PDA

View Full Version : Virtual Users and Domains with Postfix... Problems


hackerkatt
29th January 2008, 17:51
Greetings All,

[EDIT]
Never mind, Still have a problem...

[EDIT]
DISREGARD THE FOLLOWING POST! Unless your curious….
I got to thinking that if we are to replace the “mail_admin_password” in the mysql GRANT… command, then we would have to replace the “mail_admin_password” in the various config files used to process the virtual mail and login authentication to the mail database. I originally thought that the “mail_admin_password” was a passed variable (perhaps this could be made a bit clearer in the How-To, IMHO). I am concerned that the password to access the mail database is in clear text in several files on the server. In any case, all is working now. Thanks for the FAB How-To falko!

I just went through the "Virtual Users and Domains with Postfix, Courier, and MySQL (Ubuntu 7.10) How-To". It was clear, clean, and processed without any errors. However, I get the following errors from my email client.

Your 'Inbox' folder was not polled for its unread count. Your IMAP server has closed the connection. This may occur if you have left the connection idle for too long. Account: 'Perfect Server IMAP', Server: '172.16.1.3', Protocol: IMAP, Server Response: 'Temporary problem, please try again later', Port: 143, Secure(SSL): No, Error Number: 0x800CCCDD

Same error for Header download...

Here is some info to assist anyone who looks at this post.
root@mail:/home/vmail# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost:10024 *:* LISTEN 8755/amavisd (maste
tcp 0 0 localhost:10025 *:* LISTEN 4709/master
tcp 0 0 localhost:mysql *:* LISTEN 4163/mysqld
tcp 0 0 *:www *:* LISTEN 4826/apache2
tcp 0 0 *:smtp *:* LISTEN 4709/master
tcp 7 0 localhost:10025 localhost:40232 CLOSE_WAIT 8894/smtpd
tcp 0 0 localhost:mysql localhost:37021 TIME_WAIT -
tcp 7 0 localhost:10025 localhost:57991 CLOSE_WAIT 5683/smtpd
tcp 7 0 localhost:10025 localhost:51456 CLOSE_WAIT 8840/smtpd
tcp 0 0 localhost:mysql localhost:37022 TIME_WAIT -
tcp 7 0 localhost:10025 localhost:54025 CLOSE_WAIT 8504/smtpd
tcp 7 0 localhost:10025 localhost:51539 CLOSE_WAIT 8771/smtpd
tcp 7 0 localhost:10025 localhost:48810 CLOSE_WAIT 5989/smtpd
tcp6 0 0 *:imaps *:* LISTEN 4603/couriertcpd
tcp6 0 0 *:pop3s *:* LISTEN 4643/couriertcpd
tcp6 0 0 *:pop3 *:* LISTEN 4616/couriertcpd
tcp6 0 0 *:imap2 *:* LISTEN 4583/couriertcpd
tcp6 0 0 *:ssh *:* LISTEN 4056/sshd
tcp6 0 148 mail.netserve.com:ssh ::ffff:172.16.1.3%:1797 ESTABLISHED8624/sshd: admin [


root@mail:/home/admin# ./courier_restart.sh
* Stopping Courier authentication services authdaemond [ OK ]
* Starting Courier authentication services authdaemond [ OK ]
* Stopping Courier IMAP server... [ OK ]
* Starting Courier IMAP server... [ OK ]
* Stopping Courier IMAP-SSL server... [ OK ]
* Starting Courier IMAP-SSL server... [ OK ]
* Stopping Courier POP3 server... [ OK ]
* Starting Courier POP3 server... [ OK ]
* Stopping Courier POP3-SSL server... [ OK ]
* Starting Courier POP3-SSL server... [ OK ]


root@mail:/home/admin# /etc/init.d/postfix restart
* Stopping Postfix Mail Transport Agent postfix [ OK ]
* Starting Postfix Mail Transport Agent postfix [ OK ]



root@mail:/# /etc/init.d/saslauthd restart
* Restarting SASL Authentication Daemon saslauthd [ OK ]



root@mail:/# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.netserve.com ESMTP Postfix (Ubuntu)
ehlo localhost
250-mail.netserve.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit

Telnet success from a different local server as well.


mysql> select * from domains;
+------------+
| domain |
+------------+
| netserve.com |
+------------+
1 row in set (0.01 sec)


mysql> select * from users;
+---------------------------+-----------------+----------+
| email | password | quota |
+---------------------------+-----------------+----------+
| admin@netserve.com | UPemVbalYFWXk | 10485760 |
| postmaster@netserve.com | SofhumT06b7To | 10485760 |
| abuse@netserve.com | gpV.GC84VnXew | 10485760 |
+---------------------------+-----------------+----------+
3 rows in set (0.00 sec)



root@mail:/# cat /etc/pam.d/smtp
auth required pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient pam_mysql.so user=mail_admin passwd=mail_admin_password host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1


root@mail:/# cat /etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: mail_admin
sql_passwd: mail_admin_password
sql_database: mail
sql_select: select password from users where email = '%u'



root@mail:/# tail /var/log/mail.log -f
Jan 29 08:25:15 mail imapd: Connection, ip=[::ffff:172.16.1.25]
Jan 29 08:25:15 mail authdaemond: failed to connect to mysql server (server=localhost, userid=mail_admin): Access denied for user 'mail_admin'@'localhost' (using password: YES)
Jan 29 08:25:15 mail imapd: LOGIN FAILED, user=admin@netserve.com, ip=[::ffff:172.16.1.25]
Jan 29 08:25:15 mail imapd: authentication error: Input/output error
Jan 29 08:25:15 mail imapd: Connection, ip=[::ffff:172.16.1.25]
Jan 29 08:25:15 mail authdaemond: failed to connect to mysql server (server=localhost, userid=mail_admin): Access denied for user 'mail_admin'@'localhost' (using password: YES)
Jan 29 08:25:15 mail imapd: LOGIN FAILED, user=admin@netserve.com, ip=[::ffff:172.16.1.25]
Jan 29 08:25:15 mail imapd: authentication error: Input/output error
Jan 29 08:25:15 mail imapd: Connection, ip=[::ffff:172.16.1.25]
Jan 29 08:25:15 mail authdaemond: failed to connect to mysql server (server=localhost, userid=mail_admin): Access denied for user 'mail_admin'@'localhost' (using password: YES)
Jan 29 08:25:15 mail imapd: LOGIN FAILED, user=admin@netserve.com, ip=[::ffff:172.16.1.25]
Jan 29 08:25:15 mail imapd: authentication error: Input/output error
Jan 29 08:25:15 mail imapd: Connection, ip=[::ffff:172.16.1.25]
Jan 29 08:25:15 mail authdaemond: failed to connect to mysql server (server=localhost, userid=mail_admin): Access denied for user 'mail_admin'@'localhost' (using password: YES)
Jan 29 08:25:15 mail imapd: LOGIN FAILED, user=admin@netserve.com, ip=[::ffff:172.16.1.25]
Jan 29 08:25:15 mail imapd: authentication error: Input/output error



root@mail:/# /etc/init.d/mysql restart
* Stopping MySQL database server mysqld [ OK ]
* Starting MySQL database server mysqld [ OK ]
* Checking for corrupt, not cleanly closed and upgrade needing tables.


Ok, enough for now.

? for the group. where the How-to says:
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost' IDENTIFIED BY 'mail_admin_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'mail_admin_password';

The instructions say to replace 'mail_admin_password' with your password. I assumed (bad) that it meant to use my password as an admin user. It this correct? It would seem from the mail.log that this login is failing. I've gone back and re-issued the GRANT.... commands w/o any change to the problem.

Any help would be a shot in the arm. Thanks guys.

hackerkatt

hackerkatt
29th January 2008, 21:13
Ok, maybe premature...

I seem to still have a problem. I can authenticate against the IMAP server but not the SMTP server.

No outgoing mail, just need to authenticate against IMAP and check for mail.

root@mail:/# tail /var/log/mail.log -f
Jan 29 12:02:52 mail imapd: Connection, ip=[::ffff:172.16.1.25]
Jan 29 12:02:52 mail imapd: LOGIN, user=admin@netserve.com, ip=[::ffff:172.16.1.25], protocol=IMAP
Jan 29 12:02:52 mail imapd: DISCONNECTED, user=admin@netserve.com, ip=[::ffff:172.16.1.25], headers=0, body=0, rcvd=259, sent=503, time=0


Have an outgoing email and need to authenticate against SMTP.

Jan 29 12:03:12 mail postfix/smtpd[6510]: connect from unknown[172.16.1.25]
Jan 29 12:03:12 mail postfix/smtpd[6510]: warning: unknown[172.16.1.25]: SASL LOGIN authentication failed: authentication failure
Jan 29 12:03:12 mail postfix/smtpd[6510]: lost connection after AUTH from unknown[172.16.1.25]
Jan 29 12:03:12 mail postfix/smtpd[6510]: disconnect from unknown[172.16.1.25]



root@mail:/# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost:10024 *:* LISTEN 4077/amavisd (maste
tcp 0 0 localhost:10025 *:* LISTEN 4697/master
tcp 0 0 localhost:mysql *:* LISTEN 4151/mysqld
tcp 0 0 *:webmin *:* LISTEN 4837/perl
tcp 0 0 *:www *:* LISTEN 4814/apache2
tcp 0 0 *:smtp *:* LISTEN 4697/master
tcp 0 0 mail.netserve.com:webmin 172.16.1.3:2083 ESTABLISHED6520/perl
tcp6 0 0 *:imaps *:* LISTEN 4596/couriertcpd
tcp6 0 0 *:pop3s *:* LISTEN 4631/couriertcpd
tcp6 0 0 *:pop3 *:* LISTEN 4609/couriertcpd
tcp6 0 0 *:imap2 *:* LISTEN 4571/couriertcpd
tcp6 0 0 *:ssh *:* LISTEN 4044/sshd
tcp6 0 148 mail.netserve.com:ssh ::ffff:172.16.1.3%:4888 ESTABLISHED4845/sshd: admin [

hackerkatt
29th January 2008, 22:27
Never mind again. Geez...

I went back and discovered I overlooked changing "mail_admin_password" in the following files.

/etc/postfix/sasl/smtpd.conf
/etc/pam.d/smtp

Sorry for the goose chance. But some good lessons for both me and those that would use this how-to. Thanks!

hackerkatt