Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 9th May 2011, 20:43
CopalFreak CopalFreak is offline
Junior Member
 
Join Date: May 2011
Posts: 19
Thanks: 2
Thanked 0 Times in 0 Posts
Default postfix virtual users and authentication problems

I have been trying to get postfix up and going with virtual users and am having a very hard time with it. I have posted in various forums on the web to no avail, but I am hoping somebody here can help.

I can receive mail fine.
In my maillog, when I try to SEND an email from an email client(or webmail), several things are happening.

Code:
NOQUEUE: reject: connect from localhost: client host rejected : access denied; proto=SMTP

xsasl_dovecot_server_connect: Connecting
warning: SASL: Connect to private/auth failed: Permission denied
fatal: no SASL authentication mechanisms
There is another post that is ALMOST like this, but the solutions there did not help. Originally I was not getting this error, just a 'client access denied' from my IP address, but after trying to fix it via instructions from the other post, this started happening. Following the example from a post for THIS problem made things worse and I could no longer receive emails.
I started over from scratch and now have it to this point.

I am not sure what I need to post...entire main.cf and master.cf? (pretty long)

postconf -a says
Code:
dovecot
postconf -A says nothing (empty)
(which I am sure is part of the problem, but not sure what to do about it)

postconf -d | grep nis says
Code:
alias_maps = hash:/etc/aliases, nis:mail.aliases
lmtp_sasl_mechanism_filter =
smtp_sasl_mechanism_filter
..which is odd.. alias_maps is for 'local delivery' correct?
Since I am using virtual users (from mysql), I would think it should be something like :
Code:
local_transport = virtual
alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
..which is exactly what I currently have in my /etc/postfix/main.cf..

Any help would be appreciated.
Reply With Quote
Sponsored Links
  #2  
Old 10th May 2011, 00:46
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,722 Times in 2,563 Posts
Default

What's the output of
Code:
postconf -n
?

Which tutorial (URL) did you use?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
CopalFreak (11th May 2011)
  #3  
Old 10th May 2011, 01:07
CopalFreak CopalFreak is offline
Junior Member
 
Join Date: May 2011
Posts: 19
Thanks: 2
Thanked 0 Times in 0 Posts
Default

falco,
thank you for responding.
i used several different tutorials and resources. Started out with one, had problems I couldn't solve, went to another. Been working on this for a while so its hard to pin down just one.

http://wiki.dovecot.org/HowTo/Doveco...tfixAdminMySQL
http://www.postfix.org/SASL_README.html
http://ubuntuforums.org/showthread.php?t=142263
and a ton posts in various forums.

At this point I am considering trying to remove all traces of postfix and dovecot and starting over..again..just to have a 'clean slate'.
Good idea or bad idea?


output of postconf -n
Code:
alias_database =
alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
debug_peer_level = 1
default_privs = mail
disable_vrfy_command = yes
inet_interfaces = localhost, $myhostname
invalid_hostname_reject_code = 450
local_transport = virtual
maps_rbl_reject_code = 450
mydestination = localhost.$mydomain, localhost, $myhostname
myhostname = rockhouseinc.com
mynetworks = /etc/postfix/mynetworks
non_fqdn_reject_code = 450
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps $virtual_login_maps
smtp_sasl_security_options = noanonymous
smtp_sasl_type = doovecot
smtp_tls_CAfile = /etc/postfix/DigiCertCA.pem
smtp_tls_cert_file = /etc/postfix/mail_rockhouseinc_com.pem
smtp_tls_key_file = /etc/postfix/mail_rockhouseinc_com.key
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtpd_data_restrictions = reject_unauth_pipelining,        reject_multi_recipient_bounce,        permit
smtpd_delay_reject = no
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks,        permit_sasl_authenticated,        reject_unauth_destination,        reject_invalid_helo_hostname,        warn_if_reject reject_non_fqdn_helo_hostname,        warn_if_reject reject_unknown_helo_hostname,        warn_if_reject reject_unknown_client,        reject_non_fqdn_sender,        reject_non_fqdn_recipient,        reject_unknown_sender_domain,        reject_unknown_recipient_domain,        reject_rbl_client zen.spamhaus.org,        reject_rbl_client bl.spamcop.net,        reject_rbl_client dnsbl.sorbs.net=127.0.0.2,        reject_rbl_client dnsbl.sorbs.net=127.0.0.3,        reject_rbl_client dnsbl.sorbs.net=127.0.0.4,        reject_rbl_client dnsbl.sorbs.net=127.0.0.5,        reject_rbl_client dnsbl.sorbs.net=127.0.0.7,        reject_rbl_client dnsbl.sorbs.net=127.0.0.9,        reject_rbl_client dnsbl.sorbs.net=127.0.0.11,        reject_rbl_client dnsbl.sorbs.net=127.0.0.12,        warn_if_reject reject_rhsbl_sender dsn.rfc-ignorant.org,        warn_if_reject reject_rhsbl_sender abuse.rfc-ignorant.org,        warn_if_reject reject_rhsbl_sender whois.rfc-ignorant.org,        warn_if_reject reject_rhsbl_sender bogusmx.rfc-ignorant.org,        warn_if_reject reject_rhsbl_sender postmaster.rfc-ignorant.org,        permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/postfix/DigiCertCA.pem
smtpd_tls_ask_ccert = yes
smtpd_tls_cert_file = /etc/postfix/mail_rockhouseinc_com.pem
smtpd_tls_dh1024_param_file = $config_directory/dh_1024.pem
smtpd_tls_dh512_param_file = $config_directory/dh_512.pem
smtpd_tls_key_file = /etc/postfix/mail_rockhouseinc_com.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache
tls_random_source = dev:/dev/urandom
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:202
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 202
virtual_transport = dovecot
virtual_uid_maps = static:202
Here is what I am attempting:
email will be stored in /var/vmail/{domain}/{user}
can be accessed by VIRTUAL users (from mysql) via https(webmail) and/or email client which should be using some sort of encryption..but I want the passwords for the virtual users stored in mysql to be 'plaintext' (for the moment).

Thanks a ton for your help!!
Reply With Quote
  #4  
Old 10th May 2011, 01:43
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,722 Times in 2,563 Posts
Default

Quote:
Originally Posted by CopalFreak View Post
At this point I am considering trying to remove all traces of postfix and dovecot and starting over..again..just to have a 'clean slate'.
Good idea or bad idea?
Yes, I think that's the best you can do. I suggest you try this tutorial: http://www.howtoforge.com/virtual-us...l-ubuntu-10.10
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
CopalFreak (11th May 2011)
  #5  
Old 10th May 2011, 02:01
CopalFreak CopalFreak is offline
Junior Member
 
Join Date: May 2011
Posts: 19
Thanks: 2
Thanked 0 Times in 0 Posts
Default

That tutorial seems to use courier rather than dovecot.
Is couurier more robust? (going to have 300+ virtual users and some might be getting upwards of 50 emails per day and probably won't manage them correctly. I chose dovecot because of the advanced individualized quota and auto-pruning+notification features it supposedly has)

Also, it uses encrypted passwords instead of plaintext.
I wanted to start out with plaintext passwords in mysql because I am going to need to be able to retrieve them at first. (once I setup all the users, I have to know what password to setup for their email client). I could make a separate list or db, but that's same same security risk.
Isn't there a way to have a setting that it can be PLAIN, and then just change the setting to use encryption, and then encrypt the passwords once I have verified that it's all working correctly?

It starts out with an alias file rather than virtual users in mysql, and then goes to mysql..once completed (IF it works), is it ok to delete virtual.db (and referenced to it)?

Thanks!
Reply With Quote
  #6  
Old 10th May 2011, 21:24
CopalFreak CopalFreak is offline
Junior Member
 
Join Date: May 2011
Posts: 19
Thanks: 2
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko View Post
Yes, I think that's the best you can do. I suggest you try this tutorial: http://www.howtoforge.com/virtual-us...l-ubuntu-10.10
OK.. following your tutorial..almost there.. (i think)
..modified a bit for dovecot though.

Getting a silly error..I suspect because of something I did towards the beginning of the tutorial that was for Courier.

Code:
warning: request for unapproved table: "unix:passwd.byname"
...to approve this table for proxymap access list proxy:unix:oasswd.byname in main.cf:proxy_read_maps
but I am using MySQL..so it should not be looking for that..
in my main.cf, I DO have proxy_read_maps
Code:
alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_alias_domains = proxy:mysql:/etc/postfix/mysql_virtual_alias_domains.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domain_maps.cf
virtual_login_maps = proxy:mysql:/etc/postfix/mysql_virtual_login_maps.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf

mydestination = $myhostname $mynetworks $alias_maps $virtual_mailbox_domains $virtual_login_maps $virtual_mailbox_maps $virtual_alias_maps
proxy_read_maps = $mydestination
One weird things I DID do was in the mysql_virtual files
Code:
hosts = unix:/var/run/mysql/mysql.sock, 127.0.0.1
I did that because I was getting other errors...not sure it helped though.

Any ideas what is causing this? (and maybe how to fix)?

Thanks!

Last edited by CopalFreak; 11th May 2011 at 01:28.
Reply With Quote
  #7  
Old 11th May 2011, 13:16
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,722 Times in 2,563 Posts
 
Default

I think it's better to use Courier because I didn't test this setup with Dovecot, and I've never had any problems with Courier.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Tags
dovecot, mysql, postfix, sasl, tls

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix Timeout after DATA from some emails treeman Server Operation 13 25th September 2013 12:51
Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail gu35t HOWTO-Related Questions 5 3rd February 2011 20:25
postfix: "unknown user" with mysql auth. Kruser Server Operation 3 18th June 2009 18:20
Mail problems after following Virtual Users And Domains With Postfix, Courier tyliong HOWTO-Related Questions 33 7th January 2009 05:17
Virtual Users And Domains With Postfix - SASL LOGIN authentication failed lord0815 HOWTO-Related Questions 3 31st October 2006 17:43


All times are GMT +2. The time now is 06:39.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.