Postfix and Dovecot n00b

kafmil
2012-06-07
2013-01-23
  • kafmil
    kafmil
    2012-06-07

    I cannot get postfix / dovecot to work, I am also using postfixadmin. I have tried a number of how to's, installed and reinstalled a few times but no luck so far. I am running CentOS 6.2 on a hosted VDS. I am new to postfix and dovecot, and pretty new to Linux, I used to work with it a couple of years ago and I am getting back into it now whilst working on my webserver. I yum installed both dovecot and postfix, then altered the configs to what I've listed below. I have looked at many posts about MySQL postfix connection problems but can't get the solutions to work for me. The aim is to be able to host email for multiple domains on this vds, then maybe setup another for backup mx, but I need to get this one working first :-(. This is a really long post with all my config info in it, but hopefully someone out there can help. TIA.

    If I telnet localhost 25, I get:

    220 mail.littleguy.com.au ESMTP Postfix
    

    then nothing. But for telnet localhost 143 (or 993) I get

    telnet: connect to address ::1: Connection refused
    

    Dovecot is not giving me any errors in maillog, but I am getting a few warnings for postfix which I am pretty sure is because it can't connect to MySQL:

    Jun  7 14:01:02 vds1 postfix/pickup[17640]: 8A8234998D: uid=0 from=<user@localhost>
    Jun  7 14:01:02 vds1 postfix/cleanup[17645]: warning: connect to mysql server unix:/var/lib/mysql/mysql.sock: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13)
    Jun  7 14:01:02 vds1 postfix/cleanup[17645]: warning: 8A8234998D: virtual_alias_maps map lookup problem for root@localhost.<mydomainname>.com.au
    Jun  7 14:01:02 vds1 postfix/pickup[17640]: 8ADED4998D: uid=0 from=<user@localhost>
    Jun  7 14:01:02 vds1 postfix/cleanup[17642]: warning: 8ADED4998D: virtual_alias_maps map lookup problem for root@localhost.<mydomainname>.com.au
    Jun  7 14:01:02 vds1 postfix/pickup[17640]: 8B2794998D: uid=0 from=<user@localhost>
    Jun  7 14:01:02 vds1 postfix/cleanup[17642]: warning: 8B2794998D: virtual_alias_maps map lookup problem for root@localhost.<mydomainname>.com.au
    Jun  7 14:02:02 vds1 postfix/pickup[17640]: 8B4934998D: uid=0 from=<user@localhost>
    Jun  7 14:02:02 vds1 postfix/cleanup[17645]: warning: 8B4934998D: virtual_alias_maps map lookup problem for root@localhost.<mydomainname>.com.au
    

    main.cf:

    queue_directory = /var/spool/postfix
    command_directory = /usr/sbin
    daemon_directory = /usr/libexec/postfix
    data_directory = /var/lib/postfix
    mail_owner = postfix
    myhostname = mail.<mydomainname>.com
    mydomain = <mydomainname>.com.au
    myorigin = $mydomain
    inet_interfaces = all
    inet_protocols = all
    mydestination = $myhostname, localhost.$mydomain, localhost
    unknown_local_recipient_reject_code = 550
    virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
    virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
    virtual_transport = virtual
    virtual_mailbox_base = /etc/maildata
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf
    virtual_minimum_uid = 89
    virtual_uid_maps = static:89
    virtual_gid_maps = static:89
    smtpd_tls_cert_file = /etc/ssl/postfix/postfix.pem
    smtpd_tls_key_file = /etc/ssl/postfix/postfix.key
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_security_level = may
    smtpd_tls_session_cache_database = btree:/var/spool/postfix/smtpd_tls_cache
    smtpd_sasl_auth_enable = yes
    smtpd_sasl_type = dovecot
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    smtpd_sasl_security_options = noanonymous
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    smtp_tls_loglevel = 1
    smtp_tls_cert_file = $smtpd_tls_cert_file
    smtp_tls_key_file = $smtpd_tls_key_file
    smtp_tls_security_level = may
    smtp_tls_session_cache_database = btree:/var/spool/postfix/smtp_tls_scache
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    debug_peer_level = 2
    debugger_command =
             PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
             ddd $daemon_directory/$process_name $process_id & sleep 5
    sendmail_path = /usr/sbin/sendmail.postfix
    newaliases_path = /usr/bin/newaliases.postfix
    mailq_path = /usr/bin/mailq.postfix
    setgid_group = postdrop
    html_directory = no
    manpage_directory = /usr/share/man
    sample_directory = /usr/share/doc/postfix-2.6.6/samples
    readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
    

    /etc/postfix/mysql_virtual_alias_maps.cf

    user = postfix
    password = <password>
    hosts = unix:/var/lib/mysql/mysql.sock  -- I have tried 127.0.0.1 and localhost here, I can connect to mysql on either from the command line
    dbname = postfix
    query = SELECT goto FROM alias WHERE address='%s'
    select_field = goto
    table = alias
    where_field = address
    

    vi /etc/postfix/mysql_virtual_mailbox_maps.cf

    user = postfix
    password = <password>
    hosts = unix:/var/lib/mysql/mysql.sock
    dbname = postfix
    query = SELECT 1 FROM mailbox WHERE username='%s'
    select_field = 1
    table = mailbox
    where_field = username
    

    /etc/postfix/mysql_virtual_alias_maps.cf

    user = postfix
    password = <password>
    hosts = unix:/var/lib/mysql/mysql.sock
    dbname = postfix
    query = SELECT goto FROM alias WHERE address='%s'
    select_field = goto
    table = alias
    where_field = address
    

    dovecot.conf

    # 2.0.9: /etc/dovecot/dovecot.conf
    # OS: Linux 2.6.32-220.17.1.el6.x86_64 x86_64 CentOS release 6.2 (Final)
    auth_mechanisms = plain login
    auth_realms = <mydomainname1>.com <mydomainname2>.com <mydomainname3>.com <mydomainname4>.com
    first_valid_gid = 89
    first_valid_uid = 89
    last_valid_gid = 89
    last_valid_uid = 89
    listen =
    mail_location = maildir:~/
    passdb {
      args = /etc/dovecot/dovecot-mysql.conf
      driver = sql
    }
    plugin {
      quota = maildir
    }
    service auth {
      executable = /usr/libexec/dovecot/auth
      unix_listener /var/spool/postfix/private/auth {
        group = postfix
        mode = 0666
        user = postfix
      }
      user = nobody
    }
    ssl = no
    ssl_cert = </etc/ssl/certs/dovecot/dovecot.pem
    ssl_key = </etc/ssl/certs/dovecot/dovecot.key
    userdb {
      driver = prefetch
    }
    userdb {
      args = /etc/dovecot/dovecot-mysql.conf
      driver = sql
    }
    verbose_proctitle = yes
    verbose_ssl = yes
    protocol imap {
      imap_client_workarounds = delay-newmail   tb-extra-mailbox-sep
      mail_plugins = quota imap_quota
    }
    protocol pop3 {
      pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
      pop3_uidl_format = %08Xu%08Xv
    }
    protocol lda {
      auth_socket_path = /var/run/dovecot/auth-master
      hostname = mail.<mydomainname1>.com
      postmaster_address = webmaster@<mydomainname1>.com
    }
    
     
  • Simon Hobson
    Simon Hobson
    2012-06-07

    OK, it's obvious that you have several problems here - and you're making life difficult by trying to solve them all at once. So lets break it down into steps :

    1) Postfix isn't connecting to MySQL
    2) Postfix isn't setup properly for Postfix Admin
    3) Dovecot isn't working

    Lets start with 1 which is fundamental to the whole system. But bear in mind I'm no expert myself and I have almost zero experience with CentOS.

    When trying to connect to a socket, bear in mind that Postfix may be running chroot - that means, when started, one of the early steps the software (or whatever starts it) does is to change it's view of the filesystem so that "/" (the root of the filesystem) is somewhere else. Normally the distro specific startup scripts will take care of copying the files it needs into it's chroot area - but they won't know about additional things you've configured (such as a socket used to communicate with other software.

    So, if using a unix socket for MySQL, you will need to put it somewhere accessible to Postfix when it's running - that means changing the config for MySQL. You'll have two different paths - you tell MySQL to put it somewhere relative to the whole filesystem, and tell Postfix to look for it relative to it's chroot location.
    Eg, MySQL may be putting it at /var/lib/mysql/mysql.sock, but Postfix is looking for it at /var/<something>/var/lib/mysql/mysql.sock because it's been chroot'd to /var/<something>/

    Using an IP address to access MySQL is an alternative - whether that's 127.0.0.1 or a real IP address. If you configure MySQL to listen on an IP address other than localhost, then you also need to consider security - ideally apply iptables rules to block inbound connections. Using an IP socket means you don't have to worry about different views of the filesystem making the unix socket appear in different places for different bits of software.

    Now, item 2.
    You don't have Postfix setup to the current version of PFA. There's a text file comes with PFA which lists all the setup - there are significantly more SQL lookup command files than you have configured.

    Item 3
    I don't know anything about Dovecot, but I suspect by the time you've solved 1 then you may have some better ideas where to look. Does it get chroot'd is the first question to ask.

     
  • kafmil
    kafmil
    2012-06-08

    Thanks SimonHobson. I have made a number of changes to my config, I checked my settings against http://flurdy.com/docs/postfix/ and used some of the settings. I have managed to send an email to my gmail account via telnet, so postfix is at least partially working.
    From the mail log:

    Jun  8 14:24:14 vds1 postfix/smtpd[10088]: connect from localhost[::1]
    Jun  8 14:24:44 vds1 postfix/smtpd[10088]: 073F949A14: client=localhost[::1]
    Jun  8 14:24:50 vds1 postfix/cleanup[10096]: 073F949A14: message-id=<20120608042444.073F949A14@mail.<mydomainname>.com>
    Jun  8 14:24:50 vds1 postfix/qmgr[7288]: 073F949A14: from=<webmaster@<mydomainname>.com>, size=370, nrcpt=1 (queue active)
    Jun  8 14:24:51 vds1 postfix/smtp[10097]: 073F949A14: to=<mygmailname@gmail.com>, relay=<mydomainname>.com[123.456.789.012]:25, delay=19, delays=19/0.02/0.03/0.01, dsn=2.0.0, status=sent (250 OK id=1Scql6-004HSu-Bq)
    Jun  8 14:24:51 vds1 postfix/qmgr[7288]: 073F949A14: removed
    Jun  8 14:24:53 vds1 postfix/smtpd[10088]: disconnect from localhost[::1]
    

    When I try this with a local address, I still get the MySQL connection error, however it seems to be getting the domain list from the database at other times so I don't get it. The mail also can't be going anywhere as the mail folder hasn't been created.

    Jun  8 14:26:58 vds1 postfix/smtpd[10106]: connect from localhost[::1]
    Jun  8 14:27:56 vds1 postfix/smtpd[10106]: AB93B4A914: client=localhost[::1]
    Jun  8 14:28:10 vds1 postfix/cleanup[10164]: AB93B4A914: message-id=<20120608042756.AB93B4A914@mail.<mydomainname>.com>
    Jun  8 14:28:10 vds1 postfix/qmgr[7288]: AB93B4A914: from=<postmaster@<mydomainname>.com>, size=392, nrcpt=1 (queue active)
    Jun  8 14:28:10 vds1 postfix/virtual[10165]: warning: connect to mysql server localhost: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13)
    Jun  8 14:28:10 vds1 postfix/virtual[10165]: warning: table virtual_mailbox_maps: lookup webmaster@<mydomainname>.com: Permission denied
    Jun  8 14:28:10 vds1 postfix/virtual[10165]: AB93B4A914: to=<webmaster@<mydomainname>.com>, relay=virtual, delay=32, delays=32/0.01/0/0.01, dsn=4.3.5, status=deferred (mail system configuration error)
    Jun  8 14:28:13 vds1 postfix/smtpd[10106]: disconnect from localhost[::1]
    

    I can telnet to dovecot but I can't log in yet. I know these are long posts but I am hoping

    1. to get some help;
    2. and hopefully help someone else out there from my learnings.
      OK, so the dovecot error in the log is

      Jun  8 12:29:30 vds1 dovecot: imap: Debug: Loading modules from directory: /usr/lib64/dovecot
      Jun  8 12:29:30 vds1 dovecot: imap: Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so
      Jun  8 12:29:30 vds1 dovecot: imap: Debug: Module loaded: /usr/lib64/dovecot/lib11_imap_quota_plugin.so
      Jun  8 12:29:30 vds1 dovecot: imap: Debug: Added userdb setting: mail=
      Jun  8 12:29:30 vds1 dovecot: imap: Debug: Added userdb setting: plugin/quota=dict:storage=0 proxy::quota
      Jun  8 12:29:30 vds1 dovecot: imap(webmaster@.com): Debug: Effective uid=89, gid=89, home=/var/spool/mail/virtual/.com/webmaster/
      Jun  8 12:29:30 vds1 dovecot: imap(webmaster@.com): Debug: Home dir not found: /var/spool/mail/virtual/.com/webmaster/
      Jun  8 12:29:30 vds1 dovecot: imap(webmaster@.com): Debug: Quota root: name=storage=0 proxy backend=dict args=:quota
      Jun  8 12:29:30 vds1 dovecot: imap(webmaster@.com): Debug: dict quota: user=webmaster@.com, uri=quota, noenforcing=0
      Jun  8 12:29:30 vds1 dovecot: imap(webmaster@.com): Error: Dictionary URI is missing ':': quota
      Jun  8 12:29:30 vds1 dovecot: imap(webmaster@.com): Error: user webmaster@.com: Initialization failed: Failed to initialize quota: Quota root storage=0 proxy: init() failed
      Jun  8 12:29:30 vds1 dovecot: imap(webmaster@.com): Error: Invalid user settings. Refer to server log for more information.

    The home directory isn't there, I am not sure if I should create it manually, I thought PostFixAdmin (pfadm) should create it when I create the accounts. pfadm seems to be working, it creates the accounts in the database and postfix and dovecot seem to be able to find them from what I can see.
    main.conf:

    queue_directory = /var/spool/postfix
    command_directory = /usr/sbin
    daemon_directory = /usr/libexec/postfix
    data_directory = /var/lib/postfix
    mail_owner = postfix
    myhostname = mail.<mydomainname>.com
    mydomain = <mydomainname>.com
    myorigin = $mydomain
    inet_interfaces = all
    inet_protocols = all
    mydestination =
    local_recipient_maps =
    mynetworks_style = host
    relayhost = mail.<myrelaydomainname>.com
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
    smtp_sasl_mechanism_filter = digest-md5
    smtp_sasl_security_options=
    smtp_sasl_mechanism_filter = plain login
    smtp_sasl_security_options = noanonymous
    alias_maps = hash:/etc/postfix/aliases
    alias_database = hash:/etc/postfix/aliases
    debug_peer_level = 2
    debugger_command =
             PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
             ddd $daemon_directory/$process_name $process_id & sleep 5
    newaliases_path = /usr/bin/newaliases.postfix
    mailq_path = /usr/bin/mailq.postfix
    setgid_group
    setgid_grou_ = postdrop
    html_directory = no
    manpage_directory = /usr/share/man
    sample_directory = /usr/share/doc/postfix-2.6.6/samples
    readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
    # how long if undelivered before sending warning update to sender
    delay_warning_time = 4h
    # will it be a permanent error or temporary
    unknown_local_recipient_reject_code = 450
    # how long to keep message on queue before return as failed.
    # some have 3 days, I have 16 days as I am backup server for some people
    # whom go on holiday with their server switched off.
    maximal_queue_lifetime = 7d
    # max and min time in seconds between retries if connection failed
    minimal_backoff_time = 1000s
    maximal_backoff_time = 8000s
    # how long to wait when servers connect before receiving rest of data
    smtp_helo_timeout = 60s
    # how many address can be used in one message.
    # effective stopper to mass spammers, accidental copy in whole address list
    # but may restrict intentional mail shots.
    smtpd_recipient_limit = 16
    # how many error before back off.
    smtpd_soft_error_limit = 3
    # how many max errors before blocking it.
    smtpd_hard_error_limit = 12
    # Requirements for the HELO statement
    smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
    # Requirements for the sender details
    smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
    # Requirements for the connecting server
    smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl, reject_rbl_client dnsbl.njabl.org
    # Requirement for the recipient address
    smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit
    smtpd_data_restrictions = reject_unauth_pipelining
    # require proper helo at connections
    smtpd_helo_required = yes
    # waste spammers time before rejecting them
    smtpd_delay_reject = yes
    disable_vrfy_command = yes
    # this specifies where the virtual mailbox folders will be located
    virtual_mailbox_base = /var/spool/mail/virtual
    # this is for the mailbox location for each user
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
    # and this is for aliases
    virtual_alias_maps = proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
    # and this is for domain lookups
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
    # Additional for quota support
    virtual_create_maildirsize = yes
    virtual_mailbox_extended = yes
    virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please contact the administrator.
    virtual_overquota_bounce = yes
    virtual_uid_maps = static:89
    virtual_gid_maps = static:89
    

    mysql_virtual_alias_domain_catchall_maps.cf

    # handles catch-all settings of target-domain
    user = postfix
    password = mydbpassword
    hosts = localhost
    dbname = postfix
    query  = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
    

    mysql_virtual_alias_domain_mailbox_maps.cf

    user = postfix
    password = mydbpassword
    hosts = localhost
    dbname = postfix
    query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'
    

    mysql_virtual_alias_domain_maps.cf

    user = postfix
    password = mydbpassword
    hosts = localhost
    dbname = postfix
    query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'
    

    mysql_virtual_alias_maps.cf

    user = postfix
    password = mydbpassword
    hosts = localhost
    dbname = postfix
    query = SELECT goto FROM alias WHERE address='%s' AND active = 1
    

    mysql_virtual_domains_maps.cf

    user = postfix
    password = mydbpassword
    hosts = localhost
    dbname = postfix
    query = SELECT domain FROM domain WHERE domain='%s' AND active = 1
    

    mysql_virtual_domains_maps.cf

    user = postfix
    password = mydbpassword
    hosts = localhost
    dbname = postfix
    query = SELECT domain FROM domain WHERE domain='%s' AND active = 1
    

    mysql_virtual_mailbox_limit_maps.cf

    user = postfix
    password = mydbpassword
    hosts = localhost
    dbname = postfix
    query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'
    

    mysql_virtual_mailbox_maps.cf

    user = postfix
    password = mydbpassword
    hosts = localhost
    dbname = postfix
    query = SELECT maildir FROM mailbox WHERE username='%s' and active = 1
    

    dovecot.conf

    # 2.0.9: /etc/dovecot/dovecot.conf
    # OS: Linux 2.6.32-220.17.1.el6.x86_64 x86_64 CentOS release 6.2 (Final)
    auth_mechanisms = plain login
    auth_realms = AB93B4A914 littleguysolutions.com.au cutupanddye.com.au 4seasonspestcontrol.com.au
    first_valid_gid = 89
    first_valid_uid = 89
    last_valid_gid = 89
    last_valid_uid = 89
    listen = *
    mail_location = maildir:/var/spool/mail/virtual/
    passdb {
      args = /etc/dovecot/dovecot-mysql.conf
      driver = sql
    }
    plugin {
      quota = dict:User quota::proxy::quota
    }
    dict {
      quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
    }
    service auth {
      executable = /usr/libexec/dovecot/auth
      unix_listener /var/spool/postfix/private/auth {
        group = postfix
        mode = 0666
        user = postfix
      }
      user = dovecot
    }
    ssl = no
    ssl_cert = </etc/ssl/certs/dovecot/dovecot.pem
    ssl_key = </etc/ssl/certs/dovecot/dovecot.key
    #userdb {
    #  driver = prefetch
    #}
    userdb {
      args = /etc/dovecot/dovecot-mysql.conf
      driver = sql
    }
    verbose_proctitle = yes
    verbose_ssl = yes
    protocol imap {
      imap_client_workarounds = delay-newmail   tb-extra-mailbox-sep
      mail_plugins = quota imap_quota
    }
    protocol pop3 {
      pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
      pop3_uidl_format = %08Xu%08Xv
      mail_plugins = quota
    }
    protocol lda {
      auth_socket_path = /var/run/dovecot/auth-master
      hostname = mail.AB93B4A914
      postmaster_address = webmaster@AB93B4A914
      mail_plugins = quota
    }
    auth_verbose=yes
    auth_debug=yes
    mail_debug=yes
    verbose_ssl=yes
    

    dovecot-mysql.conf

    # dovecot ver = 1.0.7 - 1.1.3 compatible
    connect = host=localhost port=3306 user=postfix password=mydbpassword dbname=postfix
    driver = mysql
    default_pass_scheme = MD5-CRYPT
    password_query = SELECT password,CONCAT('/var/spool/mail/virtual/', maildir) AS userdb_home, '89' AS userdb_uid, '89' AS userdb_gid, NULL as allow_nets FROM mailbox WHERE username = '%u' AND domain = '%d' AND active = '1'
    user_query = SELECT CONCAT('/var/spool/mail/virtual/', maildir) AS home, '' as mail, '89' AS uid, '89' AS gid, CONCAT('dict:storage=',floor(quota/1024),' proxy::quota') AS quota FROM mailbox WHERE username = '%u' AND domain = '%d'
    

    dovecot-dict-sql.conf.ext

    connect = host=localhost dbname=postfix user=postfix password=mydbpassword
    map {
      pattern = priv/quota/storage
      table = quota2
      username_field = username
      value_field = bytes
    }
    map {
      pattern = priv/quota/messages
      table = quota2
      username_field = username
      value_field = messages
    }
    

    Dovecot, postfix and mysqld services are all running.
    Relevant items from netstat -tulpn

    Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
    tcp        0      0 127.0.0.1:3306              0.0.0.0:*                   LISTEN      4348/mysqld         
    tcp        0      0 0.0.0.0:110                 0.0.0.0:*                   LISTEN      8170/dovecot        
    tcp        0      0 0.0.0.0:143                 0.0.0.0:*                   LISTEN      8170/dovecot        
    tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN      7285/master         
    tcp        0      0 :::25                       :::*                        LISTEN      7285/master
    
     
  • kafmil
    kafmil
    2012-06-08

    OK, getting there 1 error at a time. I've gotten rid of this issue:

    imap(webmaster@<mydomainname>.com): Error: Dictionary URI is missing ':': quota
    

    The user_query in dovecot.conf was using 1.2 style, I have updated the quota selection to version 2 requirements. This:

    CONCAT('dict:storage=',floor(quota/1024),' proxy::quota') AS quota
    

    has changed to this:

    CONCAT('*:messages=10000:bytes=', quota) as quota_rule[/code]
    

    **The one that is really getting me is the lack of a mail folder, this should get created but isn't.

     
  • Simon Hobson
    Simon Hobson
    2012-06-08

    Firstly, I wouldn't worry about the Dovecot error yet. It's not finding the mailbox (among other things) which is correct.

    The mailbox is created by Postfix when the first mail is sent to it. While it's possible (with some work) to get PFA to create mailboxes, it's easiest to just send a welcome mail (the default IIRC) when creating them and Postfix will then create the mailbox as it delivers the message.

    What happens if you invoke MySQL like this :

    mysql --user=postfix --password=mydbpassword --database=postfix --host=localhost -e 'select * from mailbox ;'
    

    Have you found out if your installation runs Postfix in a chroot jail ? IIRC it's one of the columns in /etc/postfix/master.cf

     
  • kafmil
    kafmil
    2012-06-08

    Running that command lists the table as expected. Everything is listed as no to chroot in master.cf

    I am sending a welcome email when I create the account in pfadm. I also sent an email to webmaster using telnet, which I assumed should have created the mailbox. The mail I sent to my gmail account goes through with no problems, so I am guessing there is still something wrong with postfix as it does not seem to be sending the email to the webmaster account, which is a local account.

     
  • kafmil
    kafmil
    2012-06-08

    I think another problem is this:

    Jun  8 17:27:49 vds1 dovecot: imap(webmaster@<mydomainname>.com): Debug: mbox autodetect: has .imap/: stat(/var/spool/mail/virtual/<mydomainname>.com/webmaster//mail/.imap) failed: No such file or directory
    

    which happens when I try to telnet login to dovecot now.
    There is a / at the end of the maildir in the database ( <mydomainname>.com/webmaster/ ) and when dovecot is searching for the folder it is adding a / before mail.imap, which is creating the double slash. I am not sure if this is affecting postfix as well, will keep on searching!

     
  • kafmil
    kafmil
    2012-06-08

    I think the mailbox not getting created must have something to do with the error:

    warning: table virtual_mailbox_maps: lookup webmaster@<mydomainname>.com: Permission denied
    

    but I can run this with no permission problems, which is the query in the file mysql_virtual_mailbox_maps.cf

    mysql --user=postfix --password=mydbpassword --database=postfix --host=localhost -e 'SELECT maildir FROM mailbox WHERE username="webmaster@<mydomainname>.com" and active = 1;'
    

    The result from the query in mysql_virtual_alias_domain_mailbox_maps.cf also runs but returns 0 results which is correct.

    If postfix can't get the name of the maildir it can't create it, I just can't find any info out there on why? There must be someone out there with the same issue, I just need to find the right post!

     
  • Does CentOS use AppArmor or SELinux? If yes, temporarily disable it and test again (and/or check the audit.log if you see some deny messages).

    In case of AppArmor, I'll be able to help ;-)

     
  • kafmil
    kafmil
    2012-06-10

    There is an SELinux issue, I disabled it for a while by running

    setenforce 0
    

    , which got rid of the mysql permissions errors. I am going to reconfigure SELinux now so I can have it work with postfix/mysql. 

    But then this error started to appear:

    postfix/virtual[9130]: warning: recipient webmaster@<mydomainname>.com.au: bad uid 89 in virtual_uid_maps
    

    I have found a few posts saying a few different things, once again tried them all with no luck. I set the virtual user minimum in main.cf

    virtual_minimum_uid = 1000
    

    to avoid the problem mentioned here http://www.irbs.net/internet/postfix/0512/1243.html. In the same thread it also mentions that you can't use the postfix user for the virtual mailbox owner, so I changed it to the dovecot user (it says here http://archives.neohapsis.com/archives/postfix/2005-08/1452.html to use the IMAP user), but still have the same error.

    I am still completely stuck and way over schedule with trying to get this working. I am desperately needing help! I will continue to post my progression here, hopefully other users are getting something out of it.

    TIA

     
  • GingerDog
    GingerDog
    2012-06-10

    I use :

    (in /etc/postfix/main.cf)

    virtual_minimum_uid = 8
    virtual_transport = virtual
    virtual_uid_maps = static:8
    virtual_gid_maps = static:8

    (on my server 8 = 'mail').

    Then (in my case, as I'm using courier + postgresql) I just need to specify that it should also be using UID 8 - using PGSQL_UID_FIELD '8' in /etc/courier/authpgsqlrc.

    Obviously then just chown -R 8:8 /path/to/whereever/mail lives (as specified by virtual_mailbox_base in postfix's main.cf - e.g. /var/mail/vmail and your pop3/imap daemon's config file)

    David.

     
  • kafmil
    kafmil
    2012-06-10

    Thanks gingerdog, tried the mail user with no luck, then changed virtual_minimum_uid to 1 instead and the error has gone away. Definitely on the right track now, postfix has created the domain folder and the mailbox folder. The mail has all been delivered. Hallelujah!! No to check dovecot and get SELinux working with the whole setup.

     
  • kafmil
    kafmil
    2012-06-11

    I had a read through the SE Linux documentation on the Centos website, very handy. Then took a look at this walkthrough as well http://www.laliluna.de/articles/2008/09/04/selinux-with-postfix-postgrey-dovecot.html. I didin't follow it line for line, but after reading the documentation on the Centos site you can judge for yourself what you do and don't need. SELinux is no longer an issue for postfix.

     
  • kafmil
    kafmil
    2012-06-11

    Unfortunately back to this again:

    Jun 11 10:25:00 vds1 dovecot: imap(webmaster@<mydomainname>.com): Debug: Effective uid=97, gid=89, home=/var/spool/mail/virtual/<mydomainname>.com/webmaster/
    Jun 11 10:25:00 vds1 dovecot: imap(webmaster@<mydomainname>.com): Debug: Quota root: name=user backend=dict args=:proxy::quotadict
    Jun 11 10:25:00 vds1 dovecot: imap(webmaster@<mydomainname>.com): Debug: Quota rule: root=user mailbox=* bytes=0 messages=10000
    Jun 11 10:25:00 vds1 dovecot: imap(webmaster@<mydomainname>.com): Debug: dict quota: user=webmaster@<mydomainname>.com, uri=proxy::quotadict, noenforcing=0
    Jun 11 10:25:00 vds1 dovecot: imap(webmaster@<mydomainname>.com): Debug: maildir: access(/var/spool/mail/virtual/<mydomainname>.com/webmaster//Maildir, rwx): failed: No such file or directory
    Jun 11 10:25:00 vds1 dovecot: imap(webmaster@<mydomainname>.com): Debug: maildir: couldn't find root dir
    Jun 11 10:25:00 vds1 dovecot: imap(webmaster@<mydomainname>.com): Debug: mbox autodetect: has .imap/: stat(/var/spool/mail/virtual/<mydomainname>.com/webmaster//mail/.imap) failed: No such file or directory
    Jun 11 10:25:00 vds1 dovecot: imap(webmaster@<mydomainname>.com): Debug: mbox autodetect: has inbox: stat(/var/spool/mail/virtual/<mydomainname>.com/webmaster//mail/inbox) failed: No such file or directory
    Jun 11 10:25:00 vds1 dovecot: imap(webmaster@<mydomainname>.com): Debug: mbox autodetect: has mbox: stat(/var/spool/mail/virtual/<mydomainname>.com/webmaster//mail/mbox) failed: No such file or directory
    Jun 11 10:25:00 vds1 dovecot: imap(webmaster@<mydomainname>.com): Debug: mbox autodetect: has .imap/: stat(/var/spool/mail/virtual/<mydomainname>.com/webmaster//Mail/.imap) failed: No such file or directory
    Jun 11 10:25:00 vds1 dovecot: imap(webmaster@<mydomainname>.com): Debug: mbox autodetect: has inbox: stat(/var/spool/mail/virtual/<mydomainname>.com/webmaster//Mail/inbox) failed: No such file or directory
    Jun 11 10:25:00 vds1 dovecot: imap(webmaster@<mydomainname>.com): Debug: mbox autodetect: has mbox: stat(/var/spool/mail/virtual/<mydomainname>.com/webmaster//Mail/mbox) failed: No such file or directory
    Jun 11 10:25:00 vds1 dovecot: imap(webmaster@<mydomainname>.com): Debug: mbox: couldn't find root dir
    Jun 11 10:25:00 vds1 dovecot: imap(webmaster@<mydomainname>.com): Error: user webmaster@<mydomainname>.com: Initialization failed: mail_location not set and autodetection failed: Mail storage autodetection failed with home=/var/spool/mail/virtual/<mydomainname>.com/webmaster/
    Jun 11 10:25:00 vds1 dovecot: imap(webmaster@<mydomainname>.com): Error: Invalid user settings. Refer to server log for more information.
    

    The mailbox is just at /var/spool/mail/virtual/<mydomainname>.com/webmaster/, which is the last folder it searches for, however i think it needs the trailing slash to be removed. When pfadm creates the mailbox it adds the trailing slash so i am guessing the issue is in the pfadm setup somewhere. This should be an easy one to fix, I just need to find the setting. Hopefully removing that slash does not stuff up the postfix setup when it tries to create the mailbox?

     
  • Simon Hobson
    Simon Hobson
    2012-06-11

    On the last problem, has the mailbox directory actually been created ?

    On the issue of virtual user uid & gid, I have this in my main.cf :

    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    
     
  • kafmil
    kafmil
    2012-06-11

    Dovecot can't find the maildir. That was probably because it was in the wrong place, or at least not the same place it wanted to find it. I changed The maildir lookup in postfix concatenating Maildir to the end in both mysql_virtual_mailbox_maps.cf

    SELECT CONCAT(maildir,'Maildir/') as maildir FROM mailbox WHERE username='%s' and active = 1
    

    and mysql_virtual_alias_domain_mailbox_maps.cf

    SELECT CONCAT(maildir,'Maildir/') as maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'
    

    . I deleted the old mailbox folders and had postfix recreate them by sending a new mail to the mailboxes. Logged in to dovecot with telnet

     telnet localhost 143
    

    then

    a login "webmaster@<mydomainname>.com" "myemailpasswd"
    

    and went straight in. Tried the same from an external computer, after disabling iptables I could log access both dovecot and postfix remotely via telnet. My setup still needs securing, as it is only halfway there which is preventing me from using a mail client to access the server, but so far I am pretty happy.

    I hope this has been useful for someone out there, I think I am going to stop documenting the trials and tribulations of setting up my mail server here.

     
  • kafmil
    kafmil
    2012-06-11

    Well, maybe one more post. Does any know a good how to for securing postfix / dovecot on Centos 6. Unfortunately most of the how to's I have find, like most how tos for linux mail servers, they were written about 5 or more years ago on previous versions with settings that are no longer relevant.

     
  • GingerDog
    GingerDog
    2012-06-11

    kafmil -

    My only 2p is :

    1. Check what ports are listening (netstat -tcp -lpn) - make sure e.g. MySQL is only listening on 127.0.0.1

    2. Install something like fail2ban and have it check for brute force auth attempts (perhaps using the sasl check).

    3. Restrict access to PostfixAdmin by IP address (via Apache etc)

     
  • kafmil
    kafmil
    2012-06-12

    Thanks again gingerdog, working on that now.

    Unfortunately got a little ahead of myself, found another issue that I am struggling to find an answer for. I am getting this error:

    Jun 12 10:03:48 vds1 dovecot: imap(webmaster@<mydomainname>.com.au): Error: net_connect_unix(/var/run/dovecot/dict) failed: Permission denied (euid=97(dovecot) egid=89(postfix) missing +r perm: /var/run/dovecot/dict, euid is not dir owner)
    Jun 12 10:03:48 vds1 dovecot: imap(webmaster@<mydomainname>.com.au): Error: Internal quota calculation error
    

    I can chown the file /var/run/dovecot/dict to dovecot, however when I restart dovecot, it reverts back to root as the owner. If I don't restart dovecot, everything works well, I am guessing this is still a config issue. I am chowning and not restarting for now, but will keep looking for a proper solution.

    Any ideas?

     
  • Simon Hobson
    Simon Hobson
    2012-06-12

    For the Dovecot specific issues, you'd probably be better trying the help forums/lists for Dovecot.