 Oct 18 15:11 hold
drwx------ 1 postfix root 0 Oct 18 15:11 incoming
drwx-wx--- 1 postfix maildrop 8000 Feb 3 16:29 maildrop
drwxr-xr-x 1 root root 0 Jan 19 10:06 pid
drwx------ 1 postfix root 200 Jan 19 09:32 private
drwx--x--- 1 postfix maildrop 54 Jan 19 09:32 public
drwx------ 1 postfix root 0 Oct 18 15:11 saved
drwx------ 1 postfix root 0 Oct 18 15:11 trace and the only variable with that value is : queue directory so it should be fine, or could it be some permission issue?

roberto32
February 9th, 2014, 03:51 PM
actually it was problem that I've commnet on that line, delete command and it restarted like breeze, little weird. though..

roberto32
February 10th, 2014, 08:52 AM
linux-clui:~ # ps -ef| grep "postfix"
postfix 2571 31498 0 Feb09 ? 00:00:00 pickup -l -t fifo -u
postfix 3992 31498 0 Feb09 ? 00:00:00 cleanup -z -t unix -u
postfix 4909 31498 0 Feb09 ? 00:00:00 cleanup -z -t unix -u
postfix 7578 31498 0 Feb09 ? 00:00:00 cleanup -z -t unix -u
postfix 9774 31498 0 08:17 ? 00:00:00 qmgr -l -t fifo -u
robert 30877 1678 0 Feb09 ? 00:00:07 /usr/bin/okular /var/run/media/robert/data/robert/Public/postfix_the_definitive_guide.pdf --icon okular -caption Okular
root 31498 1 0 Feb09 ? 00:00:00 /usr/lib/postfix/master

linux-clui:~ # netstat -tupln | grep "25"
tcp 8 0 127.0.0.1:25 0.0.0.0:* LISTEN 31498/master so running as expected

telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'. but no output telnet hangs here

TheWayno104
February 10th, 2014, 12:04 PM
I need help everything works flawlessly apart from being able to sent email from a mail client i get relay access denied, the only way i can get it to work is if i add my ip or and external ip (if i want to access from another location), to the mynetworks in postfix/main.cf
I started another thread before i realised this one existed. http://ubuntuforums.org/showthread.php?t=2204556&p=12924217#post12924217

once everything is up and running smooth i will donate for your fabulous tutorial flurdy

My configs are posted in the other thread as well as the error message.

Pau_Peris
February 13th, 2014, 09:01 PM
Hi,

i've just followed this freaking awesome HowTo http://flurdy.com/docs/postfix/ and everything is working fine for the last six weeks but i also realized everyone can send emails through telnet on port 25 without the need of authenticating. Could someone explain me if that's been made on purpose?

Thanks a lot mates!

roberto32
February 13th, 2014, 09:40 PM
also solved that but another problem comes at the mysql - postfix "binding",
/etc/postfix/mysql_mailbox.cf is this

user=mail
password=mailPASSWORD
dbname=maildb
table=users
select_field=maildir
where_field=id
hosts=127.0.0.1
additional_conditions = and enabled = 1 , so that looks like every will have same password.....???

and what's that filed crypt in users table for? like sholdn't it bee like that

AES_ENCRYPT('password_for_particular-user',SHA2('mailPASSWORD',512)) so that mailPASSWORD is meant like encryption key ?

TheWayno104
February 18th, 2014, 07:02 AM
just a note for the people who are adding roundcube this will save you a small headache.
if roundcube cant send an email you need to do this.

Adding User Accounts

Note: If you set $rcmail_config['smtp_user'] and $rcmail_config['smtp_pass'] to '%u' and '%p' respectively in config/main.inc.php, you do not have to do the following steps.
Unfortunately, due to how Dreamhost has its email account system set up, RoundCube will not work out-of-the-box as it usually does. We have to manually add any accounts we want to be able to log in with to the users table in our MySQL database. Hopefully, an Admin interface that makes this easier will be added in the future. Until then, we get to do it the old-fashioned way.


Log into your database via phpMyAdmin (http://rcdb.yourdomain.com (http://rcdb.yourdomain.com/) in our installation example).
Click on the link to the users table in the left frame after you've selected your database from the dropdown menu.
Click on the "Insert" link at the top of the right frame.
The only fields you need to enter information in are username, mail_host, and alias. Username is user@domain.com (the same username this user would use for a normal email client), mail_host is mail.yourdomain.com, and alias is whatever you want the user to enter in the username field when logging into RoundCube.
Hit the Go button at the bottom of the page to submit the form after you've supplied the correct information.
Repeat for each user you want to have access to your RoundCube installation.
Log into RoundCube and add the following folders on the options page.

Drafts
Sent
Junk
Trash


To activate mail sending, you will also need to create an identity under Personal Settings --> Identities.

TheWayno104
February 18th, 2014, 07:05 AM
if roundcube cant log into the server you need to make these changes

$rcmail_config['imap_auth_type'] = LOGIN;
$rcmail_config['smtp_server'] = 'ssl://localhost';
$rcmail_config['default_host'] = 'ssl://localhost:993';

gidden2
March 3rd, 2014, 08:24 PM
I found out error in my configuration:
http://ubuntuforums.org/showthread.php?t=185913&p=12741127#post12741127

It did not work because I had password to database with symbol "#".
Do not use special symbols in database password. :)

Lead_Magnet
March 18th, 2014, 03:56 PM
I'd like to try this tutorial on a hosted server. WHile there is mention of EC2 services, there is no "recommended minimum spec" that I can find anywhere.

Can someone give me their opinion as to what physical hardware (min or recommended) this should have?

Can the tutorial be updated with this info?

Thanks :)

Jen_Nussbaum
March 26th, 2014, 04:56 AM
I've closely followed the great instructions at flurdy.com for how to set up a mail serve.r It's been a real struggle, though most of the time the problems were because i made wrong assumptions and thus made mistakes, not because the instructions were wrong.

But I do finally have things working. My question is about how the alias tables work, and specifically, how i can get a simple user name to log in with on Roundcube, for example. Let me explain.

I have only a single domain for this mail server. I don't need to alias a bunch of domains, i just want to host @example.com. I set up my users and aliases like flurdy.com suggests, so for example i have a "users" table with one entry "jen@localhost" for myself. Then the aliases table has mail "jen@localhost" with destination "jen@localhost". (I wish this weren't necessary, but flurdy instructions show this too.) This all works just fine. The problem is that with Roundcube, for my user I have to enter "jen@localhost". I want to just enter "jen". And to be honest, I havent moved beyond this to check if it will be a problem with @example.com instead of localhost.

So I guess the simple question is, what's the right way to add users/aliases so that i can as easily as possible add new users for the username @ example.com domain, and how can they log in using just "username" instead of something longer? (I'm happy to show tables etc., but they're just as in the example docs.)

Thank you.

MorningWood
March 31st, 2014, 05:50 AM
hmm, have an old dell laptop laying around. Will have to play with this.

m_gustafsson
May 1st, 2014, 11:10 PM
Hi,

I have setup my mail server to use maildrop the way it was described by Villu in comment #223 in this thread,
http://ubuntuforums.org/showthread.php?t=185913&page=23&p=7278296#post7278296
I did this on a server running Ubuntu 12.04. Now I updated the server to Ubuntu 14.04 and since then I cannot get reception of email working.
Emails are bounced with the following message:

user unknown. Command output: ERR:
authdaemon: s_connect() failed: Permission denied Invalid user specified.

If I run:

$ echo "test" | maildrop -V 9 -d test@myserver.netERR: authdaemon: s_connect() failed: Permission denied
Invalid user specified.

And:

$ sudo authtest test@myserver.net
Authentication succeeded.

My mail.log:

Apr 29 23:04:40 server4 postfix/pipe[15130]: D0B4DCC0E28: to=<test@myserver.net>, relay=maildrop, delay=0.08, delays=0.04/0/0/0.04, dsn=5.1.1, status=bounced (user unknown. Command output: ERR: authdaemon: s_connect() failed: Permission denied Invalid user specified. )

Anyone got any ideas what might be wrong?

/M

codyday88
May 7th, 2014, 07:22 PM
I am having troubles receiving emails. I can send though. I am Using Postfix for SMTP which works since I can send. I am using Courier for IMAP and POP3. I can connect to the server with a email client no issues, but when I sync mail with the server it reads that I have no mail. I looked in /var/spool/mail/usr and can see the emails at the bottom of the file using vim. The "mail.log" file also received the emails. I have no entries in the "mail.err" file.

I can sign into roundcube webmail also but with same problem as with the email clients.

Any ideas.

codyday88
May 7th, 2014, 11:17 PM
I fixed the issue. In the mail.log file is was moving to procmail due to the mail command. In the postfix main.cf I made sure "mail_command = ".

m_gustafsson
May 8th, 2014, 09:17 AM
Hi,

I have setup my mail server to use maildrop the way it was described by Villu in comment #223 in this thread,
http://ubuntuforums.org/showthread.php?t=185913&page=23&p=7278296#post7278296
I did this on a server running Ubuntu 12.04. Now I updated the server to Ubuntu 14.04 and since then I cannot get reception of email working.
Emails are bounced with the following message:

user unknown. Command output: ERR:
authdaemon: s_connect() failed: Permission denied Invalid user specified.

If I run:

$ echo "test" | maildrop -V 9 -d test@myserver.netERR: authdaemon: s_connect() failed: Permission denied
Invalid user specified.

And:

$ sudo authtest test@myserver.net
Authentication succeeded.

My mail.log:

Apr 29 23:04:40 server4 postfix/pipe[15130]: D0B4DCC0E28: to=<test@myserver.net>, relay=maildrop, delay=0.08, delays=0.04/0/0/0.04, dsn=5.1.1, status=bounced (user unknown. Command output: ERR: authdaemon: s_connect() failed: Permission denied Invalid user specified. )

Anyone got any ideas what might be wrong?

/M

I solved this by setting the sticky bit on the maildrop executable. It had been removed during the update of Ubuntu.

$ sudo chmod +s /usr/bin/maildrop

wouter6
May 18th, 2014, 01:04 PM
Hi,

i've got a problem with authenticating to imap using this tutorial. I've been stuck on it for several days now and can't seem to find an answer to my problem. I hope someone here might lead me in the right way.

authmysqlrc:


MYSQL_USERNAME mail
MYSQL_DATABASE maildb
MYSQL_USER_TABLE users
MYSQL_CRYPT_PWFIELD crypt
MYSQL_MAILDIR_FIELD concat(home,"/",maildir)
MYSQL_WHERE_CLAUSE enabled=1


mysql usertbal

mysql> describe users;
+-----------------+----------------------+------+-----+------------------------- +-------+
| Field | Type | Null | Key | Default | Extra |
+-----------------+----------------------+------+-----+------------------------- +-------+
| id | varchar(128) | NO | PRI | | |
| name | varchar(128) | NO | | | |
| uid | smallint(5) unsigned | NO | | 5000 | |
| gid | smallint(5) unsigned | NO | | 5000 | |
| home | varchar(255) | NO | | /var/spool/mail/virtual | |
| maildir | varchar(255) | NO | | blah/ | |
| enabled | tinyint(3) unsigned | NO | | 1 | |
| change_password | tinyint(3) unsigned | NO | | 1 | |
| clear | varchar(128) | NO | | ChangeMe | |
| crypt | varchar(128) | NO | | sdtrusfX0Jj66 | |
| quota | varchar(255) | NO | | | |
| procmailrc | varchar(128) | NO | | | |
| spamassasinrc | varchar(128) | NO | | | |
+-----------------+----------------------+------+-----+------------------------- +-------+
13 rows in set (0.00 sec)


content of table users:

mysql> select * from users;
+-----------------+--------+------+------+-------------------------+---------+---------+-----------------+----------+-----------------------------------------------------------------+-------+------------+---------------+
| id | name | uid | gid | home | maildir | enabled | change_password | clear | crypt | quota | procmailrc | spamassasinrc |
+-----------------+--------+------+------+-------------------------+---------+---------+-----------------+----------+-----------------------------------------------------------------+-------+------------+---------------+
| admin@cmail.be | admin | 5000 | 5000 | /var/spool/mail/virtual | admin/ | 1 | 1 | ChangeMe | $5$00b39a2239d67d48$d.yqU1saUnXgTRgz6Xs9nEPIIhsA8V cIo2gASc4/CZ7 | | | |
| root@localhost | root | 5000 | 5000 | /var/spool/mail/virtual | root/ | 1 | 1 | ChangeMe | $5$a2df96b36d068c35$9W6ROj17mIMEpCvJtTNHNTQYauVrCc AR7iWdOG13gw9 | | | |
| test@cmail.be | test | 5000 | 5000 | /var/spool/mail/virtual | test/ | 1 | 1 | ChangeMe | $5$742378da04f3f6c0$i4JPAE0nmEiLm0SvZw1qrfJp0vQQo4 Tu8RTk5iXo548 | | | |
| wouter@cmail.be | wouter | 5000 | 5000 | /var/spool/mail/virtual | wouter/ | 1 | 1 | ChangeMe | $5$bd03e239e166bb10$9i2ggdd9/sRJU.wDmAMBr0PIesUhjFCwu.PQGOfqSS4 | | | |
+-----------------+--------+------+------+-------------------------+---------+---------+-----------------+----------+-----------------------------------------------------------------+-------+------------+---------------+
4 rows in set (0.00 sec)


after a test in telnet syslog:

May 18 13:02:16 debian imapd: LOGIN FAILED, user=wouter@cmail.be, ip=[::1]
May 18 13:02:16 debian imapd: authentication error: Input/output error


mysql log:

86 Connect mail@localhost on
86 Init DB maildb
86 Query SELECT id, crypt, "", , gid, home, "", "", "", "" FROM users WHERE id = 'test@cmail.be'
86 Quit

anderhoff
October 4th, 2014, 02:51 AM
Ubuntu 14.04 64-bit (60GB VHDD, 2x 2 Cores, 2GB, 16MB video all as a VM on WMware ESXi server)
Shorewall (4.5.21.6-1 -- I think?)

I started to going through this how-to with another distro thinking it was pretty straight forward, but I quicklky ran into hipcups not finding any available source code for several packages (i.e. PostGrey - it's just gone) and confused about other items. Seeking a slightly easier road for success, I decided to simply do it by the book only to find versioning (directory and layout) problems.

The documentation doesn't seem to line up with with the 'apt-get install shorewall shorewall-doc' delivered goods.
The "/default-config" folder just doesn't exist within "/usr/share/doc/shorewall", but instead I have "/examples" with sub-folders "/Universal", "/one-interface", "/two-interfaces", and "/three-interfaces". There is no example "hosts" files to work with, and I'm not keen on making one up not knowing what the format inside the file ought to be. Some of the steps seem depreciated as Shorewall appears to prefer "Format 2" now, while the how-to appears to be using "Format 1" (the "detect" parameter tipped me off and I didn't know where to put it). Getting web servers up is fairly easy and straight forward.