I have been trying to get postfix up and going with virtual users and am having a very hard time with it. I have posted in various forums on the web to no avail, but I am hoping somebody here can help. I can receive mail fine. In my maillog, when I try to SEND an email from an email client(or webmail), several things are happening. Code: NOQUEUE: reject: connect from localhost: client host rejected : access denied; proto=SMTP xsasl_dovecot_server_connect: Connecting warning: SASL: Connect to private/auth failed: Permission denied fatal: no SASL authentication mechanisms There is another post that is ALMOST like this, but the solutions there did not help. Originally I was not getting this error, just a 'client access denied' from my IP address, but after trying to fix it via instructions from the other post, this started happening. Following the example from a post for THIS problem made things worse and I could no longer receive emails. I started over from scratch and now have it to this point. I am not sure what I need to post...entire main.cf and master.cf? (pretty long) postconf -a says Code: dovecot postconf -A says nothing (empty) (which I am sure is part of the problem, but not sure what to do about it) postconf -d | grep nis says Code: alias_maps = hash:/etc/aliases, nis:mail.aliases lmtp_sasl_mechanism_filter = smtp_sasl_mechanism_filter ..which is odd.. alias_maps is for 'local delivery' correct? Since I am using virtual users (from mysql), I would think it should be something like : Code: local_transport = virtual alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf ..which is exactly what I currently have in my /etc/postfix/main.cf.. Any help would be appreciated.
falco, thank you for responding. i used several different tutorials and resources. Started out with one, had problems I couldn't solve, went to another. Been working on this for a while so its hard to pin down just one. http://wiki.dovecot.org/HowTo/DovecotLDAPostfixAdminMySQL http://www.postfix.org/SASL_README.html http://ubuntuforums.org/showthread.php?t=142263 and a ton posts in various forums. At this point I am considering trying to remove all traces of postfix and dovecot and starting over..again..just to have a 'clean slate'. Good idea or bad idea? output of postconf -n Code: alias_database = alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf broken_sasl_auth_clients = yes config_directory = /etc/postfix debug_peer_level = 1 default_privs = mail disable_vrfy_command = yes inet_interfaces = localhost, $myhostname invalid_hostname_reject_code = 450 local_transport = virtual maps_rbl_reject_code = 450 mydestination = localhost.$mydomain, localhost, $myhostname myhostname = rockhouseinc.com mynetworks = /etc/postfix/mynetworks non_fqdn_reject_code = 450 proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps $virtual_login_maps smtp_sasl_security_options = noanonymous smtp_sasl_type = doovecot smtp_tls_CAfile = /etc/postfix/DigiCertCA.pem smtp_tls_cert_file = /etc/postfix/mail_rockhouseinc_com.pem smtp_tls_key_file = /etc/postfix/mail_rockhouseinc_com.key smtp_tls_security_level = may smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce, permit smtpd_delay_reject = no smtpd_helo_required = yes smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_invalid_helo_hostname, warn_if_reject reject_non_fqdn_helo_hostname, warn_if_reject reject_unknown_helo_hostname, warn_if_reject reject_unknown_client, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net=127.0.0.2, reject_rbl_client dnsbl.sorbs.net=127.0.0.3, reject_rbl_client dnsbl.sorbs.net=127.0.0.4, reject_rbl_client dnsbl.sorbs.net=127.0.0.5, reject_rbl_client dnsbl.sorbs.net=127.0.0.7, reject_rbl_client dnsbl.sorbs.net=127.0.0.9, reject_rbl_client dnsbl.sorbs.net=127.0.0.11, reject_rbl_client dnsbl.sorbs.net=127.0.0.12, warn_if_reject reject_rhsbl_sender dsn.rfc-ignorant.org, warn_if_reject reject_rhsbl_sender abuse.rfc-ignorant.org, warn_if_reject reject_rhsbl_sender whois.rfc-ignorant.org, warn_if_reject reject_rhsbl_sender bogusmx.rfc-ignorant.org, warn_if_reject reject_rhsbl_sender postmaster.rfc-ignorant.org, permit smtpd_sasl_auth_enable = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_path = /var/spool/postfix/private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_CAfile = /etc/postfix/DigiCertCA.pem smtpd_tls_ask_ccert = yes smtpd_tls_cert_file = /etc/postfix/mail_rockhouseinc_com.pem smtpd_tls_dh1024_param_file = $config_directory/dh_1024.pem smtpd_tls_dh512_param_file = $config_directory/dh_512.pem smtpd_tls_key_file = /etc/postfix/mail_rockhouseinc_com.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:$data_directory/smtpd_tls_session_cache tls_random_source = dev:/dev/urandom virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf virtual_gid_maps = static:202 virtual_mailbox_base = /var/vmail virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domains_maps.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_minimum_uid = 202 virtual_transport = dovecot virtual_uid_maps = static:202 Here is what I am attempting: email will be stored in /var/vmail/{domain}/{user} can be accessed by VIRTUAL users (from mysql) via https(webmail) and/or email client which should be using some sort of encryption..but I want the passwords for the virtual users stored in mysql to be 'plaintext' (for the moment). Thanks a ton for your help!!
Yes, I think that's the best you can do. I suggest you try this tutorial: http://www.howtoforge.com/virtual-u...x-courier-mysql-and-squirrelmail-ubuntu-10.10
That tutorial seems to use courier rather than dovecot. Is couurier more robust? (going to have 300+ virtual users and some might be getting upwards of 50 emails per day and probably won't manage them correctly. I chose dovecot because of the advanced individualized quota and auto-pruning+notification features it supposedly has) Also, it uses encrypted passwords instead of plaintext. I wanted to start out with plaintext passwords in mysql because I am going to need to be able to retrieve them at first. (once I setup all the users, I have to know what password to setup for their email client). I could make a separate list or db, but that's same same security risk. Isn't there a way to have a setting that it can be PLAIN, and then just change the setting to use encryption, and then encrypt the passwords once I have verified that it's all working correctly? It starts out with an alias file rather than virtual users in mysql, and then goes to mysql..once completed (IF it works), is it ok to delete virtual.db (and referenced to it)? Thanks!
OK.. following your tutorial..almost there.. (i think) ..modified a bit for dovecot though. Getting a silly error..I suspect because of something I did towards the beginning of the tutorial that was for Courier. Code: warning: request for unapproved table: "unix:passwd.byname" ...to approve this table for proxymap access list proxy:unix:oasswd.byname in main.cf:proxy_read_maps but I am using MySQL..so it should not be looking for that.. in my main.cf, I DO have proxy_read_maps Code: alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_alias_domains = proxy:mysql:/etc/postfix/mysql_virtual_alias_domains.cf virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql_virtual_domain_maps.cf virtual_login_maps = proxy:mysql:/etc/postfix/mysql_virtual_login_maps.cf virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf virtual_alias_maps = proxy:mysql:/etc/postfix/mysql_virtual_alias_maps.cf mydestination = $myhostname $mynetworks $alias_maps $virtual_mailbox_domains $virtual_login_maps $virtual_mailbox_maps $virtual_alias_maps proxy_read_maps = $mydestination One weird things I DID do was in the mysql_virtual files Code: hosts = unix:/var/run/mysql/mysql.sock, 127.0.0.1 I did that because I was getting other errors...not sure it helped though. Any ideas what is causing this? (and maybe how to fix)? Thanks!
I think it's better to use Courier because I didn't test this setup with Dovecot, and I've never had any problems with Courier.
