relay access denied with virtual emails setup in mysql

Discussion in 'Server Operation' started by tkaman2, Dec 3, 2007.

  1. tkaman2

    tkaman2 New Member

    Hi, I followed the following tutorial on how to configure postfix to use quotas and virtual email aliases read from a mysql database.
    http://www.howtoforge.com/fedora_virtual_postfix_mysql_quota_courier

    I can receive emails fine from any email alias I set up in the mysql database but when I try to send I receive an error that relay access is denied. I read through other threads on this site and enabled the outgoing server authentication with some luck. That fixes the problem if I create a user/pw on my machine for each virtual alias I want to send email from (ie I can send from davet@mydomain.com if I create a user account davet, but without a davet user acct on my machine it can't log in to authenticate outgoing email.)

    If I host multiple domains email on my machine I will likely run into problems with having the same alias at multiple domains, such as support@domain1.com and support@domain2.com because each will set their own password but I will only be able to create one user called support on my box. How can I enable relay access or authentication via the mysql database rather than having it use system accounts? It is doing that for incoming email, just not outgoing. Thanks!

    Dave
     
  2. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    The howto uses the mysql database to authenticate, so your username is support@domain1.com or support@domain2.com and not just support, so you dont get any problems with duplicate usernames.
     
  3. tkaman2

    tkaman2 New Member

    For some reason it is only using MySQL to authenticate for incoming email, not outgoing. I'll go through the how-to again and make sure I didn't miss anything. Any other suggestions are greatly appreciated. Thanks
     
  4. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Please post the content of the postfix main.cf file, comments stripped.
     
  5. tkaman2

    tkaman2 New Member

    I posted the non-commented lines below. I changed my domain name with [mydomain].

    contents of /etc/postfix/main.cf
    -------------------------------------
    queue_directory = /var/spool/postfix

    command_directory = /usr/sbin

    daemon_directory = /usr/libexec/postfix

    mail_owner = postfix

    inet_interfaces = all

    mydestination = www.[mydomain].com, localhost, localhost.localdomain
    unknown_local_recipient_reject_code = 550

    mynetworks_style = class
    relay_domains = $mydestination

    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    debug_peer_level = 2

    debugger_command =
    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
    xxgdb $daemon_directory/$process_name $process_id & sleep 5

    sendmail_path = /usr/sbin/sendmail.postfix

    newaliases_path = /usr/bin/newaliases.postfix

    mailq_path = /usr/bin/mailq.postfix

    setgid_group = postdrop

    html_directory = no

    manpage_directory = /usr/share/man

    sample_directory = /usr/share/doc/postfix-2.4.5/samples

    readme_directory = /usr/share/doc/postfix-2.4.5/README_FILES
    myhostname = www.[mydomain].com
    mynetworks = 127.0.0.0/8
    virtual_alias_domains =
    virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /home/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    smtpd_use_tls = yes
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    transport_maps = mysql:/etc/postfix/mysql-virtual_transports.cf
    virtual_create_maildirsize = yes
    virtual_mailbox_extended = yes
    virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."
    virtual_overquota_bounce = yes
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    smtpd_sasl_local_domain =
    smtpd_sasl_security_options = noanonymous
    smtpd_tls_auth_only = no
    smtp_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    smtpd_sasl_authenticated_header = yes
     
  6. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Are there any errors in your mail log?
     
  7. tkaman2

    tkaman2 New Member

    I removed the user account (not database account) for billing and tried to send an email from billing@mydomain.com and below is what was added to my maillog.

    Dec 4 15:55:19 hosting postfix/smtpd[13786]: connect from unknown[10.1.10.85]
    Dec 4 15:55:21 hosting postfix/smtpd[13786]: warning: unknown[10.1.10.85]: SASL LOGIN authentication failed: authentication failure
    Dec 4 15:55:21 hosting postfix/smtpd[13786]: lost connection after AUTH from unknown[10.1.10.85]
    Dec 4 15:55:21 hosting postfix/smtpd[13786]: disconnect from unknown[10.1.10.85]


    Outlook Express (I did check the box that my outgoing mail server requires authentication) prompts me for my username and password for my outgoing mail server because authentication keeps failing. I am entering billing@mydomain.com for the username and the password that is in the database. For authentication on my outgoing mail server I selected the option to use the same information my incoming mail server uses. If you have any ideas what is wrong I would greatly appreciate any suggestions. Thanks!
     
  8. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    What's in /usr/lib/sasl2/smtpd.conf?
     
  9. tkaman2

    tkaman2 New Member

    contents of /usr/lib/sasl2/smtpd.conf
    ------------------------------------------

    pwcheck_method: authdaemond
    log_level: 3
    mech_list: PLAIN LOGIN
    authdaemond_path:/var/spool/authdaemon/socket
     
  10. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Looks ok. What's the output of
    Code:
    uname -a
    ?
     
  11. tkaman2

    tkaman2 New Member

    [davet@myserver ~]$ uname -a
    Linux myserver.mydomain.com 2.6.23.1-49.fc8 #1 SMP Thu Nov 8 22:14:09 EST 2007 x86_64 x86_64 x86_64 GNU/Linux
     
  12. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    You're using the 64bit version, which means you must use /usr/lib64/sasl2/smtpd.conf instead of /usr/lib/sasl2/smtpd.conf.

    Simply do this:
    Code:
    cp /usr/lib/sasl2/smtpd.conf /usr/lib64/sasl2/smtpd.conf
     
  13. tkaman2

    tkaman2 New Member

    That did the trick. I thought I changed all the lib's to lib64's in the tutorial but I must have missed that one. I removed the user accounts for the email I had setup in my database and tried to send email and it worked! Thanks so much for the help!!

    Dave
     
  14. tkaman2

    tkaman2 New Member

    problems after rebooting fedora 8

    Hi Falco, I recently installed some security updates on my fedora 8 server and after resetting I quit being able to send/receive email with my virtual email addresses. Below are some lines from my mail log:

    Dec 30 15:37:32 hosting pop3d: Connection, ip=[::ffff:10.1.10.85]
    Dec 30 15:37:32 hosting pop3d: LOGIN, user=davet@[mydomain].com, ip=[::ffff:10.1.10.85], port=[2270]
    Dec 30 15:37:32 hosting pop3d: LOGOUT, user=davet@[mydomain].com, ip=[::ffff:10.1.10.85], port=[2270], top=0, retr=0, rcvd=12, sent=39, time=0
    Dec 30 15:37:32 hosting pop3d: Connection, ip=[::ffff:10.1.10.85]
    Dec 30 15:37:32 hosting pop3d: LOGIN, user=billing@[mydomain].com, ip=[::ffff:10.1.10.85], port=[2271]
    Dec 30 15:37:32 hosting pop3d: LOGOUT, user=billing@[mydomain].com, ip=[::ffff:10.1.10.85], port=[2271], top=0, retr=0, rcvd=12, sent=39, time=0
    Dec 30 15:37:32 hosting pop3d: Connection, ip=[::ffff:10.1.10.85]
    Dec 30 15:37:32 hosting pop3d: LOGIN, user=support@[mydomain].com, ip=[::ffff:10.1.10.85], port=[2272]
    Dec 30 15:37:32 hosting pop3d: LOGOUT, user=support@[mydomain].com, ip=[::ffff:10.1.10.85], port=[2272], top=0, retr=0, rcvd=12, sent=39, time=0
    Dec 30 15:38:07 hosting postfix/smtpd[4158]: connect from unknown[10.1.10.85]
    Dec 30 15:38:07 hosting postfix/smtpd[4158]: D2EDB358606: client=unknown[10.1.10.85], sasl_method=LOGIN, sasl_username=support@[mydomain].com
    Dec 30 15:38:07 hosting postfix/cleanup[4165]: D2EDB358606: message-id=<001d01c84b3d$579e75b0$6401a8c0@davesdesktop>
    Dec 30 15:38:07 hosting postfix/qmgr[4119]: D2EDB358606: from=<support@[mydomain].com>, size=1469, nrcpt=1 (queue active)
    Dec 30 15:38:07 hosting postfix/smtpd[4158]: disconnect from unknown[10.1.10.85]
    Dec 30 15:38:07 hosting postfix/smtp[4166]: connect to 127.0.0.1[127.0.0.1]: Connection refused (port 10024)
    Dec 30 23:38:08 hosting postfix/smtp[4166]: D2EDB358606: to=<billing@[mydomain].com>, relay=none, delay=0.16, delays=0.11/0.05/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]: Connection refused)

    I am not sure why I am getting connection refused. I made sure all of my settings are right and postfix is configured right. Is there some daemon that isn't running?

    It looks like I'm not having any problem logging in and checking for new mail, but I am not able to send/receive emails. Any ideas what I'm missing? Thanks!
     
  15. tkaman2

    tkaman2 New Member

    OK I did some more research and the problem was/is amavisd. For some reason when I try to start amavisd it gives me the following error:

    [root@server vmail]# /etc/init.d/amavisd start
    Starting amavisd: ERROR: MISSING REQUIRED BASIC MODULES:
    Compress::Zlib
    BEGIN failed--compilation aborted at /usr/sbin/amavisd line 171.
    [FAILED]

    [root@server vmail]#

    I have the perl module Compress::Zlib installed, so I am not sure why its giving me this error. As a temporary fix I commented out the lines in my postfix main.conf file that route email through amavisd. Now I have email at least, just without spam filtering. If you have any idea why I'm getting the error above and what I need to do to fix it I would greatly appreciate the help! Thanks
     
  16. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Maybe your version of Compress::Zlib isn't recent enough. You can try to install the latest version like this:
    Code:
    perl -MCPAN -e shell
    install Compress::Zlib
    q
     
  17. tkaman2

    tkaman2 New Member

    I tried this and it says Compress::Zlib is up to date. Is there a way I can remove that lib and reinstall it?
     
  18. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

  19. tkaman2

    tkaman2 New Member

    [root@server davet]# updatedb
    [root@server davet]# locate Zlib.pm
    /usr/lib/perl5/site_perl/5.8.8/Compress/Zlib.pm
    /usr/lib/perl5/site_perl/5.8.8/IO/Zlib.pm
    /usr/lib/perl5/vendor_perl/5.8.8/Compress/Zlib.pm
    /usr/lib/perl5/vendor_perl/5.8.8/IO/Zlib.pm
    /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/Compress/Raw/Zlib.pm
    /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi/Compress/Raw/Zlib.pm
     
  20. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Please try this:
    Code:
    cp -pfr /usr/lib/perl5/site_perl/5.8.8/Compress /usr/lib64/perl5/site_perl/5.8.8
     

Share This Page