Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 18th December 2009, 01:50
keyslapper keyslapper is offline
Junior Member
 
Join Date: Dec 2009
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 9.10)

Hello Ubuntu Nation ...

I used the "Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 9.10)" HowTo to try to correct my postfix config when it suddenly stopped working. Now, I'm not doing virtual users or quotas, but everything else is in there. Here's the rundown of where things stand:

What does work:
Incoming mail to my users is handled properly
Reading IMAP mail, either through Squirrelmail or an external client works
Sending mail out through Squirrelmail works

Note that Courier-IMAP is configured to authenticate through the MySQL DB, as is Apache for some directories.

What does not work:
Sending email through external clients times out on the connection attempt. This is configured (badly, it would seem) to authenticate to the same mysql database as Courier and Apache via saslauthd and the pam_mysql plugin.

Note that I did have this working at one time. Unfortunately, an upgrade made it go wrong (I think), and since I couldn't see the problem (I seem to have been kept in the cache longer than any of the other users) I've been sitting on this for some time.

Here's my main.cf:
Code:
soft_bounce = no
biff = yesappend_dot_mydomain = yes
readme_directory = /usr/share/doc/postfix
data_directory = /var/lib/postfix
mydomain = domain1.net
myhostname = domain1.net
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = domain1.net, domain2.net,
                     domain1.com, domain2.com,
                     domain1.org
content_filter=smtp-amavis:[127.0.0.1]:10024
local_recipient_maps = unix:passwd.byname $alias_maps
relay_domains = $mydestination
relayhost = 
mynetworks_style = subnet
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 1000000000
recipient_delimiter = +
inet_interfaces = all
unknown_local_recipient_reject_code = 550
unknown_address_reject_code = 554
unknown_hostname_reject_code = 554
unknown_client_reject_code = 554
home_mailbox = .Maildir/
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
mailbox_command = /usr/bin/procmail -a "$EXTENSION"
header_checks = regexp:/etc/postfix/header_checks
smtpd_helo_required = yes
smtpd_sender_restrictions =    permit_mynetworks,
                                             permit_sasl_authenticated
smtpd_recipient_restrictions =  permit_mynetworks,
                                              permit_sasl_authenticated,
                                             reject_unauth_destination,
                                             reject_non_fqdn_sender,
                                             reject_non_fqdn_recipient
tls_random_source = dev:/dev/urandom
smtpd_use_tls=yes
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_key_file = /etc/ssl/courier-imap/cert.net.key
smtpd_tls_cert_file = /etc/ssl/courier-imap/cert.net.crt
smtpd_tls_CAfile = /etc/ssl/courier-imap/cert.crt
smtpd_tls_loglevel = 3
smtp_use_tls = yes
smtp_tls_loglevel = 3
smtp_tls_note_starttls_offer = yes
smtpd_sasl_type = cyrus
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_sasl_path = smtpd
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
html_directory = /usr/share/doc/postfix/html
And my /usr/lib/sasl2/smtpd.conf:
Code:
pwcheck_method: saslauthd
mech_list: plain login cram-md5 digest-md5
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: mailuser
sql_passwd: mypasswd
sql_database: passwords
sql_select: select clear from passwd where id = '%u'
This is symlinked to /etc/postfix/sasl/smtpd.conf

I know the relayhost is empty. This is intentional, and does not seem to be causing issues with mail sent via Squirrelmail.

The problem is that when trying to connect to postfix with a mail client like Thunderbird, Apple Mail, Outlook, etc. the connection times out. Same with telnetting in to port 25. I have verified that port 25 is open in the firewall and that the port is listening. When trying to connect, I can even see the SYN_RECV state on the server, but nothing whatsoever shows in any of the logfiles.

When I telnet in to port 25 from the server, I see this:
Code:
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 domain1.net ESMTP Postfix
ehlo localhost
250-keyslapper.net
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH CRAM-MD5 LOGIN DIGEST-MD5 PLAIN
250-AUTH=CRAM-MD5 LOGIN DIGEST-MD5 PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
When I telnet in from an outside host, I get a timeout. I wouldn't be so confused if I weren't getting the SYN_RECV on the host. I'm pretty much reaching the end of my rope with this, so any suggestions on how to resolve this would be greatly appreciated.
Reply With Quote
Sponsored Links
  #2  
Old 18th December 2009, 16:31
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,741 Times in 2,575 Posts
Default

What's the output of
Code:
netstat -tap
? Any errors in your mail log?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 18th December 2009, 19:12
keyslapper keyslapper is offline
Junior Member
 
Join Date: Dec 2009
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi Falko,

netstat -tap is showing the master process listening on port 25, and there was nothing whatsoever in the mail logs. There were definitely packets coming through, but that only served to obscure the problem. I've just come across a solution that I probably should have though of before:

Turns out port 25 was being blocked by my ISP - why it was still letting some packets through, I have no idea.

I had gotten into the habit of using webmail when I changed my home ISP and didn't notice the problem until I was past the association. My other users didn't notice it at the same time because my brother was traveling and connecting through hotspots that were not blocking that port.

The fix was to uncomment the submission configuration in master.cf and open port 587 in the firewall.

Other things I had to remember:
* Open the submission port in the firewall.
* Update the Squirrelmail configuration to use the correct port.
* Set the -o smtpd_tls_security_level=may in the master.cf submission config to allow Squirrelmail to connect without TLS, as well as external clients that may not be able to use it.
* Add the following to the master.cf submission:
-o mynetworks=127.0.0.0/8
* And change the smtpd_client_restrictions setting to include mynetworks.

Without these changes, I'd have had to jump through hoops to get Squirrelmail to go through the SMTP authentication as well as the IMAP authentication. Didn't seem worthwhile.

So, now I'm on to the next problem. It seems the postfix - sasl - pam - mysql authentication chain is not quite right. But at least I'm actually getting useful information there. If I can't find the solution to this one, I'll post another thread.

I hope this helps someone else avoid the frustration I went through.

Thank you!
Reply With Quote
  #4  
Old 20th April 2010, 09:06
guy guy is offline
Junior Member
 
Join Date: Apr 2010
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default Cyrus and postfix

Hi,

sorry if I have used the wrong thread to ask the question. but I thought it's some what related.

apparently, I have a fedora running cyrus and postifx to host several domains with similar setting with virutal users, domains with postifx, mysql and squirrelmail.

I have also a ubuntu 9.04 running ispconifg 2. I have just moved one domain say xxx.com from the fedora to ubuntu.

Now, the problem is emails sent from the fedora to the xxx.com (now docked in ubuntu). when investigating the maillog in fedora, the xxx.com email address resolve back to the fedora host name which is the old host.

how do I get it to point to the new host?

any help appreciated
Reply With Quote
  #5  
Old 20th April 2010, 15:46
keyslapper keyslapper is offline
Junior Member
 
Join Date: Dec 2009
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Quote:
Originally Posted by guy View Post
Now, the problem is emails sent from the fedora to the xxx.com (now docked in ubuntu). when investigating the maillog in fedora, the xxx.com email address resolve back to the fedora host name which is the old host.

how do I get it to point to the new host?
You'll need to change the DNS pointers to direct your domain to the new host. You can also trick the old host into recognizing the new host by putting the IP of the new host in the /etc/hosts file on the old host.

It will look something like this:
123.45.67.89 xxx.com

HTH
Reply With Quote
Reply

Bookmarks

Tags
postfix, saslauthd

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 9.10) deadkenny HOWTO-Related Questions 1 17th December 2009 07:46
Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 9.10) marmellata HOWTO-Related Questions 2 13th December 2009 17:52
Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 9.04) Master One HOWTO-Related Questions 4 1st July 2009 15:38
Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Ubuntu 8.10) VTCop HOWTO-Related Questions 9 9th April 2009 16:17
Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail Ubuntu 8.10 slohning HOWTO-Related Questions 5 5th March 2009 19:08


All times are GMT +2. The time now is 19:35.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.