PDA

View Full Version : Virtual Users And Domains With Postfix, etc, problem with SMTP/Auth wrong password


ggere
9th November 2005, 21:38
I've followed through the very nice and detail how-to provided here for a postfix email server and receive a wrong/bad password error when trying to connect via imap/smtp to an email account.

My /var/log/mail.log shows:

Nov 9 12:26:16 email imapd-ssl: Connection, ip=[::ffff:192.168.1.195]
Nov 9 12:26:25 email imapd-ssl: LOGIN FAILED, ip=[::ffff:192.168.1.195]


I'm certain I'm connecting with the correct username and password.

I would like some advice on how best to troubleshoot this issue. If there is any more information I can provide I'd be happy to.

Thanks.

falko
10th November 2005, 01:27
Are you able to login via imap instead of imap-ssl?

ggere
10th November 2005, 15:59
No, I receive a similar message on the email client side and the following message in the log notes:

Nov 10 08:44:38 email imaplogin: Connection, ip=[::ffff:192.168.1.195]
Nov 10 08:44:48 email imaplogin: LOGIN FAILED, ip=[::ffff:192.168.1.195]


Please let me know if you need to see any other config files. The hostname of the email server is email.domainname.com, although I would like it to serve email for email addresses of the form username@domainname.com. Currently the domain name is in use by a previously setup and working (although ancient) qmail server so I am connecting the server using its IP address. Not sure if any of this would affect it. I'm a little concerned from looking at the pam.d/smtp file and the "users" sql table that the authorization is against the whole email address and not just the username, or am I missing something there?

till
10th November 2005, 16:38
Please have a look at this post:

http://www.howtoforge.com/forums/showthread.php?t=1149

ggere
10th November 2005, 17:46
Okay, looked through that thread and tried what was mentioned there. MySQL is running, mail_admin has access to the tabels in mail and there are no errors regarding mysql in the log notes. It seems to be connecting to the MySQL table just fine..


[root@email:~]# mysql -u mail_admin -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 97 to server version: 4.1.11-Debian_4sarge2-log

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> select * from mail.users;
+------------------------------+---------------+----------+
| email | password | quota |
+------------------------------+---------------+----------+
| ggere@portfoliomci.com | tBBSZgpT0Ij7U | 10485760 |
| kmackinnon@portfoliomci.com | hJ05pek3gdqSg | 10485760 |
| ggere@email.portfoliomci.com | UDK03yLmpNCek | 10485760 |
| ggere@192.168.1.37 | 3E14fZA/Q9asM | 10485760 |
+------------------------------+---------------+----------+
4 rows in set (0.00 sec)


/etc/courier/authmysqlrc:

MYSQL_SERVER 127.0.0.1
MYSQL_USERNAME mail_admin
MYSQL_PASSWORD ######
MYSQL_PORT 0
MYSQL_DATABASE mail
MYSQL_USER_TABLE users
MYSQL_CRYPT_PWFIELD password
#MYSQL_CLEAR_PWFIELD password
MYSQL_UID_FIELD 5000
MYSQL_GID_FIELD 5000
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD "/home/vmail"
MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
#MYSQL_NAME_FIELD
MYSQL_QUOTA_FIELD quota


/etc/courier/authmodulelist:

authdaemon


/etc/courier/authdaemonrc:

##VERSION: $Id: authdaemonrc.in,v 1.8 2001/10/07 02:16:22 mrsam Exp $
#
# Copyright 2000-2001 Double Precision, Inc. See COPYING for
# distribution information.
#
# authdaemonrc created from authdaemonrc.dist by sysconftool
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
# This file configures authdaemond, the resident authentication daemon.
#
# Comments in this file are ignored. Although this file is intended to
# be sourced as a shell script, authdaemond parses it manually, so
# the acceptable syntax is a bit limited. Multiline variable contents,
# with the \ continuation character, are not allowed. Everything must
# fit on one line. Do not use any additional whitespace for indentation,
# or anything else.

##NAME: authmodulelist:0
#
# The authentication modules that are linked into authdaemond. The
# default list is installed. You may selectively disable modules simply
# by removing them from the following list. The available modules you
# can use are: authcustom authcram authuserdb authldap authpgsql authmysql authpam

authmodulelist="authmysql"

##NAME: authmodulelistorig:1
#
# This setting is used by Courier's webadmin module, and should be left
# alone

authmodulelistorig="authcustom authcram authuserdb authldap authpgsql authmysql authpam"

##NAME: daemons:0
#
# The number of daemon processes that are started. authdaemon is typically
# installed where authentication modules are relatively expensive: such
# as authldap, or authmysql, so it's better to have a number of them running.
# PLEASE NOTE: Some platforms may experience a problem if there's more than
# one daemon. Specifically, SystemV derived platforms that use TLI with
# socket emulation. I'm suspicious of TLI's ability to handle multiple
# processes accepting connections on the same filesystem domain socket.
#
# You may need to increase daemons if as your system load increases. Symptoms
# include sporadic authentication failures. If you start getting
# authentication failures, increase daemons. However, the default of 5
# SHOULD be sufficient. Bumping up daemon count is only a short-term
# solution. The permanent solution is to add more resources: RAM, faster
# disks, faster CPUs...

daemons=5

##NAME: version:0
#
# When you have multiple versions of authdaemond.* installed, authdaemond
# just picks the first one it finds. Set "version" to override that.
# For example: version=authdaemond.plain

version=""

##NAME: authdaemonvar:0
#
# authdaemonvar is here, but is not used directly by authdaemond. It's
# used by various configuration and build scripts, so don't touch it!

authdaemonvar=/var/run/courier/authdaemon


/etc/postfix/main.cf:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myhostname = email.portfoliomci.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = email.portfoliomci.com, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/
mailbox_command =
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings

till
10th November 2005, 17:49
Have you checked the files for appended whitespaces?

ggere
10th November 2005, 18:48
Yes, there are no whitespaces. If there were I believe I would be getting issues accessing the mysql table, and I don't see any of those errors in the mail.log.

falko
11th November 2005, 10:39
Please post the output of netstat -tap

ggere
11th November 2005, 18:26
Netstat -tap results:
[root@email:~]# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost.localdo:10024 *:* LISTEN 21581/amavisd (mast
tcp 0 0 localhost.localdo:10025 *:* LISTEN 19625/master
tcp 0 0 localhost.localdo:mysql *:* LISTEN 4635/mysqld
tcp 0 0 *:smtp *:* LISTEN 19625/master
tcp6 0 0 *:imaps *:* LISTEN 2754/couriertcpd
tcp6 0 0 *:pop3s *:* LISTEN 2671/couriertcpd
tcp6 0 0 *:pop3 *:* LISTEN 20792/couriertcpd
tcp6 0 0 *:imap2 *:* LISTEN 20775/couriertcpd
tcp6 0 0 *:www *:* LISTEN 4015/apache2
tcp6 0 0 *:ssh *:* LISTEN 2115/sshd
tcp6 0 0 *:smtp *:* LISTEN 19625/master
tcp6 0 444 ::ffff:192.168.1.37:ssh ::ffff:192.168.1.1:1825 ESTABLISHED22290/0


For some reason I'm also getting these in my mail.log now:

Nov 11 11:26:31 email postfix/master[19625]: warning: process /usr/lib/postfix/virtual pid 22318 exit status 1
Nov 11 11:26:31 email postfix/master[19625]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling
Nov 11 11:27:31 email postfix/virtual[22321]: fatal: mysql:/etc/postfix/mysql-virtual_mailboxes.cf: proxy map is not allowed for security sensitive data
Nov 11 11:27:32 email postfix/master[19625]: warning: process /usr/lib/postfix/virtual pid 22321 exit status 1
Nov 11 11:27:32 email postfix/master[19625]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling
Nov 11 11:28:11 email postfix/postfix-script: stopping the Postfix mail system
Nov 11 11:28:11 email postfix/master[19625]: terminating on signal 15
Nov 11 11:28:12 email postfix/postfix-script: starting the Postfix mail system
Nov 11 11:28:12 email postfix/master[22423]: daemon started -- version 2.1.5
Nov 11 11:28:12 email postfix/qmgr[22426]: B3D2089FA: from=<root@email.portfoliomci.com>, size=1006, nrcpt=1 (queue active)
Nov 11 11:28:12 email postfix/virtual[22431]: fatal: mysql:/etc/postfix/mysql-virtual_mailboxes.cf: proxy map is not allowed for security sensitive data
Nov 11 11:28:13 email postfix/master[22423]: warning: process /usr/lib/postfix/virtual pid 22431 exit status 1
Nov 11 11:28:13 email postfix/master[22423]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling

falko
11th November 2005, 18:57
For some reason I'm also getting these in my mail.log now:

Nov 11 11:26:31 email postfix/master[19625]: warning: process /usr/lib/postfix/virtual pid 22318 exit status 1
Nov 11 11:26:31 email postfix/master[19625]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling
Nov 11 11:27:31 email postfix/virtual[22321]: fatal: mysql:/etc/postfix/mysql-virtual_mailboxes.cf: proxy map is not allowed for security sensitive data
Nov 11 11:27:32 email postfix/master[19625]: warning: process /usr/lib/postfix/virtual pid 22321 exit status 1
Nov 11 11:27:32 email postfix/master[19625]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling
Nov 11 11:28:11 email postfix/postfix-script: stopping the Postfix mail system
Nov 11 11:28:11 email postfix/master[19625]: terminating on signal 15
Nov 11 11:28:12 email postfix/postfix-script: starting the Postfix mail system
Nov 11 11:28:12 email postfix/master[22423]: daemon started -- version 2.1.5
Nov 11 11:28:12 email postfix/qmgr[22426]: B3D2089FA: from=<root@email.portfoliomci.com>, size=1006, nrcpt=1 (queue active)
Nov 11 11:28:12 email postfix/virtual[22431]: fatal: mysql:/etc/postfix/mysql-virtual_mailboxes.cf: proxy map is not allowed for security sensitive data
Nov 11 11:28:13 email postfix/master[22423]: warning: process /usr/lib/postfix/virtual pid 22431 exit status 1
Nov 11 11:28:13 email postfix/master[22423]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling


Do you have

proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
in /etc/postfix/main.cf? The line must contain $virtual_mailbox_maps!
If this doesn't help, remove proxy: from /etc/postfix/main.cf (e.g. virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf instead of virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf).
Don't forget to restart Postfix after your changes!

ggere
11th November 2005, 19:41
Okay, checked the /etc/postfix/main.cf and the proxy_read_maps line was there. So I removed the proxy part from the virtual_mailbox_maps line and receive no more errors in my mail.log file.

I sent a test message from the "admin" account to "postmaster@portfoliomci.com" and this is the log notes:


Nov 11 12:37:45 email postfix/pickup[24057]: B567A8B2C: uid=1000 from=<admin>
Nov 11 12:37:45 email postfix/cleanup[24086]: B567A8B2C: message-id=<20051111173745.GA24066@email.portfoliomci.com>
Nov 11 12:37:45 email postfix/qmgr[24058]: B567A8B2C: from=<admin@email.portfoliomci.com>, size=459, nrcpt=1 (queue active)
Nov 11 12:37:47 email postfix/smtpd[24097]: connect from localhost.localdomain[127.0.0.1]
Nov 11 12:37:47 email postfix/smtpd[24097]: D512C8B2B: client=localhost.localdomain[127.0.0.1]
Nov 11 12:37:47 email postfix/cleanup[24086]: D512C8B2B: message-id=<20051111173745.GA24066@email.portfoliomci.com>
Nov 11 12:37:47 email postfix/qmgr[24058]: D512C8B2B: from=<admin@email.portfoliomci.com>, size=940, nrcpt=1 (queue active)
Nov 11 12:37:47 email amavis[21587]: (21587-01) Passed, <admin@email.portfoliomci.com> -> <postmaster@portfoliomci.com>, Message-ID: <20051111173745.GA24066@email.portfoliomci.com>, Hits: -1.72
Nov 11 12:37:47 email postfix/smtpd[24097]: disconnect from localhost.localdomain[127.0.0.1]
Nov 11 12:37:47 email postfix/smtp[24091]: B567A8B2C: to=<postmaster@portfoliomci.com>, relay=127.0.0.1[127.0.0.1], delay=2, status=sent (250 2.6.0 Ok, id=21587-01, from MTA: 250 Ok: queued as D512C8B2B)
Nov 11 12:37:47 email postfix/qmgr[24058]: B567A8B2C: removed
Nov 11 12:37:48 email postfix/smtp[24101]: D512C8B2B: to=<postmaster@portfoliomci.com>, relay=mail.portfoliomci.com[192.168.1.4], delay=1, status=sent (250 ok 1131730673 qp 2896)
Nov 11 12:37:48 email postfix/qmgr[24058]: D512C8B2B: removed


Still not able to login from Thunderbird however.

falko
12th November 2005, 20:33
Still not able to login from Thunderbird however.
When you want to send emails, or when you try to fetch emails? Or both?

ggere
14th November 2005, 15:54
IMAP is what I'm testing at the moment, so receiving emails. But I believe sending isn't working either. Note: I can send via mutt on the server between real accounts, but I can't test virtual accounts in this way.

falko
14th November 2005, 16:33
Did you use Debian stable or testing to install the server? Because in the tutorial I use stable which comes with Postfix 2.1.5, but testing comes with Postfix 2.2.x, and since 2.2 the format of the lookup files has changed.

Have a look here: http://www.howtoforge.com/forums/showthread.php?t=1149&page=4

Which Postfix version do you have? Run postconf -d | grep mail_version to find out.

ggere
14th November 2005, 16:46
I'm using stable:


[root@email:~]# postconf -d | grep mail_version
mail_version = 2.1.5

I think this may have to do with me not having the dns information completely setup yet, instead I'm trying to connect to ggere@192.168.1.37 (the internal IP of the email server) and I have 192.168.1.37 in my domains table and a user ggere@192.168.1.37 in the users table. I will try to get my dns information setup today and see if that helps.

If you think this isn't what is causing the problem feel free to continue and try to help, I really appreciate your input. Otherwise perhaps it would be best to wait until the dns setup is complete.

Thanks.

falko
14th November 2005, 17:08
If you think this isn't what is causing the problem feel free to continue and try to help, I really appreciate your input. Otherwise perhaps it would be best to wait until the dns setup is complete.

Let's wait until DNS is set up.