Hi, I use debian GNU/linux sarge 3.1 stable.
I have followed step by step the tutorial: (without the quota stuff)

http://www.howtoforge.com/virtual_postfix_mysql_quota_courier

At the end of the tutorial I have tried to do this:

telnet localhost 25
ehlo localhost
mail from:<test@test.org>
rcpt to:<sales@example.com>
data
.
quit

And it works, I get no errors and I can see the e-mail in the right folder
/home/vmail/example.com/sales/new

But I have problems:

I have tried to use thunderbird from a pc in the same lan, and I can't send/receive e-mails: it asks me password, but it never authenticates me.
I get this in mail logs: imaplogin: LOGIN FAILED, ip=[::ffff:192.168.0.21]
(192.168.0.1 is the ip address of the pc I use to connect to the mail server (192.168.0.11)

postconf -d | grep mail_version = 2.1.5

What's wrong?

Thanks in advance.

Solved.
It was my fault, I had a problem here:
MYSQL_CRYPT_PWFIELD password

But now I have another problem:


warning: maildir access problem for UID/GID=5000/5000: create /home/vmail/..... permission denied.

Solved: chown -R vmail:vmail /home/vmail

Now everything works, but in the /var/log/mail.warn

I get this:

postfix/smtpd[3306]: warning: SASL authentication failure: no secret in database

postfix/smtpd[3306]: warning: unknown[192.168.0.21]: SASL CRAM-MD5 authentication failed

Please compare your configuration files with those of the tutorial, especially /etc/pam.d/smtp and /etc/default/saslauthd.

Please compare your configuration files with those of the tutorial, especially /etc/pam.d/smtp and /etc/default/saslauthd.

Thanks for the answer. :)

This time I have checked well :D

But nothing, everything is like the tutorial

But it's normal that everything is working?
I mean: I can receive e-mails (asking me username and paswsord) and send e-mails too (asking me username and password)
But I have those logs.
It's normal?
There something wrong?

Thanks.

So, in /etc/postfix/sasl/smtpd.conf

i had:

mech_list: plain login cram-md5 digest-md5

instead of only

mech_list: plain login

I imagine it was the reason why everything was working even with the errors in the log, right?

I have read this post:

"I suggest that anyone using this setup replaces the /etc/postfix/sasl/smtpd.conf with the following:

pwcheck_method: saslauthd
#mech_list: plain login
mech_list: digest-md5 cram-md5
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: mail_admin
sql_passwd: mail_admin_password
sql_database: mail
sql_select: select password from users where email = '%u'

That will disable authentication in the clear.
I also suggest disabling pop3 and imap without ssl. There's no reason to use pop3 or imap without ssl.
Disable them like so (this only disables the insecure versions, ssl is started/stopped through another script):

/etc/init.d/courier-pop stop

/etc/init.d/courier-imap stop

Ensure they don't start on boot like so:
update-rc.d -f courier-pop remove
update-rc.d -f courier-imap remove
At this point, you shouldn't have any of your login and passwords crossing the network in the clear for checking email. You will have logins and hashed passwords sent across the clear when sending email unless the client uses starttls.
Anyone have a good pointer that only allows clients to auth *after* starttls and making auth required for relay?"

Is it true?

Is it working?

Again, thanks in advance.

Is it working?

Try it. :)

mh...so:
Firts: if courier-imap is stopped, the connection to the server fails, so it isn't true the tip, right?

Second: if I put CRAM-MD5 and digest-md, I'll return in the situation when i had problems, (well, "virtual" problems, :D I mean when I have plain login, CRAM-MD5 and digest-md5, and the system was complaining of CRAM-MD5 and digest-md5, but everything was working cause plain login was the one working, right?)

So it's everything wrong on the tip?

You must use
mech_list: plain login
in /etc/postfix/sasl/smtpd.conf instead of mech_list: plain login cram-md5 digest-md5

yes, thanks, I know it, I was speaking of the tip.

If I stop courier-imap i can't connect to the server, is it normal, right?

And why if I examine the server certificate it says:

Common name localhost
Organizzation Courier mail server
Organizzation unit automatically-generated IMAP SSL key

??????????????????????????????

I have inserted my data, even in /etc/ssl/openssl.cnf! :eek:

If I stop courier-imap i can't connect to the server, is it normal, right?
Right.

I have inserted my data, even in /etc/ssl/openssl.cnf!Courier uses another certifiacate than Postfix does.

Is it possible to choose which certificate to use?

the default is imapd.pem and is autogenerated when installing the packet?

the default is imapd.pem and is autogenerated when installing the packet?
Yes, right.
This thread might be interesting for you: http://www.howtoforge.com/forums/showthread.php?t=1168&highlight=mkimapdcert

thanks, yes to create the certificate first you have to edit imapd.cnf , then you have to run mkimapdcert :)

Another thing:

what is this line that sometimes is present in some how-to in postfix main.cf?

smtpd_tls_CAfile =

Again, a super big thanks!!!!

what is this line that sometimes is present in some how-to in postfix main.cf?

smtpd_tls_CAfile =

Again, a super big thanks!!!!
Take a look here: http://www.postfix.org/postconf.5.html

Some questions; what should I choose in the e-mail clients?
I mean: in "server settings" (i am speaking of thunderbird, but the concept is general) I should choose "tls if available", "tls", or "ssl"? It works with all of these 3 choices. Why?
In "smtp settings" I should choose "tls if available", "tls", or "ssl" ? The "ssl" choice doesn't work.

I hope you can help.

Thanks in advance.

I'd try "tls if available".

I want to say that i have followed your how-to based on debian sarge (the one of this thread, that is to say "Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAssassin, ClamAV)") and it works (well, it seems :D ) in debian etch too. I didn't use the part about quota, spamassassin and clamav, and a packet name (about courier support to mysql) now is named courier-authlib-mysql.