I have Courier-IMAP running along with Squirrelmail Webmail and Postfix.

Postfix is delivering messages just fine and Squirrelmail does not appear to have any problems.

However, when I connect using a third part client such as Outlook or from my Motorola Q, I have a small problem.

The email account is established as an IMAP account. The account will successfully download emails from the server and will send email as well. However, when emails are deleted from the remote account, they are not deleted from the server.

I am guessing it is a permissions problem, but I don't know where to begin. All of my Postfix related stuff runs under virtual:virtual.

I would appreciate any help to get me pointed in the right direction.

Deleting of mail from the server has nothing to do with postfix, postfix's responsibility ends after delivering the mail to the mail store.

This seems to be a client problem, if the server is not logging a permissions error.

Try connection to the server using telnet and deleting the mail and see if it actually gets deleted.

I am by no means very experienced at using telnet. However, I did connect in order to test that all the appropriate services were listening after setting up and configuring.

Should I telnet into the SMTP port or the IMAP port?

I know that Postfix likely has nothing to do with this issue. I am guessing it is either the client or a permissions issue with Courier. Does Courier run as a specific user? Could I add that user temporarily to the group that owns the Maildir folder to see if it is permissions related? Or which log should I look into to see if a permissions problem is being logged?

I really appreciate your help.

Thanks.

ISPConfig comes with some default firewall rules.
The IMAP port 143 is closed by default.
Please, verify if the IMAP port 143 is open and the firewall rule has been set to "Yes" instead of "No".

You can do this within ISPConfig under Management > Server > Services > Firewall

you need to connect to the imap port

I am able to connect via telnet to the mail server. I know this was the case already, but I double checked and yes, port 143 is being forwarded by the gateway to the server and the firewall is open for this port.

As I mentioned before, I get mail on my mobile device through an IMAP connection, it just doesn't delete the emails.

Through telnet, I connected, logged in and selected the INBOX folder. However, I have done some searches online and can't seem to find (or maybe understand) the commands to actually select and delete a message.

I think this is the pivotal test to see if it is a problem with my server or with the client. Anyone have good directions for me or a tutorial online that I could follow?

Thanks.

Does this help?

. getacl INBOX
* ACL "inbox" "owner" "acdilrsw" "administrators" "acdilrsw"

Should there be a "d" flag returned from this command to allow for the deletion of emails?

For the record, Postfix is using a MySQL backend. So the users of the email system are not users of the box itself.

Thanks.

Are there any errors in your logs when you try to delete mails?

I don't believe so. However, I am not sure I am looking in the right logs. I have several mail logs, but I don't see anything in them related to errors when attempting to delete. The mail.err and mail.warn don't have any entries since last November.

I see the mobile client connecting, authorizing and TX/RX data packets within the syslog log file which is normal. There are no errors reported.

I believe that Courier is logging to syslog, but maybe I am mistaken.

Does this help at all? Otherwise, tell me where else I should be looking for clues.

You looked at the correct log files... Not sure what is wrong then. :confused:

Falko,

I did set up a second server this weekend strictly following your How To for the Perfect Server with Ubuntu 7.10. The server that is giving me problems with the IMAP functionality was setup using a How To by Flurdy (easy Google search by Flurdy email).

Although this second machine was supposed to be much more of a test server, I suppose I could change my network to have it be the active mail server and see if the IMAP problem still persists. Maybe this would help define whether it is my client or server.

Lastly, I did install ISPConfig on the second server. It took a while, but the machine is older too. I have read through the a lot of the docuementation for ISPConfig. But are there are tutorials or examples on how you would actually use the software (i.e. A walk through on adding customers, hosting plans, invoicing, etc.)?

Thanks.

But are there are tutorials or examples on how you would actually use the software (i.e. A walk through on adding customers, hosting plans, invoicing, etc.)?

Thanks.
No tutorials, only the user manual: http://www.ispconfig.org/documentation.htm

So here is the update after a complete rebuild last weekend.

I used the Falko guide to for the Perfect Server Ubuntu 7.10 setup. I did not do any of the items that were ISPConfig specific (I am still debating whether to install this program). I then used the Falko Guide on Virtual Hosting with a MySQL backend for Ubuntu 7.10 to setup Postfix. (http://www.howtoforge.com/virtual-users-and-domains-with-postfix-ubuntu-7.10)

Regarding my Windows Mobile Client, I am still unable to delete emails from my IMAP server. However, I found some posts that seem to point to Windows Mobile 5 OS as the culprit. I had a friend with a Windows Mobile 6 device connect and test the procedure and the email was deleted. So I think I have indentified the problem, but don't have a work around yet.

However, I do have a new problem. I cannot send emails from my mobile device. My server bounces them. This is a line from the logs:


Apr 20 16:27:16 gopher postfix/smtpd[6471]: NOQUEUE: reject: RCPT from 99-200-132-141.area2.spcsdns.net[99.200.132.141]: 554 5.7.1 <me@mydomain1.com>: Relay access denied; from=<me@mydomain1.com> to=<me@mydomain1.com> proto=ESMTP helo=<Inbox>


mydomain1.com is a virtual domain hosted on my server. I can connect and receive emails on my client just fine with this account.

Thanks.

I looked back at my old main.cf file for Postfix before rebuilding the server using the Falko guide. I had the following section in my old configuration file.


# Requirements for the sender details
smtpd_sender_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unauth_pipelining,
permit


I don't have an smtpd_sender_restrictions section in my new configuration file as it wasn't part of the How To.

Should I add the old section back in? What is the harm of doing so? Do you think it would solve my issue?

I have also been tailing my mail log when the client is connecting and attempting to send mail. This is what it shows:


Apr 27 00:26:51 gopher pop3d-ssl: LOGIN, user=me@domain1.com, ip=[::ffff:99.203.32.237]
Apr 27 00:26:54 gopher postfix/smtpd[7003]: connect from 99-203-32-237.area2.spcsdns.net[99.203.32.237]
Apr 27 00:26:54 gopher postfix/smtpd[7003]: setting up TLS connection from 99-203-32-237.area2.spcsdns.net[99.203.32.237]
Apr 27 00:26:55 gopher postfix/smtpd[7003]: TLS connection established from 99-203-32-237.area2.spcsdns.net[99.203.32.237]: SSLv3 with cipher RC4-MD5 (128/128 bits)
Apr 27 00:26:57 gopher postfix/smtpd[7003]: warning: 99-203-32-237.area2.spcsdns.net[99.203.32.237]: SASL LOGIN authentication failed: authentication failure
Apr 27 00:26:59 gopher postfix/smtpd[7003]: warning: 99-203-32-237.area2.spcsdns.net[99.203.32.237]: SASL LOGIN authentication failed: authentication failure
Apr 27 00:26:59 gopher postfix/smtpd[7003]: disconnect from 99-203-32-237.area2.spcsdns.net[99.203.32.237]
Apr 27 00:27:00 gopher pop3d-ssl: LOGOUT, user=me@domain1.com, ip=[::ffff:99.203.32.237], top=0, retr=0, rcvd=18, sent=89, time=9


Thanks.

I used the Falko guide to for the Perfect Server Ubuntu 7.10 setup. I did not do any of the items that were ISPConfig specific (I am still debating whether to install this program). I then used the Falko Guide on Virtual Hosting with a MySQL backend for Ubuntu 7.10 to setup Postfix. (http://www.howtoforge.com/virtual-users-and-domains-with-postfix-ubuntu-7.10)
The virtual user setup is incompatible with ISPConfig, so you can't install ISPConfig...



However, I do have a new problem. I cannot send emails from my mobile device. My server bounces them. This is a line from the logs:


Apr 20 16:27:16 gopher postfix/smtpd[6471]: NOQUEUE: reject: RCPT from 99-200-132-141.area2.spcsdns.net[99.200.132.141]: 554 5.7.1 <me@mydomain1.com>: Relay access denied; from=<me@mydomain1.com> to=<me@mydomain1.com> proto=ESMTP helo=<Inbox>


mydomain1.com is a virtual domain hosted on my server. I can connect and receive emails on my client just fine with this account.

Thanks.Please enable "Server requires authentication" in your email client.

I know about the ISPConfig limitations with my current setup. I am going to setup nother server with ISPConfig to evaluate it. The lack of user documentation scares m a little bit.

I have placed a check next to the Outgoing server requires authentication. The error mssage I posted earlier is what is logged with the authentication option enabled.

There are additional server settings for the outgoing server, but I haven't set them.

Any other suggestions?

I have been looking through the Internet today for possible solutions. I have come across a couple of sites that suggest setting the following variables.


sudo postconf -e 'smtpd_sasl_type = dovecot'
sudo postconf -e 'smtpd_sasl_path = private/auth-client'


Now I know the example above is Dovecot specific, but is there anything similar that I need for my Courier setup?

Also, I noticed in my postfix main.cf file that the following variable is undefined.

smtpd_sasl_local_domaing =

Should it be undefined?

Thanks.

I know about the ISPConfig limitations with my current setup. I am going to setup nother server with ISPConfig to evaluate it. The lack of user documentation scares m a little bit.

I have placed a check next to the Outgoing server requires authentication. The error mssage I posted earlier is what is logged with the authentication option enabled.

There are additional server settings for the outgoing server, but I haven't set them.

Any other suggestions?
What's in /etc/postfix/main.cf? Is the domain listed in /etc/postfix/local-host-names? Is the email address listed in /etc/postfix/virtusertable?

Here are the contents of the main.cf file:

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = mail.mydomain1.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.mydomain1.com, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command =
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_create_maildirsize = yes
#virtual_mailbox_extended = yes
virtual_maildir_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
content_filter = amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings


I don't have the files /etc/postfix/local-host-names or /etc/postfix/virtusertable. Should I? I am using a MySQL backend with virtual users.

I appreciate the help from these forums. It is one of the best in my experience.

Thanks.

Is me@mydomain1.com listed in the users table? Is mydomain1.com listed in the domains table?

Yes to both. The domain is listed in the domains table and the user address (me@domain1.com) is listed in the email field of the users table.

I hope I haven't stumped you. I do feel it is an SASL issue since my previous setup had permit_mynetworks before permit_sasl_authenticated in the smtpd_senders configuration variable. It is currently blank.

That is just a theory right now though I plan on testing that this evening.

What happens if you add
smtpd_sender_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unauth_pipelining,
permit
to your main.cf?

I implemented the changes to the smtpd_sender restrictions and restarted Postfix.

I tried sending mail from the client two different ways.

When "Outgoing Server Requires Authentication" was checked on the client, the client was unable to connect at all.

When "Outgoing Server Requires Authentication" was unchecked on the client, a connection was made but the outgoing message was returned undeliverable. The server mail log shows the same relay access denied message.

My prior setup, before the rebuild, had permit_mynetworks before permit_sasl_authenticated. I believe this is why I never noticed a problem before.

Would you like me to switch the order temporarily to verify that to be the case?

Yes, try that.

Falko,

I tried that yesterday and received an error as well.

I happened to pop into my auth.log file today for another reason and saw the following block of error statements.


May 1 14:00:14 server saslauthd[7234]: pam_mysql - MySQL error (Access denied for user 'dbuser'@'localhost' (using password: NO))
May 1 14:00:14 server saslauthd[7234]: DEBUG: auth_pam: pam_authenticate failed: Authentication service cannot retrieve authentication info
May 1 14:00:14 server saslauthd[7234]: do_auth : auth failure: [user=me@domain1.com] [service=smtp] [realm=domain1.com] [mech=pam] [reason=PAM auth error]
May 1 14:00:16 server saslauthd[7234]: pam_mysql - MySQL error (Access denied for user 'dbuser'@'localhost' (using password: NO))
May 1 14:00:16 server saslauthd[7234]: DEBUG: auth_pam: pam_authenticate failed: Authentication service cannot retrieve authentication info
May 1 14:00:16 server saslauthd[7234]: do_auth : auth failure: [user=me@domain1.com] [service=smtp] [realm=domain1.com] [mech=pam] [reason=PAM auth error]


This makes me believe that I have a permissions issue with my database user. Would you agree?

Thanks.

Can you log in to MySQL like this?
mysql -u dbuser -p
Or like this:
mysql -u dbuser

What's in /etc/pam.d/smtp?

Here are the results of the latest test.

Using the first MySQL login command (mysql -u dbuser -p), I was able to adequately access MySQL.

Using the second MySQL login command (mysql -u dbuser), I received an error message very similar to the errors being logged to my auth.log file.


ERROR 1045 (28000): Access denied for user 'dbuser'@'localhost' (using password: NO)


Here is the output of /etc/pam.d/smtp. I have sanitized the database name, login, and password information. I have checked those and know that they are indeed correct though.


auth required pam_mysql.so user=dbuser password=mailpassword host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1
account sufficient pam_mysql.so user=dbuser password=mailpassword host=127.0.0.1 db=mail table=users usercolumn=email passwdcolumn=password crypt=1


Thanks.

Does the password contain special characters?

Do you use the right database login in the mysql*.cf files?

Sorry I haven't been more responsive. My baby daughter was born on Saturday. I just want to say that I really do appreciate your willingness to help me solve this problem.

The password for the MySQL database user does not contain any special characters. It is a strong password, but only comprised of letters and numbers.

I have double and even triple checked the mysql*.conf files to ensure that my login information is correct.

Here are some brainstorming ideas/questions I have.

Is there a way to ratchet up the error logging to become more verbose? Perhaps more information will help pinpoint the problem.

I noticed that in the mysql*.conf files, the host is defined as 127.0.0.1. However, the log indicates the connection is being made on localhost. The hosts file does resolve 127.0.0.1 to localhost, but I also know that MySQL is bound to listen on 127.0.0.1. Does this make any difference?

What privileges should the MySQL database user have on the database? I believe it is all (i.e. GRANT ALL ON maildatabase.*), but I could double check.

Thanks.

Bump...

Is there a way to increase the amount of information being logged or make it more verbose so that I can pinpoint the problem better?

Not sure...

But did you double-check your configuration and compared it with the one from the tutorial? Maybe you made a typo somewhere.