Setting up a new installation of ispconfig 3.1.2, dovecot, and postfix as outlined in the how-to documentation. /perfect-server-centos-6.4-x86_64-nginx-dovecot-ispconfig-3-p4 I'm about at my wit's end. Most things are operational. LEMP stack with ispconfig. Everything works well except mail. Forums can send out mail but it's a big no-go with clients. Not that my knowledge is all that great with other server aspects, but this is all new territory for me setting up mail services. Dumb as a fence post you might say. When trying to login squirrelmail, this shows in the error log: Feb 902:57:55 postfix/smtpd[21547]: warning: SASL:Connect to private/auth failedermission denied Feb 902:57:55 postfix/smtpd[21547]: fatal:no SASL authentication mechanisms Feb 902:57:56 postfix/master[18521]: warning: process /usr/libexec/postfix/smtpd pid 21547exit status 1 Feb 902:57:56 postfix/master[18521]: warning:/usr/libexec/postfix/smtpd: bad command startup -- throttling Here's a sample from the error logs: Logging in by command line this happens: telnet localhost 143 Trying::1... Connected to localhost. Escape character is'^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN]Dovecot ready. a login [email protected] password a NO [AUTHENTICATIONFAILED]Authentication failed. And in the error log: Feb 902:58:24 dovecot: imap-loginisconnected:Inactivity(auth failed,1 attempts): user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, secured Please help! Again, I'm new to all this. I have no idea where to go from here. Thanks!!
Thanks ahrasis. You're a good man to help. The problem is probably something very simple. Unfortuntately that wasn't the fix.
I agree that the problem could be something simple. If your dovecot dovecot.conf and 10-master.conf files and postfix main.cf file are all already correct, then I am not sure where lie your problems.
Perhaps I should post those! Perhaps you eagle eyed guys can spot the issue. dovecot.conf: Code: listen = *,[::] protocols = imap pop3 auth_mechanisms = plain login disable_plaintext_auth = no log_timestamp = "%Y-%m-%d %H:%M:%S " mail_privileged_group = vmail ssl_cert = </etc/postfix/smtpd.cert ssl_key = </etc/postfix/smtpd.key passdb { args = /etc/dovecot-sql.conf driver = sql } userdb { driver = prefetch } userdb { args = /etc/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve=/var/vmail/%d/%n/.sieve } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service imap-login { client_limit = 1000 process_limit = 500 } protocol imap { mail_plugins = quota imap_quota } protocol pop3 { pop3_uidl_format = %08Xu%08Xv mail_plugins = quota } protocol lda { mail_plugins = sieve quota postmaster_address = [email protected] } protocol lmtp { postmaster_address = [email protected] mail_plugins = quota sieve } mail_plugins = $mail_plugins quota client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } main.cf: Code: queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix mail_owner = postfix inet_interfaces = all inet_protocols = all unknown_local_recipient_reject_code = 550 debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop html_directory = no manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.6.6/samples readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES virtual_alias_domains = virtual_alias_maps = hash:/etc/mailman/virtual-mailman, proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf virtual_mailbox_base = /var/vmail virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_authenticated_header = yes smtpd_restriction_classes = greylisting greylisting = check_policy_service inet:127.0.0.1:10023 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf smtpd_use_tls = yes smtpd_tls_security_level = may smtpd_tls_cert_file = /etc/postfix/smtpd.cert smtpd_tls_key_file = /etc/postfix/smtpd.key transport_maps = hash:/var/lib/mailman/data/transport-mailman, proxy:mysql:/etc/postfix/mysql-virtual_transports.cf relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf relay_recipient_maps = mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf smtpd_sender_login_maps = proxy:mysql:/etc/postfix/mysql-virtual_sender_login_maps.cf proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps smtpd_helo_required = yes smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname, reject_non_fqdn_hostname, check_helo_access regexp:/etc/postfix/blacklist_helo smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated, check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf, check_sender_access regexp:/etc/postfix/tag_as_foreign.re smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-virtual_client.cf smtpd_client_message_rate_limit = 100 maildrop_destination_concurrency_limit = 1 maildrop_destination_recipient_limit = 1 virtual_transport = dovecot header_checks = regexp:/etc/postfix/header_checks mime_header_checks = regexp:/etc/postfix/mime_header_checks nested_header_checks = regexp:/etc/postfix/nested_header_checks body_checks = regexp:/etc/postfix/body_checks smtp_tls_security_level = may smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_protocols = !SSLv2,!SSLv3 smtp_tls_protocols = !SSLv2,!SSLv3 smtpd_tls_exclude_ciphers = RC4, aNULL smtp_tls_exclude_ciphers = RC4, aNULL dovecot_destination_recipient_limit = 1 smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth 10-master.conf: Code: #default_process_limit = 100 #default_client_limit = 1000 # Default VSZ (virtual memory size) limit for service processes. This is mainly # intended to catch and kill processes that leak memory before they eat up # everything. #default_vsz_limit = 256M # Login user is internally used by login processes. This is the most untrusted # user in Dovecot system. It shouldn't have access to anything at all. #default_login_user = dovenull # Internal user is used by unprivileged processes. It should be separate from # login user, so that login processes can't disturb other processes. #default_internal_user = dovecot service imap-login { inet_listener imap { #port = 143 } inet_listener imaps { #port = 993 #ssl = yes } # Number of connections to handle before starting a new process. Typically # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 # is faster. <doc/wiki/LoginProcess.txt> #service_count = 1 # Number of processes to always keep waiting for more connections. #process_min_avail = 0 # If you set service_count=0, you probably need to grow this. #vsz_limit = 64M } service pop3-login { inet_listener pop3 { #port = 110 } inet_listener pop3s { #port = 995 #ssl = yes } } service lmtp { unix_listener lmtp { #mode = 0666 } # Create inet listener only if you can't use the above UNIX socket #inet_listener lmtp { # Avoid making LMTP visible for the entire internet #address = #port = #} } service imap { # Most of the memory goes to mmap()ing files. You may need to increase this # limit if you have huge mailboxes. #vsz_limit = 256M # Max. number of IMAP processes (connections) #process_limit = 1024 } service pop3 { # Max. number of POP3 processes (connections) #process_limit = 1024 } service auth { # auth_socket_path points to this userdb socket by default. It's typically # used by dovecot-lda, doveadm, possibly imap process, etc. Its default # permissions make it readable only by root, but you may need to relax these # permissions. Users that have access to this socket are able to get a list # of all usernames and get results of everyone's userdb lookups. unix_listener auth-userdb { mode = 0666 user = postfix group = postfix } #Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 } # Auth process is run as this user. #user = $default_internal_user } service auth-worker { # Auth worker process is run as root by default, so that it can access # /etc/shadow. If this isn't necessary, the user should be changed to # $default_internal_user. #user = root } service dict { # If dict proxy is used, mail processes should have access to its socket. # For example: mode=0660, group=vmail and global mail_access_groups=vmail unix_listener dict { #mode = 0600 #user = #group = } }
At least you are missing myhostname and mydestination in your postfix/main.cf, something like this: Code: [...] myhostname = yourserverdomain [...] mydestination = localhost, localhost.localdomain To check whether these files are properly symlinked, please post the output of: Code: ls -l /etc/postfix/smtpd.cert ls -l /etc/postfix/smtpd.key I will try to go through the others later i.e. when I am freer.
Variables in main.cf fixed. ls: cannot access /etc/postfix/smtpd.cert: No such file or directory ls: cannot access /etc/postfix/smtpd.key: No such file or directory Can it be setup without ssl until the issue is found? Or is that a bad idea?
How did you fix it when the files that it is referring to do not exist? Did you remove the lines and disable tls / ssl? I do think postfix without ssl is a bad idea though I am not so sure whether that is possible to be setup in such away. My preference is always to follow the tutorials and guides in here.
Hhmm...those files are not present. The setup is vanilla by the how-to guide. I didn't fix it. It's never yet worked. Seems a great clue but I still have no idea how to fix it.
Followed this post: https://www.howtoforge.com/community/threads/perfect-server-centos-6-5-no-smtpd-cert-file.66559/ Now the files are present, but still cannot authenticate.
Have you restarted both postfix and dovecot afterwards and then reupdate ispconfig? By the way can you enter phpmyadmin as rouncube user and using its password?
Hey ahrasis! Hope you are well. Restarted dovecot and postfix. How do I update ispconfig? Honestly, I haven't yet installed roundcube. I wanted to fix the existing issue before confusing myself with something else in the mix. lol!
Sorry. Try to log in phpmyadmin with your squirrelmail username and its password. You can also check this if your have a root access to phpmyadmin or mysql. Your update your ispconfig the same way as installing it i.e. : Code: cd /tmp wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz tar xfz ISPConfig-3-stable.tar.gz cd ispconfig3_install/install/ Only you do update instead of install, like this: Code: php -q update.php
Still fighting this. I've done the update and restarts. Installed Roundcube. Yes, logging into phpmyadmin with Roundcube credentials is successful. Logging into Roundcube fails with valid email credentials as well as the Roundcube credentials. Can anyone point to the next step? I'm completely lost.
Ah, yes. There is this: Code: May 29 02:53:44 auth: Info: pam([email protected],::1): unknown user May 29 02:53:46 imap-login: Info: Disconnected (auth failed, 1 attempts): user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, secured Hope you are well ahrasis!
As stated your user is unknown, so do first check whether you are using the correct credentials. Do use full email as username. Then check your /etc/dovecot/dovecot.conf whether you are using /etc/dovecot/dovecot-sql.conf for passdb and userdb. Then check your /etc/dovecot/dovecot-sql.conf whether it has all the necessary access to ispconfig database something like the following (note this is just a sample from old post):