unable to receive email both locally and externally

Discussion in 'Server Operation' started by ali888, Sep 21, 2011.

  1. ali888

    ali888 New Member

    Hi,

    I was wondering if I could get some help with the question I have with Postfix. I have a machine acts as a mail server - running on Ubuntu Server 10.04 with Postfix, Dovecot, openLDAP and squirrelmail. The problem I am having is I can send emails out from my local machine to my yahoo email account with no drama, but I can not receive emails from Yahoo and even from my local email address.

    I did not get any bounce email from Yahoo which indicates the email sent from my Yahoo account might be wandering somewhere . I then tried to send myself an email locally and this I did not receive it either. This is not a good sign.

    I am using virtual users here. All users details are stored in LDAP which is running on the same machine.

    Based on mail.log or syslog, here is the snapshot from syslog.
    Sep 21 13:23:31 server1 postfix/qmgr[3300]: A95BB2400A7: from=<[email protected]>, size=743, nrcpt=1 (queue active)
    Sep 21 13:23:31 server1 postfix/trivial-rewrite[3776]: warning: do not list domain server1.example.com in BOTH mydestination and virtual_mailbox_domains
    Sep 21 13:23:31 server1 postfix/virtual[3777]: warning: dict_ldap_lookup: /etc/postfix/virtual_mailboxes: Search base '' not found: 32: No such object
    Sep 21 13:23:31 server1 postfix/virtual[3777]: warning: table virtual_mailbox_maps: lookup [email protected]: Success
    Sep 21 13:23:31 server1 postfix/virtual[3777]: A95BB2400A7: to=<[email protected]>, relay=virtual, delay=1193, delays=1193/0.01/0/0.03, dsn=4.3.5, status=deferred (mail system configuration error)

    Here is my main.cf
    myhostname = server1.example.com
    mydomain = example.com
    mydestination = localhost.$mydomain,localhost,$mydomain,$myhostname
    local_recipient_maps = ldap:/etc/postfix/ldap-user-auth.cf
    local_transport = virtual
    virtual_mailbox_domains = server1.example.com
    virtual_mailbox_base = /home/vmail/
    virtual_mailbox_maps = ldap:/etc/postfix/virtual_mailboxes
    virtual_minimum_uid = 1000
    virtual_uid_maps = static:1004
    virtual_gid_maps = static:1004
    relayhost =
    mynetworks = 127.0.0.0/8, 192.168.1.0/24
    mynetworks_style = subnet
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = ipv4
    home_mailbox = Maildir/
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_exceptions_networks = $mynetworks
    smtpd_sasl_security_options = noanonymous, noplaintext
    smtpd_sasl_tls_security_options = noanomymous
    smtpd_tls_auth_only = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,reject_sender_login_mismatch
    smtpd_sasl_local_domain = server1.example.com

    Any help would be greatly appreciated.

    Thank you
     
  2. Mark_NL

    Mark_NL New Member

    Your config is a bit messy ..

    myhostname == virtual_mailbox_domains, which should not be the same, else postfix won't know if (f.e. [email protected]) an email is local of virtual. Dont' change "virtual_mailbox_domains" to example.com, unless you change "mydomain" as well.

    (in other words, don't use the domain you'll be using for virtual mailboxes for your local server settings as well)

    Same counts for "smtpd_sasl_local_domain" as well.

    To test everything use "example.com" for server (local settings), and use virtexample.com for email (virtual settings), that might help things a bit.

    What's the result of:
    Code:
    vi /etc/postfix/ldap-user-auth.cf
     
  3. ali888

    ali888 New Member

    Hi Mark_NL

    Thanks for your help.

    I found that hostname is server1.example.com. I changed it to server1 Only. I have also changed it in /etc/hosts. It now has the following:
    127.0.0.1 localhost
    127.0.1.1 server1

    I have changed main.cf to the following

    myhostname = server1
    mydomain = dummyexample.com
    mydestination = localhost.$mydomain,localhost,$mydomain,$myhostname
    local_recipient_maps = ldap:/etc/postfix/ldap-user-auth.cf
    local_transport = virtual
    virtual_mailbox_domains = server1.example.com
    virtual_mailbox_base = /home/vmail/
    virtual_mailbox_maps = ldap:/etc/postfix/virtual_mailboxes
    virtual_minimum_uid = 1000
    virtual_uid_maps = static:1004
    virtual_gid_maps = static:1004
    relayhost =
    mynetworks = 127.0.0.0/8, 192.168.1.0/24
    mynetworks_style = subnet
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    inet_protocols = ipv4
    home_mailbox = Maildir/
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_exceptions_networks = $mynetworks
    smtpd_sasl_security_options = noanonymous, noplaintext
    smtpd_sasl_tls_security_options = noanomymous
    smtpd_tls_auth_only = yes
    smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject _unauth_destination,reject_sender_login_mismatch
    smtpd_sasl_local_domain = server1.example.com

    What is in the ldap-user-auth.cf is

    server_host = ldap://localhost
    search_base = ou=accounts,dc=server1,dc=example,dc=com
    version = 3
    query_filter = (&(objectclass=person) (uid=%s))
    result_attribute = uid
    bind = no
    scope = sub

    However, in mail.log, I got a different error - this time it was [email protected]
    Sep 21 17:55:59 server1 postfix/virtual[2097]: warning: dict_ldap_lookup: /etc/postfix/virtual_mailboxes: Search base '' not found: 32: No such object
    Sep 21 17:55:59 server1 postfix/virtual[2097]: warning: table virtual_mailbox_maps: lookup [email protected]: Success
    Sep 21 17:55:59 server1 postfix/virtual[2096]: 9672124009D: to=<[email protected]>, orig_to=<postmaster>, relay=virtual, delay=506, delays=506/0.01/0/0.03, dsn=4.3.5, status=deferred (mail system configuration error)
    Sep 21 17:55:59 server1 postfix/virtual[2097]: A07152400BB: to=<[email protected]>, orig_to=<postmaster>, relay=virtual, delay=351, delays=351/0.02/0/0.04, dsn=4.3.5, status=deferred (mail system configuration error)

    All I did was changing the hostname and the /etc/hosts.

    Many thanks
     
  4. ali888

    ali888 New Member

    I changed the mydestination
    from
    mydestination = localhost.$mydomain,localhost,$mydomain,$myhostname

    To
    mydestination = localhost.$mydomain,localhost,$mydomain,server1.example.com

    I got the following errors:
    Sep 21 18:10:39 server1 postfix/qmgr[2249]: 9C3F42400BC: from=<[email protected]>, size=825, nrcpt=1 (queue active)
    Sep 21 18:10:39 server1 postfix/qmgr[2249]: D29A52400BD: from=<[email protected]>, size=834, nrcpt=1 (queue active)
    Sep 21 18:10:39 server1 postfix/qmgr[2249]: D863E24009F: from=<[email protected]>, size=825, nrcpt=1 (queue active)
    Sep 21 18:10:39 server1 postfix/smtp[2317]: 9C3F42400BC: to=<[email protected]>, orig_to=<postmaster>, relay=none, delay=1084, delays=1084/0.01/0.01/0, dsn=5.4.4, status=bounced (Host or domain name not found. Name service error for name=mailtest type=A: Host not found)
    Sep 21 18:10:39 mailtest postfix/bounce[2326]: warning: 9C3F42400BC: undeliverable postmaster notification discarded
    Sep 21 18:10:39 mailtest postfix/qmgr[2249]: 9C3F42400BC: removed

    Many thanks
     
    Last edited: Sep 21, 2011
  5. Mark_NL

    Mark_NL New Member

    Sep 21 17:55:59 server1 postfix/virtual[2097]: warning: dict_ldap_lookup: /etc/postfix/virtual_mailboxes: Search base '' not found: 32: No such object

    You're search base is none existing ..

    try testing via command line with ldapseach
     
  6. ali888

    ali888 New Member

    Hi Mark_NL,

    I did try to perform ldapsearch as follows
    ldapsearch -h server1 -b "dc=server1,dc=example,dc=com" -x "cn=user1"

    It did return the details of user1, so it's working.

    Here is my virtual_mailboxes
    [email protected] = user1/Maildir

    I noticed that no matter what I changed the search_base in the ldap-user-auth.ldif, for example search_base = o=testmailserverorg, it just kept saying "warning: dict_ldap_lookup: /etc/postfix/virtual_mailboxes: Search base '' not found: 32: No such object". So now I put back what I had before namely search_base = ou=accounts,dc=server1,dc=example,dc=com

    I almost run out of ideas. what else should I try to troubleshoot this?

    Thank you
     
  7. ali888

    ali888 New Member

    Hi,

    Just an update.

    I made a little changes here to main.cf, ldap-user-auth.cf and virtual_mailboxes

    in main.cf
    From
    virtual_mailbox_base = /home/vmail/
    virtual_mailbox_maps = ldap:/etc/postfix/virtual_mailboxes

    to
    virtual_mailbox_base = /home/vmail
    virtual_mailbox_maps = hash:/etc/postfix/virtual_mailboxes

    in ldap-user-auth.cf
    server_host = localhost
    port = 389
    search_base = dc=server1,dc=example,dc=com
    version = 3
    query_filter = (&(objectclass=person) (uid=%s))
    result_attribute = uid
    scope = sub

    in virtual_mailboxes
    [email protected] = user1/Maildir/

    Now, that issue with Search base '' not found: 32: No such object" has disappeared.

    What I see in the mail.log is

    Sep 22 15:16:44 server1 postfix/qmgr[2064]: 7B7F4240021: from=<[email protected]>, size=4127, nrcpt=1 (queue active)
    Sep 22 15:16:44 server1 postfix/virtual[2489]: B57C22400B2: to=<[email protected]>, relay=virtual, delay=2290, delays=2290/0.01/0/0.03, dsn=2.0.0, status=sent (delivered to maildir)
    Sep 22 15:16:44 server1 postfix/qmgr[2064]: B57C22400B2: removed
    Sep 22 15:16:44 server1 postfix/virtual[2490]: 7B7F4240021: to=<[email protected]>, relay=virtual, delay=1074, delays=1074/0.01/0/0.04, dsn=2.0.0, status=sent (delivered to maildir)
    Sep 22 15:16:44 server1 postfix/qmgr[2064]: 7B7F4240021: removed

    However, the problem is I do not see the incoming email in my Squirrelmail Inbox :(

    I then typed into the terminal ~$ postqueue -p, I found the following
    -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
    C773D2400A7 4122 Thu Sep 22 14:28:03 [email protected]
    (delivery failed to mailbox /home/vmail/= user1/Maildir: unable to create lock file /home/vmail/= user1/Maildir.lock: No such file or directory)
    [email protected]

    434A62400A8 4140 Thu Sep 22 14:06:47 [email protected]
    (delivery failed to mailbox /home/vmail/= user1/Maildir: unable to create lock file /home/vmail/= user1/Maildir.lock: No such file or directory)
    [email protected]

    I noticed there is an equal sign there but I do not recall if I put in any equal sign anywhere.

    Any help would be greatly appreciated.

    Thank you
     
    Last edited: Sep 22, 2011
  8. Mark_NL

    Mark_NL New Member

    Hehe, nice work on fixing some of your problems.

    The final error i can help you with ;-)

    this is not correct:
    "[email protected] = user1/Maildir/"

    it should be:
    "[email protected] user1/Maildir/"

    check the error, notice something? ;)
    remove the "= " and postmap the file and try again :)
     
  9. ali888

    ali888 New Member

    Hi Mark_NL,

    Yes, that solved the problem as soon as I removed the '=' from the virtual_Mailboxes. However, I hate to say that I am encountering another error message. This time, it was the permission issue. see below from mail.log

    Sep 23 11:33:10 server1 postfix/virtual[2200]: warning: maildir access problem for UID/GID=1004/8: create maildir file /home/vmail/user1/Maildir/tmp/1316741590.P2200.mailtest: Permission denied
    Sep 23 11:33:10 server1 postfix/virtual[2200]: warning: perhaps you need to create the maildirs in advance
    Sep 23 11:33:10 server1 postfix/virtual[2200]: C4C742400A8: to=<[email protected]>, relay=virtual, delay=349, delays=349/0.01/0/0.03, dsn=4.2.0, status=deferred (maildir delivery failed: create maildir file /home/vmail/user1/Maildir/tmp/1316741590.P2200.mailtest: Permission denied)

    I changed the permission from /home/vmail all the way to /home/vmail/user1/Maildir/cur & /new & /tmp to 777. It solved the permission issue.

    The good news is I can see in my Inbox in my squirrelmail, there are 5 emails (test emails), but the bad news is I could not view or read the emails (which is on the right hand panel of squirrelmail. Instead, it says

    ERROR: Connection dropped by IMAP server.
    Query: FETCH 1:5 (FLAGS UID RFC822.SIZE INTERNALDATE BODY.PEEK[HEADER.FIELDS (Date To Cc From Subject X-Priority Importance Priority Content-Type)])

    The more I sit back and wondering what's going on, the more I am sure this error has a lot to do with permission. I have to go down to every sub-directories to change the permission. This is not right. please correct me if I'm wrong.

    Any thoughts on this?

    Thank you
     
    Last edited: Sep 23, 2011
  10. Mark_NL

    Mark_NL New Member

    Ouch! don't change it to 777!! now every single user on the server can read any person's mail! not really something you want..

    The permission problem occurred because you have this defined in the postfix config:
    Code:
    virtual_uid_maps = static:1004
    virtual_gid_maps = static:1004
    
    that is most likely user "vmail"

    you can check by executing this command: getent passwd | grep 1004
    it should return 1 line with the user name at the beginnen of the line.

    instead of the chmod you should've run:
    Code:
    chown 1004.1004 /home/vmail/ -R
    to fix the permissions back to how they where (and should be) run:
    Code:
    cd /home/vmail
    chown 1004.1004 . -R
    find -type d -exec chmod 700 {} \;
    find -type f -exec chmod 600 {} \;
    find -type f -name courier\* -exec chmod 644 {} \;
    find -type f -name subscriptions -exec chmod 744 {} \;
     
  11. ali888

    ali888 New Member

    Hi Mark_NL

    I did as instructed.

    But I still get the permission issue as follows

    Sep 23 20:08:59 server1 dovecot: IMAP(user1): stat(/home/vmail/user1/Maildir) failed: Permission denied
    Sep 23 20:08:59 server1 dovecot: IMAP(user1): stat(/home/vmail/user1/Maildir/tmp) failed: Permission denied (euid=1005 egid=1004 missing +x perm: /home/vmail)
    Sep 23 20:08:59 server1 dovecot: IMAP(user1): Connection closed bytes=21/386

    By the way, I changed the following settings in main.cf
    FROM
    virtual_uid_maps = static:1004
    virtual_gid_maps = static:1004

    TO
    virtual_uid_maps = static:1004
    virtual_gid_maps = static:8

    8 is the group for mail

    But when I follow your instruction, I typed in as follows

    chown 1004.8 . -R
    find -type d -exec chmod 700 {} \;
    find -type f -exec chmod 600 {} \;
    find -type f -name courier\* -exec chmod 644 {} \;
    find -type f -name subscriptions -exec chmod 744 {} \;

    Thank you very much
     
  12. Mark_NL

    Mark_NL New Member

    You must look at your error log very carefully .. the solution is right there! ;-)

    Code:
    chmod +x /home/vmail
     
  13. ali888

    ali888 New Member

    Thanks Mark_NL

    Will try that on Monday. I must admit that when I saw the error, I knew something is missing there but was not sure what I needed to do to fix it . This was the reason I applied chmod 777 to vmail directory as well as any subdirectories under it.

    But I will try it as advised on Monday.

    Thank you
     
  14. ali888

    ali888 New Member

    Hi Mark_NL,

    Just an update with how I go with the mail server. I have finally been able to read my incoming emails after fixing the permission. However, what concerns me now is every time there are new incoming emails coming to user: user1, I received the following errors in mail.log,

    Sep 26 12:54:29 server1 dovecot: IMAP(lincoln.myer): open(/home/vmail/user2/Maildir/cur/1317005646.V806I401ccM36867.mailtest:2,) failed: Permission denied (euid=1007 egid=1004(vmail) missing +r perm: /home/vmail/user2/Maildir/cur/1317005646.V806I401ccM36867.mailtest:2,)

    It works after I fixed the permission by typing into the terminal

    $ sudo chmod +r /home/vmail/user2/Maildir/cur

    But I can not come and fix the permission all the time. Wonder if there are any way of enabling to apply the +r to directories cur/, new/, tmp/ once and for all.

    Thank you very much
     
  15. ali888

    ali888 New Member

    I also noticed the following,

    drwxrwxr-x 2 1007 vmail 4096 2011-09-26 12:54 .
    drwxrwxr-x 8 1007 vmail 4096 2011-09-26 13:04 ..
    -rw------- 1 vmail vmail 4233 2011-09-26 12:54 1317005646.V806I401ccM36867.mailtest:2,

    I am not sure if this permission issue may be caused by different users. The mail has got
    -rw------- 1 vmail vmail 4233 2011-09-26 12:54 1317005646.V806I401ccM36867.mailtest:2,

    Should it be
    -rw------- 1 1007 vmail 4233 2011-09-26 12:54 1317005646.V806I401ccM36867.mailtest:2,

    I am totally unsure how to go from here. Is it to do with my configuration?

    Thank you
     
  16. Mark_NL

    Mark_NL New Member

    Still looks like the dirs being created do not have the correct user/group ownership

    Your postfix vmail stuff runs as 1004:8 you said, how come that dir has 1007 as uid?
    Within your vmail dir tree ALL files and directories should be 1004.8l (don't know what uid /gid those are)

    Then your imap/pop server daemon needs to access the cirtual mailbox dirs with the same uid/gid .. else it's not allowed to read/write files.

    Can you show me the contents of /etc/dovecot.conf
     
  17. ali888

    ali888 New Member

    Hi Mark_NL,

    I am not sure if i have misunderstood the whole concept here.

    Yes, my postfix vmail stuff still runs as 1004 except that I changed the group id back to 1004 (which is earlier), so in the main.cf, it now looks like the following

    virtual_uid_maps = static:1004
    virtual_gid_maps = static:1004

    Sorry about this and I won't change it anymore.

    Regarding the 1007 uid, it is an uid of another user from LDAP. That user is called user2.

    Note: for a test purpose, I have 5 different users, each with different UIDs but same GID that I added to LDAP server.

    So what I did was I logged in as user2, I then tried to send a test emails out to my yahoo account but have this issue with reading incoming emails because of permission problem described in the previous post.

    Here is my dovecot.conf

    base_dir = /var/run/dovecot
    protocols = imap

    protocol imap {
    listen = *:143
    }

    disable_plaintext_auth = no
    log_timestamp = "%Y-%m-%d %H:%M:%S "
    ssl = no

    login_dir = /var/run/dovecot/login
    login_chroot = yes
    login_user = dovecot

    mail_location = maildir:/home/vmail/%u/Maildir

    mail_privileged_group = mail
    verbose_proctitle = yes

    first_valid_uid = 1004
    last_valid_uid = 2000

    mail_save_crlf = no
    maildir_copy_with_hardlinks = yes

    protocol imap {
    imap_client_workarounds = outlook-idle delay-newmail netscape-eoh tb-extra-mailbox-sep
    }

    protocol pop3 {
    pop3_uidl_format = %08Xu%08Xv
    }

    protocol managesieve {
    }

    auth_username_format = %Lu
    auth_verbose = yes
    auth_debug = yes
    auth_debug_passwords = yes

    auth default {
    mechanisms = plain login

    passdb pam {
    }

    passdb ldap {
    args = /etc/dovecot/dovecot-ldap.conf
    }

    userdb prefetch {
    }

    userdb passwd {
    }

    userdb static {
    args = uid=1004 gid=1004 home=/home/vmail/%u
    }

    socket listen {
    master {
    path = /var/run/dovecot-auth-master
    mode = 0660
    user = vmail
    group = vmail
    }
    client {
    path = /var/spool/postfix/private/auth
    mode = 0660
    user = postfix
    group = mail
    }
    }
    !include_try /etc/dovecot/auth.d/*.auth
    }

    dict {
    }

    But I did some changes to Postfix master.cf. Here is the detail
    # delivery through dovecot
    dovecot unix - n n - - pipe
    flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}

    Many thanks
     
    Last edited: Sep 27, 2011
  18. Mark_NL

    Mark_NL New Member

    Well you have to set the uid and gid at multiple places and need to keep them all the same, else you WILL run into permission problems (like you have now) so i suggest you set everything related to the vmail boxes to 1004 (that is user/group "vmail" i assume?)

    Assuming 1004 = vmail then:

    master.cf looks ok
    dovecot.conf looks ok
    main.cf looks ok


    restart all your services related to mail and try again, it should work now.
     
  19. ali888

    ali888 New Member

    Thanks Mark_NL,

    Good news, it works now. As soon as I changed the uid of user2 to 1004 (same as vmail's uid number).

    Thank you for your patience and everything.
     
  20. Mark_NL

    Mark_NL New Member

    That's good to hear!

    And another problem tackled!

    hf with your working server!

    Regards,
    Mark
     

Share This Page