Mail server HOWTO – Postfix and Dovecot with MySQL and TLS/SSL, Postgrey and DSPAM

This guide describes how to setup a mail server where Postfix is the SMTP service, and Dovecot provides IMAP and POP services. The users may be virtual and stored in a MySQL table, or real system users, or both. The primary focus for this guide however, is a fast and secure mail server using virtual users.

All this may be installed in either Debian 4.0 Etch or Ubuntu Feisty Fawn, since both systems are quite similar. Note however that there may be some minor issues if you use the default version of Dovecot, but I will try to note them down for you when they arise.

If you are a Ubuntu user, note that I will not use “sudo” in front of every command. Instead, I will launch a root shell using the command “sudo -s”.

Note that ticks like ‘ and ” are converted by WordPress, and may cause problems if copied directly into your configuration.

MySQL and Postfix admin

Installing software in Ubuntu and Debian is very easy, and to get the MySQL server and client installed, just execute the following.

# apt-get install mysql-server mysql-client

Step one is to set a password for the administrative user, which can be done with the following statement. See the MySQL documentation for more information.

# mysqladmin -u root password "newpwd"

Of couse, replace newpwd with your intended password. While you are at it, add a user mail with password mail, with access to database mail. You can of course change the password to something else if you wish, and you may give more restrictive permissions if you know what you are doing. Postfix and Dovecot will only SELECT from the database, while postfix admin will SELECT, UPDATE and INSERT into the database. You may even create two separate accounts for this. This guide however will use the same account.

# mysql -uroot -p
mysql> CREATE DATABASE mail;
mysql> GRANT ALL PRIVILEGES ON mail.* TO 'mail'@'localhost' IDENTIFIED BY 'mail';
mysql> quit

Now we need to download Postfix admin, since its distribution contains the required SQL schema which we want to use.

Once you have downloaded the Postfix admin distribution, you should have a tarball, and unpack it like this.

# tar xvfz postfixadmin-2.1.0.tgz

Open “postfixadmin-2.1.0/DATABASE_MYSQL.TXT” with your favorite editor such as vim, nano or gedit and comment out or remove all lines under section “Postfix / MySQL”, since we have created our own use for the mail server. The section is currently lines 26 to 39.

When this is done, just load the file into mysql using the following command.

# mysql -umail -p mail < postfixadmin-2.1.0/DATABASE_MYSQL.TXT

If you get an error saying “Access denied for user ‘mail’@’localhost’ to database ‘mysql’”, you didn’t comment out the lines like I told you. If you get no message after entering your password, everything went fine.

Postfix

Since we are using a Debian based system, installing Postfix is a walk in the park.

apt-get install postfix postfix-mysql

If you get questions about Postfix during the installation, just select “No configuration”. You have this guide, which will configure it for you instead!

The Postfix configuration directory is located in /etc/postfix, so head over there and open the file main.cf. Don’t worry if it does not exist. We will make it!

Start with entering the following basic information.

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
#delay_warning_time = 4h
myhostname = mail.mycompany.com
myorigin = mycompany.com
mydestination = localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

This is actually all you need to get a fully functional mail server with standard unix users. Remember however to change myhostname and myorigin to your own domain settings.

Virtual users

Now for adding support for virtual users in MySQL, also append the following lines to the main.cf configuration file.

# Virtual mailbox settings
virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf
virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf
virtual_minimum_uid = 150
virtual_uid_maps = static:150
virtual_gid_maps = static:8
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
# SASL Authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

There are several gotchas here. This configuration will host the virtual user mailboxes in /var/vmail. Should these mailboxes be hosted somewhere else, be sure to change that as appropriate.

The “virtual_minimum_uid” and “virtual_uid_maps” point to user id 150 in my case, which is a user I created specifically for handling virtual mail. It uses the standard “mail” group with the default gid 8 (in Debian and Ubuntu). Create the user and directories like this:

# useradd -r -u 150 -g mail -d /var/vmail -s /sbin/nologin -c "Virtual mailbox" vmail
# mkdir /var/vmail
# chmod 770 /var/vmail/
# chown vmail:mail /var/vmail/

Select which clients to permit

We also need to specify some rules, which will enable authenticated users to send mail, but not anyone.

Being an open relay is absolutely forbidden!

smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
permit

For antispam measures and enabling TLS, see further down in this document.

Postfix MySQL configuration

Postfix needs to know where and how it can lookup all mailbox related information, so it needs to be provided with all MySQL files defined in the main.cf configuration. Note that the last line contains a comment line with the full query. Recent versions of Postfix may use that instead of the other statements, and in that case, just comment all lines out, and uncomment the last one.

/etc/postfix/mysql_virtual_alias_maps.cf

user = mail
password = mail
hosts = localhost
dbname = mail
table = alias
select_field = goto
where_field = address
additional_conditions = and active = '1'
#query = SELECT goto FROM alias WHERE address='%s' AND active = '1'

/etc/postfix/mysql_virtual_domains_maps.cf

user = mail
password = mail
hosts = localhost
dbname = mail
table = domain
select_field = domain
where_field = domain
additional_conditions = and backupmx = '0' and active = '1'
#query = SELECT domain FROM domain WHERE domain='%s' AND backupmx = '0' AND active = '1'

/etc/postfix/mysql_virtual_mailbox_limit_maps.cf

user = mail
password = mail
hosts = localhost
dbname = mail
table = mailbox
select_field = quota
where_field = username
additional_conditions = and active = '1'
#query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'

/etc/postfix/mysql_virtual_mailbox_maps.cf

user = mail
password = mail
hosts = localhost
dbname = mail
table = mailbox
select_field = CONCAT(domain,'/',maildir)
where_field = username
additional_conditions = and active = '1'
#query = SELECT CONCAT(domain,'/',maildir) FROM mailbox WHERE username='%s' AND active = '1'

Dovecot delivery for Postfix

Postfix will hand the mail over to Dovecot for local delivery, and to set this up, you need to open the file /etc/postfix/master.cf and add the following like at the bottom.

dovecot unix - n n - - pipe flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d $(recipient)

Dovecot IMAP and POP

The first step is to get the packages installed, and it’s simply a matter of using apt-get like before.

apt-get install dovecot-imapd dovecot-pop3d

You can of course omit the “dovecot-pop3d” package, if you are not planning on using POP, and why should you, when IMAP provides such wonderful extensions such as IDLE?

Open up the Dovecot configuration file located in /etc/dovecot/dovecot.conf and make it look the following. There is probably already lots of default configuration done, so you will probably only need to uncomment certain sections and change minor things.

## Dovecot configuration file
#
base_dir = /var/run/dovecot/
#
# imap imaps pop3 pop3s (use imaps and pop3s if configured for SSL)
protocols = imap pop3
#
# Uncomment the ssl_listen statements and comment out listen if using SSL
protocol imap {
listen = *:143
# ssl_listen = *:993
}
protocol pop3 {
listen = *:110
# ssl_listen = *:995
}
#
log_timestamp = "%Y-%m-%d %H:%M:%S "
syslog_facility = mail
#
# Uncomment these if using SSL
#ssl_cert_file = /etc/ssl/mycompany/mailserver/mail-cert.pem
#ssl_key_file = /etc/ssl/mycompany/mailserver/mail-key.pem
#ssl_ca_file = /etc/ssl/mycompany/ca/mycompany.pem
#ssl_verify_client_cert = yes
#ssl_parameters_regenerate = 168
#verbose_ssl = no
#
# Where the mailboxes are located
mail_location = maildir:/var/vmail/%d/%u
#
mail_extra_groups = mail
mail_debug = no
first_valid_uid = 150
last_valid_uid = 150
maildir_copy_with_hardlinks = yes
#
protocol imap {
login_executable = /usr/lib/dovecot/imap-login
mail_executable = /usr/lib/dovecot/imap
imap_max_line_length = 65536
}
protocol pop3 {
login_executable = /usr/lib/dovecot/pop3-login
mail_executable = /usr/lib/dovecot/pop3
pop3_uidl_format = %08Xu%08Xv
}
protocol lda {
postmaster_address = postmaster@mydomain.com
sendmail_path = /usr/lib/sendmail
auth_socket_path = /var/run/dovecot/auth-master
}
#
auth_verbose = no
auth_debug = no
auth_debug_passwords = no
#
auth default {
mechanisms = plain
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
userdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
user = nobody
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0660
user = vmail
group = mail
}
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
#
# If you want client certificates, use these lines
# ssl_require_client_cert = yes
# ssl_username_from_cert = yes
}

Yes, the indentation was lost, but don’t fear. Just incorporate my changes to the existing file. The Dovecot configuration is almost finished now, but we need to add definitions on how it can find our password and user database stored in MySQL.

Open the file /etc/dovecot/dovecot-sql.conf and make sure that the following is present.

driver = mysql
connect = host=localhost dbname=mail user=mail password=mail
# The new name for MD5 is MD5-CRYPT so you might need to change this depending on version
default_pass_scheme = MD5
# Get the mailbox
user_query = SELECT '/var/vmail/%d/%n' as home, 'maildir:/var/vmail/%d/%n' as mail, 150 AS uid, 8 AS gid, concat('dirsize:storage=', quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
# Get the password
password_query = SELECT username as user, password, '/var/vmail/%d/%n' as userdb_home, 'maildir:/var/vmail/%d/%n' as userdb_mail, 150 as userdb_uid, 8 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
# If using client certificates for authentication, comment the above and uncomment the following
#password_query = SELECT null AS password, '%u' AS user

Set the permissions for Dovecot.

# chmod 600 /etc/dovecot/*.conf
# chown vmail /etc/dovecot/*.conf

The Dovecot configuration is now finished, but all SSL-specific parameters have been disabled for now.

Postfix admin

Since Postfix admin requires a running web server, Apache and PHP needs to be installed first. As always, apt-get comes to the rescure, and we need to restart Apache after the installation of php5-mysql.

# apt-get install apache2 libapache2-mod-php5 php5-mysql
# invoke-rc.d apache2 restart

To make things easy, just move the postfixadmin directory downloaded earlier to /var/www/ and copy the config file to its real name.

# mv postfixadmin-2.1.0 /var/www/postfixadmin
# cd /var/www/postfixadmin/
# cp config.inc.php.sample config.inc.php

There are some directives you will need to change, and they are quite self-explanatory, but here are the highlights.

$CONF['postfix_admin_url'] = '/var/www/postfixadmin/';
$CONF['postfix_admin_path'] = 'http://localhost/postfixadmin';
$CONF['database_type'] = 'mysqli';
$CONF['database_user'] = 'mail';
$CONF['database_password'] = 'mail';
$CONF['database_name'] = 'mail';

Do some tests to see if everything works

The server should now be fully up and running, so go to http://localhost/postfixadmin/admin/ and create a new domain and user. If you then look at the log file /var/log/syslog, you should see something like this.

postfix/smtpd[1819]: connect from localhost[127.0.0.1] postfix/smtpd[1819]: 1A0DF66886: client=localhost[127.0.0.1] postfix/cleanup[1824]: 1A0DF66886: message-id=<20070415093021.1A0DF66886@mail.mydomain.com>
postfix/qmgr[1067]: 1A0DF66886: from= , size=408, nrcpt=1 (queue active)
postfix/smtpd[1819]: disconnect from localhost[127.0.0.1] deliver(joch@mydomain.com): msgid=<20070415093021.1A0DF66886@mail.mydomain.com>: saved mail to INBOX
postfix/pipe[1825]: 1A0DF66886: to=, relay=dovecot, delay=0.09, delays=0.06/0.01/0/0.02, dsn=2.0.0, status=sent (delivered via dovecot service)
postfix/qmgr[1067]: 1A0DF66886: removed

If you received an error, extract the error message and go from there.

TLS and SSL for Postfix and Dovecot

Before you push this server out into production, you will most definitely want to enable encryption. You can have different levels of security, and here are the most common scenarios.

The simplest form is having a simple self-signed certificate on the server. This will generate a warning message when the clients first connect, but they should be able to save it for further use. It is not really secure, since anyone can execute a man-in-the-middle attack if you don’t save the certificate.

The next level is using a server certificate signed by a Certificate Authority (CA), either a commercial one, or perhaps the company internal CA. This way, the server certificate will be trusted, and if you now receive a warning, there is potentially something bad going on.

Last but definitely not least is using client certificates for logging in to the server, and using a server certificate to authenticate the server to the clients. This is quite secure, but it is not supported in all mail clients. Thunderbird among others do have support for it.

Self-signed server certificate

First create the directories, create the private key, and lastly create the certificate.

# mkdir -p /etc/ssl/mycompany/mailserver/
# cd /etc/ssl/mycompany/mailserver/
# openssl genrsa 1024 > mail-key.pem
# chmod 400 mail-key.pem
# openssl req -new -x509 -nodes -sha1 -days 365 -key mail-key.pem > mail-cert.pem

Note that “Common Name (eg, YOUR name)” MUST match the name of the server, which in this case is mail.mycompany.com

Dovecot SSL configuration

When you have the certificate ready, it needs to be enabled in both Dovecot and Postfix. You will need to uncomment the following directives in dovecot.conf

protocols
ssl_listen
ssl_cert_file
ssl_key_file
ssl_parameters_regenerate = 168
verbose_ssl = no

Dovecot should now be accepting SSL-connections on port 993. Check the log-file for an entry like this when you login using IMAP.

dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.1.1, lip=127.0.1.1, TLS

The keyword is TLS to the right, which shows that you are using a TLS encrypted session.

Postfix TLS configuration

You will need to add a few lines to your main.cf configuration file to enable TLS.

smtpd_tls_cert_file = /etc/ssl/mycompany/mailserver/mail-cert.pem
smtpd_tls_key_file = /etc/ssl/mycompany/mailserver/mail-key.pem
smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache
smtpd_tls_security_level = may
smtpd_tls_received_header = no
smtpd_tls_loglevel = 0
tls_random_source = dev:/dev/urandom

Now you should be able to authenticate with Postfix and send mail anywhere.

CA-signed certificate

Using a real CA-signed certificate is no different from using a self-signed one. It’s just another step in the key-pair creation. If your company has its own CA, then they should issue a certificate for the mail server. A Google search for be your own ca will give you enough answers to create one yourself, if you have the need.

CA-signed client and server certificates

If you want to use CA-signed client certificates, you will need to take further steps, both in Postfix and in Dovecot to make this work. If you want the user names to be taken from the certificate itself, you currently must set the common name to the user name, for example joch@mycompany.com, which has been used in this document.

In Postfix, you can either use a directory of CA certificates, or a composite file with all the certificates concatenated together.

smtpd_tls_CAfile = /etc/ssl/mycompany/ca/all.pem
#smtpd_tls_CApath = /etc/ssl/mycompany/ca/

In Dovecot, you must have the CRL together with the certificate for the authentication to work. The directives themselves are the following.

ssl_ca_file = /etc/ssl/mycompany/ca/all.pem
ssl_verify_client_cert = yes
ssl_require_client_cert = yes
ssl_username_from_cert = yes

You will also need to change the password_query to the commented one in /etc/dovecot/dovecot-sql.conf

If you are running Dovecot release candidate 28 or older, the server will not send out the list of accepted CA names, which could make clients with multiple client certificates unable to connect. Please upgrade or install this patch.

If you have several CAs and CRLs, it could be difficult to concatenate them each time, so I have created a small script which will do that for you. Just stick it in your /etc/ssl/mycompany/ca/ directory and run it. It will create an all.pem with all certificates and all CRLs.

make.sh:
#!/bin/bash
rm all.pem 2> /dev/null
cat *.pem *.crl > all.pem

Like I said before, there are some settings in Postfix that need to be changed as well, so open up main.cf and note the following.

smtp_tls_CAfile = /etc/ssl/mycompany/ca/all.pem
smtpd_tls_ask_ccert = yes
smtpd_tls_req_ccert = no
smtpd_recipient_restrictions =
permit_mynetworks
permit_tls_all_clientcerts
reject_unauth_destination
permit

Now you should have an enterprise ready email server with client certificates.

Anti-spam measures

Everyone hates spam, so you will need to take some measures to protect your users from it.

Postgrey

Greylisting is a fairly effective countermeasure against spam, so we of course want to enable it for Postfix. First of all, let’s get Postgrey installed and as always, that is very easy in Debian and Ubuntu.

You can use other greylisting daemons which use MySQL for example if you like, but then you are on your own.

# apt-get install postgrey

Postgrey will be injected before Postfix handles over the delivery to Dovecot, so we need to add it in the very end of “smtpd_recipient_restrictions” in main.cf, just before the final “permit” rule.

check_policy_service inet:127.0.0.1:60000

Open up /etc/default/postgrey in your favourit editor and change the options line to the following. Yes, there should be two dashes, – -, but WordPress makes them to one long.

POSTGREY_OPTS="--inet=127.0.0.1:60000 --delay=55"

Then restart postgrey and incoming mail will be delayed 55 seconds, and you will hopefully get a lot less spam!

# invoke-rc.d postgrey restart

Postfix RBL and other rules

There are other rules you can add to Postfix which will reduce spam. Incorporate the following into your main.cf configuration.

smtpd_recipient_restrictions =
permit_mynetworks
permit_tls_all_clientcerts
#permit_sasl_authenticated
reject_non_fqdn_hostname
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unauth_destination
reject_unauth_pipelining
reject_invalid_hostname
#reject_unknown_sender_domain
#reject_unknown_hostname
reject_rbl_client zen.spamhaus.org
reject_rbl_client bl.spamcop.net
reject_rbl_client cbl.abuseat.org
reject_rbl_client dnsbl.njabl.org
reject_rbl_client dnsbl.sorbs.net
reject_rhsbl_sender dsn.rfc-ignorant.org
check_policy_service inet:127.0.0.1:60000
permit
#
smtpd_data_restrictions =
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit

Note that I have commented out “reject_unknown_hostname”, because there are some legit mail servers out there that send the wrong host name. That rule does however catch lots of spam, so it’s a call you will have to make.

You now have a reasonable protection against spam. There are other server-side filtering services which use the bayesian algorithm to catch most spam.

DSPAM

Sorry, to be added later.

Final remarks

This guide will aid you in setting up a large-scale mail server, but it is always important to understand that you should take care and explore all options before diving in and setting this up in a real environment. There are probably lots of things that can be improved in this setup, but I will leave that up to you.

This setup will scale rather well, as you can cleanly separate the different component onto separate machines to reduce the load.

To conclude, always pay close attention to the logs. I always tail syslog when doing these kinds of things and you should too.

# tail -f /var/log/syslog

The above command will give you a real-time log when things happen, so keep one terminal running with just this.

References and further reading

If you find this howto useful, please consider making a small (or large) donation to contribute to enhancements and new guides.

261 thoughts on “Mail server HOWTO – Postfix and Dovecot with MySQL and TLS/SSL, Postgrey and DSPAM”

  1. Hi,

    This is exactly what I was looking for.

    thanks for publishing.

    But I do have a problem…

    When I try creating a mailbox within a domain, I get this in the syslog:

    Apr 17 07:47:14 squamosa postfix/proxymap[23185]: warning: mysql query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '??youplala.net??? AND active = ???1???' at line 1
    Apr 17 07:47:14 squamosa postfix/trivial-rewrite[23184]: fatal: proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): table lookup problem
    Apr 17 07:47:15 squamosa postfix/smtpd[23182]: warning: premature end-of-input on private/rewrite socket while reading input attribute name
    Apr 17 07:47:15 squamosa postfix/master[23127]: warning: process /usr/lib/postfix/trivial-rewrite pid 23184 exit status 1

    This is on Etch.

    Any hint?

    Thanks,

    Nico

  2. [quote comment="29688"]I’m a moron, you warned about the wordpress-translated quotes…

    Thanks for the great How-to!

    Nico[/quote]
    Great that you solved it by yourself! :)

    I’m glad I could be of help with the Howto.

  3. Hi,

    what a nice how-to you got there but i have this problem in retrieving the mails. i used thunderbird as my mail client and configure to use ssl base authentication. once i hit get mail, it wont retrieve any. but as i see my log, it authenticate succesfully.

    Apr 20 18:52:01 debian dovecot: imap-login: Login: user=, method=plain, rip=192.168.1.4, lip=192.168.1.5, TLS

    Another thing is it creates another virtual mailbox in /var/vmail/mydomain.ph without @mydomain.ph

    # ls -l /var/vmail/mydomain.ph

    drwx—— 6 vmail mail 4096 2007-04-20 18:52 paul

  4. [quote comment="29919"]Hi,

    what a nice how-to you got there but i have this problem in retrieving the mails. i used thunderbird as my mail client and configure to use ssl base authentication. once i hit get mail, it wont retrieve any. but as i see my log, it authenticate succesfully.

    Apr 20 18:52:01 debian dovecot: imap-login: Login: user=, method=plain, rip=192.168.1.4, lip=192.168.1.5, TLS

    Another thing is it creates another virtual mailbox in /var/vmail/mydomain.ph without @mydomain.ph

    # ls -l /var/vmail/mydomain.ph

    drwx—— 6 vmail mail 4096 2007-04-20 18:52 paul[/quote]
    If you are using my configuration, it will create virtual mailboxes like this:
    /var/vmail/domain.tld/user

    I would suggest that you verify that Postfix is delivering mail correctly to Dovecot, and check that the mail ends up in /var/vmail/mydomain.ph/paul.

    Then enable debugging in Dovecot and try logging in to see what happens when the client tries to fetch the mail.

    If you can’t find the problem, try pasting the relevant log entries here.

  5. Hi,

    it works! thanks a lot. at first it does not create /var/vmail/mydomain.ph/paul but instead /var/vmail/mydomain.ph/paul@mydomain.ph and now it works after i enable debugging in dovecot.

    But is there a way to manage virtual mailbox quota?

    thanks in advance.

  6. [quote comment="30025"]Hi,

    it works! thanks a lot. at first it does not create /var/vmail/mydomain.ph/paul but instead /var/vmail/mydomain.ph/paul@mydomain.ph and now it works after i enable debugging in dovecot.

    But is there a way to manage virtual mailbox quota?

    thanks in advance.[/quote]
    Great news!

    Start by looking at the quota page on the Dovecot wiki: http://wiki.dovecot.org/Quota

    Postfix admin should already be setup to use quota, so there shouldn’t be any big changes necessary.

  7. i edit dovecot.conf and make it look like this:

    protocol imap {

    mail_plugins = quota imap_quota
    }
    protocol pop3 {

    mail_plugins = quota
    }

    mail_plugins = quota
    }

    plugin {
    quota = maildir:storage=10240
    }

    but ive got an error in postfix.

    Apr 21 05:42:34 mail postfix/smtpd[9641]: connect from unknown[192.168.8.107]
    Apr 21 05:42:34 mail postfix/smtpd[9641]: 8B72A3CC1D0: client=unknown[192.168.8.107]
    Apr 21 05:42:34 mail postfix/cleanup[9646]: 8B72A3CC1D0: message-id=
    Apr 21 05:42:34 mail postfix/qmgr[9638]: 8B72A3CC1D0: from=, size=663, nrcpt=1 (queue active)
    Apr 21 05:42:34 mail dovecot: auth(default): master in: USER^I1^Ipaul@mydomain.net^Iservice=deliver
    Apr 21 05:42:34 mail dovecot: auth-worker(default): sql(paul@mydomain.net): SELECT ‘/var/vmail/mydomain.net/paul’ as home, ‘maildir:/var/vmail/mydomain.net/paul’ as mail, 150 AS uid, 8 AS gid, concat(‘dirsize:storage=’, quota) AS quota FROM mailbox WHERE username = ‘paul@mydomain.net’ AND active = ’1′
    Apr 21 05:42:34 mail dovecot: auth(default): master out: USER^I1^Ipaul@mydomain.net^Ihome=/var/vmail/mydomain.net/paul^
    Imail=maildir:/var/vmail/mydomain.net/paul^Iuid=150^Igid=8^Iquota=dirsize:storage=0
    Apr 21 05:42:34 mail postfix/smtpd[9641]: disconnect from unknown[192.168.8.107]
    Apr 21 05:42:34 mail postfix/sendmail[9652]: fatal: no debugger_command variable set up
    Apr 21 05:42:34 mail postfix/pipe[9647]: 8B72A3CC1D0: to=, relay=dovecot, delay=0.05, delays=0.01/0/0/0.04, dsn=4.3.0, status=deferred (temporary failure. Command output: sendmail: fatal: no debugger_command variable set up )

    any hint?

    thanks

  8. [quote comment="30145"](temporary failure. Command output: sendmail: fatal: no debugger_command variable set up)[/quote]
    I’m guessing you added -D to smtpd in master.cf. You should have used the lower-case v for debugging instead. “smtpd -v”.

  9. [quote comment="30647"]Very nice tutorial :)

    One thing:
    [quote post="266"]# mysql -umail -p mail[/quote]
    Thanks! I’m not sure what you mean by your quote though.

    That means that mysql should connect with user mail, use a password and use the database called mail.

  10. Hi,

    sorry, seems that something went wrong with the quote :(

    Just wanted to ask if it’s spelled “mysql -umail …” or “mysql -u mail …”

    And please post the DSPAM Section ;)

    Thanks in advance,

    Greets lotrac

  11. [quote comment="30689"]Hi,

    sorry, seems that something went wrong with the quote :(

    Just wanted to ask if it’s spelled “mysql -umail …” or “mysql -u mail …”

    And please post the DSPAM Section ;)

    Thanks in advance,

    Greets lotrac[/quote]
    The space is optional in “-u mail”, so which ever you prefer. :)

    Yes, the DSPAM section is somewhat delayed at the moment I’m afraid, since I have too much to do right now. However, I felt that I should post the howto even though that section was not yet completed. It will appear in a not so distant future if all goes as planned though.

    Cheers

  12. Hello followed you procedure, buy I seem to be getting a lot of 550 errors when I email to the postfix server. Here is my main.cf I would be greatful if you could have a look.

    Cheers
    Johno

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version

    # Debian specific: Specifying a file name will cause the first
    # line of that file to be used as the name. The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname

    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no

    # appending .domain is the MUA’s job.
    append_dot_mydomain = no

    # Uncomment the next line to generate “delayed mail” warnings
    #delay_warning_time = 4h

    # TLS parameters
    smtpd_tls_cert_file = /etc/ssl/mailserver/mail-cert.pem
    smtpd_tls_key_file = /etc/ssl/mailserver/mail-key.pem
    smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache
    smtpd_tls_security_level = may
    smtpd_tls_received_header = no
    smtpd_tls_loglevel = 0
    tls_random_source = dev:/dev/urandom

    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.

    myhostname = domain.com
    myorigin = /etc/mailname
    mynetworks = 127.0.0.0/8, 192.168.#.#/24
    mailbox_size_limit = 0
    message_size_limit = 0
    recipient_delimiter =
    inet_interfaces = all
    smtpd_sasl_local_domain =
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
    #smtpd_sender_restrictions = reject_non_fqdn_sender,reject_unknown_sender_domain
    mydestination =
    smtpd_tls_auth_only = no
    smtp_use_tls = yes
    smtp_tls_note_starttls_offer = yes

    # SASL Authentication
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_exceptions_networks = $mynetworks
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    smtpd_helo_required = yes
    #Disables NIS Lookup Code
    #alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf

    #Virtual Mailboxes Settings
    virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf
    #All mail is held in this locatation
    virtual_mailbox_base = /var/vmail
    virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf
    virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf
    virtual_minimum_uid = 150
    virtual_uid_maps = static:150
    virtual_gid_maps = static:8
    virtual_transport = dovecot
    dovecot_destination_recipient_limit = 1

    #Amavis New
    content_filter = smtp-amavis:[127.0.0.1]:10024

    #ISP Relay Host
    relayhost = domain.co.uk
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_security_options =
    inet_protocols = all

  13. [quote comment="31457"]Hello followed you procedure, buy I seem to be getting a lot of 550 errors when I email to the postfix server. Here is my main.cf I would be greatful if you could have a look.[/quote]
    Hello. It would be alot easier if you could post the entire error message you get. Only saying 550 doesn’t really help much, except that I know it’s a “permanent” error.

    Cheers

  14. This is the Postfix program at host mailb01.thehostingserversmail.com.

    I’m sorry to have to inform you that your message could not be
    be delivered to one or more recipients. It’s attached below.

    For further assistance, please send mail to

    If you do so, please include this problem report. You can
    delete your own text from the attached returned message.

    The Postfix program

    : host xxxx.co.uk[##.#.##.###] said:
    550-yyyy [##.6##.#.#]:41002 is currently not permitted
    to 550-relay through this server. Perhaps you have not logged into the
    pop/imap 550-server in the last 30 minutes or do not have SMTP
    Authentication turned on 550 in your email client. (in reply to RCPT TO
    command)

  15. I meant the relevant mail.log entries on the mail server itself.

    Assuming xxxx.co.uk is your mail server, it seems that it can’t find the domain that you are sending to in the SQL database. Is the SQL connection working properly? Is the appropriate domain and mailbox added to this database?

    If you can’t find out where in the chain to find the error, enable logging in Postfix by adding -v to smtpd in master.cf and check the logs. You will see the SQL statements there too as they are being executed. Make sure those are correct.

    When debugging the mail server, send mail to it directly without using a relay in the middle.

    Good luck.

  16. Hi!

    Totally new to this (linux at all)

    I followed your howto and i get this in /var/log/syslog when creating new user mailbox through postfixadmin web config…

    ————-
    May 15 11:33:23 egw postfix/smtpd[5880]: warning: database /etc/aliases.db is older than source file /etc/aliases
    May 15 11:33:23 egw postfix/smtpd[5880]: warning: dict_nis_init: NIS domain name not set – NIS lookups disabled
    May 15 11:33:23 egw postfix/smtpd[5880]: warning: SASL: Connect to private/auth failed: No such file or directory
    May 15 11:33:23 egw postfix/smtpd[5880]: fatal: no SASL authentication mechanisms
    May 15 11:33:24 egw postfix/master[5259]: warning: process /usr/lib/postfix/smtpd pid 5880 exit status 1
    May 15 11:33:24 egw postfix/master[5259]: warning: /usr/lib/postfix/smtpd: bad command startup — throttling
    —————

    Sorry i haven’t provide all required info, but i just don’t know what to show.

    Tnx for understanding and thnx for any replys…

  17. [quote comment="31792"]Hi!

    Totally new to this (linux at all)

    I followed your howto and i get this in /var/log/syslog when creating new user mailbox through postfixadmin web config…[/quote]
    Hi there. If you are taking this on as a new Linux user, you will probably need to do some hard work. :)

    Ok, let’s check off the warnings.

    [quote post="266"]warning: database /etc/aliases.db is older than source file /etc/aliases[/quote]
    Run “newaliases” on the command-line to remove this warning.

    [quote post="266"]warning: dict_nis_init: NIS domain name not set – NIS lookups disabled[/quote]

    Remove statements in main.cf with “nis:” in them.

    [quote post="266"]warning: SASL: Connect to private/auth failed: No such file or directory[/quote]

    It can’t connect to your private/auth socket. Verify that you have this in your Dovecot config:

    client {
    path = /var/spool/postfix/private/auth
    mode = 0660
    user = postfix
    group = postfix
    }

    Restart Dovecot and verify that it’s actually there and that the permissions are correct.

    “ls -l /var/spool/postfix/private/auth” should give something like this:
    srw-rw—- 1 postfix postfix 0 2007-04-13 11:25 /var/spool/postfix/private/auth

    Good luck.

  18. Hi,

    Great article, had it up and running with very little effort. Thanks.

    I have a question about supporting “local” users. Do they need to be added to the mail system databases via postfixadmin?

    And is it possible to setup a “default” domain that gets added to a users name should they not specify it when they attempt to login? I tried modifying dovecot-sql.conf to add the default domain to the ‘%u’ – as in ‘%u@tbayne.net’ and it turns out that when I do that, something in the authentication chain adds an additional ‘@tbayne.net’, so that when Dovecot finally tries to authenticate, it sees a username of tbayne@tbayne.net@tbayne.net…. kind of odd that.

    Thanks

  19. [quote comment="31863"]Great article, had it up and running with very little effort. Thanks.[/quote]

    Thanks! I’m glad you found it useful.

    [quote post="266"]I have a question about supporting “local” users. Do they need to be added to the mail system databases via postfixadmin?[/quote]

    It is possible to support both local and virtual users. Have a look here for instructions on how to set this up: http://wiki.dovecot.org/Authentication/MultipleDatabases

    [quote post="266"]And is it possible to setup a “default” domain that gets added to a users name should they not specify it when they attempt to login?[/quote]

    Check out “auth_default_realm”. It is defined as “Default realm/domain to use if none was specified. This is used for both SASL realms and appending @domain to username in plaintext logins.”

    Good luck.

  20. Gracias!! el “howto” está super… pero no puedo autenticarme mediante outlook :’(, por favor alguien puede ayudarme e indicarme que debo modificar para que pueda autenticarme con outlook?

  21. Hi Johnny,

    Many thanks for this howto however would it be possible to remove comment 16 with the domain name listed.

    Cheers Buddy
    Johno

  22. [quote comment="32402"]Gracias!! el “howto” está super… pero no puedo autenticarme mediante outlook :’(, por favor alguien puede ayudarme e indicarme que debo modificar para que pueda autenticarme con outlook?[/quote]
    Hi there Isabel. Excuse my ignorance, but I don’t understand Spanish. Please, if you will, write it in English (or Swedish ;) ) if you can.

  23. [quote comment="32404"]Hi Johnny,

    Many thanks for this howto however would it be possible to remove comment 16 with the domain name listed.

    Cheers Buddy
    Johno[/quote]
    Hey Johno.

    No problem! It has been taken care of. (removed the domain name in comment 16 and 17)

    Cheers

  24. Hi Johnny!!
    I have a problem, users can access their mail from Web, Outlook is the problem, I can connect to server but users can’t authenticate by outlook.
    Logs show this:
    May 21 15:36:47 mail dovecot: pop3-login: Disconnected: rip=200.87.233.114, lip=200.87.233.93
    Can you help me please?

  25. [quote comment="32412"]Hi Johnny!!
    I have a problem, users can access their mail from Web, Outlook is the problem, I can connect to server but users can’t authenticate by outlook.
    Logs show this:
    May 21 15:36:47 mail dovecot: pop3-login: Disconnected: rip=200.87.233.114, lip=200.87.233.93
    Can you help me please?[/quote]
    Hello again.

    You can set some workarounds for Outlook in dovecot.conf. Look in the “protocol pop3″ section and try using “pop3_client_workarounds = outlook-no-nuls” for example.

    Have you selected SSL for Outlook if you are using that? And not selected it when you are not using it. My Outlook skills are quite limited I’m afraid, since I never use it.

    If all else fails though, enable debugging in dovecot.conf and see what happens.

    auth_verbose = yes
    auth_debug = yes
    verbose_ssl = yes

    If you are using an old version, you should probably try upgrading to the lastest one before proceeding.

    Just an idea, you say that you are accessing the mail using the web, so I assume that you are using IMAP there? Why not use IMAP in Outlook as well?

    Good luck.

  26. Hi..!
    Thanks..!!
    I enabled debugging in dovecot.conf, and I could to solve my problem,
    but I have a question, can I or any user authenticate with account only?, example:
    now: user: isabel@mydomain.com
    pass: xxxxxx

    then:
    user: isabel
    pass: xxxxxx

    any idea?

  27. [quote comment="33041"]Hi..!
    Thanks..!!
    I enabled debugging in dovecot.conf, and I could to solve my problem,
    but I have a question, can I or any user authenticate with account only?
    any idea?[/quote]
    Check out comment 21: “Check out “auth_default_realm”. It is defined as “Default realm/domain to use if none was specified. This is used for both SASL realms and appending @domain to username in plaintext logins.””

    It will hopefully solve your problem. Good luck!

  28. Hi there.
    Great how to.
    Do you have any plans about dspam?
    It would be great if you could add it to the guide. :)

    Kind regards

  29. [quote comment="33068"]Hi there.
    Great how to.
    Do you have any plans about dspam?
    It would be great if you could add it to the guide. :)

    Kind regards[/quote]
    Thanks!

    I currently don’t have the time to write and test it, but things will start slowing down as summer comes, so I will hopefully have time to do this in a not so distant future.

  30. Hi Johnny

    Really excellent HowTo – thanks very much for putting it together.

    I have a query re. sasl authentication – should postfix use saslauthd? .. and how?

    My /etc/postfix/sasl/smtpd.conf looks like this:

    pwcheck_method: saslauthd
    mech_list: plain login

    and my /etc/default/saslauthd like this:

    START=yes
    PARAMS=”-m /var/spool/postfix/var/run/saslauthd -r”
    MECHANISMS=”pam”

    .. so saslauthd doesn’t know where to find virtual user passwords. I get this in my saslauthd logs:

    auth_pam: pam_authenticate failed: User not known to the underlying authentication module

    Clearly I should be using another pwcheck method .. or another saslauthd mechanism?

    If you have a minute I’d be grateful if you could make a suggestion.

    Thanks,

    Simon

  31. [quote comment="33190"]pwcheck_method: saslauthd
    mech_list: plain login
    (…)
    START=yes
    PARAMS=”-m /var/spool/postfix/var/run/saslauthd -r”
    MECHANISMS=”pam”
    (…)[/quote]
    Hi there Simon, and thanks!

    It seems like you are using the Cyrus sasl libraries, which you should not do. Dovecot has its own sasl implementation, and if you follow this guide, it should be all set-up for you.

    Notice, for instance, the following lines in the Postfix configuraion (main.cf):

    # SASL Authentication
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_exceptions_networks = $mynetworks
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth

    To conclude, you don’t need the Cyrus SASL library, unless you are doing something very special.

    Good luck!

  32. Hi Johnny,
    great HowTo. Made setting up an imap-server a breeze. Thanks alot.

    and Simon:
    [quote post="266"]and my /etc/default/saslauthd like this:
    START=yes
    PARAMS=”-m /var/spool/postfix/var/run/saslauthd -r”
    MECHANISMS=”pam”[/quote]
    Had a similar problem here: The solution was to use
    MECHANISMS=”rimap -O 127.0.0.1 -r”
    which will make saslauth use the local imap server for authentication.

  33. Great tutorial man. I think I managed to work a lot out. However, when I get to the “do some tests to see if everything works”, I can create a new domain, but when I try to create a new alias(user), it creates the mailbox but then says in red below this, “Unable to create mailbox!”.

    This is difficult to diagnose because my syslog nor mail.log are showing any traces of these creations. The logs are showing other activity for getting this setup though.

    Any ideas?

  34. Hey!

    Thanx for this nice howto.

    There are just one thing missing to get this to be a complete mailserver (in my opinion) and that are to implement a mailingslist function.

    Will you add that to this magnific howto? (or are there anyone else here that can make an addon?) I been trying mailman, but I cant get it up and running the way I want.

  35. Hey, Thanks!

    close to what I was doing and this seems to work nicer! :P

    Now, to make a script that does all this automagically each time I install debian. :-D

  36. [quote comment="33374"]Hi Johnny,
    great HowTo. Made setting up an imap-server a breeze. Thanks alot.[/quote]

    Thanks! I’m glad you found it useful!

    [quote comment="33438"]Great tutorial man. I think I managed to work a lot out. However, when I get to the “do some tests to see if everything works”, I can create a new domain, but when I try to create a new alias(user), it creates the mailbox but then says in red below this, “Unable to create mailbox!”.

    This is difficult to diagnose because my syslog nor mail.log are showing any traces of these creations. The logs are showing other activity for getting this setup though.

    Any ideas?[/quote]

    Strange that you don’t get any entries in syslog when creating the mailbox. All Postfixadmin is doing is sending an email to that newly created mailbox, which will create the Maildir automatically.

    Try making the Postfix smtpd daemon more verbose and check for any strange behavior. In /etc/postfix/master.cf, the first uncommented line will begin with “smtp”. In the command column it will say “smtpd”, change that to “smtpd -v” to get more information printed to the syslog.

    [quote comment="33628"]Hey!

    Thanx for this nice howto.

    There are just one thing missing to get this to be a complete mailserver (in my opinion) and that are to implement a mailingslist function.

    Will you add that to this magnific howto? (or are there anyone else here that can make an addon?) I been trying mailman, but I cant get it up and running the way I want.[/quote]

    Thank you! A mailing list manager is not really the scope of this guide, but it’s an interesting thought. I might add it when the Dspam section is finished. (but there is no time at the moment though).

    [quote comment="33918"]Hey, Thanks!

    close to what I was doing and this seems to work nicer! :P

    Now, to make a script that does all this automagically each time I install debian. :-D[/quote]

    Thanks! Or you can just save the /etc/postfix and /etc/dovecot directories and restore them if you reinstall later on. :)

  37. Alright, first off, great guide!
    Secondly, whenever I restart postfix, I get this error: “postfixpostconf: fatal: /etc/postfix/main.cf, line 34: missing ‘=’ after attribute name: “permit_tls_all_clientcerts” postconf: fatal: /etc/postfix/main.cf, line 34: missing ‘=’ after attribute name: “permit_tls_all_clientcerts” ”

    Also, I get the same error as Patrik, “Unable to create mailbox!”

    There’s also a fourth thing, this is what my log says:
    Jun 12 16:49:25 debian dovecot: imap-login: Aborted login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
    Jun 12 16:49:33 debian dovecot: auth-worker(default): sql(jesse@nauthez.ath.cx,127.0.0.1): Password query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\200\230/var/vmail/nauthez.ath.cx/jesse�\200\231 as userdb_home, �\200\230maildir:/var/vmail/nauth’ at line 1

  38. Thanks! Let’s look at your problems shall we.

    [quote post="266"]Secondly, whenever I restart postfix, I get this error: “postfixpostconf: fatal: /etc/postfix/main.cf, line 34: missing ‘=’ after attribute name: “permit_tls_all_clientcerts”[/quote]

    Ok, it seems like your “smtpd_recipient_restrictions” line is wrong. It should look something like this:

    smtpd_recipient_restrictions =
    permit_mynetworks
    permit_tls_all_clientcerts
    reject_non_fqdn_hostname
    ...

    [quote post="266"]Also, I get the same error as Patrik, “Unable to create mailbox!”[/quote]

    This may be related to the issue above. If not (and I assume that you have looked in the logs for errors), change smtpd to smtpd -v in master.cf and see what goes wrong. (you will get lots of debug output in /var/log/syslog). I’m guessing it may be a tick problem in /etc/postfix/mysql_virtual_*. (see below for details)

    [quote post="266"]Password query failed: You have an error in your SQL syntax[/quote]

    If you look at the top of the document it states: “Note that ticks like ‘ and ” are converted by WordPress, and may cause problems if copied directly into your configuration.”

    So open up your /etc/dovecot/dovecot-sql.conf and replace the ticks with the proper ones.

    Good luck!

  39. [quote post="266"]Ok, it seems like your “smtpd_recipient_restrictions” line is wrong. It should look something like this:[/quote]

    Ah, this could be a potential problem. There should be spaces in the beginning of the arguments. WordPress seems to remove them. I’ll replace the spaces with dots, so you see more clearly.

    smtpd_recipient_restrictions =
    …permit_mynetworks
    …permit_tls_all_clientcerts
    …reject_non_fqdn_hostname

  40. Alright, in my “/etc/postfix/main.cf”, I have this:

    smtpd_recipient_restrictions =
    permit_mynetworks
    permit_tls_all_clientcerts
    #permit_sasl_authenticated
    reject_non_fqdn_hostname
    reject_non_fqdn_sender
    reject_non_fqdn_recipient
    reject_unauth_destination
    reject_unauth_pipelining
    reject_invalid_hostname
    reject_unknown_sender_domain
    #reject_unknown_hostname
    reject_rbl_client zen.spamhaus.org
    reject_rbl_client list.dsbl.org
    reject_rhsbl_sender dsn.rfc-ignorant.org
    check_policy_service inet:127.0.0.1:60000
    permit
    ...

    I checked all the “/etc/postfix/mysql_virtual_*”, and all the information is correct (I changed some variables, like user and password. I’m not sure if this could affect some files since I made sure to change them all.)

    In my “/etc/dovecot/dovecot-sql.conf”, everything is configured correctly, although i’m not sure if I should use MD5-CRYPT instead of MD5.

  41. i am also having a problem with sending mail with authorization…below is the log

    Jun 17 12:22:31 mail dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=IMAP^Isecured^Ilip=192.168.0.20^Irip=192.168.0.1^I
    resp=AHRvbWlzbGF2QG1heGltaXIuY29tAG1paGExOTc4
    Jun 17 12:22:31 mail dovecot: auth-worker(default): sql(tomislav@maximir.com,192.168.0.1): query: SELECT username as user, password, ‘/var/vmail/maximir.com/tomislav’ as userdb_home, ‘maildir:/var/vmail/maximir.com/tomislav’ as userdb_mail, 150 as userdb_uid, 8 as userdb_gid FROM mailbox WHERE username = ‘tomislav@maximir.com’ AND active = ’1′
    Jun 17 12:22:31 mail dovecot: auth(default): client out: OK^I1^Iuser=tomislav@maximir.com
    Jun 17 12:22:31 mail dovecot: auth(default): master in: REQUEST^I3^I2478^I1
    Jun 17 12:22:31 mail dovecot: auth(default): passwd(tomislav@maximir.com,192.168.0.1): unknown user
    Jun 17 12:22:31 mail dovecot: auth-worker(default): sql(tomislav@maximir.com,192.168.0.1): SELECT ‘/var/vmail/maximir.com/tomislav’ as home, ‘maildir:/var/vmail/maximir.com/tomislav’ as mail, 150 AS uid, 8 AS gid, concat(‘dirsize:storage=’, quota) AS quota FROM mailbox WHERE username = ‘tomislav@maximir.com’ AND active = ’1′
    Jun 17 12:22:31 mail dovecot: auth(default): master out: USER^I3^Itomislav@maximir.com^Ihome=/var/vmail/maximir.com/tomislav^
    Imail=maildir:/var/vmail/maximir.com/tomislav^Iuid=150^Igid=8^Iquota=dirsize:storage=204800
    Jun 17 12:22:31 mail dovecot: imap-login: Login: user=, method=PLAIN, rip=192.168.0.1, lip=192.168.0.20, TLS
    Jun 17 12:22:31 mail dovecot: IMAP(tomislav@maximir.com): Effective uid=150, gid=8
    Jun 17 12:22:31 mail dovecot: IMAP(tomislav@maximir.com): maildir: data=/var/vmail/maximir.com/tomislav
    Jun 17 12:22:31 mail dovecot: IMAP(tomislav@maximir.com): maildir: root=/var/vmail/maximir.com/tomislav, index=/var/vmail/maximir.com/tomislav, control=, inbox=
    Jun 17 12:22:34 mail postfix/smtpd[2475]: connect from mikrotik.maximir.com[192.168.0.1]
    Jun 17 12:22:34 mail postfix/smtpd[2475]: NOQUEUE: reject: RCPT from mikrotik.maximir.com[192.168.0.1]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo=
    Jun 17 12:22:34 mail postfix/smtpd[2475]: disconnect from mikrotik.maximir.com[192.168.0.1]

  42. Hey,
    Great work on the tutorial! I’ve got everything set up perfectly except for one problem. When I telnet localhost 25 from the server and EHLO I get
    220 server.com ESMTP Postfix (Ubuntu)
    250-server.com
    250-PIPELINING
    250-SIZE 10340000
    250-VRFY
    250-ETRN
    250 8BITMIME
    221 Bye
    However, when I try to connect from a remote machine (telnet server.com 25) the connection times out (Could not open connection to the host, on port 25: Connect failed). I have no problem connecting to any other services on the machine.
    lsof -i tcp:25 gives
    COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
    master 6659 root 11u IPv4 68779 TCP *:smtp (LISTEN)
    So it is listening on all addresses, just not responding?
    /var/log/syslog shows nothing while I am attempting to connect from a remote host.
    Any help you could give would be greatly appreciated.
    Thanks!
    -Garret

  43. Thanks for this great guide.

    Is there anything that I need to set if I need to send email via this server eg.smtp-auth?

    Cos when I try to send out email, I get similar error that Tommy faced.

    Thanks.

  44. First of all, sorry for the late reply. Summertime and everything now.

    [quote comment="34679"]I checked all the “/etc/postfix/mysql_virtual_*”, and all the information is correct (I changed some variables, like user and password. I’m not sure if this could affect some files since I made sure to change them all.)

    In my “/etc/dovecot/dovecot-sql.conf”, everything is configured correctly, although i’m not sure if I should use MD5-CRYPT instead of MD5.[/quote]

    To login using username and password, you need to remove the hash (#) from permit_sasl_authenticated, to enable Postfix to authenticate against the Dovecot authentication socket.

    [quote comment="34801"]I also have another question. I used this guide to set up apache, mysql, and php (http://www.mysql-apache-php.com/), and I can get the mail server working inside my network. When I get to this point (http://www.mysql-apache-php.com/#mailserver), it says I need to specify the dovecot authentication daemon socket, but I don’t know how. That’s the only thing keeping me from getting it to work outside of my network.[/quote]

    The Dovecot authentication socket has nothing to do with you being able to access the mail server from outside your network. You need to open up port 25 in your firewall and forward it to your mail server. Some ISPs block incoming connections on port 25, so that might be your problem.

  45. [quote comment="35834"]Is it necesary to install a quota (apt-get install quota) for quota thing in dovecot to work?[/quote]

    Have a look here: http://wiki.dovecot.org/Quota

    [quote comment="35876"]i am also having a problem with sending mail with authorization…below is the log
    (…)
    Jun 17 12:22:31 mail dovecot: auth(default): passwd(tomislav@maximir.com,192.168.0.1): unknown user
    (…)
    [/quote]

    Dovecot can’t seem to find the user tomislav@maximir.com. Are you sure he’s added to the proper MySQL table? I’m a bit concerned about the IP being appended like that. I don’t remember if that just for display or if there is something wrong with the incoming query. Get back to me if you can’t get it working.

  46. [quote comment="36275"]Great work on the tutorial!

    However, when I try to connect from a remote machine (telnet server.com 25) the connection times out (Could not open connection to the host, on port 25: Connect failed). I have no problem connecting to any other services on the machine.[/quote]

    Thanks! The most probable cause is that your ISP is blocking incoming connections to port 25. This is fairly common, and it sadly denies you the ability to run your own mail server. In Sweden at least, it’s possible to call the ISP and have them unblock port 25 for you if you take responsibility for not relaying mail etc.

  47. [quote comment="39628"]Thanks for this great guide.

    Is there anything that I need to set if I need to send email via this server eg.smtp-auth?

    Cos when I try to send out email, I get similar error that Tommy faced.

    Thanks.[/quote]

    The SMTP authentication should already be in place. Make sure that you have “permit_sasl_authenticated” in “smtpd_recipient_restrictions” and that there is no hash (#) in front of that line.

    You have to read the article, not just copy-paste the configuration. ;) Good luck!

  48. NOQUEUE: reject: RCPT from unknown[192.168.0.2]: 554 5.7.1 : Client host rejected: Access denied; from= to= proto=ESMTP helo=

    any suggest??

    great tutorial!!! thanks!!

  49. [quote comment="40618"]NOQUEUE: reject: RCPT from unknown[192.168.0.2]: 554 5.7.1 : Client host rejected: Access denied; from= to= proto=ESMTP helo=

    any suggest??

    great tutorial!!!

    thanks!![/quote]

    Thanks! So you get relay access denied. This could be any number of things, but make sure that you are authenticated. Do you have “permit_sasl_authenticated” in “smtpd_recipient_restrictions”, without the hash (#)?

    Also, does this occur when you are sending mail to your domain, or somewhere else?

  50. Yes, i have the option in the smtpd_recipient_restrictions. I send you the out of postconf -n, please check that y give you opinion, thanks…

    append_dot_mydomain = no
    biff = no
    broken_sasl_auth_clients = yes
    config_directory = /etc/postfix
    disable_dns_lookups = no
    disable_vrfy_command = yes
    inet_interfaces = all
    mailbox_command = /usr/lib/dovecot/deliver
    mailbox_size_limit = 0
    message_size_limit = 20971520
    mydestination = localhost, localhost.localdomain
    myhostname = dns1.serverdlj.cl
    mynetworks = 127.0.0.0/8, 192.168.0.0/24
    myorigin = /etc/mailname
    recipient_delimiter =
    relayhost =
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    smtpd_client_restrictions = permit_mynetworks reject_rbl_client, reject_rhsbl_client, reject_unknown_client, permit
    smtpd_data_restrictions = permit_mynetworks reject_unauth_pipelining reject_multi_recipient_bounce permit
    smtpd_helo_restrictions = permit_mynetworks reject_invalid_hostname permit
    smtpd_recipient_restrictions = permit_mynetworks check_recipient_access hash:/etc/postfix/filtered_domains check_sender_access hash:/etc/postfix/access permit_tls_all_clientcerts permit_sasl_authenticated reject_non_fqdn_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unauth_destination reject_unauth_pipelining reject_invalid_hostname reject_unknown_sender_domain reject_rbl_client zen.spamhaus.org reject_rbl_client list.dsbl.org reject_rhsbl_sender dsn.rfc-ignorant.org check_policy_service inet:127.0.0.1:60000 permit
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_exceptions_networks = $mynetworks
    smtpd_sasl_path = private/auth
    smtpd_sasl_security_options = noanonymous
    smtpd_sasl_type = dovecot
    smtpd_sender_restrictions = hash:/etc/postfix/access permit
    smtpd_tls_cert_file = /etc/ssl/certs/serverdlj/dovecot.crt
    smtpd_tls_key_file = /etc/ssl/certs/serverdlj/dovecot.key
    smtpd_tls_loglevel = 0
    smtpd_tls_received_header = no
    smtpd_tls_security_level = may
    smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache
    smtpd_use_tls = yes
    tls_random_source = dev:/dev/urandom
    virtual_alias_maps = proxy:mysql:$config_directory/mysql_virtual_alias_maps.cf
    virtual_gid_maps = static:8
    virtual_mailbox_base = /var/vmail
    virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf
    virtual_mailbox_maps = proxy:mysql:$config_directory/mysql_virtual_mailbox_maps.cf
    virtual_minimum_uid = 150
    virtual_transport = dovecot
    virtual_uid_maps = static:150

    I have using the postfix postgrey dovecot ssl…

  51. Hi !

    Great work, but is not working with MS outlook and outlook express !
    Why ?
    MSO and MSOE authenticate with “login” method to smtp server !
    Your dovecot.conf is not included this, only the “plain” method !

    .
    .
    .
    auth default {
    mechanisms = plain login
    passdb sql {
    args = /etc/dovecot/dovecot-sql.conf
    }
    .
    .

    Sorry 4my english :)

  52. [quote comment="40659"]Yes, i have the option in the smtpd_recipient_restrictions.

    I send you the out of postconf -n, please check that y give you opinion, thanks…
    [/quote]

    Ok, it seems as there is something not quite right. You should not need to add your network to mynetworks, since the authentication process will take care of that.

    In any case, enable debugging in Postfix and check which rule gets you blocked. Edit /etc/postfix/master.cf and change smtpd to smtpd -v an reload Postfix. Then check the log files and try sending an email, and see what happens.

  53. [quote comment="41233"]Hi !

    Great work, but is not working with MS outlook and outlook express !
    Why ?
    MSO and MSOE authenticate with “login” method to smtp server !
    Your dovecot.conf is not included this, only the “plain” method !

    auth default {
    mechanisms = plain login
    passdb sql {
    args = /etc/dovecot/dovecot-sql.conf
    }

    Sorry 4my english :)[/quote]

    Thanks! I never use Outlook/Express, so I don’t know if it works there or not. (it should though). You seemed to find the solution yourself though, so great, and thanks for the tip. :)

    There are som additional settings for Outlook users, which you might need to enable: http://wiki.dovecot.org/Clients

    Good luck!

  54. IN ## Dovecot configuration file YOU HAVE

    # Where the mailboxes are located
    mail_location = maildir:/var/vmail/%d/%u

    TWO THINGS:
    1) mail_location seems to be replaced with default_mail_env in newer dovecot. I got error. Replaced it, and it seems to work fine now.
    2) Are you sure about %u. Should it not be %n

    Thank you.

  55. Resolving: Proper authentication required

    When you send an email from your PC through your VPS’s SMTP server do you get an error message like: Relaying denied. Proper authentication required.’, Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79?

    Check you have ticked the “My Server Requires Authentication” option on your Outgoing Server section (in Outlook).

    Works now, thanks. Pivo

  56. [quote comment="41286"]IN ## Dovecot configuration file YOU HAVE

    # Where the mailboxes are located
    mail_location = maildir:/var/vmail/%d/%u

    TWO THINGS:
    1) mail_location seems to be replaced with default_mail_env in newer dovecot. I got error. Replaced it, and it seems to work fine now.
    2) Are you sure about %u. Should it not be %n

    Thank you.[/quote]

    1. Ok, I haven’t upgraded to the latest version yet. Thanks for the input.

    2. It doesn’t really matter in this scenario, since both will resolve to the username. %n should work as well, if you are more comfortable using it.

    [quote comment="41548"]Resolving: Proper authentication required

    When you send an email from your PC through your VPS’s SMTP server do you get an error message like: Relaying denied. Proper authentication required.’, Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79?

    Check you have ticked the “My Server Requires Authentication” option on your Outgoing Server section (in Outlook).

    Works now, thanks. Pivo[/quote]

    And just to clarify. The SMTP settings on the client should be port 25, TLS, and if using client certificates, it should not send the username and password.

    Cheers.

  57. Hi Johnny. Thanks a lot about your wonderful article. So i have some problem:
    I want configure with vacation service (autorespondent – out at office). How can i configure? with virtual users?

    I look in postfixadmin dir. VIRTUAL_VACATION. I read manual. And configure step by step. But not working.
    How can i configure properly? with support autorespondent
    Thanks.
    P.S. Sorry for english mistakes

  58. Great how-to. But I still have one problem. I’m running ubuntu 7.04 server. So I’ve installed postfix, dovecat… Servers work fine. I tested them with my e-mail client (Thunderbird). But then i’m trying to login http://localhost/postfixadmin/user/ or http://localhost/postfixadmin/ I get this message:
    Warning: session_start() [function.session-start]: Cannot send session cookie – headers already sent by (output started at /var/www/postfixadmin/config.inc.php:2) in /var/www/postfixadmin/login.php on line 61

    Warning: session_start() [function.session-start]: Cannot send session cache limiter – headers already sent (output started at /var/www/postfixadmin/config.inc.php:2) in /var/www/postfixadmin/login.php on line 61

    Warning: Cannot modify header information – headers already sent by (output started at /var/www/postfixadmin/config.inc.php:2) in /var/www/postfixadmin/login.php on line 65

    What I have done wrong?

  59. [quote comment="42087"]Great how-to. But I still have one problem. I’m running ubuntu 7.04 server. So I’ve installed postfix, dovecat… Servers work fine. I tested them with my e-mail client (Thunderbird). But then i’m trying to login http://localhost/postfixadmin/user/ or http://localhost/postfixadmin/ I get this message:
    Warning: session_start() [function.session-start]: Cannot send session cookie – headers already sent by (output started at /var/www/postfixadmin/config.inc.php:2) in /var/www/postfixadmin/login.php on line 61

    Warning: session_start() [function.session-start]: Cannot send session cache limiter – headers already sent (output started at /var/www/postfixadmin/config.inc.php:2) in /var/www/postfixadmin/login.php on line 61

    Warning: Cannot modify header information – headers already sent by (output started at /var/www/postfixadmin/config.inc.php:2) in /var/www/postfixadmin/login.php on line 65

    What I have done wrong?[/quote]

    Thanks! You have probably accidentally added a space or newline in config.php when you configured it.

  60. Hi!

    Johnny, let me just say that I am a tough user, I won’t use software that takes more than three attempts for me to try to do something. Following your guide on a Debian Etch fresh install I managed to get the complete system working in quick time. Frankly I never expected it to work so well so easily. I have MailScanner, Postfix, Dovecot, MySQL, TLS/SSL, ClamAV, postfixadmin. I started slowly using my main domain and it ran smoothly, then after tweaking it I have added handling for more domains.

    You win on the howto stakes, frankly this howto rocks, and I keep referring back to it.

    My only problem now, and I don’t know the answer at the moment is that I am trying to use Bayes SQL in SpamAssissin. I set it up and now it doesn’t appear to be using it, annoying because I find it quite useful. Also I don’t know how to sa-learn with vmail folders in Dovecot.

    I am going to persist and see what I can come up with, but any input would be good.

    Bob

  61. Hi,

    first thanks to you for this tutorial.

    @Patrick and Jesse: make sure you have a localhost entry in /etc/hosts file . I get the same error “unable to greate mailbox” all the time and no errors in any log files. Then I add that line in /etc/hosts and now it works.

    cheers

  62. Thanks for this great howto! I have a question regarding spam control.
    Spam is blocked at score 5 and everything works ok for users with virtual mailboxes, i. e. the ones I POP3 into with Outlook. But that doesn’t work for forwardings, i. e. user@example.com –> otheruser@yahoo.com. Spam with a score > 5 gets forwarded as is, there are no X-Spam-Score: headers and no trace of spam filtering kicking in. Forwarded mails don’t get these X-Spam headers, virtual mailbox mails get them.
    Therefore, some basic questions: Where do I look for this problem? Is it a postfix issue (master.cf), an amavis/spamassassin problem, or even dovecot? I’d love to post some configs, but I just don’t have a clue where to look at :(

  63. [quote comment="43823"]You win on the howto stakes, frankly this howto rocks, and I keep referring back to it.

    My only problem now, and I don’t know the answer at the moment is that I am trying to use Bayes SQL in SpamAssissin. I set it up and now it doesn’t appear to be using it, annoying because I find it quite useful. Also I don’t know how to sa-learn with vmail folders in Dovecot.[/quote]
    Thanks! It’s always great to hear people finding the guide useful. I don’t use BayesSQL, but I will have a look at it down the road when I find some time.

    [quote comment="44577"]first thanks to you for this tutorial.[/quote]
    You are most welcome! Thanks for the hosts-file suggestion.

    [quote comment="44589"]Where do I look for this problem? Is it a postfix issue (master.cf), an amavis/spamassassin problem, or even dovecot? I’d love to post some configs, but I just don’t have a clue where to look at :([/quote]
    Thanks! Well, it depends on where you hook in amavis/spamassassin. If it’s in the delivery process, it will never be triggered when forwarding since Postfix will just pass it along. It could probably be solved by triggering amavis/spamassassing in the “content_filter”. The Spamassassin Wiki has some information on the subject.

  64. Linux novice here.

    Nice easy-to-follow HowTo. However, I have a problem starting Dovecot, i.e. it won’t start. I think the relevent lines from syslog are as follows:

    Sep 15 11:11:29 server1 postfix/proxymap[3667]: fatal: /etc/postfix/mysql_virtual_alias_maps.cf: bad string length 0

  65. Sorry, my last message got truncated – the rest of it is as follows:

    Sep 15 11:11:29 server1 postfix/proxymap[3667]: fatal: /etc/postfix/mysql_virtual_alias_maps.cf: bad string length 0

  66. I give up – the relevent bit is:

    Sep 15 11:11:29 server1 postfix/proxymap[3667]: fatal: /etc/postfix/mysql_virtual_alias_maps.cf: bad string length 0

  67. Sir, can you give me your email address. I have many problems in my postfix server. Here, I can not attach my dovecot postfix config file. I tried using postfix admin to cretate an account, after that i tried sing squirrelmail to check my mail account. I was successful to sign in. but when I could not send an email. I tried check my syslog. this is the result :

    Sep 26 16:49:29 voippemberontak postfix/smtpd[10320]: warning: dict_nis_init: NIS domain name not set – NIS lookups disabled

    Sep 26 16:49:29 voippemberontak postfix/pipe[10326]: fatal: get_service_attr: unknown username:

    Sep 26 16:49:30 voippemberontak postfix/qmgr[9764]: warning: premature end-of-input on private/dovecot socket while reading input attribute name
    Sep 26 16:49:30 voippemberontak postfix/qmgr[9764]: warning: private/dovecot socket: malformed response
    Sep 26 16:49:30 voippemberontak postfix/qmgr[9764]: warning: transport dovecot failure — see a previous warning/fatal/panic logfile record for the problem description
    Sep 26 16:49:30 voippemberontak postfix/master[9762]: warning: process /usr/lib/postfix/pipe pid 10326 exit status 1
    Sep 26 16:49:30 voippemberontak postfix/master[9762]: warning: /usr/lib/postfix/pipe: bad command startup — throttling
    Sep 26 16:49:30 voippemberontak postfix/qmgr[9764]: 39BE19A6FE: to=, relay=none, delay=1.2, delays=0.07/1.1/0/0, dsn=4.3.0, status=deferred (unknown mail transport error)
    Sep 26 16:49:38 voippemberontak dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=IMAP^Isecured^Ilip=127.0.0.1^Irip=127.0.0.1^Iresp=

  68. Thx, getting this error, looks that is not taking in consideration the domain portion of the user name, any suggestion or do you need any of my confi files?

    Sep 28 22:26:10 mail postfix/local[5567]: E163013EFD: to=, relay=local, delay=0.13, delays=0.07/0.01/0/0.05, dsn=5.1.1, status=bounced (unknown user: “aberrio”)
    Sep 28 22:26:10 mail postfix/qmgr[5314]: E163013EFD: removed

    Best regards

    al

  69. Hi Johnny! Cool this guide. But can i have 2 domain’s with this configs? I mean. 1) domain (example.com). 2) domain(example.tj) ?? And what i must doing for this?

  70. hej, real good tutorial, thanx a lot! much better than when i did all that stuff some years ago… too sad that the dspam-section is not there.
    uhm, just wanted to drop the note, that in some of my test-cases the delay for the greylisting is too low. i tested from several mailaccounts on different servers and some got rejected, but passed trough when i set it back to the default delay of 300.

    keep up the good work! nïkö

  71. Hi,

    Im having trouble when trying to send mail. Im running Ubuntu 6.06.1 LTS.
    Oct 17 21:40:55 knox postfix/smtpd[14980]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
    Oct 17 21:40:55 knox postfix/smtpd[14980]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
    Oct 17 21:40:55 knox postfix/smtpd[14980]: warning: SASL authentication failure: no secret in database

    Why is this? I thought It would auth against mysql?

  72. Sir

    Thank-you for your help in this matter, however I’m still getting the following errors.

    Oct 22 23:13:27 ubtset01 postfix/proxymap[3909]: fatal: open /etc/postfix/mysql_virtual_alias_maps.cf: No such file or directory
    Oct 22 23:13:28 ubtset01 postfix/smtpd[3880]: warning: premature end-of-input on private/proxymap socket while reading input attribute name
    Oct 22 23:13:28 ubtset01 postfix/smtpd[3880]: warning: private/proxymap socket: service dict_proxy_open: Success

    Can you please tell me what I’m doing wrong

  73. #78 Please check that you have, and that the file is spelled correctly. /etc/postfix/mysql_virtual_alias_maps.cf :)

    Johnny > Do you have an ETA on dspam? :)

  74. Hi Johny. You don’t answer me. I configure with your guid. Is work fine! But i would like configure function autorespondent for each user if need. How to configure its? Thank you for understand!

  75. Hello everyone, and sorry for not being able to reply to all your questions. I have too much going on right now and I have to prioritize work. However, some small answers follow:

    [quote comment="46554"]Hi Johnny! Cool this guide. But can i have 2 domain’s with this configs? I mean. 1) domain (example.com). 2) domain(example.tj) ?? And what i must doing for this?[/quote]
    This is done automatically if you follow my guide. Just add another domain in Postfix Admin, and you are ready to go.

    [quote comment="46828"]Hi,

    Im having trouble when trying to send mail. Im running Ubuntu 6.06.1 LTS.
    Oct 17 21:40:55 knox postfix/smtpd[14980]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
    Oct 17 21:40:55 knox postfix/smtpd[14980]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory
    Oct 17 21:40:55 knox postfix/smtpd[14980]: warning: SASL authentication failure: no secret in database

    Why is this? I thought It would auth against mysql?[/quote]
    This is only a warning and can be ignored. To remove the warning, simply create an empty /etc/sasldb2 file.

    [quote comment="47054"]Sir

    Thank-you for your help in this matter, however I’m still getting the following errors.

    Oct 22 23:13:27 ubtset01 postfix/proxymap[3909]: fatal: open /etc/postfix/mysql_virtual_alias_maps.cf: No such file or directory
    Oct 22 23:13:28 ubtset01 postfix/smtpd[3880]: warning: premature end-of-input on private/proxymap socket while reading input attribute name
    Oct 22 23:13:28 ubtset01 postfix/smtpd[3880]: warning: private/proxymap socket: service dict_proxy_open: Success

    Can you please tell me what I’m doing wrong[/quote]
    Have you created /etc/postfix/mysql_virtual_alias_maps.cf and the other files? The contents of these files is described in the guide.

    [quote comment="47089"]#78 Please check that you have, and that the file is spelled correctly. /etc/postfix/mysql_virtual_alias_maps.cf :)

    Johnny > Do you have an ETA on dspam? :)[/quote]
    Sorry no. Like I said earlier, my time is limited and I have to prioritize other things. It will come though, but when is another question. :)

    [quote comment="47095"]Hi Johny. You don’t answer me. I configure with your guid. Is work fine! But i would like configure function autorespondent for each user if need. How to configure its? Thank you for understand![/quote]
    The function is called “vacation”, and you could perhaps find some implementation if you search using Google. It is possible to do this with Sieve http://wiki.dovecot.org/LDA/Sieve but that might not be what you want.

    Thanks everyone!

  76. Hi, Johnny

    I’m trying to a domain by using the postfix admin but it shows an error message “the domain is exist”.
    I think its strange since i was configured a new mail server.

    Do you have any suggestion ??

  77. when i’m trying to add the new domain for the new mail server it said that the domain is exist ??
    do you have any ide what is it ??

  78. First of all, thank you, this is a fantastic guide.

    Do you have any idea how to configure squirrelmail to work with this setup? Would be great.

    Thanks

  79. any ETA on the dspam integration tutorial section? and any plan on also including the web interface configuration along with dspam?

    Great tutorial by the way.

  80. Great tutorial!
    Seem to be having a few problems.
    I followed your directions to the letter, made sure all of my ‘,and ” were done right. I get to the point where I check the settings by adding a domain and user. First, the domain sets well, then the user goes to the table, but “unable to create mailbox” happens. After checking the logs and fixing various issues
    (fatal: /etc/postfix/main.cf, line 53: missing ‘=’ after attribute name: “permit_sasl_authenticated”)
    (/etc/postfix/mysql_virtual_alias_maps.cf: bad string length 0

  81. ok, comment got cut…the issue
    “postfix/master[23948]: fatal: /etc/postfix/master.cf: line 78: bad transport type: argv=/usr/lib/dovecot/deliver”, no usr mailboxes getting created (I checked the ticks) and shoudl I indent the 3 lines after “permit_mynetworks =” in main.cf, I added a “=” after them instead. thanks!

  82. Hej!

    Tack för en bra HOWTO.
    Får inte riktigt det att funka dock, får följande fel i syslog:
    Nov 21 10:47:39 g-kraft postfix/proxymap[14401]: warning: request for unapproved table: “mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf”
    Nov 21 10:47:39 g-kraft postfix/proxymap[14401]: warning: to approve this table for proxymap access, list proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf in main.cf:proxy_read_maps
    Nov 21 10:47:39 g-kraft postfix/smtpd[14400]: fatal: proxymap service is not configured for table “mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf”
    Nov 21 10:47:40 g-kraft postfix/master[13547]: warning: process /usr/lib/postfix/smtpd pid 14400 exit status 1
    Nov 21 10:47:40 g-kraft postfix/master[13547]: warning: /usr/lib/postfix/smtpd: bad command startup — throttling

    Hjälp! :)

    /Daniel

  83. In Ubuntu Dapper, this bit
    dovecot unix – n n – - pipe flags=DRhu user=
    vmail:mail argv=/usr/lib/dovecot/deliver -d $(recipient)
    doesn’t seem to work for me – there seems to be some sort of permissions issue with dovecot.conf which is set to read-write only to owner (root)
    This is true when calling deliver as the mailbox_command too.
    Can anyone help?

  84. what does this error mean:

    ERROR 1071 (42000) at line 143: Specified key was too long; max key length is 1000 bytes

    i’m getting this after I unpackage the file and type in my password.
    i’m using postfixadmin-2.2.0rc1, not postfixadmin-2.1.0 as mentioned in your article.

    thanks.

  85. Big Problem !

    I get an error when i try to sent an email to one of my virtuell mail accounts:

    “Recipient address rejected: User unknown in virtual alias table.”

    I compared and checked my config 10000′s times. What could that be ???

    Thanks,
    Sascha

  86. Hi there! Your HOWTO has really helped me weed out a lot of issues in setting up postfix. Love the way that you have SASL authenticating with dovecot.

    I am having a problem with graylisting though. The email is getting delivered through dovecot before it does the check with the greylisting service. How do I modify it so that it greylists before delivering?

    Also, do you have a setup for greylisting through the unix service rather than on the local interface?

    Thanks

  87. Nevermind. I was using a Gmail account to test and google.com is whitelisted by default in postgrey. Silly me.

    Thanks again.

  88. Hi, I am new to linux and my new server runs on Ubuntu Linux. I am running Dovecot and postfix.
    Everything works ok but I have a problem with using my pop3 or IMAP client like outlook express.
    The mx records in the dns shows mail.domain.com but when I use that as the servers with my username and password, it cannot download mails neither can I send mails.

    I am able to access mails using usermin though.

    What do you think I am doing wrong?
    Any help will be appreciated

  89. I know this sounds strange but I can get to the postfixadmin page but I do not know what my userid and password is. Where can I locate this at?

  90. I thought to finally have found a decent tutorial, but in “Do some tests to see if everything works” I get “The domain already exists!” in postfixadmin. and subsequent, these error messages in maillog:
    postfix/pickup[6406]: 780B0BAD329: uid=0 from=
    postfix/cleanup[6520]: 780B0BAD329: message-id=
    postfix/cleanup[6520]: warning: 780B0BAD329: virtual_alias_maps map lookup problem for root@rhaj.lan
    What am i doing wrong?

  91. hi please help me…. this is my error

    Mar 26 01:17:50 mail postfix/trivial-rewrite[6287]: warning: connect to mysql server localhost: Can’t connect to local MySQL server through socket ‘/var/run/mysqld/mysqld.sock’ (2)
    Mar 26 01:17:50 mail postfix/trivial-rewrite[6287]: fatal: mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): table lookup problem
    Mar 26 01:17:51 mail postfix/master[5113]: warning: process /usr/lib/postfix/trivial-rewrite pid 6287 exit status 1
    Mar 26 01:17:51 mail postfix/master[5113]: warning: /usr/lib/postfix/trivial-rewrite: bad command startup — throttling
    Mar 26 01:17:51 mail postfix/smtpd[6269]: warning: problem talking to service rewrite: Success
    Mar 26 01:18:51 mail postfix/trivial-rewrite[6288]: warning: connect to mysql server localhost: Can’t connect to local MySQL server through socket ‘/var/run/mysqld/mysqld.sock’ (2)
    Mar 26 01:18:51 mail postfix/trivial-rewrite[6288]: fatal: mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): table lookup problem
    Mar 26 01:18:52 mail postfix/master[5113]: warning: process /usr/lib/postfix/trivial-rewrite pid 6288 exit status 1
    Mar 26 01:18:52 mail postfix/master[5113]: warning: /usr/lib/postfix/trivial-rewrite: bad command startup — throttling
    Mar 26 01:18:52 mail postfix/smtpd[6269]: warning: problem talking to service rewrite: Success

  92. [quote comment="72014"]hi please help me…. this is my error
    Mar 26 01:17:50 mail postfix/trivial-rewrite[6287]: warning: connect to mysql server localhost: Can’t connect to local MySQL server through socket ‘/var/run/mysqld/mysqld.sock’ (2)
    Mar 26 01:17:50 mail postfix/trivial-rewrite[6287]: fatal: mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): table lookup problem
    [/quote]

    Could that be a chroot or a rights problem?

    Did you test the “proxy:mysql…..” settings ??
    Like this one…virtual_mailbox_domains = proxy:mysql:$config_directory/mysql_virtual_domains_maps.cf

    You can try “hosts =127.0.0.1″ instead of “hosts = localhost” in your postfix cf files…

  93. [quote comment="31815"][quote comment="31792"]Hi!

    Totally new to this (linux at all)

    I followed your howto and i get this in /var/log/syslog when creating new user mailbox through postfixadmin web config…[/quote]
    Hi there. If you are taking this on as a new Linux user, you will probably need to do some hard work. :)

    Ok, let’s check off the warnings.

    [quote post="266"]warning: database /etc/aliases.db is older than source file /etc/aliases[/quote]
    Run “newaliases” on the command-line to remove this warning.

    [quote post="266"]warning: dict_nis_init: NIS domain name not set – NIS lookups disabled[/quote]

    Remove statements in main.cf with “nis:” in them.

    [quote post="266"]warning: SASL: Connect to private/auth failed: No such file or directory[/quote]

    It can’t connect to your private/auth socket. Verify that you have this in your Dovecot config:

    client {
    path = /var/spool/postfix/private/auth
    mode = 0660
    user = postfix
    group = postfix
    }

    Restart Dovecot and verify that it’s actually there and that the permissions are correct.

    “ls -l /var/spool/postfix/private/auth” should give something like this:
    srw-rw—- 1 postfix postfix 0 2007-04-13 11:25 /var/spool/postfix/private/auth

    Good luck.[/quote]

    Hi,

    I can’t find the auth file. I suspect i’m missing a package or something. I’m running CentOS 5.1 with quota patch. I don’t know if the quota patch is doing the damage here.

    Francis

  94. Hi,

    your tutorial was much helpfull for me. It works a the first try, but I have a little problem. I dont understand, how incoming mails comes to the doveco deliverer?

    I use fetchmail? Is that correct? All eMails was catched by the user vmail and then?

    At the moment all the mails are in the postbox at this user.

    Where is my problem? Any idea? Thx.

  95. [quote comment="73801"]I can’t find the auth file. I suspect i’m missing a package or something. I’m running CentOS 5.1 with quota patch. I don’t know if the quota patch is doing the damage here.

    Francis[/quote]
    I’m guessing that you are running Postfix in a chroot environment. Have a look in master.cf.

  96. [quote comment="74816"]Hi,

    your tutorial was much helpfull for me. It works a the first try, but I have a little problem. I dont understand, how incoming mails comes to the doveco deliverer?

    I use fetchmail? Is that correct? All eMails was catched by the user vmail and then?

    At the moment all the mails are in the postbox at this user.

    Where is my problem? Any idea? Thx.[/quote]
    Hello,

    With this setup, the mail is received and delivered with Postfix. I guess it would be possible to use fetchmail, if it can inject the mail in the Postfix queue somehow. Adding “smtphost localhost” in the poll command for fetchmail could do the trick.

  97. [quote comment="70831"]I know this sounds strange but I can get to the postfixadmin page but I do not know what my userid and password is. Where can I locate this at?[/quote]
    add /admin to the postfix admin page. For instance http://mail.lan/postfixadmin/admin. This will lead you to the admin site. It should be secured using basic authentication or something else.

  98. [quote comment="45251"]Sir, can you give me your email address. I have many problems in my postfix server. Here, I can not attach my dovecot postfix config file. I tried using postfix admin to cretate an account, after that i tried sing squirrelmail to check my mail account. I was successful to sign in. but when I could not send an email. I tried check my syslog. this is the result :

    Sep 26 16:49:29 voippemberontak postfix/smtpd[10320]: warning: dict_nis_init: NIS domain name not set – NIS lookups disabled

    Sep 26 16:49:29 voippemberontak postfix/pipe[10326]: fatal: get_service_attr: unknown username:

    Sep 26 16:49:30 voippemberontak postfix/qmgr[9764]: warning: premature end-of-input on private/dovecot socket while reading input attribute name
    Sep 26 16:49:30 voippemberontak postfix/qmgr[9764]: warning: private/dovecot socket: malformed response
    Sep 26 16:49:30 voippemberontak postfix/qmgr[9764]: warning: transport dovecot failure — see a previous warning/fatal/panic logfile record for the problem description
    Sep 26 16:49:30 voippemberontak postfix/master[9762]: warning: process /usr/lib/postfix/pipe pid 10326 exit status 1
    Sep 26 16:49:30 voippemberontak postfix/master[9762]: warning: /usr/lib/postfix/pipe: bad command startup — throttling
    Sep 26 16:49:30 voippemberontak postfix/qmgr[9764]: 39BE19A6FE: to=, relay=none, delay=1.2, delays=0.07/1.1/0/0, dsn=4.3.0, status=deferred (unknown mail transport error)
    Sep 26 16:49:38 voippemberontak dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=IMAP^Isecured^Ilip=127.0.0.1^Irip=127.0.0.1^Iresp=[/quote]

    I am also recieving this error…and after 1 day of digging…still don’t have a clue how to do it

    Ideas?
    Thanks

  99. Problems solved

    Changed virtual_transport = dovecot with virtual_transport = virtual and I removed
    dovecot_destination_recipient_limit = 1

    Then…there was a problem with dovecot it did not retrieve email because i looked in a different mail folder

    Changed in dovecot-sql.conf

    user_query = SELECT ‘/var/vmail/%d/%n’ as home, ‘maildir:/var/vmail/%d/%n’ as mail, 150 AS uid, 8 AS gid, concat(’dirsize:storage=’, quota) AS quota FROM mailbox WHERE username = ‘%u’ AND active = ‘1?
    # Get the password
    password_query = SELECT username as user, password, ‘/var/vmail/%d/%n’ as userdb_home, ‘maildir:/var/vmail/%d/%n’ as userdb_mail, 150 as userdb_uid, 8 as userdb_gid FROM mailbox WHERE username = ‘%u’ AND active = ‘1?

    with

    user_query = SELECT ‘/var/vmail/%d/%u’ as home, ‘maildir:/var/vmail/%d/%u’ as mail, 150 AS uid, 8 AS gid, concat(‘dirsize:storage=’, quota) AS quota FROM mailbox WHERE username = ‘%u’ AND active = ’1′
    # # Get the password
    password_query = SELECT username as user, password, ‘/var/vmail/%d/%u’ as userdb_home, ‘maildir:/var/vmail/%d/%u’ as userdb_mail, 150 as userdb_uid, 8 as userdb_gid FROM mailbox WHERE username = ‘%u’ AND active = ’1′

    and in dovecot.conf

    added disable_plaintext_auth = no
    it resolved the problem with the
    “Plaintext authentification disallowed on non secure connections” on pop3 auth

    Great howto
    Thanks

  100. Hi Johnny,
    I used you notes to set up a mailserver exactly as you mentioned. It works great. My problem is I forgot my postfixadmin username & password to manage it. Can you give me any clues on how to reset it?

    Thanks

  101. [quote comment="78552"]Hi Johnny,
    I used you notes to set up a mailserver exactly as you mentioned. It works great. My problem is I forgot my postfixadmin username & password to manage it. Can you give me any clues on how to reset it?

    Thanks[/quote]
    The admin site is secured with a htpasswd-file. Just create a new one and replace the existing.

  102. Nice howto. :)

    You might possibly want to modify one part, concerning dovecot’s deliver LDA, to make it so it properly supports address extensions (as described (http://wiki.dovecot.org/LDA/Postfix).

    dovecot unix – n n – – pipe
    flags=DRhu user=vmail:vmail argv=/vol0/local/dovecot/libexec/dovecot/deliver -d ${user}@${domain}

    I was using only -d ${recipient} at first and started noticing that some user+extension@domain.com addresses were getting bounced for ‘user unknown’.

    An important note here, is that the ${domain} macro is only available in Postfix 2.5 and later, had to figure that one out after a bit as it wasn’t mentionned in the Dovecot wiki…

  103. Great tutorial, thanks Johnny. I’ve managed to get imap working perfectly with ssl, but i’m having problems with smtp. I get the following messages when trying to send a message:

    postfix/smtpd[27781]: warning: dict_nis_init: NIS domain name not set – NIS lookups disabled
    postfix/smtpd[27781]: connect from xxx.com[xx.xx.xx.xx]
    postfix/smtpd[27781]: warning: SASL authentication failure: no secret in database
    postfix/smtpd[27781]: warning: xxx.com[xx.xx.xx.xx]: SASL CRAM-MD5 authentication failed
    postfix/smtpd[27781]: warning: SASL authentication failure: no secret in database
    postfix/smtpd[27781]: warning: xxx.com[xx.xx.xx.xx]: SASL NTLM authentication failed
    postfix/smtpd[27781]: warning: SASL authentication failure: Password verification failed
    postfix/smtpd[27781]: warning: xxx.com[xx.xx.xx.xx]: SASL PLAIN authentication failed
    postfix/smtpd[27781]: warning: xxx.com[xx.xx.xx.xx]: SASL LOGIN authentication failed

    Looks similar to comment 77. How can I tell if postfix is indeed using dovecots mysql settings for authentication? Also, is the NIS warning anything to worry about?

  104. [quote comment="79986"]You might possibly want to modify one part, concerning dovecot’s deliver LDA, to make it so it properly supports address extensions (as described (http://wiki.dovecot.org/LDA/Postfix).[/quote]
    Great! I will have a look at it when I have the time.
    [quote comment="80374"]Great tutorial, thanks Johnny. I’ve managed to get imap working perfectly with ssl, but i’m having problems with smtp. I get the following messages when trying to send a message:

    Looks similar to comment 77. How can I tell if postfix is indeed using dovecots mysql settings for authentication? Also, is the NIS warning anything to worry about?[/quote]
    Thanks!

    You don’t need to worry about the NIS warning. Google for the error message for instructions on how to disable the warning if you want.

    It seems that it is trying to authenticate with the Cyrus SASL package. Have you set the following in the auth default section of the /etc/dovecot/dovecot.conf file?

    userdb sql {
    args = /etc/dovecot/dovecot-sql.conf
    }

    Have a look at the Dovecot section above for more information. I will probably post ready-made configuration templates later on to make it easier. It’s not always that easy to read the long configuration listings in the post.
    [quote comment="82220"]Excelente!!!!

    Muy bien explicado y completo.

    Gracias.[/quote]
    Thanks!

  105. [quote comment="30201"][quote comment="30145"](temporary failure. Command output: sendmail: fatal: no debugger_command variable set up)[/quote]
    I’m guessing you added -D to smtpd in master.cf. You should have used the lower-case v for debugging instead. “smtpd -v”.[/quote]

    For us the problem was solved by doing what the dovecot wiki told us to in the first place: Make shure that you comment out the “mail_debug” directive in /etc/dovecot/dovecot.conf. Only setting this to “no” does not do the job.

    See: http://wiki.dovecot.org/LDA/Postfix

  106. Hey!

    Just wanted to drop you a line stating that your HOW-TO is one of the most detailed and useful one on the web. Thanks a lot for this one!

    Greetings,
    Stefan

  107. Hi Johnny,

    I followed this article to build my mail server. Now it’s run. But I have problem here. When I tried to send email from my gmail account to my mail server, gmail replied this error :

    Technical details of permanent failure:
    Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 relay not permitted (state 14).

    I’m trying to find the solution from google, but no luck (til now). Do have any idea how to solve this?

    Thank you

  108. [quote comment="98856"]Hi Johnny,

    I followed this article to build my mail server. Now it’s run. But I have problem here. When I tried to send email from my gmail account to my mail server, gmail replied this error :

    Technical details of permanent failure:
    Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 relay not permitted (state 14).

    I’m trying to find the solution from google, but no luck (til now). Do have any idea how to solve this?

    Thank you[/quote]
    Hello! As a first step, have a look at your server log files for hints on where the problem lies. I’m guessing that there is a problem with your MySQL connection from Postfix.

  109. [quote comment="99071"][quote comment="98856"]Hi Johnny,

    I followed this article to build my mail server. Now it’s run. But I have problem here. When I tried to send email from my gmail account to my mail server, gmail replied this error :

    Technical details of permanent failure:
    Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 relay not permitted (state 14).

    I’m trying to find the solution from google, but no luck (til now). Do have any idea how to solve this?

    Thank you[/quote]
    Hello! As a first step, have a look at your server log files for hints on where the problem lies. I’m guessing that there is a problem with your MySQL connection from Postfix.[/quote]

    I looked into mail.log, mail.err, syslog and dovecot.log. But none of them contain error 550 (or something like that). But when I send email to gmail acount, I received this message inside dovecot.log file:

    dovecot: 2008-09-23 08:17:31 Info: auth(default): client in: AUTH 1 PLAIN service=IMAP secured lip=127.0.0.1 rip=127.0.0.1 resp=AHB1bmdraUBic24uZ28uaWQAY3V0ZV9idW5kYQ==
    dovecot: 2008-09-23 08:17:31 Info: auth(default): pam(my_email_address,127.0.0.1): lookup service=dovecot
    dovecot: 2008-09-23 08:17:31 Info: auth(default): new auth connection: pid=25968
    dovecot: 2008-09-23 08:17:33 Info: auth(default): pam(my_email_addres,127.0.0.1): pam_authenticate() failed: User not known to the underlying authentication module
    dovecot: 2008-09-23 08:17:33 Info: auth-worker(default): sql(my_email_address,127.0.0.1): query: SELECT username as user, password, ‘/mail/bsn.go.id/pungki’ as userdb_home, ‘maildir:/mail/bsn.go.id/pungki’ as userdb_mail, 150 as userdb_uid, 8 as userdb_gid FROM mailbox WHERE username = ‘my_email_address’ AND active = ’1′
    dovecot: 2008-09-23 08:17:33 Info: auth(default): client out: OK 1 user=pungki@bsn.go.id
    dovecot: 2008-09-23 08:17:33 Info: auth(default): master in: REQUEST 149 25960 1
    dovecot: 2008-09-23 08:17:33 Info: auth(default): passwd(my_email_address,127.0.0.1): lookup
    dovecot: 2008-09-23 08:17:33 Info: auth(default): passwd(my_email_address,127.0.0.1): unknown user
    dovecot: 2008-09-23 08:17:33 Info: auth-worker(default): sql(my_email_address,127.0.0.1): SELECT ‘/mail/bsn.go.id/pungki’ as home, ‘maildir:/mail/bsn.go.id/pungki’ as mail, 150 AS uid, 8 AS gid, concat(‘dirsize:storage=’, quota) AS quota FROM mailbox WHERE username = ‘my_email_address’ AND active = ’1′
    dovecot: 2008-09-23 08:17:33 Info: auth(default): master out: USER 149 my_email_address home=/mail/bsn.go.id/pungki mail=maildir:/mail/bsn.go.id/pungki uid=150 gid=8 quota=dirsize:storage=0
    dovecot: 2008-09-23 08:17:33 Info: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
    dovecot: 2008-09-23 08:17:33 Info: IMAP(my_email_address): Disconnected: Logged out

    But the email is sent. My gmail account received the email and I can read it. What should I do to fix it? My emal server still can’t received email from other.

    Thanks you

  110. [quote comment="99186"]…
    But the email is sent. My gmail account received the email and I can read it. What should I do to fix it? My emal server still can’t received email from other.
    …[/quote]
    It seems that Dovecot can not find your user in the database. Have you added this user either using Postfix admin or manually in the database?

    This is probably why Postfix refuses to receive mail to you as well — it can’t find your user in the database. There should be log entries regarding this issue from Postfix in mail.log/syslog as well.

  111. [quote comment="99194"]
    It seems that Dovecot can not find your user in the database. Have you added this user either using Postfix admin or manually in the database?

    This is probably why Postfix refuses to receive mail to you as well — it can’t find your user in the database. There should be log entries regarding this issue from Postfix in mail.log/syslog as well.[/quote]

    I already added my user using postfix admin. I also add domain via domain list, add mailbox via Virtual List. But I don’t add Alias via Virtual List.

    And even I used tail -f mail.log / syslog, the log is not increasing when I send email from gmail to my email server. dovecot.log also is not increasing.

    One more info. I have another email server (using MS Exchange). This mail server is one network with my postfix mail server. Between these mail server, they can send / receive email without any problem. Does logging activity is automatic done by postfix? Or I have to set some parameter in main.cf or master.cf?

    Thank you

  112. [quote comment="99256"]I already added my user using postfix admin. I also add domain via domain list, add mailbox via Virtual List. But I don’t add Alias via Virtual List.

    And even I used tail -f mail.log / syslog, the log is not increasing when I send email from gmail to my email server. dovecot.log also is not increasing.

    One more info. I have another email server (using MS Exchange). This mail server is one network with my postfix mail server. Between these mail server, they can send / receive email without any problem. Does logging activity is automatic done by postfix? Or I have to set some parameter in main.cf or master.cf?

    Thank you[/quote]
    You can visit this website http://www.postfix.org/DEBUG_README.html for more information on how to get more messages out of Postfix. Do try the “Making Postfix daemon programs more verbose” section and see if it makes a difference.

    Have you added your MX record correctly in your DNS? Gmail will not know where to send your mail if you haven’t.

  113. [quote comment="99258"]
    You can visit this website http://www.postfix.org/DEBUG_README.html for more information on how to get more messages out of Postfix. Do try the “Making Postfix daemon programs more verbose” section and see if it makes a difference.

    Have you added your MX record correctly in your DNS? Gmail will not know where to send your mail if you haven’t.[/quote]

    I already add MX record in my DNS. But, from http://pingability.com , I found error in my DNS. You’re right. I’ll try to focus to this problem first. I also received message like this from google :

    Technical details of permanent failure:
    The recipient server did not accept our requests to connect. Learn more at http://mail.google.com/support/bin/answer.py?answer=7720
    [mail2.bsn.go.id. (10): Connection timed out]

    Thanks for your help.

  114. Hi Johnny,

    I am having a problem with pam authentication. I was wondering if you could take a look at this relative log snippet and tell me if you know what is going on. After days of tinkering, I am still having no solution:

    dovecot: 2008-11-03 00:02:01 Info: imap-login: Disconnected: rip=24.43.128.82, lip=192.168.1.20, TLS handshake
    dovecot: 2008-11-03 00:02:01 Info: auth(default): client in: AUTH 1 PLAIN service=IMAP lip=192.168.1.20 rip=24.43.128.82 resp=
    dovecot: 2008-11-03 00:02:03 Info: auth(default): pam(robkrul,24.43.128.82): pam_authenticate() failed: Authentication failure
    dovecot: 2008-11-03 00:02:05 Info: auth(default): client out: FAIL 1 user=robkrul
    dovecot: 2008-11-03 00:02:05 Info: imap-login: Disconnected: user=, method=PLAIN, rip=24.43.128.82, lip=192.168.1.20

  115. [quote comment="105264"]Hi Johnny,

    I am having a problem with pam authentication. I was wondering if you could take a look at this relative log snippet and tell me if you know what is going on. After days of tinkering, I am still having no solution:[/quote]
    Hi! Make sure that you login using your username and domain, like username@domain.tld as the user name. If that does not solve it, enable debug in Dovecot and see what happens.

    Good luck!

  116. Hello,

    Great Guide! Just want to ask if this would work on RHEL 5? I am having difficulty setting up quota on our webmail server.

    Thanks and Regards,
    Jog

  117. @Jog
    Thanks! It would probably work fine, although you will have to use other package management tools to install the software. There might be some differences in Postfix done at compile time I guess, but most things would probably be supported.

    If you decide to try it on RHEL, let me know how it goes.

  118. hi im new to this hope you cols help me….
    i just followed the instructions and when i open http://localhost/postfixadmin/admin it just give me this page:
    ive already double check my username and password in config.inc.php but still giving same error page… hope you could help me…. thanks

    Checking for dependencies:

    * Warning: Magic Quotes: ON (internal workaround used)
    * Depends on: presence config.inc.php – OK
    * Warning: $CONF['configured'] is ‘false’.
    You must edit your config.inc.php and change this to true (this indicates you’ve created the database and user)
    * Depends on: MySQL 3.23, 4.0 – OK
    * Depends on: MySQL 4.1 – OK (change the database_type to ‘mysqli’ in config.inc.php!!)
    * Error: Can’t connect to database
    Please edit the $CONF['database_*'] parameters in config.inc.php.

    DEBUG INFORMATION:
    Connect: Access denied for user ‘postfix’@’localhost’ (using password: YES)
    * Depends on: session – OK
    * Depends on: pcre – OK
    * Depends on: multibyte string – OK
    * Warning: Depends on: IMAP functions – NOT FOUND
    To install IMAP support, install php5-imap
    Without IMAP support, you won’t be able to create subfolders when creating mailboxes.

  119. steve :

    Checking for dependencies:

    * Depends on: MySQL 4.1 – OK (change the database_type to ‘mysqli’ in config.inc.php!!)
    Please edit the $CONF['database_*'] parameters in config.inc.php.

    DEBUG INFORMATION:
    * Warning: Depends on: IMAP functions – NOT FOUND
    To install IMAP support, install php5-imap
    Without IMAP support, you won’t be able to create subfolders when creating mailboxes.

    So you need to install php5-imap to get IMAP support in PHP. “apt-get install php5-imap” will do it for you.

    You also need to edit your config.inc.php and set “$CONF['database_type'] = ‘mysqli’;” as suggested by your error messages.

  120. @Johnny Chadda
    ive already tried to install “apt-get install php5-imap” before but the error message doesn’t change, and the weird thing is even though i have change the config.inc.php when i reload the http://localhost/postfixadmin/admin/ file it still giving me same error page, example i have change $CONF['database_user']= ‘mail’ but the result
    “Connect: Access denied for user ‘postfix’@’localhost’ (using password: YES)” which i dont understand why the error message didn’t change to ” user ‘postfix’@’localhost’ which i dont understand why…=(

  121. hi,
    ive found the problem and ive already got it to work… =)
    im now on the part in configuring my my email, when i test the settings it says that: it cannot log-on to the outgoing mail server (SMTP)

    then i’ve gone to this part of the configuration settings, it doesnt say where will i put these info so what i did is i type it the the postfix/main.cf file, please correct me if im wrong….

    smtpd_recipient_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_destination
    permit

  122. @steve
    Great job getting it working!

    Remember that you need to indent the arguments. I’ll substitute tabs with “…” to make them visible here.

    smtpd_recipient_restrictions =
    …permit_mynetworks
    …permit_sasl_authenticated
    …reject_unauth_destination
    …permit

    Have a look in the syslog (/var/log/syslog) for additional information and error messages from Postfix.

  123. hi again! =)
    i have check the syslog and this is what it says:

    Nov 26 09:37:42 gse-printserver postgrey[6071]: Setting uid to “115″
    Nov 26 09:39:01 gse-printserver /USR/SBIN/CRON[6074]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)
    Nov 26 09:59:27 gse-printserver — MARK –
    Nov 26 10:00:50 gse-printserver postfix/master[6165]: fatal: /etc/postfix/master.cf: line 84: bad transport type: argv=/usr/lib/dovecot/deliver
    Nov 26 10:09:01 gse-printserver /USR/SBIN/CRON[6193]: (root) CMD ( [ -x /usr/lib/php5/maxlifetime ] && [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)
    Nov 26 10:09:04 gse-printserver postfix/master[6284]: fatal: /etc/postfix/master.cf: line 84: bad transport type: argv=/usr/lib/dovecot/deliver
    Nov 26 10:10:31 gse-printserver postfix/master[6375]: fatal: /etc/postfix/master.cf: line 84: bad transport type: argv=/usr/lib/dovecot/deliver
    Nov 26 10:10:52 gse-printserver dovecot: auth-worker(default): mysql: Connected to localhost (mail)
    Nov 26 10:10:52 gse-printserver dovecot: pop3-login: Login: user=, method=PLAIN, rip=172.18.4.4, lip=172.18.4.25
    Nov 26 10:10:52 gse-printserver dovecot: POP3(steve@sjcs.edu.ph): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
    Nov 26 10:12:18 gse-printserver dovecot: pop3-login: Login: user=, method=PLAIN, rip=172.18.4.4, lip=172.18.4.25
    Nov 26 10:12:18 gse-printserver dovecot: POP3(steve@sjcs.edu.ph): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0

    is this the reason why i am getting an error when i try to test my mail settings?

    “could not logon to the outgoing mail server (SMTP).
    The problem could be the server name, your server may require authentication,
    or your server may not support SSL.”

    please help its driving me crazy….=(

  124. Great guide Johnny but i have a problem with the SASL configuration.

    if i set this:
    smtpd_sasl_path = private/auth

    the following is shown in my syslog:
    warning: SASL: Connect to private/auth failed: No such file or directory

    cant seem to find out what i did wrong

  125. @Jones Thanks! private/auth is located in /var/spool/postfix/private/auth and contains a socket to the Dovecot authentication library. It is set up in dovecot.conf as the sample in the article.

    client {
    path = /var/spool/postfix/private/auth
    mode = 0660
    user = postfix
    group = postfix
    }

  126. Hi and thanks for the tutorial,

    I’m wondering if you finally wrote the dspam section ?

    Thanks and happy new year

  127. Here’s a typo mistake in the final “smtpd_recipient_restrictions” section :
    change “reject_rbk_client zen.spamhaus.org” by “reject_rbl_client zen.spamhaus.org”

  128. How on earth did you get through the “# mysql -umail -p mail < postfixadmin-2.1.0/DATABASE_MYSQL.TXT” phase please?
    As far as I can see in the latest edition of postfixadmin (2.2.1.1) there’s no such file named “DATABASE_MYSQL.TXT”.

    I guess I instead should edit the file “config.inc.php” but that one differs quite a lot to DATABASE_MYSQL.TXT. At least when it comes to line 26-39 for a newbie as me.

    Can someone please help me sorting this out or perhaps post a working cfg that I can copy?

    I tried this howto at first by using regular users but that didn’t turned out that well so I’ve decided to fully follow this guide but now I’m stuck in this early stage :/

  129. Johan :How on earth did you get through the “# mysql -umail -p mail < postfixadmin-2.1.0/DATABASE_MYSQL.TXT” phase please?As far as I can see in the latest edition of postfixadmin (2.2.1.1) there’s no such file named “DATABASE_MYSQL.TXT”.
    I guess I instead should edit the file “config.inc.php” but that one differs quite a lot to DATABASE_MYSQL.TXT. At least when it comes to line 26-39 for a newbie as me.
    Can someone please help me sorting this out or perhaps post a working cfg that I can copy?
    I tried this howto at first by using regular users but that didn’t turned out that well so I’ve decided to fully follow this guide but now I’m stuck in this early stage :/

    in new version of postfixadmin package there isn’t any database_mysql.txt, you need to read the documentation files to upgrade/configure it and database backend without that file (in DOCUMENTS sudirectory). if you want, this is the content of it, taken from a previous version:

    ############################ START COPY HERE #########################
    #
    #
    # Postfix Admin
    # by Mischa Peters
    # Copyright (c) 2002 – 2005 High5!
    # License Info: http://www.postfixadmin.com/?file=LICENSE.TXT
    #

    # This is the complete MySQL database structure for Postfix Admin.
    # If you are installing from scratch you can use this file otherwise you
    # need to use the TABLE_CHANGES.TXT or TABLE_BACKUP_MX.TXT that comes # with Postfix Admin.
    #
    # There are 2 entries for a database user in the file.
    # One you can use for Postfix and one for Postfix Admin.
    #
    # If you run this file twice (2x) you will get an error on the user #creation in MySQL.
    # To go around this you can either comment the lines below “USE MySQL” #until “USE postfix”.
    # Or you can remove the users from the database and run it again.
    #
    # You can create the database from the shell with:
    #
    # mysql -u root [-p] < DATABASE_MYSQL.TXT

    USE postfix;

    #
    # Table structure for table admin
    #
    CREATE TABLE admin (
    username varchar(255) NOT NULL default ”,
    password varchar(255) NOT NULL default ”,
    created datetime NOT NULL default ’0000-00-00 00:00:00′,
    modified datetime NOT NULL default ’0000-00-00 00:00:00′,
    active tinyint(1) NOT NULL default ’1′,
    PRIMARY KEY (username),
    KEY username (username)
    ) TYPE=MyISAM COMMENT=’Postfix Admin – Virtual Admins’;

    #
    # Table structure for table alias
    #
    CREATE TABLE alias (
    address varchar(255) NOT NULL default ”,
    goto text NOT NULL,
    domain varchar(255) NOT NULL default ”,
    created datetime NOT NULL default ’0000-00-00 00:00:00′,
    modified datetime NOT NULL default ’0000-00-00 00:00:00′,
    active tinyint(1) NOT NULL default ’1′,
    PRIMARY KEY (address),
    KEY address (address)
    ) TYPE=MyISAM COMMENT=’Postfix Admin – Virtual Aliases’;

    #
    # Table structure for table domain
    #
    CREATE TABLE domain (
    domain varchar(255) NOT NULL default ”,
    description varchar(255) NOT NULL default ”,
    aliases int(10) NOT NULL default ’0′,
    mailboxes int(10) NOT NULL default ’0′,
    maxquota int(10) NOT NULL default ’0′,
    transport varchar(255) default NULL,
    backupmx tinyint(1) NOT NULL default ’0′,
    created datetime NOT NULL default ’0000-00-00 00:00:00′,
    modified datetime NOT NULL default ’0000-00-00 00:00:00′,
    active tinyint(1) NOT NULL default ’1′,
    PRIMARY KEY (domain),
    KEY domain (domain)
    ) TYPE=MyISAM COMMENT=’Postfix Admin – Virtual Domains’;

    #
    # Table structure for table domain_admins
    #
    CREATE TABLE domain_admins (
    username varchar(255) NOT NULL default ”,
    domain varchar(255) NOT NULL default ”,
    created datetime NOT NULL default ’0000-00-00 00:00:00′,
    active tinyint(1) NOT NULL default ’1′,
    KEY username (username)
    ) TYPE=MyISAM COMMENT=’Postfix Admin – Domain Admins’;

    #
    # Table structure for table log
    #
    CREATE TABLE log (
    timestamp datetime NOT NULL default ’0000-00-00 00:00:00′,
    username varchar(255) NOT NULL default ”,
    domain varchar(255) NOT NULL default ”,
    action varchar(255) NOT NULL default ”,
    data varchar(255) NOT NULL default ”,
    KEY timestamp (timestamp)
    ) TYPE=MyISAM COMMENT=’Postfix Admin – Log’;

    #
    # Table structure for table mailbox
    #
    CREATE TABLE mailbox (
    username varchar(255) NOT NULL default ”,
    password varchar(255) NOT NULL default ”,
    name varchar(255) NOT NULL default ”,
    maildir varchar(255) NOT NULL default ”,
    quota int(10) NOT NULL default ’0′,
    domain varchar(255) NOT NULL default ”,
    created datetime NOT NULL default ’0000-00-00 00:00:00′,
    modified datetime NOT NULL default ’0000-00-00 00:00:00′,
    active tinyint(1) NOT NULL default ’1′,
    PRIMARY KEY (username),
    KEY username (username)
    ) TYPE=MyISAM COMMENT=’Postfix Admin – Virtual Mailboxes’;

    #
    # Table structure for table vacation
    #
    CREATE TABLE vacation (
    email varchar(255) NOT NULL default ”,
    subject varchar(255) NOT NULL default ”,
    body text NOT NULL,
    cache text NOT NULL,
    domain varchar(255) NOT NULL default ”,
    created datetime NOT NULL default ’0000-00-00 00:00:00′,
    active tinyint(1) NOT NULL default ’1′,
    PRIMARY KEY (email),
    KEY email (email)
    ) TYPE=MyISAM COMMENT=’Postfix Admin – Virtual Vacation’;
    #################################################################

    dont forget to create the user you need to work with this schema (line from 26 to 39 deleted already).
    hope this can help!

    bye

    1. # userdel vmail
      mysql> GRANT ALL PRIVILEGES ON mail.* TO ‘vmail’@’localhost’ IDENTIFIED BY ‘bobby’;

      # mysql -uvmail -p mail <DATABASE_MYSQL.TXT
      Enter password:
      ERROR 1044 (42000) at line 25: Access denied for user 'vmail'@'localhost' to database 'postfix

      NICE :D

  130. If you did not write about DSPAM, then do not include a section about it and do not mention it in the header.

    You just stole a few moments of my life, because this site pops up when searching “dspam dovecot” on google. I will never get them back.

  131. Carefull,
    Inside the login.php source from 2.2.1.1 version you have an error.
    why do you “session_regenerate_id” just after the include ‘common.php’ with session_start ?

    I have search that, because, after my configuration, I was unable to get out of the login page, even with a good login/password.

  132. Hi,

    I’ve used your guide in setting up my mail server several times already and I’m having problems lately, users from outside the office can’t send mail, it’s either they get an Mail undeliverable error saying that postmaster@domain.com user is unknown even though the alias exist and one can send email to this account, or secondly gets denied saying the SMTP server is not accepting connections even though I can telnet to its smtp port, I’ve been stumped with these for several days already.

    Tried googling around and found this article wherein I need to create the file /usr/lib/sasl2/smtpd.conf which I’ve done with the following contents:

    pwcheck_method: auxprop
    mech_list: PLAIN LOGIN
    auxprop_plugin: sql
    sql_verbose: yes
    sql_engine: mysql
    sql_hostnames: localhost
    sql_user: postfix
    sql_passwd: postfix
    sql_database: postfix
    sql_select: select password from mailbox where username = ‘%u@%r’

    I’ve also started the saslauthd daemon to no avail, still have the same problem mentioned.

    Hope you can help me with this.

    TIA.

    Jan

  133. my installation completed without error
    outlook express user account cannot receive mails but can send.
    I have checked all the logs and no error at all

  134. If you followed this guide, sasl2 should not be used. Instead, have a look at your logfile to see what's happening. (sorry for a late reply)

  135. Hi,

    I followed your tutorial using Debian Lenny 5.0. I actually had this working before on Etch and when Lenny was still in testing, but I had to do a new one due to a drive failure.

    I am receiving this message when I try to create a new mailbox with postfixadmin:

    postfix/smtpd[4334]: warning: SASL: Connect to private/auth failed: Connection refused

    The file is there ($ ls -la /var/spool/postfix/private/auth returns
    srw-rw—- 1 postfix postfix 0 2009-03-21 16:08 /var/spool/postfix/private/auth) and there are no other errors. I tried to Google it, but came up empty.

    Can you tell me what is going on?

  136. Hi,
    I have configured vacation and it's wotking fine with yahoo, gmail and our local domain. but did not work with hotmail account. when I have send mail from hot mail account to our local domain account the auto vacation not reached to hot mail account and also checked log file but did not get any error
    so can you suggest what could be problem.

  137. If the logfile indicated that the email has indeed been sent, have a look in the spam folder of the Hotmail account. They are notorious for rejecting mail though, so try sending it via your ISP's smarthost if you have one.

  138. The bad transport bit is due to wonky formatting.
    Put a return after the word pipe and make sure there is no space between user= and vmail:mail (or vmail:vmail in my case). That seemed to fix that issue insofar as the logs go.
    Also for those using mac's pasting in to textedit doesn't resolve the formatting issue of the quotation marks; that one caught me out.

  139. “Johnny Chadda 5 months ago

    @smk When I wrote this, it was my intention to include the DSPAM section, but I didn't have time to finish it. I will however, do it soon.”

    I guess 5 months is not “soon” yet?
    Pathetic…

  140. Well, I did start writing it. However, other things in my life had to take priority and updating this guide fell quite long down on the list.

    I am sure however, that you can find ways to implement Dspam by yourself in the meantime, if you had a look at other Dpam implementation configurations on the internet.

  141. “Johnny Chadda 5 months ago

    @smk When I wrote this, it was my intention to include the DSPAM section, but I didn't have time to finish it. I will however, do it soon.”

    I guess 5 months is not “soon” yet?
    Pathetic…

  142. Well, I did start writing it. However, other things in my life had to take priority and updating this guide fell quite long down on the list.

    I am sure however, that you can find ways to implement Dspam by yourself in the meantime, if you had a look at other Dpam implementation configurations on the internet.

  143. Thanks for the tutorial. I’ve followed the tutorial to the letter but failing somewhere. Kindly assist me in debugging the source of the errors am geting…
    support@mail:~$ tail -f /var/log/syslog
    Oct 8 06:31:23 mail postfix/proxymap[5334]: warning: connect to mysql server lo calhost: Access denied for user ‘= mail’@’localhost’ (using password: YES)
    Oct 8 06:31:23 mail postfix/trivial-rewrite[5333]: fatal: proxy:mysql:/etc/post fix/mysql_virtual_domains_maps.cf(0,lock|fold_fix): table lookup problem
    Oct 8 06:31:24 mail postfix/qmgr[5311]: warning: problem talking to service rew rite: Success
    Oct 8 06:31:24 mail postfix/master[4806]: warning: process /usr/lib/postfix/tri vial-rewrite pid 5333 exit status 1
    Oct 8 06:31:24 mail postfix/master[4806]: warning: /usr/lib/postfix/trivial-rew rite: bad command startup — throttling
    Oct 8 06:32:24 mail postfix/proxymap[5336]: warning: connect to mysql server lo calhost: Access denied for user ‘= mail’@’localhost’ (using password: YES)
    Oct 8 06:32:24 mail postfix/trivial-rewrite[5335]: fatal: proxy:mysql:/etc/post fix/mysql_virtual_domains_maps.cf(0,lock|fold_fix): table lookup problem
    Oct 8 06:32:25 mail postfix/qmgr[5311]: warning: problem talking to service rew rite: Success
    Oct 8 06:32:25 mail postfix/master[4806]: warning: process /usr/lib/postfix/tri vial-rewrite pid 5335 exit status 1
    Oct 8 06:32:25 mail postfix/master[4806]: warning: /usr/lib/postfix/trivial-rew rite: bad command startup — throttling

    1. warning: connect to mysql server lo calhost: Access denied for user ‘= mail’@’localhost’ (using password: YES)

      It looks like you have an error in one of your etc/postfix/mysql_virtual_*_maps.cf files. It thinks that the MySQL user is “= mail”, but it should be just “mail”. Look for weird characters in the “user = mail” string.

  144. I follow the guide,and i use ubuntu server 9.04,while i get the error:
    can’t connect to auth server at /var/run/dovecot/auth-master:no such file or directory

  145. thanks for the partial GREAT tutorial. Please add the dspam chapter… or at least…. change the title of the document!

  146. Nice How-to… After many days of gnashing teeth… I worked out some inconsistencies that were not mentioned above… for instance, like yayoo above is having…

    In Ubuntu, dovecot.conf is NOT used – dovecot-postfix.conf is. Make your changes there, however as I found out later… dovecot still has a tendency to reference dovecot.conf. I found it easy enough to move the original and create a symlink to dovecot-postfix.conf.

    Integration of PostfixAdmin’s Quota rules and Dovecot’s was another pain in the arse…

    Add these entries to dovecot.conf: (or dovecot-postfix.conf)
    protocol imap {
    mail_plugins = quota imap_quota
    }
    protocol lda {
    mail_plugins = quota
    }
    I only use imap, so add the quota plugin to pop3 if needed.
    plugin {
    quota = maildir:User quota
    quota_rule = *:storage=1048576 #equal to 1GB
    quota2_rule = Trash:storage=102400 #100 megs, not counted against quota
    quota3_rule = Junk:storage=102400 # see above
    }

    Then adjust the user_query in dovecot-sql.conf to reflect:

    user_query = SELECT ‘/var/vmail/%d/%n’ as home, ‘maildir:/var/vmail/%d/%n’ as mail, 150 AS uid, 8 AS gid, concat(‘*:bytes=’, mailbox.quota) AS quota_rule FROM mailbox WHERE username = ‘%u’ AND active = ’1′

    Dovecot’s quota system started working, unfortunately the used amount still doesn’t show in postfixadmin – but it does in roundcube… and that’s good enough for me.

    Closing remarks… great how-to… and to all the d-spam haters… STFW.
    Thanks, Johnny…

    1. Thank you for your additions for Ubuntu! This howto is getting a bit dated I guess, but I will be installing a large mail server again in a while, so I will take the opportunity to update this or write a new one. Perhaps even with dspam this time. :)

  147. Well, I think you’ve become a defacto How-To for setting up Dovecot, MySQL, SSL/TLS and Dspam… At least according to this page:

    http://wiki.dovecot.org/HowTo

    Unfortunately, it also explicitly states DSPAM… :P So, yeah, you may want to include that in the next one. I haven’t bothered with Dspam yet, I had enough problems getting Amavis, Spamassasin, Pyzor, Razor, DCC to play together nicely.

  148. Hi Johnny,
    Nice How To. I think those that keep banging on about DSPAM should go away and spend the time writing a how to for it.

    Secondly I have a problem with smtp authentication from external clients.
    My log file says :
    “Feb 18 09:50:45 mail dovecot: auth(default): login(?,94.10.83.226): Empty username”

    Any Ideas ?
    Thanks and Regards Mark

    log follows:
    Feb 18 09:49:58 mail postfix/smtpd[26418]: 5e0a53e2.bb.sky.com[94.10.83.226]: 250-mail.cover365.com
    Feb 18 09:49:58 mail postfix/smtpd[26418]: > 5e0a53e2.bb.sky.com[94.10.83.226]: 250-PIPELINING
    Feb 18 09:49:58 mail postfix/smtpd[26418]: > 5e0a53e2.bb.sky.com[94.10.83.226]: 250-SIZE 10240000
    Feb 18 09:49:58 mail postfix/smtpd[26418]: > 5e0a53e2.bb.sky.com[94.10.83.226]: 250-VRFY
    Feb 18 09:49:58 mail postfix/smtpd[26418]: match_hostname: 5e0a53e2.bb.sky.com ~? 10.0.0.0/16
    Feb 18 09:49:58 mail postfix/smtpd[26418]: match_hostaddr: 94.10.83.226 ~? 10.0.0.0/16
    Feb 18 09:49:58 mail postfix/smtpd[26418]: match_hostname: 5e0a53e2.bb.sky.com ~? 127.0.0.0/8
    Feb 18 09:49:58 mail postfix/smtpd[26418]: match_hostaddr: 94.10.83.226 ~? 127.0.0.0/8
    Feb 18 09:49:58 mail postfix/smtpd[26418]: match_list_match: 5e0a53e2.bb.sky.com: no match
    Feb 18 09:49:58 mail postfix/smtpd[26418]: match_list_match: 94.10.83.226: no match
    Feb 18 09:49:58 mail postfix/smtpd[26418]: sasl_exceptions: 5e0a53e2.bb.sky.com[94.10.83.226], match=0
    Feb 18 09:49:58 mail postfix/smtpd[26418]: > 5e0a53e2.bb.sky.com[94.10.83.226]: 250-ETRN
    Feb 18 09:49:58 mail postfix/smtpd[26418]: > 5e0a53e2.bb.sky.com[94.10.83.226]: 250-AUTH PLAIN LOGIN
    Feb 18 09:49:58 mail postfix/smtpd[26418]: match_list_match: 5e0a53e2.bb.sky.com: no match
    Feb 18 09:49:58 mail postfix/smtpd[26418]: match_list_match: 94.10.83.226: no match
    Feb 18 09:49:58 mail postfix/smtpd[26418]: > 5e0a53e2.bb.sky.com[94.10.83.226]: 250-AUTH=PLAIN LOGIN
    Feb 18 09:49:58 mail postfix/smtpd[26418]: > 5e0a53e2.bb.sky.com[94.10.83.226]: 250-ENHANCEDSTATUSCODES
    Feb 18 09:49:58 mail postfix/smtpd[26418]: > 5e0a53e2.bb.sky.com[94.10.83.226]: 250-8BITMIME
    Feb 18 09:49:58 mail postfix/smtpd[26418]: > 5e0a53e2.bb.sky.com[94.10.83.226]: 250 DSN
    Feb 18 09:50:09 mail postfix/smtpd[26418]: 5e0a53e2.bb.sky.com[94.10.83.226]: 334 VXNlcm5hbWU6
    Feb 18 09:50:45 mail postfix/smtpd[26418]: 5e0a53e2.bb.sky.com[94.10.83.226]: 535 5.7.8 Error: authentication failed: VXNlcm5hbWU6

  149. Thanks for this tutorial which solved some questions, e.g. which database queries to use to connect to MySQL. However, overall it didn’t work for me so far.

    Problems I have to solve: in /var/vmail, I’m getting a directory structure like /var/vmail/mydomain.tld/mydomain.tld/user/ and I don’t understand why mydomain.tld is doubled (you wrote it shouldn’t); next, the mailboxes at /var/mail fill up (according to du -h), but when popping mail, _nothing_ is delivered to the users (“There are no new messages…”); syslog or mail.log do not show any errors; and last but not least nobody can send mail (authentication fails; reason given in mail.log: “SASL PLAIN authentication failed”). So there’s still days of work to get this usable. It’s sad that this *nix stuff always takes so much time :-(

    1. Hello!

      Did you add the following to your master.cf file?
      dovecot unix – n n – – pipe flags=DRhu user=
      vmail:mail argv=/usr/lib/dovecot/deliver -d $(recipient)

      and the following to your dovecot.conf file?
      mail_location = maildir:/var/vmail/%d/%u

      and the following to your main.cf file?
      virtual_transport = dovecot

      There should be no mail in your /var/mail directory if it works correctly.

    2. Finally solved! After countless restarts of postfix and dovecot, a new hierarchy appeared in /var/vmail (domain/user); the old hierarchy (domain/domain/user) contained just the inital mail from Postfix Admin, so I deleted it. Also I replicated the setup on another server where the directory structure was fine from beginning on.

      Delivering mail to users finally worked after several modifications I made after watching /var/log/mail.log for hours. Most of them are more or less cosmetic, I think (e.g. “dovecot_destination_recipient_limit = 1″), but it was crucial to change “first_valid_uid = 150″ to uid 8. I don’t quite understand why, but that caused the problem for me.

      Another thing which caused severe problems for me was that I tried to relay mail form a (web-) server to another combined web-/mailserver via nullmailer. Such an setup seems to require additional configuration and can not seemlessly be integrated into the setup you’re describing.

      The third and last problem (“SASL PLAIN authentication failed”) was a stupid misconfiguration in my mail client where I missed to update the account with the domain (which wasn’t necessary before).

      If postfix starts to work (again) it’s always like awakening from a long nightmare, and every time I think it wasn’t so hard. Until I have to change the setup again ;) And btw, after reading *lots* of documentation about postfix, dovecot, sasl, tls, mysql and Postfix Admin I found your tutorial to be one of the most reliable ones on the net. Thanks again!

      Now I’ll continue with testing and adding postfix-policyd to the setup. -asb

    3. Great work sorting it out! :)

      Did you have to change “mail_location” for it to work, or did it just happen?

      “first_valid_uid” is the first system user being able to log into the mail system (it is supposed to secure administrative accounts, by not letting them log in). When using virtual users however, the only system user will be the one Dovecot is running as.

      I am not that familiar with nullmailer, but I think you can achieve the same thing in Postfix using /etc/postfix/transport, for instance:

      example.com smtp:[other.mailserv.er]:25

      Good luck with policyd!

  150. Hi Johnny,

    yes, I double and triple checked this.

    # cat /etc/postfix/master.cf | grep dovecot
    dovecot unix – n n – – pipe
    flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d ${recipient}

    # cat /etc/postfix/main.cf | grep virtual_transport
    virtual_transport = dovecot

    # cat /etc/dovecot/dovecot.conf | grep mail_location
    mail_location = maildir:/var/vmail/%d/%u

    # du -h /var/vmail/

    2,1M /var/vmail/

    But the errors persist. I simply don’t understand it. %d/%u = domain/user, but I’m getting: domain/domain/user, etc.

    Thanks anyway! Greetings, -asb

    1. I found one error in the logs:

      … deliver(…): setgid(150) failed with euid=150, gid=8, egid=8: Operation not permitted

      Google explains: RUID (real user id), EUID (effective user id), RGID (real group id), EGID (effective group id). That’s calculated like this:

      if suid, then set EUID to uid;
      if guid, ten set EGID to gid.

      …and checked with the kernel function permission(). WTF… I really don’t want to become a kernel hacker to set up a mail server… :(

      1. Re: Postfix TLS configuration:

        If this (from above) are *two* lines:

        smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_session_cache

        Then the syntax is incomplete:

        postfix/smtpd[...]: fatal: /etc/postfix/main.cf, line 75: missing ‘=’ after attribute name: “smtpd_tls_session_cache”

        If this ist *one* line, postfix complains also:

        postfix/tlsmgr[...]: warning: request to update table btree:/var/spool/postfix/smtpd_tls_session_cache in non-postfix directory /var/spool/postfix
        postfix/tlsmgr[...]: warning: redirecting the request to postfix-owned data_directory /var/lib/postfix

        So it might better be to say:

        smtpd_tls_session_cache_database = btree:/var/lib/postfix

      2. Hello. Please make sure that the user with the uid 150 exists, and has access to the /var/vmail directory. Have a look at the “Virtual users” section for more information.

        Regarding the double domain issue in /var/vmail, try changing mail_location to the following and see if it resolves that issue:

        mail_location = maildir:/var/vmail/%d/%n

        Regarding the /var/spool/postfix problem, that is where the location was around 2007 when this guide was written, but good that you found the new location.

        I agree with the limitations with having this kind of guide on a blog, but the next mail server guide (out this summer) will be separated from this blog and will hopefully be much cleaner and easier to read and implement.

  151. Hi,

    I got permission denied errror log.

    May 27 15:12:45 localhost pipe[22479]: fatal: pipe_command: execvp /usr/lib/dovecot/deliver: Permission denied
    May 27 15:12:45 localhost pipe[22481]: fatal: pipe_command: execvp /usr/lib/dovecot/deliver: Permission denied
    May 27 15:12:45 localhost postfix/pipe[22477]: 96092900D9: to=, relay=dovecot, delay=5267, delays=5267/0.04/0/0.02, dsn=4.3.0, status=deferred (temporary failure. Command output: pipe: fatal: pipe_command: execvp /usr/lib/dovecot/deliver: Permission denied )
    May 27 15:12:45 localhost postfix/pipe[22478]: C0D8F900D5: to=, relay=dovecot, delay=12228, delays=12228/0.03/0/0.02, dsn=4.3.0, status=deferred (temporary failure. Command output: pipe: fatal: pipe_command: execvp /usr/lib/dovecot/deliver: Permission denied )

    Any one know why this error logging?

      1. I have set permission using following command

        chgrp vmail /usr/lib/dovecot/deliver

        Can you give me instruction for set permissions in to /var/vmail?

      2. The dovecot deliver binary can remain root owned, just make sure it’s executable.

        chown root:root /usr/lib/dovecot/deliver
        chmod 755 /usr/lib/dovecot/deliver

        And for the virtual mail directory.

        chown -R vmail:mail /var/vmail
        chmod -R 700 /var/vmail

      3. Hello!

        Thank you for the article. It helped a lot.
        But now I have a problem.
        I have this message in log file
        setgid(8) failed with euid=150, gid=12, egid=12: Operation not permitted
        I cannot understand where “12″ comes from?
        Can you help me?

      4. Now everything works well. Thank you. Problem was caused bt SELinux. I’ve just added security module.

  152. HELP NEEDED!

    I installed postfix and dovecot with mysql as described in this tutorial. I would like to have multiple domains on one server and it works somehow, when it comes to POP/SMTP auth etc.

    Which means: I receive emails from external mailservers for my virtual domains and I can also send emails to external servers, but not to everyone…

    ..cause some external address or freemailer say: server xyz [1.2.3.4] refused to talk to me: 554….554 Your access to this mail system has been rejected due to sending MTA’s poor reputation.

    What’s wrong? Here’s my configuration:

    /etc/postfix/main.cf:

    biff = no
    append_dot_mydomain = no

    myhostname = mail.mydomain.com
    mydomain = domain.com
    myorigin = /etc/mailname
    mydestination = localhost
    mynetworks = 127.0.0.0/8
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)

    virtual_transport = dovecot
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
    virtual_mailbox_base = /var/vmail
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
    virtual_minimum_uid = 150
    virtual_uid_maps = static:150
    virtual_gid_maps = static:8
    dovecot_destination_recipient_limit = 1

    smtpd_helo_required = yes
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_exceptions_networks = $mynetworks
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth

    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_relay_domains, reject_unauth_destination

    /etc/postfix/master.cf:

    #
    # Postfix master process configuration file. For details on the format
    # of the file, see the master(5) manual page (command: “man 5 master”).
    #
    # Do not forget to execute “postfix reload” after editing this file.
    #
    # ==========================================================================
    # service type private unpriv chroot wakeup maxproc command + args
    # (yes) (yes) (yes) (never) (100)
    # ==========================================================================
    smtp inet n – – – – smtpd
    #submission inet n – – – – smtpd
    # -o smtpd_tls_security_level=encrypt
    # -o smtpd_sasl_auth_enable=yes
    # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    # -o milter_macro_daemon_name=ORIGINATING
    #smtps inet n – – – – smtpd
    # -o smtpd_tls_wrappermode=yes
    # -o smtpd_sasl_auth_enable=yes
    # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    # -o milter_macro_daemon_name=ORIGINATING
    #628 inet n – – – – qmqpd
    pickup fifo n – – 60 1 pickup
    cleanup unix n – – – 0 cleanup
    qmgr fifo n – n 300 1 qmgr
    #qmgr fifo n – – 300 1 oqmgr
    tlsmgr unix – – – 1000? 1 tlsmgr
    rewrite unix – – – – – trivial-rewrite
    bounce unix – – – – 0 bounce
    defer unix – – – – 0 bounce
    trace unix – – – – 0 bounce
    verify unix – – – – 1 verify
    flush unix n – – 1000? 0 flush
    proxymap unix – – n – – proxymap
    proxywrite unix – – n – 1 proxymap
    smtp unix – – – – – smtp
    # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
    relay unix – – – – – smtp
    -o smtp_fallback_relay=
    # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq unix n – – – – showq
    error unix – – – – – error
    retry unix – – – – – error
    discard unix – – – – – discard
    local unix – n n – – local
    virtual unix – n n – – virtual
    lmtp unix – – – – – lmtp
    anvil unix – – – – 1 anvil
    scache unix – – – – 1 scache
    #
    # ====================================================================
    # Interfaces to non-Postfix software. Be sure to examine the manual
    # pages of the non-Postfix software to find out what options it wants.
    #
    # Many of the following services use the Postfix pipe(8) delivery
    # agent. See the pipe(8) man page for information about ${recipient}
    # and other message envelope options.
    # ====================================================================
    #
    # maildrop. See the Postfix MAILDROP_README file for details.
    # Also specify in main.cf: maildrop_destination_recipient_limit=1
    #
    maildrop unix – n n – – pipe
    flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
    #
    # See the Postfix UUCP_README file for configuration details.
    #
    uucp unix – n n – – pipe
    flags=Fqhu user=uucp argv=uux -r -n -z -a$sender – $nexthop!rmail ($recipient)
    #
    # Other external delivery methods.
    #
    ifmail unix – n n – – pipe
    flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
    bsmtp unix – n n – – pipe
    flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
    scalemail-backend unix - n n - 2 pipe
    flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
    mailman unix – n n – – pipe
    flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
    ${nexthop} ${user}
    dovecot unix – n n - - pipe
    flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -f ${sender} -d $(recipient)

    mysql_virtual_alias_maps.cf, mysql_virtual_domains_maps.cf, mysql_virtual_mailbox_limit_maps.cf, mysql_virtual_mailbox_maps.cf are excactly as described in this tutorial.

    I also added a reverse DNS for the domain mail.mydomain.com. Any advice?

    1. This means that you are probably sending email from a dynamic “end customer” IP address, which some email blockers block. The best solution is to use your ISP’s email server as a smarthost if they have one.

  153. Hi, and glad I found this HowTo. Although I’ve had a hard time of getting it to work, I have been successful, up-untill enabling SSL and TLS.

    I have all ports open for testing so getting to the PC is no problem.
    I can access emails without SSL/TLS, but once I enable TLS I get (auth failed).

    imap-login: Aborted login (auth failed, 2 attempts): user=, method=PLAIN, rip=77.99.14.225, lip=192.168.0.12, TLS

    I followed your howto precisely for enabling SSL/TLS. Here are the relevant sections of my conf.

    protocols = imap pop3 imaps pop3s
    listen = *
    ssl_listen = *
    disable_plaintext_auth = no
    ssl = yes
    ssl_cert_file = /etc/ssl/mydomain/mail-cert.pem
    ssl_key_file = /etc/ssl/mydomain/mail-key.pem
    ssl_parameters_regenerate = 168
    verbose_ssl = no

    Any ideas?

  154. An addition to the above.

    I can login locally using SSL. TLS fails even locally.
    SSL nor TLS will work through my Gateway.
    I’m guessing SSL works locally as it’s in the trusted IP’s.

    I’ve no idea why I can’t run SSL through the gateway though.

  155. oh, correction for ALL of the above.

    SSL is working local and through gateway. (shows TLS at the end of the log entry).

    TLS setting isn’t (local or Gateway). Timeouts with (no auth attempts). and shows no TLS on the end of the lgo timeout (probably as it never attenpted anything).

    IMAP isn’t working on either.

    1. Using SSL is fine. you should be using TLS (STARTTLS) when accessing Postfix for sending mail though.

      If things are working locally but not though your gateway, you should probably have a look at your gateway to make sure that ports are forwarded correctly and that firewall rules are created.

  156. First very thanks for your famous high quality Blog.

    As I get no Logs from dovecot I changed

    #syslog_facility = mail

    in /etc/dovecot/dovecot.conf to

    log_path = /var/log/dovecot.log
    info_log_path = /var/log/dovecot.info.log

    Cause can’t get logging via Kmail on my OpenSuse. The Log shows me that I have to use the full EMail as username.
    So all went good.

    By the way your Howto is the first that works after five days and many trys from other Writers. Very thanks at all!

  157. Hey thanks a lot for this. With a bit of fiddling and minor tweaking it works great. Saved me several hours of RTFM.

  158. Hi,

    I installed postfix admin on ubuntu.
    I have followed following link
    http://rimuhosting.com/knowledgebase/linux/mail/postfixadmin

    Mails can send from webmail. But not able to receive the mail

    This is the mail log

    Sep 22 08:44:21 mydomain postfix/smtpd[7721]: connect from mail-qw0-f42.google.com[209.85.216.42]
    Sep 22 08:44:21 mydomain postfix/smtpd[7721]: DD8371CFC071: client=mail-qw0-f42.google.com[209.85.216.42]
    Sep 22 08:44:22 mydomain postfix/cleanup[7724]: DD8371CFC071: message-id=
    Sep 22 08:44:22 mydomain postfix/qmgr[7719]: DD8371CFC071: from=, size=4104, nrcpt=1 (queue active)
    Sep 22 08:44:22 mydomain postfix/local[7735]: warning: dict_nis_init: NIS domain name not set – NIS lookups disabled
    Sep 22 08:44:22 mydomain postfix/local[7735]: DD8371CFC071: to=, relay=local, delay=0.34, delays=0.32/0.01/0/0.01, dsn=5.1.1, status=bounced (unknown user: “test”)
    Sep 22 08:44:22 mydomain postfix/cleanup[7724]: 228841CFC0A9: message-id=
    Sep 22 08:44:22 mydomain postfix/bounce[7736]: DD8371CFC071: sender non-delivery notification: 228841CFC0A9
    Sep 22 08:44:22 mydomain postfix/qmgr[7719]: 228841CFC0A9: from=, size=5754, nrcpt=1 (queue active)
    Sep 22 08:44:22 mydomain postfix/qmgr[7719]: DD8371CFC071: removed
    Sep 22 08:44:22 mydomain postfix/smtp[7725]: 228841CFC0A9: to=, relay=gmail-smtp-in.l.google.com[74.125.43.27]:25, delay=0.76, delays=0.01/0/0.07/0.68, dsn=2.0.0, status=sent (250 2.0.0 OK 1285137862 l12si26177761bkb.75)
    Sep 22 08:44:22 mydomain postfix/qmgr[7719]: 228841CFC0A9: removed
    Sep 22 08:44:52 mydomain postfix/smtpd[7721]: disconnect from mail-qw0-f42.google.com[209.85.216.42]

  159. Hello !
    When I sent email by webmail, the maillog show me this error:

    mail deliver(xxxx@dominio.com.br): setgid(8) failed with euid=150, gid=12, egid=12: Operation not permitted
    what might be happening?

    Thanks

  160. Which file would I put these commands into?

    “Select which clients to permit

    We also need to specify some rules, which will enable authenticated users to send mail, but not anyone.

    Being an open relay is absolutely forbidden!

    smtpd_recipient_restrictions =
    permit_mynetworks
    permit_sasl_authenticated
    reject_unauth_destination
    permit

  161. Ahh, yet another guide on the Internet that was not proof read ;)

    ” Open “postfixadmin-2.1.0/DATABASE_MYSQL.TXT” with your favorite editor such as vim, nano or gedit and comment out or remove all lines under section “Postfix / MySQL”, since we have created our own use for the mail server. The section is currently lines 26 to 39.”

    # pwd
    /root/email_setup/postfixadmin-2.3.2
    # find | grep DATABASE_MYSQL
    #
    Nothing returned because this file is not part of postfixadmin.

    1. Just noticed you are using version 2.1.0. The one for your download link to sourceforge is version 2.3.2, and the file has been removed from the tarball. Shame, because (just like all the other postfix tutorials I have tried, and failed with), this one looked equally promising :D

  162. Erm, did I really miss something here:

    The first SQL statements create a database called mail:-
    # mysql -uroot -p
    mysql> CREATE DATABASE mail;
    mysql> GRANT ALL PRIVILEGES ON mail.* TO ‘mail’@’localhost’ IDENTIFIED BY ‘mail’;
    mysql> quit

    Then we are told to run the postfix admin script:
    # mysql -umail -p mail < postfixadmin-2.1.0/DATABASE_MYSQL.TXT

    This initial part can only fail, because the first command in the script states:
    USE postfix;
    and the database postfix does not exist, so it cannot be used.

    Give us a break.

  163. The last time this web page was updated was in April 15, 2007. I suggest this web page is now used only for historical reference as using it may cause inexperienced users problems. This is because most users will be using recent operating systems.

  164. Hello Bob (and si, your other name),

    1. You put those commands into main.cf.

    2. I am not the author of Postfix Admin, but if you look though the comments, you will find the database creation script.

    3. As I wrote in the article, you need to comment out “USE postfix”.

    4. Write FLUSH PRIVILEGES; after the GRANT command (or restart the MySQL server).

    5. This article was originally written in 2007, and has been updated on occasion. Please stop making things up.

    6. It has served thousands of users, saving them time when setting up mail servers. I would however be glad to update this guide right away, if you pay me for the time.

  165. This guide is great if you take is as a template and NOT a paint by number picture on how to get a mail server up and running. Every environment is different and to expect that ANY how-to you find on the internet might be the sole companion to your very own mail server is… well, idiotic. It doesn’t exist, because the problem is that there are many ways to setup a mail server and if you plan on administering it after your next reboot – well, then you better understand the components involved a little better that reading through one single How-To.

    So, quit your whining and be thankful that you found this How To at all… and are not stuck reading through white paper documentation and trying to get someone to listen to the newbie in IRC.

    This guide is still entirely relevant to the process that it details… the only downfall I can find, if any… is that it naively assumes that people will read the entire How-To and maytbe even do some research on their own… What a concept.

  166. I’m not overly clear on the part

    Open “postfixadmin-2.1.0/DATABASE_MYSQL.TXT” with your favorite editor such as vim, nano or gedit and comment out or remove all lines under section “Postfix / MySQL”, since we have created our own use for the mail server. The section is currently lines 26 to 39.”

    I’m running postfixadmin-2.3.2 and DATABASE_MYSQL.TXT isn’t included? What should this file contain?

  167. Hello Johny,
    this is the most perfect guide to setup a mailserver with postfix, dovecot and a webinterface to manage accounts.

    I used to do it all the long way ending up with a working system, but lots of things to hack in time and time again, when setting up or changing accounts.

    You really saved me a lot of time.

    Thumbs up!

    best regards,
    Ralf

  168. Looks like a great howto, but some points are not understandable to me. What for is this mysql_virtual_mailbox_limit_maps setting? I can see you’re using dovecot’s lda for transport, and not postfix’s virtual with VDA patch…

      1. mysql_virtual_mailbox_limit_maps works only with VDA patch, so in this case you don’t need it, since you’re using dovecot’s lda.

      1. Still no update to this guide? With Ubuntu 12.04 just released, I’m setting up a new mail server this week to replace my aging one originally configured with this guide. So much has changed in the last 4 years, I’m hesitant to start with your guide. Any tips?

  169. Hey, this is the one that comes closest to be understood. I’ve been at it for at least four weeks and years prior to this in different configurations. None of them really worked! With this tutorial everything seems to work just fine, but when it comes to send and receive e-mail with a client, it seems not to exist. Too many references to other software that really can screw things up. Best of all, you’ll never know what happened. When I sent from the console, it works great, I just can’t find the e-mail where I would expect it to be. I don’t find it at all period. All over it does not work for me! There is a reference to “mail_extra_groups = mail” this causes an error when loading dovecot. She dies right away with this enabled. Ubuntu is bragging that it works out of the box, which I find to be an overstatement. There are millions of How tos, however most of them should be called “How to confuse” Never found anything complete and easy to understand. Most of them assume that the reader is at the same level as the author. Then I don’t need the How to, for all other HOW TO CONFUSE goes. There is really nothing to understand other than the big picture, the detail is a memorization issue. I should stop complaining, guess I just dump this great piece of $#%$#$%^$ and forget about it, I mean who has such a track record aside Microsoft where it takes month to find a problem, or perhaps it never gets solved. I am not kidding when I say I am trying to configure this thing for years now!
    Thanks anyway, it was worth a try but it turned out to be another failure in my department.

    1. Hey there. Well, to configure an email server, you will need some level of admin experience. There is always a need for “other software” too, since Postfix only transfer emails. You will need Dovecot or similar software to fetch the messages to your email client using imap or pop.

      Not sure I can help you all the way from this comment thread, but a good place to start looking for problems when things are not working is to view the syslog file. Try opening up a terminal on the mail server, run “tail -f /var/log/syslog” (ctrl-c to quit), and then try sending an email to the server. The terminal should now have lots of messages telling you what just happened and if something did not work.

      1. Hi Johnny,
        one can probably see that I am frustrated. The basic concept is clear to me. I have POSTFIX installed according to many HOW TO’s (confuse) and also have dovecot installed. It seems the slightest cough at the configuration files and all hell breaks loose. I think I have lost my patience over those many attempts in the past. At one time I had it running with console users configured. One day, nothing worked anymore, I could have taken a hammer, since it took a few days to get this setup running. So I decided to change the configuration to MySql thinking that it would be easier.
        I understand that you can’t provide a hint based on the statement “It doesn’t work”. Your wiki is actually the closest it can get, however there are so many different system flavors, different file structures and so on. It is very easy to overlook something or it simply isn’t in the place where it should be. I am convinced that this is in fact my problem, but after many failed attempts I stand there scratching my head and have no clue what to look for or where to find it. Guess this is LINUX not saying that the other one from Redmond would be easier.
        Thanks in any case for the tutorial and your input, I guess I’ll have to read every configuration line, check if it really correct and if there is any typos that don’t get caught or flagged during runtime.

        Think, I am still somewhat comprehensive since I got multiple Websites running, do my own DNS and if something goes I am able to locate the source and fix it. It’s just the Mail Server that gives me such a hard time.

        Cheers,
        again thanks.

  170. Hello,

    I am getting this error while restarting dovecot. Please help me. Its urgent.

    Jul 11 10:15:56 ff892aad dovecot: [ID 673641 mail.info] Dovecot v1.0.13 starting up
    Jul 11 10:16:02 ff892aad dovecot: [ID 107833 mail.error] auth-worker(default): mysql: Connect failed to 114.143.185.92 (smartemail_dev): Access denied for user ‘root’@’72.2.121.121′ (using password: YES) – waiting for 1 seconds before retry

  171. Hi,

    I tried to install on Centos 5.6 x64.Postfix doesnt listen 25 and 587 ports. No problem on pop3 ports. can you help me how to fix it?

    And i take this error message in maillog. How to fix that?

    postfix/master[17424]: fatal: /etc/postfix/master.cf: line 82: bad transport type: user=vmail:mail

    1. There is a formating error in this guide. You should put this line to the master.cf:
      dovecot unix – n n – – pipe flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d $(recipient)

      it is only one line, not two

  172. Hi:
    I installed postfix-dovecot and created virtual mailboxes and virtual domains using atleast 2 how-to’s. I kept getting the error:

    auth_pam: pam_authenticate failed: User not known to the underlying authentication module

    Your comment: “smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth

    To conclude, you don’t need the Cyrus SASL library” really helped in solving the problem. I also want to point out that in your postfix main.cf, if you put: smtpd_sasl_path = private/auth, then make sure you have a: queue_directory = /var/spool/postfix to indicate the correct path.

    Thank you
    Bill

  173. Does anyone know how i can connect postfix to an amazon RDS as oppose to having the database stored locally?

    aws rds provides endpoints as oppose to ip I would like to know if there is any configurations i could change to get postfix to use rds for storing domains, users etc..

  174. Hello, and thank you for the tutorial ! I’ve been running a mailserver created using this tutorial for about two years now, but I’ve run into a problem: after updating the system (apt-get update, then apt-get upgrade – using Debian), Squirrelmail crashes on logon with “ERROR: Connection dropped by IMAP server”. Roundcube fails with “Connection to storage server failed”. Horde says “Login failed because your username or password was entered incorrectly”.
    Also, on starting Dovecot, my syslog shows:
    doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf
    doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:6: ‘imaps’ protocol is no longer necessary, remove it
    doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:6: ‘pop3s’ protocol is no longer necessary, remove it
    doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:10: listen=..:port has been replaced by service { inet_listener { port } }
    doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:10: protocol { listen } has been replaced by service { inet_listener { address } }
    doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:11: ssl_listen=..:port has been replaced by service { inet_listener { port } }
    doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:11: protocol { ssl_listen } has been replaced by service { inet_listener { address } }
    doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:14: listen=..:port has been replaced by service { inet_listener { port } }
    doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:14: protocol { listen } has been replaced by service { inet_listener { address } }
    doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:15: ssl_listen=..:port has been replaced by service { inet_listener { port } }
    doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:15: protocol { ssl_listen } has been replaced by service { inet_listener { address } }
    doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:24: ssl_cert_file has been replaced by ssl_cert = <file
    doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:25: ssl_key_file has been replaced by ssl_key = <file
    doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:28: ssl_parameters_regenerate should have 'hours' suffix
    doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:41: login_executable has been replaced by service { executable }
    doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:42: mail_executable has been replaced by service { executable }
    doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:46: login_executable has been replaced by service { executable }
    doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:47: mail_executable has been replaced by service { executable }
    doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:60: add auth_ prefix to all settings inside auth {} and remove the auth {} section completely
    doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:62: passdb sql {} has been replaced by passdb { driver=sql }
    doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:65: userdb sql {} has been replaced by userdb { driver=sql }
    doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:68: auth_user has been replaced by service auth { user }

    Sorry for the long post. Could you, please, help ? Thank you in advance.

  175. OK, I think I’m beginning to see the light…
    I think the problem is the dovecot uprade (I’m running 2.1.7 now, not sure about the previous version). Solved the doveconf warnings as suggested, by running “doveconf -n > dovecot-new.conf” and replacing the old config. The problem, however, seems to be the /run/dovecot/auth-worker socket, which gets owned by dovecot:root, and gets rw for user only. If I change permissions to ugo+rw, everything pops back into place and starts working.
    Somehow, though, I’m not sure those relaxed permissions are quite okay (and quite necessary). The solution should be appending something like this to dovecot.conf:

    service auth-worker {
    user = $default_internal_user

    unix_listener auth-worker {
    user = whatever_user_should_access_this_socket
    }
    }

    which would lead to dovecot creating the socket directly owned by the correct user, with rw permissions. But the question is: who should be the owner of that socket ? Please, help, and again, thanks in advance…

Leave a Reply