Configuration Issues with Virtual Users on Postfix/Courier/MySQL Fedora 12

Discussion in 'HOWTO-Related Questions' started by issac, May 9, 2010.

  1. issac

    issac New Member

    I can feel brain goop leaking from my nose.

    http://www.howtoforge.com/virtual-users-domains-postfix-courier-mysql-squirrelmail-fedora-12-x86_64

    I was following the above guide to get a mail server up and running. The major difference in it all is the fact that my server is running i686, but I compensated for that easily, just a difference in folder/RPM names.

    Otherwise I followed it to a "T." Everything seemed to go smoothly, no trips or falls until the very end.

    After installing squirrelmail and trying to login on admin@withfrosted.com returns ERROR: Connection dropped by IMAP server.

    Uncle google tells me to run this command because SELinux is overzealous:
    setsebool -P httpd_can_network_connect=1

    And that works, and I thought I was home free. However, after that, I'm presented with a new error. I forget exactly what it was. However, google told me to send an email to create the mailbox because it wasn't there, yet. So I send a test email on over, but that fails, and so does mailx. So there's a lot goofed up, here.

    Next I created /home/vmail/withfrosted.com/admin while logged into the vmail user for proper permissions. Squirrelmail now logs into the mail box but gives me yet another new error, in which I am now stuck on:
    ERROR:
    ERROR: Could not complete request.
    Query: SELECT "INBOX"
    Reason Given: Unable to open this mailbox.

    As a summary, because I'm all over the place, here:
    1. Can't view the mailbox via Squirrelmail.
    2. Can't receive email, tried with mailx and a test email from gmail.

    Regarding #2, the gmail test email, from the maillog:
    (What's really odd? No bounceback email in my gmail inbox! I'm assuming that sprouts from the DSN error returned, here.)

    If you all need any more information at all, just please reply and let me know. I would really appreciate any leads. I generally don't like littering forums with useless topics, and I honestly don't mean to. I promise that I looked as hard as I could on this one, literally all night and now I'm at work. >.> Mailservers are my weak spot, they shotgun my brain-power.
     
  2. falko

    falko Super Moderator

    Please disable SELinux and try again.
     
  3. issac

    issac New Member

    EDIT:

    D'oh. Just sent myself another test email and everything looks a-okay.
    But now I know more specifically what the problem is. Thanks so much for your help. :)

    I'm going to research fixing SELinux, but please let me know if you have any guidance to share. :D

    -------------
    Heya falko,

    Just disabled selinux, still experiencing the same issue:

    ERROR:
    ERROR: Could not complete request.
    Query: SELECT "INBOX"
    Reason Given: Unable to open this mailbox.

    Thanks for taking the time. :) What do you suggest, next?
     
    Last edited: May 10, 2010
  4. falko

    falko Super Moderator

    Did you send an email to that mail box before you tried to log in?
    What's the output of
    Code:
    getenforce
    ?
    Any errors in your mail log now?
     
  5. issac

    issac New Member

    getenforce returns "Permissive"

    I re-enabled SELinux and everything is now working as it should, and I'm not exactly sure why that is. I can create new accounts, send them their first email, and everything is good to go.

    If you have any idea why that is, I would love to know.
     
  6. helicoptermcbill

    helicoptermcbill New Member

    Virtual and non-virtual users

    Falko,

    I too followed the tutorial to the letter, had the same problem with i686. Since I have used many of your tutorials, I have learned to adjust on the fly. Here is my issue, prior to using the Postfix/Courier/MySQL tutorial I was running my Fedora 12 server based on your perfect server tutorial minus the ISPConfig part. Therefore I was running Postfix and Dovecot, I shutdown Dovecot and disabled it so it is out of the way. I had trouble logging into my primary mail account, checked the maillog and found an entry about warning, don't put server name in both the hostname and virtual hostname. So I deleted the servers domain from the MySQL database and that error went away. However I could not find emails for my wamtechnology.com account. I change the main.cf for postfix and un-commented the Maildir entry, sent an email with mailx and it showed up in /home/bill.mcdonald/Maildir.

    Is is possible to set Postfix up for both virtual and non-virtual accounts and retrieve emails from the server for non-virtual accounts using Thunderbird? I can get my virtual accounts through Squirrelmail just fine, send and receive. It's the non-virtual account I cannot seem to access from Thunderbird or Squirrelmail

    Here is my Postfix main.cf

    queue_directory = /var/spool/postfix
    command_directory = /usr/sbin
    daemon_directory = /usr/libexec/postfix
    data_directory = /var/lib/postfix
    mail_owner = postfix
    inet_interfaces = all
    inet_protocols = all
    mydestination = wamtechnology.com, localhost, localhost.localdomain
    unknown_local_recipient_reject_code = 550
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    home_mailbox = Maildir/
    debug_peer_level = 2
    debugger command =
    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    ddd $daemon_directory/$process_name $process_id & sleep 5 This is the Sendmail-compatible mail posting interface.
    sendmail_path = /usr/sbin/sendmail.postfix
    newaliases_path = /usr/bin/newaliases.postfix
    mailq_path = /usr/bin/mailq.postfix
    setgid_group = postdrop
    setgid_group = postdrop
    html_directory = no
    manpage_directory = /usr/share/manThis parameter is obsolete as of Postfix 2.1.
    sample_directory = /usr/share/doc/postfix-2.6.5/samples
    readme_directory = /usr/share/doc/postfix-2.6.5/README_FILES
    myhostname = wamtechnology.com
    mynetworks = 127.0.0.0/8
    virtual_alias_domains =
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /home/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    smtpd_use_tls = yes
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    virtual_create_maildirsize = yes
    virtual_maildir_extended = yes
    virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."
    virtual_overquota_bounce = yes
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recip
    ient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_
    maps
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
     
  7. falko

    falko Super Moderator

    Yes, but only for different domains.

    Any errors in your mail log?
     
  8. helicoptermcbill

    helicoptermcbill New Member

    The domain is different from the ones in the MySQL database. I have a web server running under the wamtechnology (hostname) domain then two virtual domains. Postfix is receiving mail, for wamtechnology and putting it in Maildir. I just can't seem to connect to the mailbox from Thunderbird. The only error I am getting is a loop back error.

    Jul 20 18:56:01 web clamd[1645]: SelfCheck: Database status OK.
    Jul 20 19:06:06 web clamd[1645]: SelfCheck: Database modification detected. Forcing reload.
    Jul 20 19:06:07 web clamd[1645]: Reading databases from /var/lib/clamav
    Jul 20 19:06:13 web clamd[1645]: Database correctly reloaded (806931 signatures)
    Jul 20 19:16:13 web clamd[1645]: SelfCheck: Database status OK.
    Jul 20 19:22:55 web postfix/qmgr[1774]: A03CBA968A: from=<root@web.wamtechnology.com>, size=1353, nrcpt=1 (queue active)
    Jul 20 19:22:55 web postfix/smtp[2653]: A03CBA968A: to=<root@web.wamtechnology.com>, relay=none, delay=25576, delays=25576/0.08/0/0, dsn=5.4.6, status=bounced (mail for web.wamtechnology.com loops back to myself)
    Jul 20 19:22:55 web postfix/cleanup[2656]: 7AAFAA9689: message-id=<20100721002255.7AAFAA9689@wamtechnology.com>
    Jul 20 19:22:55 web postfix/qmgr[1774]: 7AAFAA9689: from=<>, size=3306, nrcpt=1 (queue active)
    Jul 20 19:22:55 web postfix/bounce[2654]: A03CBA968A: sender non-delivery notification: 7AAFAA9689
    Jul 20 19:22:55 web postfix/qmgr[1774]: A03CBA968A: removed
    Jul 20 19:22:55 web postfix/smtp[2653]: 7AAFAA9689: to=<root@web.wamtechnology.com>, relay=none, delay=0.14, delays=0.13/0.01/0/0, dsn=5.4.6, status=bounced (mail for web.wamtechnology.com loops back to myself)
    Jul 20 19:22:55 web postfix/qmgr[1774]: 7AAFAA9689: removed

    I can connect to the virtual mailboxes through Squirrelmail.

    Bill
     
  9. falko

    falko Super Moderator

    Add web.wamtechnology.com to the mydestination line in /etc/postfix/main.cf and restart Postfix.
     
  10. helicoptermcbill

    helicoptermcbill New Member

    Okay,

    I followed the above advice to correct the error. However, I still cannot get Thunderbird to connect to the incoming pop3 or imap courier server. I can send emails through that server using the wamtechnology.com account, but not retrieved them. The wamtechnology account is a non virtual that uses a system account. I can authenticate using authtest so that part is working. I made this change to the authdaemonrc file to get the authentication working for this account

    authmodulelist="authpam authmysql"

    Oh, and I just found out I can access this email account through Squirrelmail, so if I cannot get Thunderbird to connect, I may be able to live without it.

    Thanks,

    Bill.
     
  11. falko

    falko Super Moderator

    What are the outputs of
    Code:
    netstat -tap
    and
    Code:
    iptables -L
    ?
     
  12. helicoptermcbill

    helicoptermcbill New Member

    Code:
    [root@web ~]# netstat -tap
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
    tcp        0      0 *:sunrpc                    *:*                         LISTEN      1049/rpcbind
    tcp        0      0 *:41716                     *:*                         LISTEN      1229/rpc.statd
    tcp        0      0 *:ssh                       *:*                         LISTEN      1464/sshd
    tcp        0      0 localhost:ipp               *:*                         LISTEN      1306/cupsd
    tcp        0      0 *:smtp                      *:*                         LISTEN      4189/master
    tcp        0      0 localhost:10024             *:*                         LISTEN      6594/amavisd (maste
    tcp        0      0 localhost:10025             *:*                         LISTEN      4189/master
    tcp        0      0 *:mysql                     *:*                         LISTEN      1594/mysqld
    tcp        0      0 localhost:mysql             localhost:57879             ESTABLISHED 1594/mysqld
    tcp       58      0 localhost:38048             localhost:10025             CLOSE_WAIT  6609/amavisd (ch1-a
    tcp        0      0 localhost:mysql             localhost:44262             ESTABLISHED 1594/mysqld
    tcp       58      0 localhost:43003             localhost:10025             CLOSE_WAIT  6608/amavisd (ch1-a
    tcp        0      0 localhost:44262             localhost:mysql             ESTABLISHED 6609/amavisd (ch1-a
    tcp        0   1148 web.wamtechnology.com:ssh   192.168.1.30:54298          ESTABLISHED 6736/0
    tcp        0      0 localhost:57879             localhost:mysql             ESTABLISHED 6608/amavisd (ch1-a
    tcp        0      0 *:imap                      *:*                         LISTEN      4376/couriertcpd
    tcp        0      0 *:sunrpc                    *:*                         LISTEN      1049/rpcbind
    tcp        0      0 *:http                      *:*                         LISTEN      1792/httpd
    tcp        0      0 *:ftp                       *:*                         LISTEN      1775/proftpd: (acce
    tcp        0      0 *:ssh                       *:*                         LISTEN      1464/sshd
    tcp        0      0 localhost:ipp               *:*                         LISTEN      1306/cupsd
    tcp        0      0 *:smtp                      *:*                         LISTEN      4189/master
    tcp        0      0 *:https                     *:*                         LISTEN      1792/httpd
    tcp        0      0 *:imaps                     *:*                         LISTEN      4383/couriertcpd
    tcp        0      0 *:pop3s                     *:*                         LISTEN      4395/couriertcpd
    tcp        0      0 *:pop3                      *:*                         LISTEN      4389/couriertcpd
    and...


    Code:
    iptables -L
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
    ACCEPT     icmp --  anywhere             anywhere
    ACCEPT     all  --  anywhere             anywhere
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:smtp
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:domain
    ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:domain
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:imaps
    ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:pop3s
    REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    Thanks,

    Bill
     
  13. falko

    falko Super Moderator

    As far as I can see, you only have IMAPS and POP3S enabled in your firewall, but not POP3 (port 110) and IMAP (port 143). Try to open these as well.
     

Share This Page