Mail server HOWTO – Postfix and Dovecot with MySQL and TLS/SSL, Postgrey and DSPAM
This guide describes how to setup a mail server where Postfix is the SMTP service, and Dovecot provides IMAP and POP services. The users may be virtual and stored in a MySQL table, or real system users, or both. The primary focus for this guide however, is a fast and secure mail server using virtual users.
All this may be installed in either Debian 4.0 Etch or Ubuntu Feisty Fawn, since both systems are quite similar. Note however that there may be some minor issues if you use the default version of Dovecot, but I will try to note them down for you when they arise.
If you are a Ubuntu user, note that I will not use “sudo” in front of every command. Instead, I will launch a root shell using the command “sudo -s”.
Note that ticks like ‘ and ” are converted by WordPress, and may cause problems if copied directly into your configuration.
MySQL and Postfix admin
Installing software in Ubuntu and Debian is very easy, and to get the MySQL server and client installed, just execute the following.
# apt-get install mysql-server mysql-client
Step one is to set a password for the administrative user, which can be done with the following statement. See the MySQL documentation for more information.
# mysqladmin -u root password “newpwd”
Of couse, replace newpwd with your intended password. While you are at it, add a user mail with password mail, with access to database mail. You can of course change the password to something else if you wish, and you may give more restrictive permissions if you know what you are doing. Postfix and Dovecot will only SELECT from the database, while postfix admin will SELECT, UPDATE and INSERT into the database. You may even create two separate accounts for this. This guide however will use the same account.
# mysql -uroot -p
mysql> CREATE DATABASE mail;
mysql> GRANT ALL PRIVILEGES ON mail.* TO ‘mail’@'localhost’ IDENTIFIED BY ‘mail’;
mysql> quit
Now we need to download Postfix admin, since its distribution contains the required SQL schema which we want to use.
Once you have downloaded the Postfix admin distribution, you should have a tarball, and unpack it like this.
# tar xvfz postfixadmin-2.1.0.tgz
Open “postfixadmin-2.1.0/DATABASE_MYSQL.TXT” with your favorite editor such as vim, nano or gedit and comment out or remove all lines under section “Postfix / MySQL”, since we have created our own use for the mail server. The section is currently lines 26 to 39.
When this is done, just load the file into mysql using the following command.
# mysql -umail -p mail < postfixadmin-2.1.0/DATABASE_MYSQL.TXT
If you get an error saying “Access denied for user ‘mail’@'localhost’ to database ‘mysql’”, you didn’t comment out the lines like I told you. If you get no message after entering your password, everything went fine.
Postfix
Since we are using a Debian based system, installing Postfix is a walk in the park.
apt-get install postfix postfix-mysql
If you get questions about Postfix during the installation, just select “No configuration”. You have this guide, which will configure it for you instead!
The Postfix configuration directory is located in /etc/postfix, so head over there and open the file main.cf. Don’t worry if it does not exist. We will make it!
Start with entering the following basic information.
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
#delay_warning_time = 4h
myhostname = mail.mycompany.com
myorigin = mycompany.com
mydestination = localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
This is actually all you need to get a fully functional mail server with standard unix users. Remember however to change myhostname and myorigin to your own domain settings.
Virtual users
Now for adding support for virtual users in MySQL, also append the following lines to the main.cf configuration file.
# Virtual mailbox settings
virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf
virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf
virtual_minimum_uid = 150
virtual_uid_maps = static:150
virtual_gid_maps = static:8
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
# SASL Authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
There are several gotchas here. This configuration will host the virtual user mailboxes in /var/vmail. Should these mailboxes be hosted somewhere else, be sure to change that as appropriate.
The “virtual_minimum_uid” and “virtual_uid_maps” point to user id 150 in my case, which is a user I created specifically for handling virtual mail. It uses the standard “mail” group with the default gid 8 (in Debian and Ubuntu). Create the user and directories like this:
# useradd -r -u 150 -g mail -d /var/vmail -s /sbin/nologin -c “Virtual mailbox” vmail
# mkdir /var/vmail
# chmod 770 /var/vmail/
# chown vmail:mail /var/vmail/
Select which clients to permit
We also need to specify some rules, which will enable authenticated users to send mail, but not anyone.
Being an open relay is absolutely forbidden!
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
permit
For antispam measures and enabling TLS, see further down in this document.
Postfix MySQL configuration
Postfix needs to know where and how it can lookup all mailbox related information, so it needs to be provided with all MySQL files defined in the main.cf configuration. Note that the last line contains a comment line with the full query. Recent versions of Postfix may use that instead of the other statements, and in that case, just comment all lines out, and uncomment the last one.
/etc/postfix/mysql_virtual_alias_maps.cf
user = mail
password = mail
hosts = localhost
dbname = mail
table = alias
select_field = goto
where_field = address
additional_conditions = and active = ’1′
#query = SELECT goto FROM alias WHERE address=’%s’ AND active = ’1′
/etc/postfix/mysql_virtual_domains_maps.cf
user = mail
password = mail
hosts = localhost
dbname = mail
table = domain
select_field = domain
where_field = domain
additional_conditions = and backupmx = ’0′ and active = ’1′
#query = SELECT domain FROM domain WHERE domain=’%s’ AND backupmx = ’0′ AND active = ’1′
/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
user = mail
password = mail
hosts = localhost
dbname = mail
table = mailbox
select_field = quota
where_field = username
additional_conditions = and active = ’1′
#query = SELECT quota FROM mailbox WHERE username=’%s’ AND active = ’1′
/etc/postfix/mysql_virtual_mailbox_maps.cf
user = mail
password = mail
hosts = localhost
dbname = mail
table = mailbox
select_field = CONCAT(domain,’/',maildir)
where_field = username
additional_conditions = and active = ’1′
#query = SELECT CONCAT(domain,’/',maildir) FROM mailbox WHERE username=’%s’ AND active = ’1′
Dovecot delivery for Postfix
Postfix will hand the mail over to Dovecot for local delivery, and to set this up, you need to open the file /etc/postfix/master.cf and add the following like at the bottom.
dovecot unix – n n – – pipe flags=DRhu user=
vmail:mail argv=/usr/lib/dovecot/deliver -d $(recipient)
Dovecot IMAP and POP
The first step is to get the packages installed, and it’s simply a matter of using apt-get like before.
apt-get install dovecot-imapd dovecot-pop3d
You can of course omit the “dovecot-pop3d” package, if you are not planning on using POP, and why should you, when IMAP provides such wonderful extensions such as IDLE?
Open up the Dovecot configuration file located in /etc/dovecot/dovecot.conf and make it look the following. There is probably already lots of default configuration done, so you will probably only need to uncomment certain sections and change minor things.
## Dovecot configuration file
#
base_dir = /var/run/dovecot/
#
# imap imaps pop3 pop3s (use imaps and pop3s if configured for SSL)
protocols = imap pop3
#
# Uncomment the ssl_listen statements and comment out listen if using SSL
protocol imap {
listen = *:143
# ssl_listen = *:993
}
protocol pop3 {
listen = *:110
# ssl_listen = *:995
}
#
log_timestamp = “%Y-%m-%d %H:%M:%S ”
syslog_facility = mail
#
# Uncomment these if using SSL
#ssl_cert_file = /etc/ssl/mycompany/mailserver/mail-cert.pem
#ssl_key_file = /etc/ssl/mycompany/mailserver/mail-key.pem
#ssl_ca_file = /etc/ssl/mycompany/ca/mycompany.pem
#ssl_verify_client_cert = yes
#ssl_parameters_regenerate = 168
#verbose_ssl = no
#
# Where the mailboxes are located
mail_location = maildir:/var/vmail/%d/%u
#
mail_extra_groups = mail
mail_debug = no
first_valid_uid = 150
last_valid_uid = 150
maildir_copy_with_hardlinks = yes
#
protocol imap {
login_executable = /usr/lib/dovecot/imap-login
mail_executable = /usr/lib/dovecot/imap
imap_max_line_length = 65536
}
protocol pop3 {
login_executable = /usr/lib/dovecot/pop3-login
mail_executable = /usr/lib/dovecot/pop3
pop3_uidl_format = %08Xu%08Xv
}
protocol lda {
postmaster_address = postmaster@mydomain.com
sendmail_path = /usr/lib/sendmail
auth_socket_path = /var/run/dovecot/auth-master
}
#
auth_verbose = no
auth_debug = no
auth_debug_passwords = no
#
auth default {
mechanisms = plain
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
userdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
user = nobody
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0660
user = vmail
group = mail
}
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
#
# If you want client certificates, use these lines
# ssl_require_client_cert = yes
# ssl_username_from_cert = yes
}
Yes, the indentation was lost, but don’t fear. Just incorporate my changes to the existing file. The Dovecot configuration is almost finished now, but we need to add definitions on how it can find our password and user database stored in MySQL.
Open the file /etc/dovecot/dovecot-sql.conf and make sure that the following is present.
driver = mysql
connect = host=localhost dbname=mail user=mail password=mail
# The new name for MD5 is MD5-CRYPT so you might need to change this depending on version
default_pass_scheme = MD5
# Get the mailbox
user_query = SELECT ‘/var/vmail/%d/%n’ as home, ‘maildir:/var/vmail/%d/%n’ as mail, 150 AS uid, 8 AS gid, concat(‘dirsize:storage=’, quota) AS quota FROM mailbox WHERE username = ‘%u’ AND active = ’1′
# Get the password
password_query = SELECT username as user, password, ‘/var/vmail/%d/%n’ as userdb_home, ‘maildir:/var/vmail/%d/%n’ as userdb_mail, 150 as userdb_uid, 8 as userdb_gid FROM mailbox WHERE username = ‘%u’ AND active = ’1′
# If using client certificates for authentication, comment the above and uncomment the following
#password_query = SELECT null AS password, ‘%u’ AS user
Set the permissions for Dovecot.
# chmod 600 /etc/dovecot/*.conf
# chown vmail /etc/dovecot/*.conf
The Dovecot configuration is now finished, but all SSL-specific parameters have been disabled for now.
Postfix admin
Since Postfix admin requires a running web server, Apache and PHP needs to be installed first. As always, apt-get comes to the rescure, and we need to restart Apache after the installation of php5-mysql.
# apt-get install apache2 libapache2-mod-php5 php5-mysql
# invoke-rc.d apache2 restart
To make things easy, just move the postfixadmin directory downloaded earlier to /var/www/ and copy the config file to its real name.
# mv postfixadmin-2.1.0 /var/www/postfixadmin
# cd /var/www/postfixadmin/
# cp config.inc.php.sample config.inc.php
There are some directives you will need to change, and they are quite self-explanatory, but here are the highlights.
$CONF['postfix_admin_url'] = ‘/var/www/postfixadmin/’;
$CONF['postfix_admin_path'] = ‘http://localhost/postfixadmin’;
$CONF['database_type'] = ‘mysqli’;
$CONF['database_user'] = ‘mail’;
$CONF['database_password'] = ‘mail’;
$CONF['database_name'] = ‘mail’;
Do some tests to see if everything works
The server should now be fully up and running, so go to http://localhost/postfixadmin/admin/ and create a new domain and user. If you then look at the log file /var/log/syslog, you should see something like this.
postfix/smtpd[1819]: connect from localhost[127.0.0.1]
postfix/smtpd[1819]: 1A0DF66886: client=localhost[127.0.0.1]
postfix/cleanup[1824]: 1A0DF66886: message-id=<20070415093021.1A0DF66886@mail.mydomain.com>
postfix/qmgr[1067]: 1A0DF66886: from= , size=408, nrcpt=1 (queue active)
postfix/smtpd[1819]: disconnect from localhost[127.0.0.1]
deliver(joch@mydomain.com): msgid=<20070415093021.1A0DF66886@mail.mydomain.com>: saved mail to INBOX
postfix/pipe[1825]: 1A0DF66886: to=, relay=dovecot, delay=0.09, delays=0.06/0.01/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
postfix/qmgr[1067]: 1A0DF66886: removed
If you received an error, extract the error message and go from there.
TLS and SSL for Postfix and Dovecot
Before you push this server out into production, you will most definitely want to enable encryption. You can have different levels of security, and here are the most common scenarios.
The simplest form is having a simple self-signed certificate on the server. This will generate a warning message when the clients first connect, but they should be able to save it for further use. It is not really secure, since anyone can execute a man-in-the-middle attack if you don’t save the certificate.
The next level is using a server certificate signed by a Certificate Authority (CA), either a commercial one, or perhaps the company internal CA. This way, the server certificate will be trusted, and if you now receive a warning, there is potentially something bad going on.
Last but definitely not least is using client certificates for logging in to the server, and using a server certificate to authenticate the server to the clients. This is quite secure, but it is not supported in all mail clients. Thunderbird among others do have support for it.
Self-signed server certificate
First create the directories, create the private key, and lastly create the certificate.
# mkdir -p /etc/ssl/mycompany/mailserver/
# cd /etc/ssl/mycompany/mailserver/
# openssl genrsa 1024 > mail-key.pem
# chmod 400 mail-key.pem
# openssl req -new -x509 -nodes -sha1 -days 365 -key mail-key.pem > mail-cert.pem
Note that “Common Name (eg, YOUR name)” MUST match the name of the server, which in this case is mail.mycompany.com
Dovecot SSL configuration
When you have the certificate ready, it needs to be enabled in both Dovecot and Postfix. You will need to uncomment the following directives in dovecot.conf
protocols
ssl_listen
ssl_cert_file
ssl_key_file
ssl_parameters_regenerate = 168
verbose_ssl = no
Dovecot should now be accepting SSL-connections on port 993. Check the log-file for an entry like this when you login using IMAP.
dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.1.1, lip=127.0.1.1, TLS
The keyword is TLS to the right, which shows that you are using a TLS encrypted session.
Postfix TLS configuration
You will need to add a few lines to your main.cf configuration file to enable TLS.
smtpd_tls_cert_file = /etc/ssl/mycompany/mailserver/mail-cert.pem
smtpd_tls_key_file = /etc/ssl/mycompany/mailserver/mail-key.pem
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache
smtpd_tls_security_level = may
smtpd_tls_received_header = no
smtpd_tls_loglevel = 0
tls_random_source = dev:/dev/urandom
Now you should be able to authenticate with Postfix and send mail anywhere.
CA-signed certificate
Using a real CA-signed certificate is no different from using a self-signed one. It’s just another step in the key-pair creation. If your company has its own CA, then they should issue a certificate for the mail server. A Google search for be your own ca will give you enough answers to create one yourself, if you have the need.
CA-signed client and server certificates
If you want to use CA-signed client certificates, you will need to take further steps, both in Postfix and in Dovecot to make this work. If you want the user names to be taken from the certificate itself, you currently must set the common name to the user name, for example joch@mycompany.com, which has been used in this document.
In Postfix, you can either use a directory of CA certificates, or a composite file with all the certificates concatenated together.
smtpd_tls_CAfile = /etc/ssl/mycompany/ca/all.pem
#smtpd_tls_CApath = /etc/ssl/mycompany/ca/
In Dovecot, you must have the CRL together with the certificate for the authentication to work. The directives themselves are the following.
ssl_ca_file = /etc/ssl/mycompany/ca/all.pem
ssl_verify_client_cert = yes
ssl_require_client_cert = yes
ssl_username_from_cert = yes
You will also need to change the password_query to the commented one in /etc/dovecot/dovecot-sql.conf
If you are running Dovecot release candidate 28 or older, the server will not send out the list of accepted CA names, which could make clients with multiple client certificates unable to connect. Please upgrade or install this patch.
If you have several CAs and CRLs, it could be difficult to concatenate them each time, so I have created a small script which will do that for you. Just stick it in your /etc/ssl/mycompany/ca/ directory and run it. It will create an all.pem with all certificates and all CRLs.
make.sh:
#!/bin/bash
rm all.pem 2> /dev/null
cat *.pem *.crl > all.pem
Like I said before, there are some settings in Postfix that need to be changed as well, so open up main.cf and note the following.
smtp_tls_CAfile = /etc/ssl/mycompany/ca/all.pem
smtpd_tls_ask_ccert = yes
smtpd_tls_req_ccert = no
smtpd_recipient_restrictions =
permit_mynetworks
permit_tls_all_clientcerts
reject_unauth_destination
permit
Now you should have an enterprise ready email server with client certificates.
Anti-spam measures
Everyone hates spam, so you will need to take some measures to protect your users from it.
Postgrey
Greylisting is a fairly effective countermeasure against spam, so we of course want to enable it for Postfix. First of all, let’s get Postgrey installed and as always, that is very easy in Debian and Ubuntu.
You can use other greylisting daemons which use MySQL for example if you like, but then you are on your own.
# apt-get install postgrey
Postgrey will be injected before Postfix handles over the delivery to Dovecot, so we need to add it in the very end of “smtpd_recipient_restrictions” in main.cf, just before the final “permit” rule.
check_policy_service inet:127.0.0.1:60000
Open up /etc/default/postgrey in your favourit editor and change the options line to the following. Yes, there should be two dashes, – -, but WordPress makes them to one long.
POSTGREY_OPTS=”–inet=127.0.0.1:60000 –delay=55″
Then restart postgrey and incoming mail will be delayed 55 seconds, and you will hopefully get a lot less spam!
# invoke-rc.d postgrey restart
Postfix RBL and other rules
There are other rules you can add to Postfix which will reduce spam. Incorporate the following into your main.cf configuration.
smtpd_recipient_restrictions =
permit_mynetworks
permit_tls_all_clientcerts
#permit_sasl_authenticated
reject_non_fqdn_hostname
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unauth_destination
reject_unauth_pipelining
reject_invalid_hostname
#reject_unknown_sender_domain
#reject_unknown_hostname
reject_rbl_client zen.spamhaus.org
reject_rbl_client bl.spamcop.net
reject_rbl_client cbl.abuseat.org
reject_rbl_client dnsbl.njabl.org
reject_rbl_client dnsbl.sorbs.net
reject_rhsbl_sender dsn.rfc-ignorant.org
check_policy_service inet:127.0.0.1:60000
permit
#
smtpd_data_restrictions =
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permitNote that I have commented out “reject_unknown_hostname”, because there are some legit mail servers out there that send the wrong host name. That rule does however catch lots of spam, so it’s a call you will have to make.
You now have a reasonable protection against spam. There are other server-side filtering services which use the bayesian algorithm to catch most spam.
DSPAM
Sorry, to be added later.
Final remarks
This guide will aid you in setting up a large-scale mail server, but it is always important to understand that you should take care and explore all options before diving in and setting this up in a real environment. There are probably lots of things that can be improved in this setup, but I will leave that up to you.
This setup will scale rather well, as you can cleanly separate the different component onto separate machines to reduce the load.
To conclude, always pay close attention to the logs. I always tail syslog when doing these kinds of things and you should too.
# tail -f /var/log/syslog
The above command will give you a real-time log when things happen, so keep one terminal running with just this.
References and further reading
If you find this howto useful, please consider making a small (or large) donation to contribute to enhancements and new guides.
Trackbacks & Pingbacks
- Johnny Chadda .se : Postfix HOWTO
- Installation d’un serveur de mails: Postfix + Dovecot + Dspam + Clamav + Postfixadmin at My blog, life & stuff
- ghost3k » Postfix + Dovecot
- Email-Server auf Ubuntu: Postfix, dovecot und policyd-weight ¦ media-scientific - IT Blog
- Johnny Chadda .se : Updating the Postfix HOWTO
- ubuntu 6.06 LTS virtual mailserver « Tenny bagindo’s Weblog
- Lighttpd und Confixx - Server Support Forum
- Server-Newbie: Verwaltung eines VServers - Server Support Forum
- How To Configure ISP Mail Server With Virtual Users/Domain On Centos 4.5 Using Postfix, Dovecot, MySQL, phpMyAdmin, TLS/SSL | All Free For You
- unix86.org » Mail server HOWTO - Postfix and Dovecot with MySQL and TLS/SSL, Postgrey and DSPAM
- Full Mail Server Solution w/ Virtual Domains & Users - Page 14 (Final Notes) | Library Tutorial
- How To Configure ISP Mail Server With Virtual Users/Domain On Centos 4.5 Using Postfix, Dovecot, MySQL, phpMyAdmin, TLS/SSL
- Full Mail Server Solution w/ Virtual Domains & Users (Debian Etch, Postfix, Mysql, Dovecot, DSpam, ClamAV, Postgrey, RBL) Page 14 | All Free For You
- postfix multiple domains one user?
- Postfix as Sending MTA for Multiple Domains
- How do I set Quota for mail boxes in postfix
Hi,
This is exactly what I was looking for.
thanks for publishing.
But I do have a problem…
When I try creating a mailbox within a domain, I get this in the syslog:
Apr 17 07:47:14 squamosa postfix/proxymap[23185]: warning: mysql query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '??youplala.net??? AND active = ???1???' at line 1Apr 17 07:47:14 squamosa postfix/trivial-rewrite[23184]: fatal: proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): table lookup problem
Apr 17 07:47:15 squamosa postfix/smtpd[23182]: warning: premature end-of-input on private/rewrite socket while reading input attribute name
Apr 17 07:47:15 squamosa postfix/master[23127]: warning: process /usr/lib/postfix/trivial-rewrite pid 23184 exit status 1
This is on Etch.
Any hint?
Thanks,
Nico
I’m a moron, you warned about the wordpress-translated quotes…
Thanks for the great How-to!
Nico
[quote comment="29688"]I’m a moron, you warned about the wordpress-translated quotes…
Thanks for the great How-to!
Nico[/quote]
Great that you solved it by yourself!
I’m glad I could be of help with the Howto.
Hi,
what a nice how-to you got there but i have this problem in retrieving the mails. i used thunderbird as my mail client and configure to use ssl base authentication. once i hit get mail, it wont retrieve any. but as i see my log, it authenticate succesfully.
Apr 20 18:52:01 debian dovecot: imap-login: Login: user=, method=plain, rip=192.168.1.4, lip=192.168.1.5, TLS
Another thing is it creates another virtual mailbox in /var/vmail/mydomain.ph without @mydomain.ph
# ls -l /var/vmail/mydomain.ph
drwx—— 6 vmail mail 4096 2007-04-20 18:52 paul
[quote comment="29919"]Hi,
what a nice how-to you got there but i have this problem in retrieving the mails. i used thunderbird as my mail client and configure to use ssl base authentication. once i hit get mail, it wont retrieve any. but as i see my log, it authenticate succesfully.
Apr 20 18:52:01 debian dovecot: imap-login: Login: user=, method=plain, rip=192.168.1.4, lip=192.168.1.5, TLS
Another thing is it creates another virtual mailbox in /var/vmail/mydomain.ph without @mydomain.ph
# ls -l /var/vmail/mydomain.ph
drwx—— 6 vmail mail 4096 2007-04-20 18:52 paul[/quote]
If you are using my configuration, it will create virtual mailboxes like this:
/var/vmail/domain.tld/user
I would suggest that you verify that Postfix is delivering mail correctly to Dovecot, and check that the mail ends up in /var/vmail/mydomain.ph/paul.
Then enable debugging in Dovecot and try logging in to see what happens when the client tries to fetch the mail.
If you can’t find the problem, try pasting the relevant log entries here.
Hi,
it works! thanks a lot. at first it does not create /var/vmail/mydomain.ph/paul but instead /var/vmail/mydomain.ph/paul@mydomain.ph and now it works after i enable debugging in dovecot.
But is there a way to manage virtual mailbox quota?
thanks in advance.
[quote comment="30025"]Hi,
it works! thanks a lot. at first it does not create /var/vmail/mydomain.ph/paul but instead /var/vmail/mydomain.ph/paul@mydomain.ph and now it works after i enable debugging in dovecot.
But is there a way to manage virtual mailbox quota?
thanks in advance.[/quote]
Great news!
Start by looking at the quota page on the Dovecot wiki: http://wiki.dovecot.org/Quota
Postfix admin should already be setup to use quota, so there shouldn’t be any big changes necessary.
i edit dovecot.conf and make it look like this:
protocol imap {
…
mail_plugins = quota imap_quota
}
protocol pop3 {
…
mail_plugins = quota
}
…
mail_plugins = quota
}
plugin {
quota = maildir:storage=10240
}
but ive got an error in postfix.
Apr 21 05:42:34 mail postfix/smtpd[9641]: connect from unknown[192.168.8.107]
Apr 21 05:42:34 mail postfix/smtpd[9641]: 8B72A3CC1D0: client=unknown[192.168.8.107]
Apr 21 05:42:34 mail postfix/cleanup[9646]: 8B72A3CC1D0: message-id=
Apr 21 05:42:34 mail postfix/qmgr[9638]: 8B72A3CC1D0: from=, size=663, nrcpt=1 (queue active)
Apr 21 05:42:34 mail dovecot: auth(default): master in: USER^I1^Ipaul@mydomain.net^Iservice=deliver
Apr 21 05:42:34 mail dovecot: auth-worker(default): sql(paul@mydomain.net): SELECT ‘/var/vmail/mydomain.net/paul’ as home, ‘maildir:/var/vmail/mydomain.net/paul’ as mail, 150 AS uid, 8 AS gid, concat(‘dirsize:storage=’, quota) AS quota FROM mailbox WHERE username = ‘paul@mydomain.net’ AND active = ’1′
Apr 21 05:42:34 mail dovecot: auth(default): master out: USER^I1^Ipaul@mydomain.net^Ihome=/var/vmail/mydomain.net/paul^
Imail=maildir:/var/vmail/mydomain.net/paul^Iuid=150^Igid=8^Iquota=dirsize:storage=0
Apr 21 05:42:34 mail postfix/smtpd[9641]: disconnect from unknown[192.168.8.107]
Apr 21 05:42:34 mail postfix/sendmail[9652]: fatal: no debugger_command variable set up
Apr 21 05:42:34 mail postfix/pipe[9647]: 8B72A3CC1D0: to=, relay=dovecot, delay=0.05, delays=0.01/0/0/0.04, dsn=4.3.0, status=deferred (temporary failure. Command output: sendmail: fatal: no debugger_command variable set up )
any hint?
thanks
[quote comment="30145"](temporary failure. Command output: sendmail: fatal: no debugger_command variable set up)[/quote]
I’m guessing you added -D to smtpd in master.cf. You should have used the lower-case v for debugging instead. “smtpd -v”.
Very nice tutorial
One thing:
[quote post="266"]# mysql -umail -p mail
[quote comment="30647"]Very nice tutorial
One thing:
[quote post="266"]# mysql -umail -p mail[/quote]
Thanks! I’m not sure what you mean by your quote though.
That means that mysql should connect with user mail, use a password and use the database called mail.
Hi,
sorry, seems that something went wrong with the quote
Just wanted to ask if it’s spelled “mysql -umail …” or “mysql -u mail …”
And please post the DSPAM Section
Thanks in advance,
Greets lotrac
[quote comment="30689"]Hi,
sorry, seems that something went wrong with the quote
Just wanted to ask if it’s spelled “mysql -umail …” or “mysql -u mail …”
And please post the DSPAM Section
Thanks in advance,
Greets lotrac[/quote]
The space is optional in “-u mail”, so which ever you prefer.
Yes, the DSPAM section is somewhat delayed at the moment I’m afraid, since I have too much to do right now. However, I felt that I should post the howto even though that section was not yet completed. It will appear in a not so distant future if all goes as planned though.
Cheers
Hello followed you procedure, buy I seem to be getting a lot of 550 errors when I email to the postfix server. Here is my main.cf I would be greatful if you could have a look.
Cheers
Johno
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA’s job.
append_dot_mydomain = no
# Uncomment the next line to generate “delayed mail” warnings
#delay_warning_time = 4h
# TLS parameters
smtpd_tls_cert_file = /etc/ssl/mailserver/mail-cert.pem
smtpd_tls_key_file = /etc/ssl/mailserver/mail-key.pem
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache
smtpd_tls_security_level = may
smtpd_tls_received_header = no
smtpd_tls_loglevel = 0
tls_random_source = dev:/dev/urandom
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = domain.com
myorigin = /etc/mailname
mynetworks = 127.0.0.0/8, 192.168.#.#/24
mailbox_size_limit = 0
message_size_limit = 0
recipient_delimiter =
inet_interfaces = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
#smtpd_sender_restrictions = reject_non_fqdn_sender,reject_unknown_sender_domain
mydestination =
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
# SASL Authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_helo_required = yes
#Disables NIS Lookup Code
#alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf
#Virtual Mailboxes Settings
virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf
#All mail is held in this locatation
virtual_mailbox_base = /var/vmail
virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf
virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf
virtual_minimum_uid = 150
virtual_uid_maps = static:150
virtual_gid_maps = static:8
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
#Amavis New
content_filter = smtp-amavis:[127.0.0.1]:10024
#ISP Relay Host
relayhost = domain.co.uk
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
inet_protocols = all
[quote comment="31457"]Hello followed you procedure, buy I seem to be getting a lot of 550 errors when I email to the postfix server. Here is my main.cf I would be greatful if you could have a look.[/quote]
Hello. It would be alot easier if you could post the entire error message you get. Only saying 550 doesn’t really help much, except that I know it’s a “permanent” error.
Cheers
This is the Postfix program at host mailb01.thehostingserversmail.com.
I’m sorry to have to inform you that your message could not be
be delivered to one or more recipients. It’s attached below.
For further assistance, please send mail to
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The Postfix program
: host xxxx.co.uk[##.#.##.###] said:
550-yyyy [##.6##.#.#]:41002 is currently not permitted
to 550-relay through this server. Perhaps you have not logged into the
pop/imap 550-server in the last 30 minutes or do not have SMTP
Authentication turned on 550 in your email client. (in reply to RCPT TO
command)
I meant the relevant mail.log entries on the mail server itself.
Assuming xxxx.co.uk is your mail server, it seems that it can’t find the domain that you are sending to in the SQL database. Is the SQL connection working properly? Is the appropriate domain and mailbox added to this database?
If you can’t find out where in the chain to find the error, enable logging in Postfix by adding -v to smtpd in master.cf and check the logs. You will see the SQL statements there too as they are being executed. Make sure those are correct.
When debugging the mail server, send mail to it directly without using a relay in the middle.
Good luck.
Hi!
Totally new to this (linux at all)
I followed your howto and i get this in /var/log/syslog when creating new user mailbox through postfixadmin web config…
————-
May 15 11:33:23 egw postfix/smtpd[5880]: warning: database /etc/aliases.db is older than source file /etc/aliases
May 15 11:33:23 egw postfix/smtpd[5880]: warning: dict_nis_init: NIS domain name not set – NIS lookups disabled
May 15 11:33:23 egw postfix/smtpd[5880]: warning: SASL: Connect to private/auth failed: No such file or directory
May 15 11:33:23 egw postfix/smtpd[5880]: fatal: no SASL authentication mechanisms
May 15 11:33:24 egw postfix/master[5259]: warning: process /usr/lib/postfix/smtpd pid 5880 exit status 1
May 15 11:33:24 egw postfix/master[5259]: warning: /usr/lib/postfix/smtpd: bad command startup — throttling
—————
Sorry i haven’t provide all required info, but i just don’t know what to show.
Tnx for understanding and thnx for any replys…
[quote comment="31792"]Hi!
Totally new to this (linux at all)
I followed your howto and i get this in /var/log/syslog when creating new user mailbox through postfixadmin web config…[/quote]
Hi there. If you are taking this on as a new Linux user, you will probably need to do some hard work.
Ok, let’s check off the warnings.
[quote post="266"]warning: database /etc/aliases.db is older than source file /etc/aliases[/quote]
Run “newaliases” on the command-line to remove this warning.
[quote post="266"]warning: dict_nis_init: NIS domain name not set – NIS lookups disabled[/quote]
Remove statements in main.cf with “nis:” in them.
[quote post="266"]warning: SASL: Connect to private/auth failed: No such file or directory[/quote]
It can’t connect to your private/auth socket. Verify that you have this in your Dovecot config:
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
Restart Dovecot and verify that it’s actually there and that the permissions are correct.
“ls -l /var/spool/postfix/private/auth” should give something like this:
srw-rw—- 1 postfix postfix 0 2007-04-13 11:25 /var/spool/postfix/private/auth
Good luck.
Hi,
Great article, had it up and running with very little effort. Thanks.
I have a question about supporting “local” users. Do they need to be added to the mail system databases via postfixadmin?
And is it possible to setup a “default” domain that gets added to a users name should they not specify it when they attempt to login? I tried modifying dovecot-sql.conf to add the default domain to the ‘%u’ – as in ‘%u@tbayne.net’ and it turns out that when I do that, something in the authentication chain adds an additional ‘@tbayne.net’, so that when Dovecot finally tries to authenticate, it sees a username of tbayne@tbayne.net@tbayne.net…. kind of odd that.
Thanks
[quote comment="31863"]Great article, had it up and running with very little effort. Thanks.[/quote]
Thanks! I’m glad you found it useful.
[quote post="266"]I have a question about supporting “local†users. Do they need to be added to the mail system databases via postfixadmin?[/quote]
It is possible to support both local and virtual users. Have a look here for instructions on how to set this up: http://wiki.dovecot.org/Authentication/MultipleDatabases
[quote post="266"]And is it possible to setup a “default” domain that gets added to a users name should they not specify it when they attempt to login?[/quote]
Check out “auth_default_realm”. It is defined as “Default realm/domain to use if none was specified. This is used for both SASL realms and appending @domain to username in plaintext logins.”
Good luck.
Gracias!! el “howto” está super… pero no puedo autenticarme mediante outlook :’(, por favor alguien puede ayudarme e indicarme que debo modificar para que pueda autenticarme con outlook?
Hi Johnny,
Many thanks for this howto however would it be possible to remove comment 16 with the domain name listed.
Cheers Buddy
Johno
[quote comment="32402"]Gracias!! el “howto” está super… pero no puedo autenticarme mediante outlook :’(, por favor alguien puede ayudarme e indicarme que debo modificar para que pueda autenticarme con outlook?[/quote]
) if you can.
Hi there Isabel. Excuse my ignorance, but I don’t understand Spanish. Please, if you will, write it in English (or Swedish
[quote comment="32404"]Hi Johnny,
Many thanks for this howto however would it be possible to remove comment 16 with the domain name listed.
Cheers Buddy
Johno[/quote]
Hey Johno.
No problem! It has been taken care of. (removed the domain name in comment 16 and 17)
Cheers
Hi Johnny!!
I have a problem, users can access their mail from Web, Outlook is the problem, I can connect to server but users can’t authenticate by outlook.
Logs show this:
May 21 15:36:47 mail dovecot: pop3-login: Disconnected: rip=200.87.233.114, lip=200.87.233.93
Can you help me please?
[quote comment="32412"]Hi Johnny!!
I have a problem, users can access their mail from Web, Outlook is the problem, I can connect to server but users can’t authenticate by outlook.
Logs show this:
May 21 15:36:47 mail dovecot: pop3-login: Disconnected: rip=200.87.233.114, lip=200.87.233.93
Can you help me please?[/quote]
Hello again.
You can set some workarounds for Outlook in dovecot.conf. Look in the “protocol pop3″ section and try using “pop3_client_workarounds = outlook-no-nuls” for example.
Have you selected SSL for Outlook if you are using that? And not selected it when you are not using it. My Outlook skills are quite limited I’m afraid, since I never use it.
If all else fails though, enable debugging in dovecot.conf and see what happens.
auth_verbose = yes
auth_debug = yes
verbose_ssl = yes
If you are using an old version, you should probably try upgrading to the lastest one before proceeding.
Just an idea, you say that you are accessing the mail using the web, so I assume that you are using IMAP there? Why not use IMAP in Outlook as well?
Good luck.
Hi..!
Thanks..!!
I enabled debugging in dovecot.conf, and I could to solve my problem,
but I have a question, can I or any user authenticate with account only?, example:
now: user: isabel@mydomain.com
pass: xxxxxx
then:
user: isabel
pass: xxxxxx
any idea?
[quote comment="33041"]Hi..!
Thanks..!!
I enabled debugging in dovecot.conf, and I could to solve my problem,
but I have a question, can I or any user authenticate with account only?
any idea?[/quote]
Check out comment 21: “Check out “auth_default_realmâ€. It is defined as “Default realm/domain to use if none was specified. This is used for both SASL realms and appending @domain to username in plaintext logins.—
It will hopefully solve your problem. Good luck!
Hi there.
Great how to.
Do you have any plans about dspam?
It would be great if you could add it to the guide.
Kind regards
[quote comment="33068"]Hi there.
Great how to.
Do you have any plans about dspam?
It would be great if you could add it to the guide.
Kind regards[/quote]
Thanks!
I currently don’t have the time to write and test it, but things will start slowing down as summer comes, so I will hopefully have time to do this in a not so distant future.
Hi Johnny
Really excellent HowTo – thanks very much for putting it together.
I have a query re. sasl authentication – should postfix use saslauthd? .. and how?
My /etc/postfix/sasl/smtpd.conf looks like this:
pwcheck_method: saslauthd
mech_list: plain login
and my /etc/default/saslauthd like this:
START=yes
PARAMS=”-m /var/spool/postfix/var/run/saslauthd -r”
MECHANISMS=”pam”
.. so saslauthd doesn’t know where to find virtual user passwords. I get this in my saslauthd logs:
auth_pam: pam_authenticate failed: User not known to the underlying authentication module
Clearly I should be using another pwcheck method .. or another saslauthd mechanism?
If you have a minute I’d be grateful if you could make a suggestion.
Thanks,
Simon
[quote comment="33190"]pwcheck_method: saslauthd
mech_list: plain login
(…)
START=yes
PARAMS=”-m /var/spool/postfix/var/run/saslauthd -r”
MECHANISMS=”pam”
(…)[/quote]
Hi there Simon, and thanks!
It seems like you are using the Cyrus sasl libraries, which you should not do. Dovecot has its own sasl implementation, and if you follow this guide, it should be all set-up for you.
Notice, for instance, the following lines in the Postfix configuraion (main.cf):
# SASL Authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
To conclude, you don’t need the Cyrus SASL library, unless you are doing something very special.
Good luck!
Hi Johnny,
great HowTo. Made setting up an imap-server a breeze. Thanks alot.
and Simon:
[quote post="266"]and my /etc/default/saslauthd like this:
START=yes
PARAMS=â€-m /var/spool/postfix/var/run/saslauthd -râ€
MECHANISMS=â€pamâ€[/quote]
Had a similar problem here: The solution was to use
MECHANISMS=â€rimap -O 127.0.0.1 -râ€
which will make saslauth use the local imap server for authentication.
Great tutorial man. I think I managed to work a lot out. However, when I get to the “do some tests to see if everything works”, I can create a new domain, but when I try to create a new alias(user), it creates the mailbox but then says in red below this, “Unable to create mailbox!”.
This is difficult to diagnose because my syslog nor mail.log are showing any traces of these creations. The logs are showing other activity for getting this setup though.
Any ideas?
Hey!
Thanx for this nice howto.
There are just one thing missing to get this to be a complete mailserver (in my opinion) and that are to implement a mailingslist function.
Will you add that to this magnific howto? (or are there anyone else here that can make an addon?) I been trying mailman, but I cant get it up and running the way I want.
Hey, Thanks!
close to what I was doing and this seems to work nicer!
Now, to make a script that does all this automagically each time I install debian.
[quote comment="33374"]Hi Johnny,
great HowTo. Made setting up an imap-server a breeze. Thanks alot.[/quote]
Thanks! I’m glad you found it useful!
[quote comment="33438"]Great tutorial man. I think I managed to work a lot out. However, when I get to the “do some tests to see if everything works”, I can create a new domain, but when I try to create a new alias(user), it creates the mailbox but then says in red below this, “Unable to create mailbox!”.
This is difficult to diagnose because my syslog nor mail.log are showing any traces of these creations. The logs are showing other activity for getting this setup though.
Any ideas?[/quote]
Strange that you don’t get any entries in syslog when creating the mailbox. All Postfixadmin is doing is sending an email to that newly created mailbox, which will create the Maildir automatically.
Try making the Postfix smtpd daemon more verbose and check for any strange behavior. In /etc/postfix/master.cf, the first uncommented line will begin with “smtp”. In the command column it will say “smtpd”, change that to “smtpd -v” to get more information printed to the syslog.
[quote comment="33628"]Hey!
Thanx for this nice howto.
There are just one thing missing to get this to be a complete mailserver (in my opinion) and that are to implement a mailingslist function.
Will you add that to this magnific howto? (or are there anyone else here that can make an addon?) I been trying mailman, but I cant get it up and running the way I want.[/quote]
Thank you! A mailing list manager is not really the scope of this guide, but it’s an interesting thought. I might add it when the Dspam section is finished. (but there is no time at the moment though).
[quote comment="33918"]Hey, Thanks!
close to what I was doing and this seems to work nicer!
Now, to make a script that does all this automagically each time I install debian.
[/quote]
Thanks! Or you can just save the /etc/postfix and /etc/dovecot directories and restore them if you reinstall later on.
Alright, first off, great guide!
Secondly, whenever I restart postfix, I get this error: “postfixpostconf: fatal: /etc/postfix/main.cf, line 34: missing ‘=’ after attribute name: “permit_tls_all_clientcerts” postconf: fatal: /etc/postfix/main.cf, line 34: missing ‘=’ after attribute name: “permit_tls_all_clientcerts” ”
Also, I get the same error as Patrik, “Unable to create mailbox!â€
There’s also a fourth thing, this is what my log says:
Jun 12 16:49:25 debian dovecot: imap-login: Aborted login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Jun 12 16:49:33 debian dovecot: auth-worker(default): sql(jesse@nauthez.ath.cx,127.0.0.1): Password query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\200\230/var/vmail/nauthez.ath.cx/jesse�\200\231 as userdb_home, �\200\230maildir:/var/vmail/nauth’ at line 1
Thanks! Let’s look at your problems shall we.
[quote post="266"]Secondly, whenever I restart postfix, I get this error: “postfixpostconf: fatal: /etc/postfix/main.cf, line 34: missing ‘=’ after attribute name: “permit_tls_all_clientcertsâ€[/quote]
Ok, it seems like your “smtpd_recipient_restrictions” line is wrong. It should look something like this:
smtpd_recipient_restrictions =permit_mynetworks
permit_tls_all_clientcerts
reject_non_fqdn_hostname
...
[quote post="266"]Also, I get the same error as Patrik, “Unable to create mailbox!â€[/quote]
This may be related to the issue above. If not (and I assume that you have looked in the logs for errors), change smtpd to smtpd -v in master.cf and see what goes wrong. (you will get lots of debug output in /var/log/syslog). I’m guessing it may be a tick problem in /etc/postfix/mysql_virtual_*. (see below for details)
[quote post="266"]Password query failed: You have an error in your SQL syntax[/quote]
If you look at the top of the document it states: “Note that ticks like ‘ and †are converted by WordPress, and may cause problems if copied directly into your configuration.”
So open up your /etc/dovecot/dovecot-sql.conf and replace the ticks with the proper ones.
Good luck!
[quote post="266"]Ok, it seems like your “smtpd_recipient_restrictions†line is wrong. It should look something like this:[/quote]
Ah, this could be a potential problem. There should be spaces in the beginning of the arguments. WordPress seems to remove them. I’ll replace the spaces with dots, so you see more clearly.
smtpd_recipient_restrictions =
…permit_mynetworks
…permit_tls_all_clientcerts
…reject_non_fqdn_hostname
Alright, in my “/etc/postfix/main.cf”, I have this:
smtpd_recipient_restrictions =
permit_mynetworks
permit_tls_all_clientcerts
#permit_sasl_authenticated
reject_non_fqdn_hostname
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unauth_destination
reject_unauth_pipelining
reject_invalid_hostname
reject_unknown_sender_domain
#reject_unknown_hostname
reject_rbl_client zen.spamhaus.org
reject_rbl_client list.dsbl.org
reject_rhsbl_sender dsn.rfc-ignorant.org
check_policy_service inet:127.0.0.1:60000
permit
...
I checked all the “/etc/postfix/mysql_virtual_*”, and all the information is correct (I changed some variables, like user and password. I’m not sure if this could affect some files since I made sure to change them all.)
In my “/etc/dovecot/dovecot-sql.conf”, everything is configured correctly, although i’m not sure if I should use MD5-CRYPT instead of MD5.
I also have another question. I used this guide to set up apache, mysql, and php (http://www.mysql-apache-php.com/), and I can get the mail server working inside my network. When I get to this point (http://www.mysql-apache-php.com/#mailserver), it says I need to specify the dovecot authentication daemon socket, but I don’t know how. That’s the only thing keeping me from getting it to work outside of my network.
Is it necesary to install a quota (apt-get install quota) for quota thing in dovecot to work?
i am also having a problem with sending mail with authorization…below is the log
Jun 17 12:22:31 mail dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=IMAP^Isecured^Ilip=192.168.0.20^Irip=192.168.0.1^I
resp=AHRvbWlzbGF2QG1heGltaXIuY29tAG1paGExOTc4
Jun 17 12:22:31 mail dovecot: auth-worker(default): sql(tomislav@maximir.com,192.168.0.1): query: SELECT username as user, password, ‘/var/vmail/maximir.com/tomislav’ as userdb_home, ‘maildir:/var/vmail/maximir.com/tomislav’ as userdb_mail, 150 as userdb_uid, 8 as userdb_gid FROM mailbox WHERE username = ‘tomislav@maximir.com’ AND active = ’1′
Jun 17 12:22:31 mail dovecot: auth(default): client out: OK^I1^Iuser=tomislav@maximir.com
Jun 17 12:22:31 mail dovecot: auth(default): master in: REQUEST^I3^I2478^I1
Jun 17 12:22:31 mail dovecot: auth(default): passwd(tomislav@maximir.com,192.168.0.1): unknown user
Jun 17 12:22:31 mail dovecot: auth-worker(default): sql(tomislav@maximir.com,192.168.0.1): SELECT ‘/var/vmail/maximir.com/tomislav’ as home, ‘maildir:/var/vmail/maximir.com/tomislav’ as mail, 150 AS uid, 8 AS gid, concat(‘dirsize:storage=’, quota) AS quota FROM mailbox WHERE username = ‘tomislav@maximir.com’ AND active = ’1′
Jun 17 12:22:31 mail dovecot: auth(default): master out: USER^I3^Itomislav@maximir.com^Ihome=/var/vmail/maximir.com/tomislav^
Imail=maildir:/var/vmail/maximir.com/tomislav^Iuid=150^Igid=8^Iquota=dirsize:storage=204800
Jun 17 12:22:31 mail dovecot: imap-login: Login: user=, method=PLAIN, rip=192.168.0.1, lip=192.168.0.20, TLS
Jun 17 12:22:31 mail dovecot: IMAP(tomislav@maximir.com): Effective uid=150, gid=8
Jun 17 12:22:31 mail dovecot: IMAP(tomislav@maximir.com): maildir: data=/var/vmail/maximir.com/tomislav
Jun 17 12:22:31 mail dovecot: IMAP(tomislav@maximir.com): maildir: root=/var/vmail/maximir.com/tomislav, index=/var/vmail/maximir.com/tomislav, control=, inbox=
Jun 17 12:22:34 mail postfix/smtpd[2475]: connect from mikrotik.maximir.com[192.168.0.1]
Jun 17 12:22:34 mail postfix/smtpd[2475]: NOQUEUE: reject: RCPT from mikrotik.maximir.com[192.168.0.1]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo=
Jun 17 12:22:34 mail postfix/smtpd[2475]: disconnect from mikrotik.maximir.com[192.168.0.1]
Hey,
Great work on the tutorial! I’ve got everything set up perfectly except for one problem. When I telnet localhost 25 from the server and EHLO I get
220 server.com ESMTP Postfix (Ubuntu)
250-server.com
250-PIPELINING
250-SIZE 10340000
250-VRFY
250-ETRN
250 8BITMIME
221 Bye
However, when I try to connect from a remote machine (telnet server.com 25) the connection times out (Could not open connection to the host, on port 25: Connect failed). I have no problem connecting to any other services on the machine.
lsof -i tcp:25 gives
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
master 6659 root 11u IPv4 68779 TCP *:smtp (LISTEN)
So it is listening on all addresses, just not responding?
/var/log/syslog shows nothing while I am attempting to connect from a remote host.
Any help you could give would be greatly appreciated.
Thanks!
-Garret
Thanks for this great guide.
Is there anything that I need to set if I need to send email via this server eg.smtp-auth?
Cos when I try to send out email, I get similar error that Tommy faced.
Thanks.
First of all, sorry for the late reply. Summertime and everything now.
[quote comment="34679"]I checked all the “/etc/postfix/mysql_virtual_*”, and all the information is correct (I changed some variables, like user and password. I’m not sure if this could affect some files since I made sure to change them all.)
In my “/etc/dovecot/dovecot-sql.conf”, everything is configured correctly, although i’m not sure if I should use MD5-CRYPT instead of MD5.[/quote]
To login using username and password, you need to remove the hash (#) from permit_sasl_authenticated, to enable Postfix to authenticate against the Dovecot authentication socket.
[quote comment="34801"]I also have another question. I used this guide to set up apache, mysql, and php (http://www.mysql-apache-php.com/), and I can get the mail server working inside my network. When I get to this point (http://www.mysql-apache-php.com/#mailserver), it says I need to specify the dovecot authentication daemon socket, but I don’t know how. That’s the only thing keeping me from getting it to work outside of my network.[/quote]
The Dovecot authentication socket has nothing to do with you being able to access the mail server from outside your network. You need to open up port 25 in your firewall and forward it to your mail server. Some ISPs block incoming connections on port 25, so that might be your problem.
[quote comment="35834"]Is it necesary to install a quota (apt-get install quota) for quota thing in dovecot to work?[/quote]
Have a look here: http://wiki.dovecot.org/Quota
[quote comment="35876"]i am also having a problem with sending mail with authorization…below is the log
(…)
Jun 17 12:22:31 mail dovecot: auth(default): passwd(tomislav@maximir.com,192.168.0.1): unknown user
(…)
[/quote]
Dovecot can’t seem to find the user tomislav@maximir.com. Are you sure he’s added to the proper MySQL table? I’m a bit concerned about the IP being appended like that. I don’t remember if that just for display or if there is something wrong with the incoming query. Get back to me if you can’t get it working.
[quote comment="36275"]Great work on the tutorial!
However, when I try to connect from a remote machine (telnet server.com 25) the connection times out (Could not open connection to the host, on port 25: Connect failed). I have no problem connecting to any other services on the machine.[/quote]
Thanks! The most probable cause is that your ISP is blocking incoming connections to port 25. This is fairly common, and it sadly denies you the ability to run your own mail server. In Sweden at least, it’s possible to call the ISP and have them unblock port 25 for you if you take responsibility for not relaying mail etc.
[quote comment="39628"]Thanks for this great guide.
Is there anything that I need to set if I need to send email via this server eg.smtp-auth?
Cos when I try to send out email, I get similar error that Tommy faced.
Thanks.[/quote]
The SMTP authentication should already be in place. Make sure that you have “permit_sasl_authenticated” in “smtpd_recipient_restrictions” and that there is no hash (#) in front of that line.
You have to read the article, not just copy-paste the configuration.
Good luck!
NOQUEUE: reject: RCPT from unknown[192.168.0.2]: 554 5.7.1 : Client host rejected: Access denied; from= to= proto=ESMTP helo=
any suggest??
great tutorial!!! thanks!!
[quote comment="40618"]NOQUEUE: reject: RCPT from unknown[192.168.0.2]: 554 5.7.1 : Client host rejected: Access denied; from= to= proto=ESMTP helo=
any suggest??
great tutorial!!!
thanks!![/quote]
Thanks! So you get relay access denied. This could be any number of things, but make sure that you are authenticated. Do you have “permit_sasl_authenticated” in “smtpd_recipient_restrictions”, without the hash (#)?
Also, does this occur when you are sending mail to your domain, or somewhere else?
Yes, i have the option in the smtpd_recipient_restrictions. I send you the out of postconf -n, please check that y give you opinion, thanks…
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
disable_dns_lookups = no
disable_vrfy_command = yes
inet_interfaces = all
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
message_size_limit = 20971520
mydestination = localhost, localhost.localdomain
myhostname = dns1.serverdlj.cl
mynetworks = 127.0.0.0/8, 192.168.0.0/24
myorigin = /etc/mailname
recipient_delimiter =
relayhost =
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = permit_mynetworks reject_rbl_client, reject_rhsbl_client, reject_unknown_client, permit
smtpd_data_restrictions = permit_mynetworks reject_unauth_pipelining reject_multi_recipient_bounce permit
smtpd_helo_restrictions = permit_mynetworks reject_invalid_hostname permit
smtpd_recipient_restrictions = permit_mynetworks check_recipient_access hash:/etc/postfix/filtered_domains check_sender_access hash:/etc/postfix/access permit_tls_all_clientcerts permit_sasl_authenticated reject_non_fqdn_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unauth_destination reject_unauth_pipelining reject_invalid_hostname reject_unknown_sender_domain reject_rbl_client zen.spamhaus.org reject_rbl_client list.dsbl.org reject_rhsbl_sender dsn.rfc-ignorant.org check_policy_service inet:127.0.0.1:60000 permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = hash:/etc/postfix/access permit
smtpd_tls_cert_file = /etc/ssl/certs/serverdlj/dovecot.crt
smtpd_tls_key_file = /etc/ssl/certs/serverdlj/dovecot.key
smtpd_tls_loglevel = 0
smtpd_tls_received_header = no
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:8
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 150
virtual_transport = dovecot
virtual_uid_maps = static:150
I have using the postfix postgrey dovecot ssl…
Hi !
Great work, but is not working with MS outlook and outlook express !
Why ?
MSO and MSOE authenticate with “login” method to smtp server !
Your dovecot.conf is not included this, only the “plain” method !
.
.
.
auth default {
mechanisms = plain login
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
.
.
Sorry 4my english
[quote comment="40659"]Yes, i have the option in the smtpd_recipient_restrictions.
I send you the out of postconf -n, please check that y give you opinion, thanks…
[/quote]
Ok, it seems as there is something not quite right. You should not need to add your network to mynetworks, since the authentication process will take care of that.
In any case, enable debugging in Postfix and check which rule gets you blocked. Edit /etc/postfix/master.cf and change smtpd to smtpd -v an reload Postfix. Then check the log files and try sending an email, and see what happens.
[quote comment="41233"]Hi !
Great work, but is not working with MS outlook and outlook express !
Why ?
MSO and MSOE authenticate with “login” method to smtp server !
Your dovecot.conf is not included this, only the “plain” method !
auth default {
mechanisms = plain login
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
Sorry 4my english
[/quote]
Thanks! I never use Outlook/Express, so I don’t know if it works there or not. (it should though). You seemed to find the solution yourself though, so great, and thanks for the tip.
There are som additional settings for Outlook users, which you might need to enable: http://wiki.dovecot.org/Clients
Good luck!
IN ## Dovecot configuration file YOU HAVE
# Where the mailboxes are located
mail_location = maildir:/var/vmail/%d/%u
TWO THINGS:
1) mail_location seems to be replaced with default_mail_env in newer dovecot. I got error. Replaced it, and it seems to work fine now.
2) Are you sure about %u. Should it not be %n
Thank you.
Resolving: Proper authentication required
When you send an email from your PC through your VPS’s SMTP server do you get an error message like: Relaying denied. Proper authentication required.’, Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79?
Check you have ticked the “My Server Requires Authentication” option on your Outgoing Server section (in Outlook).
Works now, thanks. Pivo
[quote comment="41286"]IN ## Dovecot configuration file YOU HAVE
# Where the mailboxes are located
mail_location = maildir:/var/vmail/%d/%u
TWO THINGS:
1) mail_location seems to be replaced with default_mail_env in newer dovecot. I got error. Replaced it, and it seems to work fine now.
2) Are you sure about %u. Should it not be %n
Thank you.[/quote]
1. Ok, I haven’t upgraded to the latest version yet. Thanks for the input.
2. It doesn’t really matter in this scenario, since both will resolve to the username. %n should work as well, if you are more comfortable using it.
[quote comment="41548"]Resolving: Proper authentication required
When you send an email from your PC through your VPS’s SMTP server do you get an error message like: Relaying denied. Proper authentication required.’, Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79?
Check you have ticked the “My Server Requires Authentication” option on your Outgoing Server section (in Outlook).
Works now, thanks. Pivo[/quote]
And just to clarify. The SMTP settings on the client should be port 25, TLS, and if using client certificates, it should not send the username and password.
Cheers.
Hi Johnny. Thanks a lot about your wonderful article. So i have some problem:
I want configure with vacation service (autorespondent – out at office). How can i configure? with virtual users?
I look in postfixadmin dir. VIRTUAL_VACATION. I read manual. And configure step by step. But not working.
How can i configure properly? with support autorespondent
Thanks.
P.S. Sorry for english mistakes
Great how-to. But I still have one problem. I’m running ubuntu 7.04 server. So I’ve installed postfix, dovecat… Servers work fine. I tested them with my e-mail client (Thunderbird). But then i’m trying to login http://localhost/postfixadmin/user/ or http://localhost/postfixadmin/ I get this message:
Warning: session_start() [function.session-start]: Cannot send session cookie – headers already sent by (output started at /var/www/postfixadmin/config.inc.php:2) in /var/www/postfixadmin/login.php on line 61
Warning: session_start() [function.session-start]: Cannot send session cache limiter – headers already sent (output started at /var/www/postfixadmin/config.inc.php:2) in /var/www/postfixadmin/login.php on line 61
Warning: Cannot modify header information – headers already sent by (output started at /var/www/postfixadmin/config.inc.php:2) in /var/www/postfixadmin/login.php on line 65
What I have done wrong?
[quote comment="42087"]Great how-to. But I still have one problem. I’m running ubuntu 7.04 server. So I’ve installed postfix, dovecat… Servers work fine. I tested them with my e-mail client (Thunderbird). But then i’m trying to login http://localhost/postfixadmin/user/ or http://localhost/postfixadmin/ I get this message:
Warning: session_start() [function.session-start]: Cannot send session cookie – headers already sent by (output started at /var/www/postfixadmin/config.inc.php:2) in /var/www/postfixadmin/login.php on line 61
Warning: session_start() [function.session-start]: Cannot send session cache limiter – headers already sent (output started at /var/www/postfixadmin/config.inc.php:2) in /var/www/postfixadmin/login.php on line 61
Warning: Cannot modify header information – headers already sent by (output started at /var/www/postfixadmin/config.inc.php:2) in /var/www/postfixadmin/login.php on line 65
What I have done wrong?[/quote]
Thanks! You have probably accidentally added a space or newline in config.php when you configured it.
Hi!
Johnny, let me just say that I am a tough user, I won’t use software that takes more than three attempts for me to try to do something. Following your guide on a Debian Etch fresh install I managed to get the complete system working in quick time. Frankly I never expected it to work so well so easily. I have MailScanner, Postfix, Dovecot, MySQL, TLS/SSL, ClamAV, postfixadmin. I started slowly using my main domain and it ran smoothly, then after tweaking it I have added handling for more domains.
You win on the howto stakes, frankly this howto rocks, and I keep referring back to it.
My only problem now, and I don’t know the answer at the moment is that I am trying to use Bayes SQL in SpamAssissin. I set it up and now it doesn’t appear to be using it, annoying because I find it quite useful. Also I don’t know how to sa-learn with vmail folders in Dovecot.
I am going to persist and see what I can come up with, but any input would be good.
Bob
Hi,
first thanks to you for this tutorial.
@Patrick and Jesse: make sure you have a localhost entry in /etc/hosts file . I get the same error “unable to greate mailbox” all the time and no errors in any log files. Then I add that line in /etc/hosts and now it works.
cheers
Thanks for this great howto! I have a question regarding spam control.
Spam is blocked at score 5 and everything works ok for users with virtual mailboxes, i. e. the ones I POP3 into with Outlook. But that doesn’t work for forwardings, i. e. user@example.com –> otheruser@yahoo.com. Spam with a score > 5 gets forwarded as is, there are no X-Spam-Score: headers and no trace of spam filtering kicking in. Forwarded mails don’t get these X-Spam headers, virtual mailbox mails get them.
Therefore, some basic questions: Where do I look for this problem? Is it a postfix issue (master.cf), an amavis/spamassassin problem, or even dovecot? I’d love to post some configs, but I just don’t have a clue where to look at
[quote comment="43823"]You win on the howto stakes, frankly this howto rocks, and I keep referring back to it.
My only problem now, and I don’t know the answer at the moment is that I am trying to use Bayes SQL in SpamAssissin. I set it up and now it doesn’t appear to be using it, annoying because I find it quite useful. Also I don’t know how to sa-learn with vmail folders in Dovecot.[/quote]
Thanks! It’s always great to hear people finding the guide useful. I don’t use BayesSQL, but I will have a look at it down the road when I find some time.
[quote comment="44577"]first thanks to you for this tutorial.[/quote]
You are most welcome! Thanks for the hosts-file suggestion.
[quote comment="44589"]Where do I look for this problem? Is it a postfix issue (master.cf), an amavis/spamassassin problem, or even dovecot? I’d love to post some configs, but I just don’t have a clue where to look at
[/quote]
Thanks! Well, it depends on where you hook in amavis/spamassassin. If it’s in the delivery process, it will never be triggered when forwarding since Postfix will just pass it along. It could probably be solved by triggering amavis/spamassassing in the “content_filter”. The Spamassassin Wiki has some information on the subject.
Linux novice here.
Nice easy-to-follow HowTo. However, I have a problem starting Dovecot, i.e. it won’t start. I think the relevent lines from syslog are as follows:
Sep 15 11:11:29 server1 postfix/proxymap[3667]: fatal: /etc/postfix/mysql_virtual_alias_maps.cf: bad string length 0
Sorry, my last message got truncated – the rest of it is as follows:
Sep 15 11:11:29 server1 postfix/proxymap[3667]: fatal: /etc/postfix/mysql_virtual_alias_maps.cf: bad string length 0
I give up – the relevent bit is:
Sep 15 11:11:29 server1 postfix/proxymap[3667]: fatal: /etc/postfix/mysql_virtual_alias_maps.cf: bad string length 0
Hi,
there is a squirrelmail-postfixadmin plugin, which I patched up and
worked on recently… see
http://squirrelmail-postfixadmin.palepurple.co.uk
For further details.
thanks
David.
Hey, great tutorial here. Works quite well.
Sir, can you give me your email address. I have many problems in my postfix server. Here, I can not attach my dovecot postfix config file. I tried using postfix admin to cretate an account, after that i tried sing squirrelmail to check my mail account. I was successful to sign in. but when I could not send an email. I tried check my syslog. this is the result :
Sep 26 16:49:29 voippemberontak postfix/smtpd[10320]: warning: dict_nis_init: NIS domain name not set – NIS lookups disabled
Sep 26 16:49:29 voippemberontak postfix/pipe[10326]: fatal: get_service_attr: unknown username:
Sep 26 16:49:30 voippemberontak postfix/qmgr[9764]: warning: premature end-of-input on private/dovecot socket while reading input attribute name
Sep 26 16:49:30 voippemberontak postfix/qmgr[9764]: warning: private/dovecot socket: malformed response
Sep 26 16:49:30 voippemberontak postfix/qmgr[9764]: warning: transport dovecot failure — see a previous warning/fatal/panic logfile record for the problem description
Sep 26 16:49:30 voippemberontak postfix/master[9762]: warning: process /usr/lib/postfix/pipe pid 10326 exit status 1
Sep 26 16:49:30 voippemberontak postfix/master[9762]: warning: /usr/lib/postfix/pipe: bad command startup — throttling
Sep 26 16:49:30 voippemberontak postfix/qmgr[9764]: 39BE19A6FE: to=, relay=none, delay=1.2, delays=0.07/1.1/0/0, dsn=4.3.0, status=deferred (unknown mail transport error)
Sep 26 16:49:38 voippemberontak dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=IMAP^Isecured^Ilip=127.0.0.1^Irip=127.0.0.1^Iresp=
Thx, getting this error, looks that is not taking in consideration the domain portion of the user name, any suggestion or do you need any of my confi files?
Sep 28 22:26:10 mail postfix/local[5567]: E163013EFD: to=, relay=local, delay=0.13, delays=0.07/0.01/0/0.05, dsn=5.1.1, status=bounced (unknown user: “aberrio”)
Sep 28 22:26:10 mail postfix/qmgr[5314]: E163013EFD: removed
Best regards
al
Hi Johnny! Cool this guide. But can i have 2 domain’s with this configs? I mean. 1) domain (example.com). 2) domain(example.tj) ?? And what i must doing for this?
hej, real good tutorial, thanx a lot! much better than when i did all that stuff some years ago… too sad that the dspam-section is not there.
uhm, just wanted to drop the note, that in some of my test-cases the delay for the greylisting is too low. i tested from several mailaccounts on different servers and some got rejected, but passed trough when i set it back to the default delay of 300.
keep up the good work! nïkö
Hi,
Im having trouble when trying to send mail. Im running Ubuntu 6.06.1 LTS.
Oct 17 21:40:55 knox postfix/smtpd[14980]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Oct 17 21:40:55 knox postfix/smtpd[14980]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Oct 17 21:40:55 knox postfix/smtpd[14980]: warning: SASL authentication failure: no secret in database
Why is this? I thought It would auth against mysql?
Sir
Thank-you for your help in this matter, however I’m still getting the following errors.
Oct 22 23:13:27 ubtset01 postfix/proxymap[3909]: fatal: open /etc/postfix/mysql_virtual_alias_maps.cf: No such file or directory
Oct 22 23:13:28 ubtset01 postfix/smtpd[3880]: warning: premature end-of-input on private/proxymap socket while reading input attribute name
Oct 22 23:13:28 ubtset01 postfix/smtpd[3880]: warning: private/proxymap socket: service dict_proxy_open: Success
Can you please tell me what I’m doing wrong
#78 Please check that you have, and that the file is spelled correctly. /etc/postfix/mysql_virtual_alias_maps.cf
Johnny > Do you have an ETA on dspam?
Hi Johny. You don’t answer me. I configure with your guid. Is work fine! But i would like configure function autorespondent for each user if need. How to configure its? Thank you for understand!
Hello everyone, and sorry for not being able to reply to all your questions. I have too much going on right now and I have to prioritize work. However, some small answers follow:
[quote comment="46554"]Hi Johnny! Cool this guide. But can i have 2 domain’s with this configs? I mean. 1) domain (example.com). 2) domain(example.tj) ?? And what i must doing for this?[/quote]
This is done automatically if you follow my guide. Just add another domain in Postfix Admin, and you are ready to go.
[quote comment="46828"]Hi,
Im having trouble when trying to send mail. Im running Ubuntu 6.06.1 LTS.
Oct 17 21:40:55 knox postfix/smtpd[14980]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Oct 17 21:40:55 knox postfix/smtpd[14980]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
Oct 17 21:40:55 knox postfix/smtpd[14980]: warning: SASL authentication failure: no secret in database
Why is this? I thought It would auth against mysql?[/quote]
This is only a warning and can be ignored. To remove the warning, simply create an empty /etc/sasldb2 file.
[quote comment="47054"]Sir
Thank-you for your help in this matter, however I’m still getting the following errors.
Oct 22 23:13:27 ubtset01 postfix/proxymap[3909]: fatal: open /etc/postfix/mysql_virtual_alias_maps.cf: No such file or directory
Oct 22 23:13:28 ubtset01 postfix/smtpd[3880]: warning: premature end-of-input on private/proxymap socket while reading input attribute name
Oct 22 23:13:28 ubtset01 postfix/smtpd[3880]: warning: private/proxymap socket: service dict_proxy_open: Success
Can you please tell me what I’m doing wrong[/quote]
Have you created /etc/postfix/mysql_virtual_alias_maps.cf and the other files? The contents of these files is described in the guide.
[quote comment="47089"]#78 Please check that you have, and that the file is spelled correctly. /etc/postfix/mysql_virtual_alias_maps.cf
Johnny > Do you have an ETA on dspam?
[/quote]
Sorry no. Like I said earlier, my time is limited and I have to prioritize other things. It will come though, but when is another question.
[quote comment="47095"]Hi Johny. You don’t answer me. I configure with your guid. Is work fine! But i would like configure function autorespondent for each user if need. How to configure its? Thank you for understand![/quote]
The function is called “vacation”, and you could perhaps find some implementation if you search using Google. It is possible to do this with Sieve http://wiki.dovecot.org/LDA/Sieve but that might not be what you want.
Thanks everyone!
Hi, Johnny
I’m trying to a domain by using the postfix admin but it shows an error message “the domain is exist”.
I think its strange since i was configured a new mail server.
Do you have any suggestion ??
when i’m trying to add the new domain for the new mail server it said that the domain is exist ??
do you have any ide what is it ??
How goes the DSPAM HowTo?
Anxious to get that running!
Keep up the good work!
Terry
First of all, thank you, this is a fantastic guide.
Do you have any idea how to configure squirrelmail to work with this setup? Would be great.
Thanks
Any way to integrate squirrelmail into this excellent guide?
any ETA on the dspam integration tutorial section? and any plan on also including the web interface configuration along with dspam?
Great tutorial by the way.
Great tutorial!
Seem to be having a few problems.
I followed your directions to the letter, made sure all of my ‘,and ” were done right. I get to the point where I check the settings by adding a domain and user. First, the domain sets well, then the user goes to the table, but “unable to create mailbox” happens. After checking the logs and fixing various issues
(fatal: /etc/postfix/main.cf, line 53: missing ‘=’ after attribute name: “permit_sasl_authenticated”)
(/etc/postfix/mysql_virtual_alias_maps.cf: bad string length 0
ok, comment got cut…the issue
“postfix/master[23948]: fatal: /etc/postfix/master.cf: line 78: bad transport type: argv=/usr/lib/dovecot/deliver”, no usr mailboxes getting created (I checked the ticks) and shoudl I indent the 3 lines after “permit_mynetworks =” in main.cf, I added a “=” after them instead. thanks!
Hej!
Tack för en bra HOWTO.
Får inte riktigt det att funka dock, får följande fel i syslog:
Nov 21 10:47:39 g-kraft postfix/proxymap[14401]: warning: request for unapproved table: “mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf”
Nov 21 10:47:39 g-kraft postfix/proxymap[14401]: warning: to approve this table for proxymap access, list proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf in main.cf:proxy_read_maps
Nov 21 10:47:39 g-kraft postfix/smtpd[14400]: fatal: proxymap service is not configured for table “mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf”
Nov 21 10:47:40 g-kraft postfix/master[13547]: warning: process /usr/lib/postfix/smtpd pid 14400 exit status 1
Nov 21 10:47:40 g-kraft postfix/master[13547]: warning: /usr/lib/postfix/smtpd: bad command startup — throttling
Hjälp!
/Daniel
In Ubuntu Dapper, this bit
dovecot unix – n n – - pipe flags=DRhu user=
vmail:mail argv=/usr/lib/dovecot/deliver -d $(recipient)
doesn’t seem to work for me – there seems to be some sort of permissions issue with dovecot.conf which is set to read-write only to owner (root)
This is true when calling deliver as the mailbox_command too.
Can anyone help?
Hi,
are there any chances that you will post dspam section?
p.
what does this error mean:
ERROR 1071 (42000) at line 143: Specified key was too long; max key length is 1000 bytes
i’m getting this after I unpackage the file and type in my password.
i’m using postfixadmin-2.2.0rc1, not postfixadmin-2.1.0 as mentioned in your article.
thanks.
# whereis nologin
/usr/sbin/nologin
Big Problem !
I get an error when i try to sent an email to one of my virtuell mail accounts:
“Recipient address rejected: User unknown in virtual alias table.”
I compared and checked my config 10000′s times. What could that be ???
Thanks,
Sascha
Hi there! Your HOWTO has really helped me weed out a lot of issues in setting up postfix. Love the way that you have SASL authenticating with dovecot.
I am having a problem with graylisting though. The email is getting delivered through dovecot before it does the check with the greylisting service. How do I modify it so that it greylists before delivering?
Also, do you have a setup for greylisting through the unix service rather than on the local interface?
Thanks
Nevermind. I was using a Gmail account to test and google.com is whitelisted by default in postgrey. Silly me.
Thanks again.
Hi, I am new to linux and my new server runs on Ubuntu Linux. I am running Dovecot and postfix.
Everything works ok but I have a problem with using my pop3 or IMAP client like outlook express.
The mx records in the dns shows mail.domain.com but when I use that as the servers with my username and password, it cannot download mails neither can I send mails.
I am able to access mails using usermin though.
What do you think I am doing wrong?
Any help will be appreciated
I know this sounds strange but I can get to the postfixadmin page but I do not know what my userid and password is. Where can I locate this at?
I thought to finally have found a decent tutorial, but in “Do some tests to see if everything works” I get “The domain already exists!” in postfixadmin. and subsequent, these error messages in maillog:
postfix/pickup[6406]: 780B0BAD329: uid=0 from=
postfix/cleanup[6520]: 780B0BAD329: message-id=
postfix/cleanup[6520]: warning: 780B0BAD329: virtual_alias_maps map lookup problem for root@rhaj.lan
What am i doing wrong?
hi please help me…. this is my error
Mar 26 01:17:50 mail postfix/trivial-rewrite[6287]: warning: connect to mysql server localhost: Can’t connect to local MySQL server through socket ‘/var/run/mysqld/mysqld.sock’ (2)
Mar 26 01:17:50 mail postfix/trivial-rewrite[6287]: fatal: mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): table lookup problem
Mar 26 01:17:51 mail postfix/master[5113]: warning: process /usr/lib/postfix/trivial-rewrite pid 6287 exit status 1
Mar 26 01:17:51 mail postfix/master[5113]: warning: /usr/lib/postfix/trivial-rewrite: bad command startup — throttling
Mar 26 01:17:51 mail postfix/smtpd[6269]: warning: problem talking to service rewrite: Success
Mar 26 01:18:51 mail postfix/trivial-rewrite[6288]: warning: connect to mysql server localhost: Can’t connect to local MySQL server through socket ‘/var/run/mysqld/mysqld.sock’ (2)
Mar 26 01:18:51 mail postfix/trivial-rewrite[6288]: fatal: mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): table lookup problem
Mar 26 01:18:52 mail postfix/master[5113]: warning: process /usr/lib/postfix/trivial-rewrite pid 6288 exit status 1
Mar 26 01:18:52 mail postfix/master[5113]: warning: /usr/lib/postfix/trivial-rewrite: bad command startup — throttling
Mar 26 01:18:52 mail postfix/smtpd[6269]: warning: problem talking to service rewrite: Success
[quote comment="72014"]hi please help me…. this is my error
Mar 26 01:17:50 mail postfix/trivial-rewrite[6287]: warning: connect to mysql server localhost: Can’t connect to local MySQL server through socket ‘/var/run/mysqld/mysqld.sock’ (2)
Mar 26 01:17:50 mail postfix/trivial-rewrite[6287]: fatal: mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): table lookup problem
[/quote]
Could that be a chroot or a rights problem?
Did you test the “proxy:mysql…..” settings ??
Like this one…virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf
You can try “hosts =127.0.0.1″ instead of “hosts = localhost” in your postfix cf files…
[quote comment="31815"][quote comment="31792"]Hi!
Totally new to this (linux at all)
I followed your howto and i get this in /var/log/syslog when creating new user mailbox through postfixadmin web config…[/quote]
Hi there. If you are taking this on as a new Linux user, you will probably need to do some hard work.
Ok, let’s check off the warnings.
[quote post="266"]warning: database /etc/aliases.db is older than source file /etc/aliases[/quote]
Run “newaliases” on the command-line to remove this warning.
[quote post="266"]warning: dict_nis_init: NIS domain name not set – NIS lookups disabled[/quote]
Remove statements in main.cf with “nis:” in them.
[quote post="266"]warning: SASL: Connect to private/auth failed: No such file or directory[/quote]
It can’t connect to your private/auth socket. Verify that you have this in your Dovecot config:
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
Restart Dovecot and verify that it’s actually there and that the permissions are correct.
“ls -l /var/spool/postfix/private/auth” should give something like this:
srw-rw—- 1 postfix postfix 0 2007-04-13 11:25 /var/spool/postfix/private/auth
Good luck.[/quote]
Hi,
I can’t find the auth file. I suspect i’m missing a package or something. I’m running CentOS 5.1 with quota patch. I don’t know if the quota patch is doing the damage here.
Francis
Hi,
your tutorial was much helpfull for me. It works a the first try, but I have a little problem. I dont understand, how incoming mails comes to the doveco deliverer?
I use fetchmail? Is that correct? All eMails was catched by the user vmail and then?
At the moment all the mails are in the postbox at this user.
Where is my problem? Any idea? Thx.
[quote comment="73801"]I can’t find the auth file. I suspect i’m missing a package or something. I’m running CentOS 5.1 with quota patch. I don’t know if the quota patch is doing the damage here.
Francis[/quote]
I’m guessing that you are running Postfix in a chroot environment. Have a look in master.cf.
[quote comment="74816"]Hi,
your tutorial was much helpfull for me. It works a the first try, but I have a little problem. I dont understand, how incoming mails comes to the doveco deliverer?
I use fetchmail? Is that correct? All eMails was catched by the user vmail and then?
At the moment all the mails are in the postbox at this user.
Where is my problem? Any idea? Thx.[/quote]
Hello,
With this setup, the mail is received and delivered with Postfix. I guess it would be possible to use fetchmail, if it can inject the mail in the Postfix queue somehow. Adding “smtphost localhost” in the poll command for fetchmail could do the trick.
[quote comment="70831"]I know this sounds strange but I can get to the postfixadmin page but I do not know what my userid and password is. Where can I locate this at?[/quote]
add /admin to the postfix admin page. For instance http://mail.lan/postfixadmin/admin. This will lead you to the admin site. It should be secured using basic authentication or something else.
[quote comment="45251"]Sir, can you give me your email address. I have many problems in my postfix server. Here, I can not attach my dovecot postfix config file. I tried using postfix admin to cretate an account, after that i tried sing squirrelmail to check my mail account. I was successful to sign in. but when I could not send an email. I tried check my syslog. this is the result :
Sep 26 16:49:29 voippemberontak postfix/smtpd[10320]: warning: dict_nis_init: NIS domain name not set – NIS lookups disabled
Sep 26 16:49:29 voippemberontak postfix/pipe[10326]: fatal: get_service_attr: unknown username:
Sep 26 16:49:30 voippemberontak postfix/qmgr[9764]: warning: premature end-of-input on private/dovecot socket while reading input attribute name
Sep 26 16:49:30 voippemberontak postfix/qmgr[9764]: warning: private/dovecot socket: malformed response
Sep 26 16:49:30 voippemberontak postfix/qmgr[9764]: warning: transport dovecot failure — see a previous warning/fatal/panic logfile record for the problem description
Sep 26 16:49:30 voippemberontak postfix/master[9762]: warning: process /usr/lib/postfix/pipe pid 10326 exit status 1
Sep 26 16:49:30 voippemberontak postfix/master[9762]: warning: /usr/lib/postfix/pipe: bad command startup — throttling
Sep 26 16:49:30 voippemberontak postfix/qmgr[9764]: 39BE19A6FE: to=, relay=none, delay=1.2, delays=0.07/1.1/0/0, dsn=4.3.0, status=deferred (unknown mail transport error)
Sep 26 16:49:38 voippemberontak dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=IMAP^Isecured^Ilip=127.0.0.1^Irip=127.0.0.1^Iresp=[/quote]
I am also recieving this error…and after 1 day of digging…still don’t have a clue how to do it
Ideas?
Thanks
Problems solved
Changed virtual_transport = dovecot with virtual_transport = virtual and I removed
dovecot_destination_recipient_limit = 1
Then…there was a problem with dovecot it did not retrieve email because i looked in a different mail folder
Changed in dovecot-sql.conf
user_query = SELECT ‘/var/vmail/%d/%n’ as home, ‘maildir:/var/vmail/%d/%n’ as mail, 150 AS uid, 8 AS gid, concat(’dirsize:storage=’, quota) AS quota FROM mailbox WHERE username = ‘%u’ AND active = ‘1?
# Get the password
password_query = SELECT username as user, password, ‘/var/vmail/%d/%n’ as userdb_home, ‘maildir:/var/vmail/%d/%n’ as userdb_mail, 150 as userdb_uid, 8 as userdb_gid FROM mailbox WHERE username = ‘%u’ AND active = ‘1?
with
user_query = SELECT ‘/var/vmail/%d/%u’ as home, ‘maildir:/var/vmail/%d/%u’ as mail, 150 AS uid, 8 AS gid, concat(‘dirsize:storage=’, quota) AS quota FROM mailbox WHERE username = ‘%u’ AND active = ’1′
# # Get the password
password_query = SELECT username as user, password, ‘/var/vmail/%d/%u’ as userdb_home, ‘maildir:/var/vmail/%d/%u’ as userdb_mail, 150 as userdb_uid, 8 as userdb_gid FROM mailbox WHERE username = ‘%u’ AND active = ’1′
and in dovecot.conf
added disable_plaintext_auth = no
it resolved the problem with the
“Plaintext authentification disallowed on non secure connections” on pop3 auth
Great howto
Thanks
Is it possible to set a default domain so that when user use a login name without ‘@domain.com’ will append as username@domain.com?
Hi Johnny,
I used you notes to set up a mailserver exactly as you mentioned. It works great. My problem is I forgot my postfixadmin username & password to manage it. Can you give me any clues on how to reset it?
Thanks
[quote comment="78468"]Is it possible to set a default domain so that when user use a login name without ‘@domain.com’ will append as username@domain.com?[/quote]
I guess you could modify the SQL script for Dovecot if you only use one domain.
[quote comment="78552"]Hi Johnny,
I used you notes to set up a mailserver exactly as you mentioned. It works great. My problem is I forgot my postfixadmin username & password to manage it. Can you give me any clues on how to reset it?
Thanks[/quote]
The admin site is secured with a htpasswd-file. Just create a new one and replace the existing.
Nice howto.
You might possibly want to modify one part, concerning dovecot’s deliver LDA, to make it so it properly supports address extensions (as described (http://wiki.dovecot.org/LDA/Postfix).
dovecot unix – n n – – pipe
flags=DRhu user=vmail:vmail argv=/vol0/local/dovecot/libexec/dovecot/deliver -d ${user}@${domain}
I was using only -d ${recipient} at first and started noticing that some user+extension@domain.com addresses were getting bounced for ‘user unknown’.
An important note here, is that the ${domain} macro is only available in Postfix 2.5 and later, had to figure that one out after a bit as it wasn’t mentionned in the Dovecot wiki…
Great tutorial, thanks Johnny. I’ve managed to get imap working perfectly with ssl, but i’m having problems with smtp. I get the following messages when trying to send a message:
postfix/smtpd[27781]: warning: dict_nis_init: NIS domain name not set – NIS lookups disabled
postfix/smtpd[27781]: connect from xxx.com[xx.xx.xx.xx]
postfix/smtpd[27781]: warning: SASL authentication failure: no secret in database
postfix/smtpd[27781]: warning: xxx.com[xx.xx.xx.xx]: SASL CRAM-MD5 authentication failed
postfix/smtpd[27781]: warning: SASL authentication failure: no secret in database
postfix/smtpd[27781]: warning: xxx.com[xx.xx.xx.xx]: SASL NTLM authentication failed
postfix/smtpd[27781]: warning: SASL authentication failure: Password verification failed
postfix/smtpd[27781]: warning: xxx.com[xx.xx.xx.xx]: SASL PLAIN authentication failed
postfix/smtpd[27781]: warning: xxx.com[xx.xx.xx.xx]: SASL LOGIN authentication failed
Looks similar to comment 77. How can I tell if postfix is indeed using dovecots mysql settings for authentication? Also, is the NIS warning anything to worry about?
Excelente!!!!
Muy bien explicado y completo.
Gracias.
[quote comment="79986"]You might possibly want to modify one part, concerning dovecot’s deliver LDA, to make it so it properly supports address extensions (as described (http://wiki.dovecot.org/LDA/Postfix).[/quote]
Great! I will have a look at it when I have the time.
[quote comment="80374"]Great tutorial, thanks Johnny. I’ve managed to get imap working perfectly with ssl, but i’m having problems with smtp. I get the following messages when trying to send a message:
…
Looks similar to comment 77. How can I tell if postfix is indeed using dovecots mysql settings for authentication? Also, is the NIS warning anything to worry about?[/quote]
Thanks!
You don’t need to worry about the NIS warning. Google for the error message for instructions on how to disable the warning if you want.
It seems that it is trying to authenticate with the Cyrus SASL package. Have you set the following in the auth default section of the /etc/dovecot/dovecot.conf file?
userdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
Have a look at the Dovecot section above for more information. I will probably post ready-made configuration templates later on to make it easier. It’s not always that easy to read the long configuration listings in the post.
[quote comment="82220"]Excelente!!!!
Muy bien explicado y completo.
Gracias.[/quote]
Thanks!
[quote comment="30201"][quote comment="30145"](temporary failure. Command output: sendmail: fatal: no debugger_command variable set up)[/quote]
I’m guessing you added -D to smtpd in master.cf. You should have used the lower-case v for debugging instead. “smtpd -v”.[/quote]
For us the problem was solved by doing what the dovecot wiki told us to in the first place: Make shure that you comment out the “mail_debug” directive in /etc/dovecot/dovecot.conf. Only setting this to “no” does not do the job.
See: http://wiki.dovecot.org/LDA/Postfix
Hey!
Just wanted to drop you a line stating that your HOW-TO is one of the most detailed and useful one on the web. Thanks a lot for this one!
Greetings,
Stefan
Hi Johnny,
I followed this article to build my mail server. Now it’s run. But I have problem here. When I tried to send email from my gmail account to my mail server, gmail replied this error :
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 relay not permitted (state 14).
I’m trying to find the solution from google, but no luck (til now). Do have any idea how to solve this?
Thank you
[quote comment="98856"]Hi Johnny,
I followed this article to build my mail server. Now it’s run. But I have problem here. When I tried to send email from my gmail account to my mail server, gmail replied this error :
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 relay not permitted (state 14).
I’m trying to find the solution from google, but no luck (til now). Do have any idea how to solve this?
Thank you[/quote]
Hello! As a first step, have a look at your server log files for hints on where the problem lies. I’m guessing that there is a problem with your MySQL connection from Postfix.
[quote comment="99071"][quote comment="98856"]Hi Johnny,
I followed this article to build my mail server. Now it’s run. But I have problem here. When I tried to send email from my gmail account to my mail server, gmail replied this error :
Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 relay not permitted (state 14).
I’m trying to find the solution from google, but no luck (til now). Do have any idea how to solve this?
Thank you[/quote]
Hello! As a first step, have a look at your server log files for hints on where the problem lies. I’m guessing that there is a problem with your MySQL connection from Postfix.[/quote]
I looked into mail.log, mail.err, syslog and dovecot.log. But none of them contain error 550 (or something like that). But when I send email to gmail acount, I received this message inside dovecot.log file:
dovecot: 2008-09-23 08:17:31 Info: auth(default): client in: AUTH 1 PLAIN service=IMAP secured lip=127.0.0.1 rip=127.0.0.1 resp=AHB1bmdraUBic24uZ28uaWQAY3V0ZV9idW5kYQ==
dovecot: 2008-09-23 08:17:31 Info: auth(default): pam(my_email_address,127.0.0.1): lookup service=dovecot
dovecot: 2008-09-23 08:17:31 Info: auth(default): new auth connection: pid=25968
dovecot: 2008-09-23 08:17:33 Info: auth(default): pam(my_email_addres,127.0.0.1): pam_authenticate() failed: User not known to the underlying authentication module
dovecot: 2008-09-23 08:17:33 Info: auth-worker(default): sql(my_email_address,127.0.0.1): query: SELECT username as user, password, ‘/mail/bsn.go.id/pungki’ as userdb_home, ‘maildir:/mail/bsn.go.id/pungki’ as userdb_mail, 150 as userdb_uid, 8 as userdb_gid FROM mailbox WHERE username = ‘my_email_address’ AND active = ’1′
dovecot: 2008-09-23 08:17:33 Info: auth(default): client out: OK 1 user=pungki@bsn.go.id
dovecot: 2008-09-23 08:17:33 Info: auth(default): master in: REQUEST 149 25960 1
dovecot: 2008-09-23 08:17:33 Info: auth(default): passwd(my_email_address,127.0.0.1): lookup
dovecot: 2008-09-23 08:17:33 Info: auth(default): passwd(my_email_address,127.0.0.1): unknown user
dovecot: 2008-09-23 08:17:33 Info: auth-worker(default): sql(my_email_address,127.0.0.1): SELECT ‘/mail/bsn.go.id/pungki’ as home, ‘maildir:/mail/bsn.go.id/pungki’ as mail, 150 AS uid, 8 AS gid, concat(‘dirsize:storage=’, quota) AS quota FROM mailbox WHERE username = ‘my_email_address’ AND active = ’1′
dovecot: 2008-09-23 08:17:33 Info: auth(default): master out: USER 149 my_email_address home=/mail/bsn.go.id/pungki mail=maildir:/mail/bsn.go.id/pungki uid=150 gid=8 quota=dirsize:storage=0
dovecot: 2008-09-23 08:17:33 Info: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
dovecot: 2008-09-23 08:17:33 Info: IMAP(my_email_address): Disconnected: Logged out
But the email is sent. My gmail account received the email and I can read it. What should I do to fix it? My emal server still can’t received email from other.
Thanks you
[quote comment="99186"]…
But the email is sent. My gmail account received the email and I can read it. What should I do to fix it? My emal server still can’t received email from other.
…[/quote]
It seems that Dovecot can not find your user in the database. Have you added this user either using Postfix admin or manually in the database?
This is probably why Postfix refuses to receive mail to you as well — it can’t find your user in the database. There should be log entries regarding this issue from Postfix in mail.log/syslog as well.
[quote comment="99194"]
It seems that Dovecot can not find your user in the database. Have you added this user either using Postfix admin or manually in the database?
This is probably why Postfix refuses to receive mail to you as well — it can’t find your user in the database. There should be log entries regarding this issue from Postfix in mail.log/syslog as well.[/quote]
I already added my user using postfix admin. I also add domain via domain list, add mailbox via Virtual List. But I don’t add Alias via Virtual List.
And even I used tail -f mail.log / syslog, the log is not increasing when I send email from gmail to my email server. dovecot.log also is not increasing.
One more info. I have another email server (using MS Exchange). This mail server is one network with my postfix mail server. Between these mail server, they can send / receive email without any problem. Does logging activity is automatic done by postfix? Or I have to set some parameter in main.cf or master.cf?
Thank you
[quote comment="99256"]I already added my user using postfix admin. I also add domain via domain list, add mailbox via Virtual List. But I don’t add Alias via Virtual List.
And even I used tail -f mail.log / syslog, the log is not increasing when I send email from gmail to my email server. dovecot.log also is not increasing.
One more info. I have another email server (using MS Exchange). This mail server is one network with my postfix mail server. Between these mail server, they can send / receive email without any problem. Does logging activity is automatic done by postfix? Or I have to set some parameter in main.cf or master.cf?
Thank you[/quote]
You can visit this website http://www.postfix.org/DEBUG_README.html for more information on how to get more messages out of Postfix. Do try the “Making Postfix daemon programs more verbose” section and see if it makes a difference.
Have you added your MX record correctly in your DNS? Gmail will not know where to send your mail if you haven’t.
[quote comment="99258"]
You can visit this website http://www.postfix.org/DEBUG_README.html for more information on how to get more messages out of Postfix. Do try the “Making Postfix daemon programs more verbose” section and see if it makes a difference.
Have you added your MX record correctly in your DNS? Gmail will not know where to send your mail if you haven’t.[/quote]
I already add MX record in my DNS. But, from http://pingability.com , I found error in my DNS. You’re right. I’ll try to focus to this problem first. I also received message like this from google :
Technical details of permanent failure:
The recipient server did not accept our requests to connect. Learn more at http://mail.google.com/support/bin/answer.py?answer=7720
[mail2.bsn.go.id. (10): Connection timed out]
Thanks for your help.
Hi Johnny,
I am having a problem with pam authentication. I was wondering if you could take a look at this relative log snippet and tell me if you know what is going on. After days of tinkering, I am still having no solution:
dovecot: 2008-11-03 00:02:01 Info: imap-login: Disconnected: rip=24.43.128.82, lip=192.168.1.20, TLS handshake
dovecot: 2008-11-03 00:02:01 Info: auth(default): client in: AUTH 1 PLAIN service=IMAP lip=192.168.1.20 rip=24.43.128.82 resp=
dovecot: 2008-11-03 00:02:03 Info: auth(default): pam(robkrul,24.43.128.82): pam_authenticate() failed: Authentication failure
dovecot: 2008-11-03 00:02:05 Info: auth(default): client out: FAIL 1 user=robkrul
dovecot: 2008-11-03 00:02:05 Info: imap-login: Disconnected: user=, method=PLAIN, rip=24.43.128.82, lip=192.168.1.20
[quote comment="105264"]Hi Johnny,
I am having a problem with pam authentication. I was wondering if you could take a look at this relative log snippet and tell me if you know what is going on. After days of tinkering, I am still having no solution:[/quote]
Hi! Make sure that you login using your username and domain, like username@domain.tld as the user name. If that does not solve it, enable debug in Dovecot and see what happens.
Good luck!
Hello,
Great Guide! Just want to ask if this would work on RHEL 5? I am having difficulty setting up quota on our webmail server.
Thanks and Regards,
Jog
@Jog
Thanks! It would probably work fine, although you will have to use other package management tools to install the software. There might be some differences in Postfix done at compile time I guess, but most things would probably be supported.
If you decide to try it on RHEL, let me know how it goes.
hi im new to this hope you cols help me….
i just followed the instructions and when i open http://localhost/postfixadmin/admin it just give me this page:
ive already double check my username and password in config.inc.php but still giving same error page… hope you could help me…. thanks
Checking for dependencies:
* Warning: Magic Quotes: ON (internal workaround used)
* Depends on: presence config.inc.php – OK
* Warning: $CONF['configured'] is ‘false’.
You must edit your config.inc.php and change this to true (this indicates you’ve created the database and user)
* Depends on: MySQL 3.23, 4.0 – OK
* Depends on: MySQL 4.1 – OK (change the database_type to ‘mysqli’ in config.inc.php!!)
* Error: Can’t connect to database
Please edit the $CONF['database_*'] parameters in config.inc.php.
DEBUG INFORMATION:
Connect: Access denied for user ‘postfix’@'localhost’ (using password: YES)
* Depends on: session – OK
* Depends on: pcre – OK
* Depends on: multibyte string – OK
* Warning: Depends on: IMAP functions – NOT FOUND
To install IMAP support, install php5-imap
Without IMAP support, you won’t be able to create subfolders when creating mailboxes.
So you need to install php5-imap to get IMAP support in PHP. “apt-get install php5-imap” will do it for you.
You also need to edit your config.inc.php and set “$CONF['database_type'] = ‘mysqli’;” as suggested by your error messages.
@Johnny Chadda
ive already tried to install “apt-get install php5-imap” before but the error message doesn’t change, and the weird thing is even though i have change the config.inc.php when i reload the http://localhost/postfixadmin/admin/ file it still giving me same error page, example i have change $CONF['database_user']= ‘mail’ but the result
“Connect: Access denied for user ‘postfix’@’localhost’ (using password: YES)” which i dont understand why the error message didn’t change to ” user ‘postfix’@’localhost’ which i dont understand why…=(
hi,
ive found the problem and ive already got it to work… =)
im now on the part in configuring my my email, when i test the settings it says that: it cannot log-on to the outgoing mail server (SMTP)
then i’ve gone to this part of the configuration settings, it doesnt say where will i put these info so what i did is i type it the the postfix/main.cf file, please correct me if im wrong….
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
permit
@steve
Great job getting it working!
Remember that you need to indent the arguments. I’ll substitute tabs with “…” to make them visible here.
smtpd_recipient_restrictions =
…permit_mynetworks
…permit_sasl_authenticated
…reject_unauth_destination
…permit
Have a look in the syslog (/var/log/syslog) for additional information and error messages from Postfix.
hi again! =)
i have check the syslog and this is what it says:
Nov 26 09:37:42 gse-printserver postgrey[6071]: Setting uid to “115″
Nov 26 09:39:01 gse-printserver /USR/SBIN/CRON[6074]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)
Nov 26 09:59:27 gse-printserver — MARK –
Nov 26 10:00:50 gse-printserver postfix/master[6165]: fatal: /etc/postfix/master.cf: line 84: bad transport type: argv=/usr/lib/dovecot/deliver
Nov 26 10:09:01 gse-printserver /USR/SBIN/CRON[6193]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)
Nov 26 10:09:04 gse-printserver postfix/master[6284]: fatal: /etc/postfix/master.cf: line 84: bad transport type: argv=/usr/lib/dovecot/deliver
Nov 26 10:10:31 gse-printserver postfix/master[6375]: fatal: /etc/postfix/master.cf: line 84: bad transport type: argv=/usr/lib/dovecot/deliver
Nov 26 10:10:52 gse-printserver dovecot: auth-worker(default): mysql: Connected to localhost (mail)
Nov 26 10:10:52 gse-printserver dovecot: pop3-login: Login: user=, method=PLAIN, rip=172.18.4.4, lip=172.18.4.25
Nov 26 10:10:52 gse-printserver dovecot: POP3(steve@sjcs.edu.ph): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Nov 26 10:12:18 gse-printserver dovecot: pop3-login: Login: user=, method=PLAIN, rip=172.18.4.4, lip=172.18.4.25
Nov 26 10:12:18 gse-printserver dovecot: POP3(steve@sjcs.edu.ph): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
is this the reason why i am getting an error when i try to test my mail settings?
“could not logon to the outgoing mail server (SMTP).
The problem could be the server name, your server may require authentication,
or your server may not support SSL.”
please help its driving me crazy….=(
Great job man
Great guide Johnny but i have a problem with the SASL configuration.
if i set this:
smtpd_sasl_path = private/auth
the following is shown in my syslog:
warning: SASL: Connect to private/auth failed: No such file or directory
cant seem to find out what i did wrong
@Jones Thanks! private/auth is located in /var/spool/postfix/private/auth and contains a socket to the Dovecot authentication library. It is set up in dovecot.conf as the sample in the article.
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
Hi and thanks for the tutorial,
I’m wondering if you finally wrote the dspam section ?
Thanks and happy new year
Here’s a typo mistake in the final “smtpd_recipient_restrictions” section :
change “reject_rbk_client zen.spamhaus.org” by “reject_rbl_client zen.spamhaus.org”
@Oxygene thanks! I sadly haven’t had time to finish it yet, but as soon as I find the time.
Thanks for the correction!
How on earth did you get through the “# mysql -umail -p mail < postfixadmin-2.1.0/DATABASE_MYSQL.TXT” phase please?
As far as I can see in the latest edition of postfixadmin (2.2.1.1) there’s no such file named “DATABASE_MYSQL.TXT”.
I guess I instead should edit the file “config.inc.php” but that one differs quite a lot to DATABASE_MYSQL.TXT. At least when it comes to line 26-39 for a newbie as me.
Can someone please help me sorting this out or perhaps post a working cfg that I can copy?
I tried this howto at first by using regular users but that didn’t turned out that well so I’ve decided to fully follow this guide but now I’m stuck in this early stage :/
that’s awesome. thanks alot to webmaster for great guide!
in new version of postfixadmin package there isn’t any database_mysql.txt, you need to read the documentation files to upgrade/configure it and database backend without that file (in DOCUMENTS sudirectory). if you want, this is the content of it, taken from a previous version:
############################ START COPY HERE #########################
#
#
# Postfix Admin
# by Mischa Peters
# Copyright (c) 2002 – 2005 High5!
# License Info: http://www.postfixadmin.com/?file=LICENSE.TXT
#
# This is the complete MySQL database structure for Postfix Admin.
# If you are installing from scratch you can use this file otherwise you
# need to use the TABLE_CHANGES.TXT or TABLE_BACKUP_MX.TXT that comes # with Postfix Admin.
#
# There are 2 entries for a database user in the file.
# One you can use for Postfix and one for Postfix Admin.
#
# If you run this file twice (2x) you will get an error on the user #creation in MySQL.
# To go around this you can either comment the lines below “USE MySQL” #until “USE postfix”.
# Or you can remove the users from the database and run it again.
#
# You can create the database from the shell with:
#
# mysql -u root [-p] < DATABASE_MYSQL.TXT
USE postfix;
#
# Table structure for table admin
#
CREATE TABLE admin (
username varchar(255) NOT NULL default ”,
password varchar(255) NOT NULL default ”,
created datetime NOT NULL default ’0000-00-00 00:00:00′,
modified datetime NOT NULL default ’0000-00-00 00:00:00′,
active tinyint(1) NOT NULL default ’1′,
PRIMARY KEY (username),
KEY username (username)
) TYPE=MyISAM COMMENT=’Postfix Admin – Virtual Admins’;
#
# Table structure for table alias
#
CREATE TABLE alias (
address varchar(255) NOT NULL default ”,
goto text NOT NULL,
domain varchar(255) NOT NULL default ”,
created datetime NOT NULL default ’0000-00-00 00:00:00′,
modified datetime NOT NULL default ’0000-00-00 00:00:00′,
active tinyint(1) NOT NULL default ’1′,
PRIMARY KEY (address),
KEY address (address)
) TYPE=MyISAM COMMENT=’Postfix Admin – Virtual Aliases’;
#
# Table structure for table domain
#
CREATE TABLE domain (
domain varchar(255) NOT NULL default ”,
description varchar(255) NOT NULL default ”,
aliases int(10) NOT NULL default ’0′,
mailboxes int(10) NOT NULL default ’0′,
maxquota int(10) NOT NULL default ’0′,
transport varchar(255) default NULL,
backupmx tinyint(1) NOT NULL default ’0′,
created datetime NOT NULL default ’0000-00-00 00:00:00′,
modified datetime NOT NULL default ’0000-00-00 00:00:00′,
active tinyint(1) NOT NULL default ’1′,
PRIMARY KEY (domain),
KEY domain (domain)
) TYPE=MyISAM COMMENT=’Postfix Admin – Virtual Domains’;
#
# Table structure for table domain_admins
#
CREATE TABLE domain_admins (
username varchar(255) NOT NULL default ”,
domain varchar(255) NOT NULL default ”,
created datetime NOT NULL default ’0000-00-00 00:00:00′,
active tinyint(1) NOT NULL default ’1′,
KEY username (username)
) TYPE=MyISAM COMMENT=’Postfix Admin – Domain Admins’;
#
# Table structure for table log
#
CREATE TABLE log (
timestamp datetime NOT NULL default ’0000-00-00 00:00:00′,
username varchar(255) NOT NULL default ”,
domain varchar(255) NOT NULL default ”,
action varchar(255) NOT NULL default ”,
data varchar(255) NOT NULL default ”,
KEY timestamp (timestamp)
) TYPE=MyISAM COMMENT=’Postfix Admin – Log’;
#
# Table structure for table mailbox
#
CREATE TABLE mailbox (
username varchar(255) NOT NULL default ”,
password varchar(255) NOT NULL default ”,
name varchar(255) NOT NULL default ”,
maildir varchar(255) NOT NULL default ”,
quota int(10) NOT NULL default ’0′,
domain varchar(255) NOT NULL default ”,
created datetime NOT NULL default ’0000-00-00 00:00:00′,
modified datetime NOT NULL default ’0000-00-00 00:00:00′,
active tinyint(1) NOT NULL default ’1′,
PRIMARY KEY (username),
KEY username (username)
) TYPE=MyISAM COMMENT=’Postfix Admin – Virtual Mailboxes’;
#
# Table structure for table vacation
#
CREATE TABLE vacation (
email varchar(255) NOT NULL default ”,
subject varchar(255) NOT NULL default ”,
body text NOT NULL,
cache text NOT NULL,
domain varchar(255) NOT NULL default ”,
created datetime NOT NULL default ’0000-00-00 00:00:00′,
active tinyint(1) NOT NULL default ’1′,
PRIMARY KEY (email),
KEY email (email)
) TYPE=MyISAM COMMENT=’Postfix Admin – Virtual Vacation’;
#################################################################
dont forget to create the user you need to work with this schema (line from 26 to 39 deleted already).
hope this can help!
bye
If you did not write about DSPAM, then do not include a section about it and do not mention it in the header.
You just stole a few moments of my life, because this site pops up when searching “dspam dovecot” on google. I will never get them back.
@smk When I wrote this, it was my intention to include the DSPAM section, but I didn’t have time to finish it. I will however, do it soon.
Carefull,
Inside the login.php source from 2.2.1.1 version you have an error.
why do you “session_regenerate_id” just after the include ‘common.php’ with session_start ?
I have search that, because, after my configuration, I was unable to get out of the login page, even with a good login/password.
@Webtb it’s probably better if you talk to the creators of Postfix Admin instead, if you feel that there is a problem with that software. I just wrote this guide.
Hi,
I’ve used your guide in setting up my mail server several times already and I’m having problems lately, users from outside the office can’t send mail, it’s either they get an Mail undeliverable error saying that postmaster@domain.com user is unknown even though the alias exist and one can send email to this account, or secondly gets denied saying the SMTP server is not accepting connections even though I can telnet to its smtp port, I’ve been stumped with these for several days already.
Tried googling around and found this article wherein I need to create the file /usr/lib/sasl2/smtpd.conf which I’ve done with the following contents:
pwcheck_method: auxprop
mech_list: PLAIN LOGIN
auxprop_plugin: sql
sql_verbose: yes
sql_engine: mysql
sql_hostnames: localhost
sql_user: postfix
sql_passwd: postfix
sql_database: postfix
sql_select: select password from mailbox where username = ‘%u@%r’
I’ve also started the saslauthd daemon to no avail, still have the same problem mentioned.
Hope you can help me with this.
TIA.
Jan
my installation completed without error
outlook express user account cannot receive mails but can send.
I have checked all the logs and no error at all
If you followed this guide, sasl2 should not be used. Instead, have a look at your logfile to see what's happening. (sorry for a late reply)
Have a look at the Dovecot wiki for information on how to enable access from Outlook Express: http://wiki.dovecot.org/Clients
(sorry for a late reply)
Hi,
I followed your tutorial using Debian Lenny 5.0. I actually had this working before on Etch and when Lenny was still in testing, but I had to do a new one due to a drive failure.
I am receiving this message when I try to create a new mailbox with postfixadmin:
postfix/smtpd[4334]: warning: SASL: Connect to private/auth failed: Connection refused
The file is there ($ ls -la /var/spool/postfix/private/auth returns
srw-rw—- 1 postfix postfix 0 2009-03-21 16:08 /var/spool/postfix/private/auth) and there are no other errors. I tried to Google it, but came up empty.
Can you tell me what is going on?
I haven't tried setting this up on Lenny yet, but it should work I guess. Try enabling debug messages on Postfix and see what comes up.
Hi,
I have configured vacation and it's wotking fine with yahoo, gmail and our local domain. but did not work with hotmail account. when I have send mail from hot mail account to our local domain account the auto vacation not reached to hot mail account and also checked log file but did not get any error
so can you suggest what could be problem.
If the logfile indicated that the email has indeed been sent, have a look in the spam folder of the Hotmail account. They are notorious for rejecting mail though, so try sending it via your ISP's smarthost if you have one.
The bad transport bit is due to wonky formatting.
Put a return after the word pipe and make sure there is no space between user= and vmail:mail (or vmail:vmail in my case). That seemed to fix that issue insofar as the logs go.
Also for those using mac's pasting in to textedit doesn't resolve the formatting issue of the quotation marks; that one caught me out.
“Johnny Chadda 5 months ago
@smk When I wrote this, it was my intention to include the DSPAM section, but I didn't have time to finish it. I will however, do it soon.”
I guess 5 months is not “soon” yet?
Pathetic…
Well, I did start writing it. However, other things in my life had to take priority and updating this guide fell quite long down on the list.
I am sure however, that you can find ways to implement Dspam by yourself in the meantime, if you had a look at other Dpam implementation configurations on the internet.
“Johnny Chadda 5 months ago
@smk When I wrote this, it was my intention to include the DSPAM section, but I didn't have time to finish it. I will however, do it soon.”
I guess 5 months is not “soon” yet?
Pathetic…
Well, I did start writing it. However, other things in my life had to take priority and updating this guide fell quite long down on the list.
I am sure however, that you can find ways to implement Dspam by yourself in the meantime, if you had a look at other Dpam implementation configurations on the internet.
You can get ‘plus addressing’ working with the Dovecot LDA by using the following line in /etc/postfix/master.cf instead:
dovecot unix – n n – – pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
See http://wiki.dovecot.org/LDA/Postfix for more information.
Nice!
Thanks for the tutorial. I’ve followed the tutorial to the letter but failing somewhere. Kindly assist me in debugging the source of the errors am geting…
support@mail:~$ tail -f /var/log/syslog
Oct 8 06:31:23 mail postfix/proxymap[5334]: warning: connect to mysql server lo calhost: Access denied for user ‘= mail’@'localhost’ (using password: YES)
Oct 8 06:31:23 mail postfix/trivial-rewrite[5333]: fatal: proxy:mysql:/etc/post fix/mysql_virtual_domains_maps.cf(0,lock|fold_fix): table lookup problem
Oct 8 06:31:24 mail postfix/qmgr[5311]: warning: problem talking to service rew rite: Success
Oct 8 06:31:24 mail postfix/master[4806]: warning: process /usr/lib/postfix/tri vial-rewrite pid 5333 exit status 1
Oct 8 06:31:24 mail postfix/master[4806]: warning: /usr/lib/postfix/trivial-rew rite: bad command startup — throttling
Oct 8 06:32:24 mail postfix/proxymap[5336]: warning: connect to mysql server lo calhost: Access denied for user ‘= mail’@'localhost’ (using password: YES)
Oct 8 06:32:24 mail postfix/trivial-rewrite[5335]: fatal: proxy:mysql:/etc/post fix/mysql_virtual_domains_maps.cf(0,lock|fold_fix): table lookup problem
Oct 8 06:32:25 mail postfix/qmgr[5311]: warning: problem talking to service rew rite: Success
Oct 8 06:32:25 mail postfix/master[4806]: warning: process /usr/lib/postfix/tri vial-rewrite pid 5335 exit status 1
Oct 8 06:32:25 mail postfix/master[4806]: warning: /usr/lib/postfix/trivial-rew rite: bad command startup — throttling
warning: connect to mysql server lo calhost: Access denied for user ‘= mail’@’localhost’ (using password: YES)
It looks like you have an error in one of your etc/postfix/mysql_virtual_*_maps.cf files. It thinks that the MySQL user is “= mail”, but it should be just “mail”. Look for weird characters in the “user = mail” string.
I follow the guide,and i use ubuntu server 9.04,while i get the error:
can’t connect to auth server at /var/run/dovecot/auth-master:no such file or directory
thanks for the partial GREAT tutorial. Please add the dspam chapter… or at least…. change the title of the document!
Nice How-to… After many days of gnashing teeth… I worked out some inconsistencies that were not mentioned above… for instance, like yayoo above is having…
In Ubuntu, dovecot.conf is NOT used – dovecot-postfix.conf is. Make your changes there, however as I found out later… dovecot still has a tendency to reference dovecot.conf. I found it easy enough to move the original and create a symlink to dovecot-postfix.conf.
Integration of PostfixAdmin’s Quota rules and Dovecot’s was another pain in the arse…
Add these entries to dovecot.conf: (or dovecot-postfix.conf)
protocol imap {
mail_plugins = quota imap_quota
}
protocol lda {
mail_plugins = quota
}
I only use imap, so add the quota plugin to pop3 if needed.
plugin {
quota = maildir:User quota
quota_rule = *:storage=1048576 #equal to 1GB
quota2_rule = Trash:storage=102400 #100 megs, not counted against quota
quota3_rule = Junk:storage=102400 # see above
}
Then adjust the user_query in dovecot-sql.conf to reflect:
user_query = SELECT ‘/var/vmail/%d/%n’ as home, ‘maildir:/var/vmail/%d/%n’ as mail, 150 AS uid, 8 AS gid, concat(‘*:bytes=’, mailbox.quota) AS quota_rule FROM mailbox WHERE username = ‘%u’ AND active = ’1′
Dovecot’s quota system started working, unfortunately the used amount still doesn’t show in postfixadmin – but it does in roundcube… and that’s good enough for me.
Closing remarks… great how-to… and to all the d-spam haters… STFW.
Thanks, Johnny…
Thank you for your additions for Ubuntu! This howto is getting a bit dated I guess, but I will be installing a large mail server again in a while, so I will take the opportunity to update this or write a new one. Perhaps even with dspam this time.
Well, I think you’ve become a defacto How-To for setting up Dovecot, MySQL, SSL/TLS and Dspam… At least according to this page:
http://wiki.dovecot.org/HowTo
Unfortunately, it also explicitly states DSPAM…
So, yeah, you may want to include that in the next one. I haven’t bothered with Dspam yet, I had enough problems getting Amavis, Spamassasin, Pyzor, Razor, DCC to play together nicely.
Hi Johnny,
Nice How To. I think those that keep banging on about DSPAM should go away and spend the time writing a how to for it.
Secondly I have a problem with smtp authentication from external clients.
My log file says :
“Feb 18 09:50:45 mail dovecot: auth(default): login(?,94.10.83.226): Empty username”
Any Ideas ?
Thanks and Regards Mark
log follows:
Feb 18 09:49:58 mail postfix/smtpd[26418]: 5e0a53e2.bb.sky.com[94.10.83.226]: 250-mail.cover365.com
Feb 18 09:49:58 mail postfix/smtpd[26418]: > 5e0a53e2.bb.sky.com[94.10.83.226]: 250-PIPELINING
Feb 18 09:49:58 mail postfix/smtpd[26418]: > 5e0a53e2.bb.sky.com[94.10.83.226]: 250-SIZE 10240000
Feb 18 09:49:58 mail postfix/smtpd[26418]: > 5e0a53e2.bb.sky.com[94.10.83.226]: 250-VRFY
Feb 18 09:49:58 mail postfix/smtpd[26418]: match_hostname: 5e0a53e2.bb.sky.com ~? 10.0.0.0/16
Feb 18 09:49:58 mail postfix/smtpd[26418]: match_hostaddr: 94.10.83.226 ~? 10.0.0.0/16
Feb 18 09:49:58 mail postfix/smtpd[26418]: match_hostname: 5e0a53e2.bb.sky.com ~? 127.0.0.0/8
Feb 18 09:49:58 mail postfix/smtpd[26418]: match_hostaddr: 94.10.83.226 ~? 127.0.0.0/8
Feb 18 09:49:58 mail postfix/smtpd[26418]: match_list_match: 5e0a53e2.bb.sky.com: no match
Feb 18 09:49:58 mail postfix/smtpd[26418]: match_list_match: 94.10.83.226: no match
Feb 18 09:49:58 mail postfix/smtpd[26418]: sasl_exceptions: 5e0a53e2.bb.sky.com[94.10.83.226], match=0
Feb 18 09:49:58 mail postfix/smtpd[26418]: > 5e0a53e2.bb.sky.com[94.10.83.226]: 250-ETRN
Feb 18 09:49:58 mail postfix/smtpd[26418]: > 5e0a53e2.bb.sky.com[94.10.83.226]: 250-AUTH PLAIN LOGIN
Feb 18 09:49:58 mail postfix/smtpd[26418]: match_list_match: 5e0a53e2.bb.sky.com: no match
Feb 18 09:49:58 mail postfix/smtpd[26418]: match_list_match: 94.10.83.226: no match
Feb 18 09:49:58 mail postfix/smtpd[26418]: > 5e0a53e2.bb.sky.com[94.10.83.226]: 250-AUTH=PLAIN LOGIN
Feb 18 09:49:58 mail postfix/smtpd[26418]: > 5e0a53e2.bb.sky.com[94.10.83.226]: 250-ENHANCEDSTATUSCODES
Feb 18 09:49:58 mail postfix/smtpd[26418]: > 5e0a53e2.bb.sky.com[94.10.83.226]: 250-8BITMIME
Feb 18 09:49:58 mail postfix/smtpd[26418]: > 5e0a53e2.bb.sky.com[94.10.83.226]: 250 DSN
Feb 18 09:50:09 mail postfix/smtpd[26418]: 5e0a53e2.bb.sky.com[94.10.83.226]: 334 VXNlcm5hbWU6
Feb 18 09:50:45 mail postfix/smtpd[26418]: 5e0a53e2.bb.sky.com[94.10.83.226]: 535 5.7.8 Error: authentication failed: VXNlcm5hbWU6
Sorry for a late answer, but did you get that problem sorted out? If not, could you post your main.cf here or somewhere else?
I could mail it to you if you want to drop me a line. ?..
Thanks for this tutorial which solved some questions, e.g. which database queries to use to connect to MySQL. However, overall it didn’t work for me so far.
Problems I have to solve: in /var/vmail, I’m getting a directory structure like /var/vmail/mydomain.tld/mydomain.tld/user/ and I don’t understand why mydomain.tld is doubled (you wrote it shouldn’t); next, the mailboxes at /var/mail fill up (according to du -h), but when popping mail, _nothing_ is delivered to the users (“There are no new messages…”); syslog or mail.log do not show any errors; and last but not least nobody can send mail (authentication fails; reason given in mail.log: “SASL PLAIN authentication failed”). So there’s still days of work to get this usable. It’s sad that this *nix stuff always takes so much time
Hello!
Did you add the following to your master.cf file?
dovecot unix – n n – – pipe flags=DRhu user=
vmail:mail argv=/usr/lib/dovecot/deliver -d $(recipient)
and the following to your dovecot.conf file?
mail_location = maildir:/var/vmail/%d/%u
and the following to your main.cf file?
virtual_transport = dovecot
There should be no mail in your /var/mail directory if it works correctly.
Finally solved! After countless restarts of postfix and dovecot, a new hierarchy appeared in /var/vmail (domain/user); the old hierarchy (domain/domain/user) contained just the inital mail from Postfix Admin, so I deleted it. Also I replicated the setup on another server where the directory structure was fine from beginning on.
Delivering mail to users finally worked after several modifications I made after watching /var/log/mail.log for hours. Most of them are more or less cosmetic, I think (e.g. “dovecot_destination_recipient_limit = 1″), but it was crucial to change “first_valid_uid = 150″ to uid 8. I don’t quite understand why, but that caused the problem for me.
Another thing which caused severe problems for me was that I tried to relay mail form a (web-) server to another combined web-/mailserver via nullmailer. Such an setup seems to require additional configuration and can not seemlessly be integrated into the setup you’re describing.
The third and last problem (“SASL PLAIN authentication failed”) was a stupid misconfiguration in my mail client where I missed to update the account with the domain (which wasn’t necessary before).
If postfix starts to work (again) it’s always like awakening from a long nightmare, and every time I think it wasn’t so hard. Until I have to change the setup again
And btw, after reading *lots* of documentation about postfix, dovecot, sasl, tls, mysql and Postfix Admin I found your tutorial to be one of the most reliable ones on the net. Thanks again!
Now I’ll continue with testing and adding postfix-policyd to the setup. -asb
Great work sorting it out!
Did you have to change “mail_location” for it to work, or did it just happen?
“first_valid_uid” is the first system user being able to log into the mail system (it is supposed to secure administrative accounts, by not letting them log in). When using virtual users however, the only system user will be the one Dovecot is running as.
I am not that familiar with nullmailer, but I think you can achieve the same thing in Postfix using /etc/postfix/transport, for instance:
example.com smtp:[other.mailserv.er]:25
Good luck with policyd!
Hi Johnny,
yes, I double and triple checked this.
# cat /etc/postfix/master.cf | grep dovecot
dovecot unix – n n – – pipe
flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d ${recipient}
# cat /etc/postfix/main.cf | grep virtual_transport
virtual_transport = dovecot
# cat /etc/dovecot/dovecot.conf | grep mail_location
mail_location = maildir:/var/vmail/%d/%u
# du -h /var/vmail/
…
2,1M /var/vmail/
But the errors persist. I simply don’t understand it. %d/%u = domain/user, but I’m getting: domain/domain/user, etc.
Thanks anyway! Greetings, -asb
I found one error in the logs:
… deliver(…): setgid(150) failed with euid=150, gid=8, egid=8: Operation not permitted
Google explains: RUID (real user id), EUID (effective user id), RGID (real group id), EGID (effective group id). That’s calculated like this:
if suid, then set EUID to uid;
if guid, ten set EGID to gid.
…and checked with the kernel function permission(). WTF… I really don’t want to become a kernel hacker to set up a mail server…
Re: Postfix TLS configuration:
If this (from above) are *two* lines:
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache
Then the syntax is incomplete:
postfix/smtpd[...]: fatal: /etc/postfix/main.cf, line 75: missing ‘=’ after attribute name: “smtpd_tls_session_cache”
If this ist *one* line, postfix complains also:
postfix/tlsmgr[...]: warning: request to update table btree:/var/spool/postfix/smtpd_tls_session_cache in non-postfix directory /var/spool/postfix
postfix/tlsmgr[...]: warning: redirecting the request to postfix-owned data_directory /var/lib/postfix
So it might better be to say:
smtpd_tls_session_cache_database = btree:/var/lib/postfix
Hello. Please make sure that the user with the uid 150 exists, and has access to the /var/vmail directory. Have a look at the “Virtual users” section for more information.
Regarding the double domain issue in /var/vmail, try changing mail_location to the following and see if it resolves that issue:
mail_location = maildir:/var/vmail/%d/%n
Regarding the /var/spool/postfix problem, that is where the location was around 2007 when this guide was written, but good that you found the new location.
I agree with the limitations with having this kind of guide on a blog, but the next mail server guide (out this summer) will be separated from this blog and will hopefully be much cleaner and easier to read and implement.
Hi,
I got permission denied errror log.
May 27 15:12:45 localhost pipe[22479]: fatal: pipe_command: execvp /usr/lib/dovecot/deliver: Permission denied
May 27 15:12:45 localhost pipe[22481]: fatal: pipe_command: execvp /usr/lib/dovecot/deliver: Permission denied
May 27 15:12:45 localhost postfix/pipe[22477]: 96092900D9: to=, relay=dovecot, delay=5267, delays=5267/0.04/0/0.02, dsn=4.3.0, status=deferred (temporary failure. Command output: pipe: fatal: pipe_command: execvp /usr/lib/dovecot/deliver: Permission denied )
May 27 15:12:45 localhost postfix/pipe[22478]: C0D8F900D5: to=, relay=dovecot, delay=12228, delays=12228/0.03/0/0.02, dsn=4.3.0, status=deferred (temporary failure. Command output: pipe: fatal: pipe_command: execvp /usr/lib/dovecot/deliver: Permission denied )
Any one know why this error logging?
Hello,
Make sure that /usr/lib/dovecot/deliver is executable and that you have the correct permissions in /var/vmail.
I have set permission using following command
chgrp vmail /usr/lib/dovecot/deliver
Can you give me instruction for set permissions in to /var/vmail?
The dovecot deliver binary can remain root owned, just make sure it’s executable.
chown root:root /usr/lib/dovecot/deliver
chmod 755 /usr/lib/dovecot/deliver
And for the virtual mail directory.
chown -R vmail:mail /var/vmail
chmod -R 700 /var/vmail
HELP NEEDED!
I installed postfix and dovecot with mysql as described in this tutorial. I would like to have multiple domains on one server and it works somehow, when it comes to POP/SMTP auth etc.
Which means: I receive emails from external mailservers for my virtual domains and I can also send emails to external servers, but not to everyone…
..cause some external address or freemailer say: server xyz [1.2.3.4] refused to talk to me: 554….554 Your access to this mail system has been rejected due to sending MTA’s poor reputation.
What’s wrong? Here’s my configuration:
/etc/postfix/main.cf:
biff = no
append_dot_mydomain = no
myhostname = mail.mydomain.com
mydomain = domain.com
myorigin = /etc/mailname
mydestination = localhost
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
virtual_transport = dovecot
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_minimum_uid = 150
virtual_uid_maps = static:150
virtual_gid_maps = static:8
dovecot_destination_recipient_limit = 1
smtpd_helo_required = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_relay_domains, reject_unauth_destination
/etc/postfix/master.cf:
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: “man 5 master”).
#
# Do not forget to execute “postfix reload” after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n – – – – smtpd
#submission inet n – – – – smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n – – – – smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n – – – – qmqpd
pickup fifo n – – 60 1 pickup
cleanup unix n – – – 0 cleanup
qmgr fifo n – n 300 1 qmgr
#qmgr fifo n – – 300 1 oqmgr
tlsmgr unix – – – 1000? 1 tlsmgr
rewrite unix – – – – – trivial-rewrite
bounce unix – – – – 0 bounce
defer unix – – – – 0 bounce
trace unix – – – – 0 bounce
verify unix – – – – 1 verify
flush unix n – – 1000? 0 flush
proxymap unix – – n – – proxymap
proxywrite unix – – n – 1 proxymap
smtp unix – – – – – smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix – – – – – smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n – – – – showq
error unix – – – – – error
retry unix – – – – – error
discard unix – – – – – discard
local unix – n n – – local
virtual unix – n n – – virtual
lmtp unix – – – – – lmtp
anvil unix – – – – 1 anvil
scache unix – – – – 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix – n n – – pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix – n n – – pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender – $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix – n n – – pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix – n n – – pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix – n n – – pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
dovecot unix – n n - - pipe
flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -f ${sender} -d $(recipient)
mysql_virtual_alias_maps.cf, mysql_virtual_domains_maps.cf, mysql_virtual_mailbox_limit_maps.cf, mysql_virtual_mailbox_maps.cf are excactly as described in this tutorial.
I also added a reverse DNS for the domain mail.mydomain.com. Any advice?
This means that you are probably sending email from a dynamic “end customer” IP address, which some email blockers block. The best solution is to use your ISP’s email server as a smarthost if they have one.
Hi, and glad I found this HowTo. Although I’ve had a hard time of getting it to work, I have been successful, up-untill enabling SSL and TLS.
I have all ports open for testing so getting to the PC is no problem.
I can access emails without SSL/TLS, but once I enable TLS I get (auth failed).
imap-login: Aborted login (auth failed, 2 attempts): user=, method=PLAIN, rip=77.99.14.225, lip=192.168.0.12, TLS
I followed your howto precisely for enabling SSL/TLS. Here are the relevant sections of my conf.
protocols = imap pop3 imaps pop3s
listen = *
ssl_listen = *
disable_plaintext_auth = no
ssl = yes
ssl_cert_file = /etc/ssl/mydomain/mail-cert.pem
ssl_key_file = /etc/ssl/mydomain/mail-key.pem
ssl_parameters_regenerate = 168
verbose_ssl = no
Any ideas?
An addition to the above.
I can login locally using SSL. TLS fails even locally.
SSL nor TLS will work through my Gateway.
I’m guessing SSL works locally as it’s in the trusted IP’s.
I’ve no idea why I can’t run SSL through the gateway though.
oh, correction for ALL of the above.
SSL is working local and through gateway. (shows TLS at the end of the log entry).
TLS setting isn’t (local or Gateway). Timeouts with (no auth attempts). and shows no TLS on the end of the lgo timeout (probably as it never attenpted anything).
IMAP isn’t working on either.
Using SSL is fine. you should be using TLS (STARTTLS) when accessing Postfix for sending mail though.
If things are working locally but not though your gateway, you should probably have a look at your gateway to make sure that ports are forwarded correctly and that firewall rules are created.
First very thanks for your famous high quality Blog.
As I get no Logs from dovecot I changed
#syslog_facility = mail
in /etc/dovecot/dovecot.conf to
log_path = /var/log/dovecot.log
info_log_path = /var/log/dovecot.info.log
Cause can’t get logging via Kmail on my OpenSuse. The Log shows me that I have to use the full EMail as username.
So all went good.
By the way your Howto is the first that works after five days and many trys from other Writers. Very thanks at all!
Thank you, and good job solving the problem!
Hey thanks a lot for this. With a bit of fiddling and minor tweaking it works great. Saved me several hours of RTFM.