Hi, I use debian GNU/linux sarge 3.1 stable. I have followed step by step the tutorial: (without the quota stuff) http://www.howtoforge.com/virtual_postfix_mysql_quota_courier At the end of the tutorial I have tried to do this: telnet localhost 25 ehlo localhost mail from:<[email protected]> rcpt to:<[email protected]> data . quit And it works, I get no errors and I can see the e-mail in the right folder /home/vmail/example.com/sales/new But I have problems: I have tried to use thunderbird from a pc in the same lan, and I can't send/receive e-mails: it asks me password, but it never authenticates me. I get this in mail logs: imaplogin: LOGIN FAILED, ip=[::ffff:192.168.0.21] (192.168.0.1 is the ip address of the pc I use to connect to the mail server (192.168.0.11) postconf -d | grep mail_version = 2.1.5 What's wrong? Thanks in advance.
Solved. It was my fault, I had a problem here: MYSQL_CRYPT_PWFIELD password But now I have another problem: warning: maildir access problem for UID/GID=5000/5000: create /home/vmail/..... permission denied.
Solved: chown -R vmail:vmail /home/vmail Now everything works, but in the /var/log/mail.warn I get this: postfix/smtpd[3306]: warning: SASL authentication failure: no secret in database postfix/smtpd[3306]: warning: unknown[192.168.0.21]: SASL CRAM-MD5 authentication failed
Please compare your configuration files with those of the tutorial, especially /etc/pam.d/smtp and /etc/default/saslauthd.
Thanks for the answer. This time I have checked well But nothing, everything is like the tutorial But it's normal that everything is working? I mean: I can receive e-mails (asking me username and paswsord) and send e-mails too (asking me username and password) But I have those logs. It's normal? There something wrong? Thanks.
So, in /etc/postfix/sasl/smtpd.conf i had: mech_list: plain login cram-md5 digest-md5 instead of only mech_list: plain login I imagine it was the reason why everything was working even with the errors in the log, right? I have read this post: "I suggest that anyone using this setup replaces the /etc/postfix/sasl/smtpd.conf with the following: pwcheck_method: saslauthd #mech_list: plain login mech_list: digest-md5 cram-md5 allow_plaintext: true auxprop_plugin: mysql sql_hostnames: 127.0.0.1 sql_user: mail_admin sql_passwd: mail_admin_password sql_database: mail sql_select: select password from users where email = '%u' That will disable authentication in the clear. I also suggest disabling pop3 and imap without ssl. There's no reason to use pop3 or imap without ssl. Disable them like so (this only disables the insecure versions, ssl is started/stopped through another script): /etc/init.d/courier-pop stop /etc/init.d/courier-imap stop Ensure they don't start on boot like so: update-rc.d -f courier-pop remove update-rc.d -f courier-imap remove At this point, you shouldn't have any of your login and passwords crossing the network in the clear for checking email. You will have logins and hashed passwords sent across the clear when sending email unless the client uses starttls. Anyone have a good pointer that only allows clients to auth *after* starttls and making auth required for relay?" Is it true? Is it working? Again, thanks in advance.
mh...so: Firts: if courier-imap is stopped, the connection to the server fails, so it isn't true the tip, right? Second: if I put CRAM-MD5 and digest-md, I'll return in the situation when i had problems, (well, "virtual" problems, I mean when I have plain login, CRAM-MD5 and digest-md5, and the system was complaining of CRAM-MD5 and digest-md5, but everything was working cause plain login was the one working, right?) So it's everything wrong on the tip?
You must use Code: mech_list: plain login in /etc/postfix/sasl/smtpd.conf instead of Code: mech_list: plain login cram-md5 digest-md5
yes, thanks, I know it, I was speaking of the tip. If I stop courier-imap i can't connect to the server, is it normal, right?
And why if I examine the server certificate it says: Common name localhost Organizzation Courier mail server Organizzation unit automatically-generated IMAP SSL key ?????????????????????????????? I have inserted my data, even in /etc/ssl/openssl.cnf!
Yes, right. This thread might be interesting for you: http://www.howtoforge.com/forums/showthread.php?t=1168&highlight=mkimapdcert
thanks, yes to create the certificate first you have to edit imapd.cnf , then you have to run mkimapdcert Another thing: what is this line that sometimes is present in some how-to in postfix main.cf? smtpd_tls_CAfile = Again, a super big thanks!!!!
Some questions; what should I choose in the e-mail clients? I mean: in "server settings" (i am speaking of thunderbird, but the concept is general) I should choose "tls if available", "tls", or "ssl"? It works with all of these 3 choices. Why? In "smtp settings" I should choose "tls if available", "tls", or "ssl" ? The "ssl" choice doesn't work. I hope you can help. Thanks in advance.
I want to say that i have followed your how-to based on debian sarge (the one of this thread, that is to say "Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAssassin, ClamAV)") and it works (well, it seems ) in debian etch too. I didn't use the part about quota, spamassassin and clamav, and a packet name (about courier support to mysql) now is named courier-authlib-mysql.
