Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 27th February 2006, 07:10
viewport viewport is offline
Junior Member
 
Join Date: Feb 2006
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default mailuser/login not working

I created a Client, then a Site (testsite.com), then a couple of users under that Site. I tried logging in to https://myispconfig:81/mailuser. Failed with myuser@testsite.com (postfix virtusertable), but succeeded with web3_myuser (system account). Why's that?

A quick check shows that ISPConfig reads the isp_isp_user table, probably completely ignoring the postfix virtusertable it wrote during user creation.

Also, IMAP doesn't work (from SquirrelMail). How does Courier-IMAP tie to Postfix's authentication?
Reply With Quote
Sponsored Links
  #2  
Old 27th February 2006, 09:27
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by viewport
I created a Client, then a Site (testsite.com), then a couple of users under that Site. I tried logging in to https://myispconfig:81/mailuser. Failed with myuser@testsite.com (postfix virtusertable), but succeeded with web3_myuser (system account). Why's that?
Because you must use the username of the user to whom the email address belongs. In your case it's web3_myuser.

Quote:
Originally Posted by viewport
A quick check shows that ISPConfig reads the isp_isp_user table, probably completely ignoring the postfix virtusertable it wrote during user creation.
Yes, ISPConfig does not read from /etc/postfix/virtusertable.

Quote:
Originally Posted by viewport
Also, IMAP doesn't work (from SquirrelMail). How does Courier-IMAP tie to Postfix's authentication?
Please post the output of
Code:
netstat -tap
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 1st March 2006, 05:36
viewport viewport is offline
Junior Member
 
Join Date: Feb 2006
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Because you must use the username of the user to whom the email address belongs. In your case it's web3_myuser.
Erm, I asked "Why's that?" Quick explanation for that strategy?

Quote:
Yes, ISPConfig does not read from /etc/postfix/virtusertable
Then why does ISPConfig create that virtusertable file? How does ISPConfig use that, or does it use that?

Quote:
Please post the output of `netstat -tap'
See attached netstat.out.gz
Attached Files
File Type: gz netstat.out.gz (532 Bytes, 238 views)
Reply With Quote
  #4  
Old 1st March 2006, 09:42
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by viewport
Erm, I asked "Why's that?" Quick explanation for that strategy?
Because ISPConfig creates system users, not virtual users. System users have names like web3_myuser.

Quote:
Originally Posted by viewport
Then why does ISPConfig create that virtusertable file? How does ISPConfig use that, or does it use that?
Postfix uses /etc/postfix/virtusertable, that's why ISPConfig creates it.

Quote:
Originally Posted by viewport
See attached netstat.out.gz
Can you post the output in plain text here? That makes it easier for us.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 2nd March 2006, 13:44
viewport viewport is offline
Junior Member
 
Join Date: Feb 2006
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Because ISPConfig creates system users, not virtual users. System users have names like web3_myuser.
But we can't expect mail users to login as web3_myuser, can we? That's odd. Users want to log in as "myuser@mydomain.com" instead.

Quote:
Postfix uses /etc/postfix/virtusertable, that's why ISPConfig creates it
How does Postfix use it? PAM authentication perhaps? So why doesn't ISPConfig use it as well? A simple extrapolation from "helping Postfix do its job" to "actually integrating with Postfix".

The netstat output you requested:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost:32770 *:* LISTEN 6872/hpiod
tcp 0 0 localhost:32771 *:* LISTEN 6882/python
tcp 0 0 localhost:mysql *:* LISTEN 7065/mysqld
tcp 0 0 *:netbios-ssn *:* LISTEN 7297/smbd
tcp 0 0 *:81 *:* LISTEN 7447/ispconfig_http
tcp 0 0 *:ftp *:* LISTEN 7638/proftpd: (acce
tcp 0 0 webmail.testsite:domain *:* LISTEN 7623/named
tcp 0 0 localhost:domain *:* LISTEN 7623/named
tcp 0 0 localhost:ipp *:* LISTEN 6838/cupsd
tcp 0 0 localhost:953 *:* LISTEN 7623/named
tcp 0 0 *:smtp *:* LISTEN 7583/master
tcp 0 0 *:microsoft-ds *:* LISTEN 7297/smbd
tcp 0 0 localhost:32770 localhost:48040 ESTABLISHED6872/hpiod
tcp 0 0 localhost:ipp localhost:38970 ESTABLISHED6838/cupsd
tcp 0 0 localhost:48040 localhost:32770 ESTABLISHED6882/python
tcp 0 0 localhost:38970 localhost:ipp ESTABLISHED7795/gnome-cups-ico
tcp6 0 0 *:imaps *:* LISTEN 6966/couriertcpd
tcp6 0 0 *op3s *:* LISTEN 7007/couriertcpd
tcp6 0 0 *op3 *:* LISTEN 6984/couriertcpd
tcp6 0 0 *:imap2 *:* LISTEN 6943/couriertcpd
tcp6 0 0 *:www *:* LISTEN 7484/apache2
tcp6 0 0 ip6-localhost:953 *:* LISTEN 7623/named
tcp6 0 0 *:https *:* LISTEN 7484/apache2
Reply With Quote
  #6  
Old 2nd March 2006, 16:45
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by viewport
How does Postfix use it? PAM authentication perhaps? So why doesn't ISPConfig use it as well? A simple extrapolation from "helping Postfix do its job" to "actually integrating with Postfix".
Postfix simply reads /etc/postfix/virtusertable (i.e. /etc/postfix/virtusertable.db); it doesn't have to authenticate to read its own files.
ISPConfig stores everything in its MySQL database, and ISPConfig's backend then reads from the database and writes everything into the appropriate configuration file.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #7  
Old 3rd March 2006, 06:19
viewport viewport is offline
Junior Member
 
Join Date: Feb 2006
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Postfix simply reads /etc/postfix/virtusertable (i.e. /etc/postfix/virtusertable.db); it doesn't have to authenticate to read its own files.
I see. So Postfix reads the virtusertable to know that an incoming email with "To:" header "myuser@mydomain.com" should go to inbox of system user say "web3_myuser". Right? Postfix doesn't do any authentication at all? So what does? Courier's POP?

Quote:
ISPConfig stores everything in its MySQL database, and ISPConfig's backend then reads from the database and writes everything into the appropriate configuration file.
Actually, that's part of a problem. ISPConfig stores mailuser info in its backend, but is mostly (always?) oblivous to actual system files that actually denote the system users. In short, ISPConfig replicates much of the system files' info redundantly. This makes it difficult for a system with ISPConfig to work with 'root' user admin work. A typical advice I would issue for ISPConfig users is "try to do everything with ISPConfig (even if some things are not yet possible with it), and don't do any root admin work like adding users manually".

A simple analogy. Say I'm a middleman (like ISPConfig) that deals with delivering your letters to addresses. I keep my own database of recipients (with physical addresses). And then there is the government's DEFINITIVE address book that everyone can look up. Still, I use my own database. Therefore, whenever a recipient changes address, and the government address book is modified, my database gets stale. There is no contract between government and me to synchronize our disparate databases, though I do update the government's database whenever I meet a new recipient who just bought a new address through (my other business). Therefore, the only way we can assure agreement between the disparate database is if ALL citizens buy new addresses through me. Same case with ISPConfig, users are advised to create new users (mailusers and system users) through ISPConfig.

But that's another discussion altogether. How's my netstat output?

Last edited by viewport; 3rd March 2006 at 06:50.
Reply With Quote
  #8  
Old 3rd March 2006, 09:52
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

Quote:
Originally Posted by viewport
I see. So Postfix reads the virtusertable to know that an incoming email with "To:" header "myuser@mydomain.com" should go to inbox of system user say "web3_myuser". Right? Postfix doesn't do any authentication at all? So what does? Courier's POP?
If you're sending from outside (i.e. not from localhost), authentication is done through saslauthd.
If you fetch emails (that's different from sending!) than you have to authenticate against your POP3/IMAP daemon.



Quote:
Originally Posted by viewport
Actually, that's part of a problem. ISPConfig stores mailuser info in its backend, but is mostly (always?) oblivous to actual system files that actually denote the system users. In short, ISPConfig replicates much of the system files' info redundantly. This makes it difficult for a system with ISPConfig to work with 'root' user admin work. A typical advice I would issue for ISPConfig users is "try to do everything with ISPConfig (even if some things are not yet possible with it), and don't do any root admin work like adding users manually".

A simple analogy. Say I'm a middleman (like ISPConfig) that deals with delivering your letters to addresses. I keep my own database of recipients (with physical addresses). And then there is the government's DEFINITIVE address book that everyone can look up. Still, I use my own database. Therefore, whenever a recipient changes address, and the government address book is modified, my database gets stale. There is no contract between government and me to synchronize our disparate databases, though I do update the government's database whenever I meet a new recipient who just bought a new address through (my other business). Therefore, the only way we can assure agreement between the disparate database is if ALL citizens buy new addresses through me. Same case with ISPConfig, users are advised to create new users (mailusers and system users) through ISPConfig.
When you open /etc/postfix/virtusertable, you'll see this line at the bottom:
Code:
#### MAKE MANUAL ENTRIES BELOW THIS LINE! ####
You can add your own entries below that line, they won't be overwritten! I guess this solves the problem you have?
ISPConfig cannot simply write directly to all configuration files due to permissions. The frontend runs as user admispconfig, not as root. If it ran as root, it would be a security problem...


Quote:
Originally Posted by viewport
But that's another discussion altogether. How's my netstat output?
It's ok. Did you enable Maildir in ISPConfig (Management -> Server -> Settings -> Email)?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #9  
Old 3rd March 2006, 10:18
viewport viewport is offline
Junior Member
 
Join Date: Feb 2006
Posts: 20
Thanks: 0
Thanked 0 Times in 0 Posts
Default Seems IMAP works (SquirrelMail) but email login ID not usable

Quote:
You can add your own entries below that line, they won't be overwritten! I guess this solves the problem you have?
Yes, it does allow 'root' user to do manual (and quick) creations of mail users. But wouldn't I also need to tell ISPConfig's backend about it as well? That's my problem, what I do as 'root', ISPConfig ignores and goes back to its own not-so-updated records.

Quote:
ISPConfig cannot simply write directly to all configuration files due to permissions. The frontend runs as user admispconfig, not as root. If it ran as root, it would be a security problem...
True. But the virtusertable was written by 'root' (chmod 644). Perhaps ISPConfig runs a world-executable script to write into virtusertable? I appreciate your effort to make ISPConfig secure. A very important aspect to me.

Quote:
Did you enable Maildir in ISPConfig (Management -> Server -> Settings -> Email)?
Yes I did enable the Maildir in "Management -> Server -> Settings -> Email".

Hmm. It seems that I can login with "web3_myuser", but not "myuser@mydomain.com". Is this a problem with ISPConfig or with Postfix? The virtusertable file contains the mapping from "myuser@mydomain.com" to "web3_myuser".

Last edited by viewport; 3rd March 2006 at 10:24.
Reply With Quote
  #10  
Old 3rd March 2006, 11:27
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,177
Thanks: 829
Thanked 5,414 Times in 4,257 Posts
 
Default

Quote:
Originally Posted by viewport
True. But the virtusertable was written by 'root' (chmod 644). Perhaps ISPConfig runs a world-executable script to write into virtusertable? I appreciate your effort to make ISPConfig secure. A very important aspect to me.
ISPConfig runs a daemon script for the tasks that has to be done as root user. This is independant from the web interface.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Quota Limits and Traffic Limits Not Working protocol Installation/Configuration 12 20th March 2007 08:56
Server is constantly working hard without any traffic beatty_t Server Operation 4 15th September 2006 13:20
Sending mails to remote domains is not working. nandhu HOWTO-Related Questions 17 20th February 2006 20:27
UebiMiau stopped working after Apache reinstall shajazzi Installation/Configuration 6 18th February 2006 19:42
Internet/lan-only lan working Nejko Installation/Configuration 39 19th January 2006 15:32


All times are GMT +2. The time now is 08:21.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.