Virtual Users And Domains With Postfix, etc, problem with SMTP/Auth wrong password

Discussion in 'HOWTO-Related Questions' started by ggere, Nov 9, 2005.

  1. ggere

    ggere New Member

    I've followed through the very nice and detail how-to provided here for a postfix email server and receive a wrong/bad password error when trying to connect via imap/smtp to an email account.

    My /var/log/mail.log shows:
    Code:
    Nov  9 12:26:16 email imapd-ssl: Connection, ip=[::ffff:192.168.1.195]
    Nov  9 12:26:25 email imapd-ssl: LOGIN FAILED, ip=[::ffff:192.168.1.195]
    
    I'm certain I'm connecting with the correct username and password.

    I would like some advice on how best to troubleshoot this issue. If there is any more information I can provide I'd be happy to.

    Thanks.
     
  2. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Are you able to login via imap instead of imap-ssl?
     
  3. ggere

    ggere New Member

    No, I receive a similar message on the email client side and the following message in the log notes:

    Code:
    Nov 10 08:44:38 email imaplogin: Connection, ip=[::ffff:192.168.1.195]
    Nov 10 08:44:48 email imaplogin: LOGIN FAILED, ip=[::ffff:192.168.1.195]
    
    Please let me know if you need to see any other config files. The hostname of the email server is email.domainname.com, although I would like it to serve email for email addresses of the form username@domainname.com. Currently the domain name is in use by a previously setup and working (although ancient) qmail server so I am connecting the server using its IP address. Not sure if any of this would affect it. I'm a little concerned from looking at the pam.d/smtp file and the "users" sql table that the authorization is against the whole email address and not just the username, or am I missing something there?
     
  4. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

  5. ggere

    ggere New Member

    Okay, looked through that thread and tried what was mentioned there. MySQL is running, mail_admin has access to the tabels in mail and there are no errors regarding mysql in the log notes. It seems to be connecting to the MySQL table just fine..

    Code:
    [root@email:~]# mysql -u mail_admin -p
    Enter password:
    Welcome to the MySQL monitor.  Commands end with ; or \g.
    Your MySQL connection id is 97 to server version: 4.1.11-Debian_4sarge2-log
    
    Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
    
    mysql> select * from mail.users;
    +------------------------------+---------------+----------+
    | email                        | password      | quota    |
    +------------------------------+---------------+----------+
    | ggere@portfoliomci.com       | tBBSZgpT0Ij7U | 10485760 |
    | kmackinnon@portfoliomci.com  | hJ05pek3gdqSg | 10485760 |
    | ggere@email.portfoliomci.com | UDK03yLmpNCek | 10485760 |
    | ggere@192.168.1.37           | 3E14fZA/Q9asM | 10485760 |
    +------------------------------+---------------+----------+
    4 rows in set (0.00 sec)
    
    /etc/courier/authmysqlrc:
    Code:
    MYSQL_SERVER 127.0.0.1
    MYSQL_USERNAME mail_admin
    MYSQL_PASSWORD ######
    MYSQL_PORT 0
    MYSQL_DATABASE mail
    MYSQL_USER_TABLE users
    MYSQL_CRYPT_PWFIELD password
    #MYSQL_CLEAR_PWFIELD password
    MYSQL_UID_FIELD 5000
    MYSQL_GID_FIELD 5000
    MYSQL_LOGIN_FIELD email
    MYSQL_HOME_FIELD "/home/vmail"
    MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
    #MYSQL_NAME_FIELD
    MYSQL_QUOTA_FIELD quota
    
    /etc/courier/authmodulelist:
    Code:
    authdaemon
    
    /etc/courier/authdaemonrc:
    Code:
    ##VERSION: $Id: authdaemonrc.in,v 1.8 2001/10/07 02:16:22 mrsam Exp $
    #
    # Copyright 2000-2001 Double Precision, Inc.  See COPYING for
    # distribution information.
    #
    # authdaemonrc created from authdaemonrc.dist by sysconftool
    #
    # Do not alter lines that begin with ##, they are used when upgrading
    # this configuration.
    #
    # This file configures authdaemond, the resident authentication daemon.
    #
    # Comments in this file are ignored.  Although this file is intended to
    # be sourced as a shell script, authdaemond parses it manually, so
    # the acceptable syntax is a bit limited.  Multiline variable contents,
    # with the \ continuation character, are not allowed.  Everything must
    # fit on one line.  Do not use any additional whitespace for indentation,
    # or anything else.
    
    ##NAME: authmodulelist:0
    #
    # The authentication modules that are linked into authdaemond.  The
    # default list is installed.  You may selectively disable modules simply
    # by removing them from the following list.  The available modules you
    # can use are: authcustom authcram authuserdb authldap authpgsql authmysql authpam
    
    authmodulelist="authmysql"
    
    ##NAME: authmodulelistorig:1
    #
    # This setting is used by Courier's webadmin module, and should be left
    # alone
    
    authmodulelistorig="authcustom authcram authuserdb authldap authpgsql authmysql authpam"
    
    ##NAME: daemons:0
    #
    # The number of daemon processes that are started.  authdaemon is typically
    # installed where authentication modules are relatively expensive: such
    # as authldap, or authmysql, so it's better to have a number of them running.
    # PLEASE NOTE:  Some platforms may experience a problem if there's more than
    # one daemon.  Specifically, SystemV derived platforms that use TLI with
    # socket emulation.  I'm suspicious of TLI's ability to handle multiple
    # processes accepting connections on the same filesystem domain socket.
    #
    # You may need to increase daemons if as your system load increases.  Symptoms
    # include sporadic authentication failures.  If you start getting
    # authentication failures, increase daemons.  However, the default of 5
    # SHOULD be sufficient.  Bumping up daemon count is only a short-term
    # solution.  The permanent solution is to add more resources: RAM, faster
    # disks, faster CPUs...
    
    daemons=5
    
    ##NAME: version:0
    #
    # When you have multiple versions of authdaemond.* installed, authdaemond
    # just picks the first one it finds.  Set "version" to override that.
    # For example:  version=authdaemond.plain
    
    version=""
    
    ##NAME: authdaemonvar:0
    #
    # authdaemonvar is here, but is not used directly by authdaemond.  It's
    # used by various configuration and build scripts, so don't touch it!
    
    authdaemonvar=/var/run/courier/authdaemon
    
    /etc/postfix/main.cf:
    Code:
    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    myhostname = email.portfoliomci.com
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = email.portfoliomci.com, localhost, localhost.localdomain
    relayhost =
    mynetworks = 127.0.0.0/8
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    smtpd_sasl_local_domain =
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_security_options = noanonymous
    broken_sasl_auth_clients = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    smtpd_tls_auth_only = no
    smtp_use_tls = yes
    smtpd_use_tls = yes
    smtp_tls_note_starttls_offer = yes
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom
    home_mailbox = Maildir/
    mailbox_command =
    virtual_alias_domains =
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /home/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    virtual_create_maildirsize = yes
    virtual_mailbox_extended = yes
    virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."
    virtual_overquota_bounce = yes
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    content_filter = amavis:[127.0.0.1]:10024
    receive_override_options = no_address_mappings
    
     
  6. till

    till Super Moderator Howtoforge Staff HowtoForge Supporter ISPConfig Developer

    Have you checked the files for appended whitespaces?
     
  7. ggere

    ggere New Member

    Yes, there are no whitespaces. If there were I believe I would be getting issues accessing the mysql table, and I don't see any of those errors in the mail.log.
     
  8. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Please post the output of
    Code:
    netstat -tap
     
  9. ggere

    ggere New Member

    Netstat -tap results:
    Code:
    [root@email:~]# netstat -tap
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
    tcp        0      0 localhost.localdo:10024 *:*                     LISTEN     21581/amavisd (mast
    tcp        0      0 localhost.localdo:10025 *:*                     LISTEN     19625/master
    tcp        0      0 localhost.localdo:mysql *:*                     LISTEN     4635/mysqld
    tcp        0      0 *:smtp                  *:*                     LISTEN     19625/master
    tcp6       0      0 *:imaps                 *:*                     LISTEN     2754/couriertcpd
    tcp6       0      0 *:pop3s                 *:*                     LISTEN     2671/couriertcpd
    tcp6       0      0 *:pop3                  *:*                     LISTEN     20792/couriertcpd
    tcp6       0      0 *:imap2                 *:*                     LISTEN     20775/couriertcpd
    tcp6       0      0 *:www                   *:*                     LISTEN     4015/apache2
    tcp6       0      0 *:ssh                   *:*                     LISTEN     2115/sshd
    tcp6       0      0 *:smtp                  *:*                     LISTEN     19625/master
    tcp6       0    444 ::ffff:192.168.1.37:ssh ::ffff:192.168.1.1:1825 ESTABLISHED22290/0
    
    For some reason I'm also getting these in my mail.log now:
    Code:
    Nov 11 11:26:31 email postfix/master[19625]: warning: process /usr/lib/postfix/virtual pid 22318 exit status 1
    Nov 11 11:26:31 email postfix/master[19625]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling
    Nov 11 11:27:31 email postfix/virtual[22321]: fatal: mysql:/etc/postfix/mysql-virtual_mailboxes.cf: proxy map is not allowed for security sensitive data
    Nov 11 11:27:32 email postfix/master[19625]: warning: process /usr/lib/postfix/virtual pid 22321 exit status 1
    Nov 11 11:27:32 email postfix/master[19625]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling
    Nov 11 11:28:11 email postfix/postfix-script: stopping the Postfix mail system
    Nov 11 11:28:11 email postfix/master[19625]: terminating on signal 15
    Nov 11 11:28:12 email postfix/postfix-script: starting the Postfix mail system
    Nov 11 11:28:12 email postfix/master[22423]: daemon started -- version 2.1.5
    Nov 11 11:28:12 email postfix/qmgr[22426]: B3D2089FA: from=<root@email.portfoliomci.com>, size=1006, nrcpt=1 (queue active)
    Nov 11 11:28:12 email postfix/virtual[22431]: fatal: mysql:/etc/postfix/mysql-virtual_mailboxes.cf: proxy map is not allowed for security sensitive data
    Nov 11 11:28:13 email postfix/master[22423]: warning: process /usr/lib/postfix/virtual pid 22431 exit status 1
    Nov 11 11:28:13 email postfix/master[22423]: warning: /usr/lib/postfix/virtual: bad command startup -- throttling
    
     
    Last edited: Nov 11, 2005
  10. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Do you have

    Code:
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    in /etc/postfix/main.cf? The line must contain $virtual_mailbox_maps!
    If this doesn't help, remove proxy: from /etc/postfix/main.cf (e.g.
    Code:
    virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    instead of
    Code:
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    ).
    Don't forget to restart Postfix after your changes!
     
  11. ggere

    ggere New Member

    Okay, checked the /etc/postfix/main.cf and the proxy_read_maps line was there. So I removed the proxy part from the virtual_mailbox_maps line and receive no more errors in my mail.log file.

    I sent a test message from the "admin" account to "postmaster@portfoliomci.com" and this is the log notes:

    Code:
    Nov 11 12:37:45 email postfix/pickup[24057]: B567A8B2C: uid=1000 from=<admin>
    Nov 11 12:37:45 email postfix/cleanup[24086]: B567A8B2C: message-id=<20051111173745.GA24066@email.portfoliomci.com>
    Nov 11 12:37:45 email postfix/qmgr[24058]: B567A8B2C: from=<admin@email.portfoliomci.com>, size=459, nrcpt=1 (queue active)
    Nov 11 12:37:47 email postfix/smtpd[24097]: connect from localhost.localdomain[127.0.0.1]
    Nov 11 12:37:47 email postfix/smtpd[24097]: D512C8B2B: client=localhost.localdomain[127.0.0.1]
    Nov 11 12:37:47 email postfix/cleanup[24086]: D512C8B2B: message-id=<20051111173745.GA24066@email.portfoliomci.com>
    Nov 11 12:37:47 email postfix/qmgr[24058]: D512C8B2B: from=<admin@email.portfoliomci.com>, size=940, nrcpt=1 (queue active)
    Nov 11 12:37:47 email amavis[21587]: (21587-01) Passed, <admin@email.portfoliomci.com> -> <postmaster@portfoliomci.com>, Message-ID: <20051111173745.GA24066@email.portfoliomci.com>, Hits: -1.72
    Nov 11 12:37:47 email postfix/smtpd[24097]: disconnect from localhost.localdomain[127.0.0.1]
    Nov 11 12:37:47 email postfix/smtp[24091]: B567A8B2C: to=<postmaster@portfoliomci.com>, relay=127.0.0.1[127.0.0.1], delay=2, status=sent (250 2.6.0 Ok, id=21587-01, from MTA: 250 Ok: queued as D512C8B2B)
    Nov 11 12:37:47 email postfix/qmgr[24058]: B567A8B2C: removed
    Nov 11 12:37:48 email postfix/smtp[24101]: D512C8B2B: to=<postmaster@portfoliomci.com>, relay=mail.portfoliomci.com[192.168.1.4], delay=1, status=sent (250 ok 1131730673 qp 2896)
    Nov 11 12:37:48 email postfix/qmgr[24058]: D512C8B2B: removed
    
    Still not able to login from Thunderbird however.
     
    Last edited: Nov 11, 2005
  12. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    When you want to send emails, or when you try to fetch emails? Or both?
     
  13. ggere

    ggere New Member

    IMAP is what I'm testing at the moment, so receiving emails. But I believe sending isn't working either. Note: I can send via mutt on the server between real accounts, but I can't test virtual accounts in this way.
     
  14. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Did you use Debian stable or testing to install the server? Because in the tutorial I use stable which comes with Postfix 2.1.5, but testing comes with Postfix 2.2.x, and since 2.2 the format of the lookup files has changed.

    Have a look here: http://www.howtoforge.com/forums/showthread.php?t=1149&page=4

    Which Postfix version do you have? Run
    Code:
    postconf -d | grep mail_version
    to find out.
     
  15. ggere

    ggere New Member

    I'm using stable:

    Code:
    [root@email:~]# postconf -d | grep mail_version
    mail_version = 2.1.5
    I think this may have to do with me not having the dns information completely setup yet, instead I'm trying to connect to ggere@192.168.1.37 (the internal IP of the email server) and I have 192.168.1.37 in my domains table and a user ggere@192.168.1.37 in the users table. I will try to get my dns information setup today and see if that helps.

    If you think this isn't what is causing the problem feel free to continue and try to help, I really appreciate your input. Otherwise perhaps it would be best to wait until the dns setup is complete.

    Thanks.
     
  16. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Let's wait until DNS is set up.
     

Share This Page