Virtual Users And Domains With Postfix, Courier And MySQL

Discussion in 'HOWTO-Related Questions' started by wmrwl, Sep 18, 2006.

  1. grasomega

    grasomega Member

    wmrwl:


    My config shows exactly the same permissions for the content of the /var/spool/postfix/var/run/saslauthd/ folder.

    What about the perms on the /etc/postfix/sasl/smtpd.conf file?
    ls -la:

    Code:
    drwxr-xr-x 2 root root 4096 2006-09-16 10:48 .
    drwxr-xr-x 4 root root 4096 2006-09-28 11:09 ..
    -rw-r--r-- 1 root root  237 2006-09-16 10:48 smtpd.conf
    
    Otherwise, please check again the content of the above file. I think it's password related, not permissions.

    Anyway, if you telnet your server on port 25, can you send an e-mail to yourself successfully and the get it using telnet on port 110 and pop3 commands?

    It was a very useful test for my server...

    TT:

    Have you checked the box that says:
    'My server requires authentication' in Outlook express?


    grasomega
     
  2. grasomega

    grasomega Member

    wmrwl:


    My config shows exactly the same permissions for the content of the /var/spool/postfix/var/run/saslauthd/ folder.

    What about the perms on the /etc/postfix/sasl/smtpd.conf file?
    ls -la:

    Code:
    drwxr-xr-x 2 root root 4096 2006-09-16 10:48 .
    drwxr-xr-x 4 root root 4096 2006-09-28 11:09 ..
    -rw-r--r-- 1 root root  237 2006-09-16 10:48 smtpd.conf
    
    Otherwise, please check again the content of the above file. I think it's password related, not permissions.

    Anyway, if you telnet your server on port 25, can you send an e-mail to yourself successfully and the get it using telnet on port 110 and pop3 commands?

    It was a very useful test for my server...

    TT:

    Have you checked the box that says:
    'My server requires authentication' in Outlook express?

    edit:

    I only saw your older message just now...
    Leave the 'virtual_mailbox_domains =' empty

    For this, insert the following line in main.cf:
    Code:
    inet_protocols = ipv4
    

    grasomega
     
  3. grasomega

    grasomega Member

    Sorry for the double post...
    It was meant to be an edit for the first.

    So, take into account only the last.

    grasomega
     
  4. tommytomato

    tommytomato New Member

    Yes I have tried all type's of ways to access it using another email program.

    only way it works for me is Putty screen to email server box -using mutt to send and recive mail from local or remote.

    TT
     
  5. grasomega

    grasomega Member

    tommytomato:

    About the error in mail.err: put

    Code:
    inet_protocols = ipv4
    
    in main.cf.

    About the fact that you cannot send any e-mails using a regular client, have you set correctly the:

    "virtual_mailbox_domains ="

    line in main.cf?
    It should be left empty.

    I think your log should contain some other errors. They could be related to the files *.cf in your postfix folder. Make sure they are identical to the ones in the how-to.

    Otherwise, if it is sending messages using mutt on the localhost, then you should be able to compare the log of this operation with one that's unsuccessful using Outlook Express.
    Make sure you don't use Secure Password Authentication in Outlook, just My Server Requires Auth.

    grasomega
     
  6. tommytomato

    tommytomato New Member

    as to identical does that go for the mail_admin password as well :confused:

    what I mean is I change the mail_admin_password to my own password, or is that a NO NO

    Code:
    user = mail_admin
    password = mail_admin_password
    dbname = mail
    table = domains
    select_field = 'virtual'
    where_field = domain
    hosts = 127.0.0.1
    where in the main.cf do I put it, do I just add it to the bottom ?

    TT
     
    Last edited: Sep 28, 2006
  7. wmrwl

    wmrwl Member

    My permissions are the same here too.
    Here is the content of smtpd.conf:
    Code:
    pwcheck_method: saslauthd
    mech_list: plain login
    allow_plaintext: true
    auxprop_plugin: mysql
    sql_hostnames: 127.0.0.1
    sql_user: mail_admin
    sql_passwd: [I]mypassword[/I]
    sql_database: mail
    sql_select: select password from users where email = '%u'
    log_level: 7
    
    I can successfully SEND emails with telnet and they are received by the mail server. This may seem like a stupid question, but how do you receive email with telnet? I am trying to use imap in Outlook, I havent tried to access the emails via pop3 in Outlook. Should I try that too?
     
    Last edited: Sep 28, 2006
  8. tommytomato

    tommytomato New Member

    as to identical does that go for the mail_admin password as well


    TT
     
  9. grasomega

    grasomega Member

    tommytomato:

    It's a YES YES and a MUST!. You must change the mail_admin_password to your own password, in all the files involved, as per how-to.
    Just make sure you are consistent about it.

    Sure, just insert it at the bottom.

    If you still get errors, take into account that the tutorial is based on the "Perfect Setup on Debian Sarge 3.1" tutorial to a certain point. Make sure you read it and make the appropriate changes (read the introduction on the Virtual Users tutorial).

    grasomega
     
  10. grasomega

    grasomega Member

    wmrwl:
    Ok, then, the perms are ok, the content of the smtpd.conf is ok,

    See http://pages.prodigy.net/michael_santovec/pop3telnet.htm for a list of commands.
    Anyway, you can try to install squirellmail and configure it to use smtp and imap on the server.

    grasomega
     
  11. wmrwl

    wmrwl Member

    OK so here are some more clues.
    When I use the following commands:

    telnet mail.domain.com 110

    (locally) from the machine with the mail server I get:

    Code:
    Trying 10.0.0.3...
    Connected to [I]mail.domain.com[/I].
    Escape character is '^]'.
    +OK Hello there.
    
    And the mail.log says:
    Code:
    Sep 29 03:54:36 mail postfix/smtpd[4994]: connect from [I]mail.domain.com[/I][10.0.0.3]
    Sep 29 03:54:41 mail postfix/smtpd[4994]: disconnect from [I]mail.domain.com[/I][10.0.0.3]
    Sep 29 03:54:44 mail courierpop3login: Connection, ip=[::ffff:10.0.0.3]
    Sep 29 03:55:07 mail courierpop3login: LOGOUT, ip=[::ffff:10.0.0.3]
    Sep 29 03:58:50 mail courierpop3login: Connection, ip=[::ffff:10.0.0.3]
    
    When I issue the same telnet command on my Win box (outside of the network where the mail server resides I get:
    Code:
    Connecting To [I]mail.domain.com[/I]...Could not open connection to the host, on port 110: Connect failed
    
    Is this a firewall issue? If it is, then which firewall is in the way - the firewall protecting the mail server or the firewall protecting my client network?
     
  12. grasomega

    grasomega Member

    Both firewalls should be taken into account.
    First, check the firewall in the mail machine:

    Code:
    iptables -L
    
    If there are rules, flush'em:

    Code:
    iptables -F
    
    Next, make sure the external firewall forwards the connection on port 110 (POP3) or 143 (IMAP) to your machine.

    This should do it.
    grasomega
     
  13. wmrwl

    wmrwl Member

    As far as the outside machines go (the client machines trying to connect to the mail server) I already have emails working in both pop3(110) and imap (143), from other unrelated mail servers so I dont think this firewall is to blame.

    On the mail server firewall, I already have port 25 open.
    ________
    DAIHATSU HIJET SPECIFICATIONS
    ________
    AnalDreams21
     
    Last edited: Apr 22, 2011
  14. grasomega

    grasomega Member

    The port 25 is only for smtp. For pop and/or imap, you should also have ports 110 and/or 143 open on the machine, in order for it to accept clients' connections.

    grasomega
     
  15. tommytomato

    tommytomato New Member

    I've done what you have said, I still get the errors. I dont realy understand which logs I should be looking at.:(

    are you staying that the tutorial only goes sofar, as in will work only for the machine in question, not conntecting from another PC to read mail.

    I also was thinking weather it was my firewall or not, but I cant seem to find a tutorial on how to install iptables, every thing I've read doesn't seem to work, I save the rules and reboot and its gone again, iptables doesn't want to load on start up either.

    I'll reboot this PC and give it another go and see what happens

    TT
     
    Last edited: Sep 29, 2006
  16. grasomega

    grasomega Member

    TT, if you have problems using iptables, just make sure it's installed correctly.
    Code:
    apt-get remove iptables
    apt-get install iptables -y
    apt-get install ssleay* -y
    
    Then, download and install shorewall from www.shorewall.net and webmin from www.webmin.com. When installing webmin, select use SSL and start at startup.
    Make sure you start webmin (
    Code:
    /etc/init.d/webmin start
    ). Access the server on port 10000 or any other you set when installing.
    It will give you a nice interface to shorewall, in the networking category.
    After you installed shorewall, make sure you set startup =
    Shorewall comes with sample configuration, just go in the samples folder in the installation directory and copy all the files in the "one-interface" folder over the files in /etc/shorewall. Make sure you verify everything (in the rules file, make sure you open the 25, 110, 143 ports to the $FW). Also, make a rule for port 22 (SSH) and 10000 (webmin) or any other port for accessing any other service you may need on that server.
    When it's all done, check shorewall config:

    Code:
    shorewall check
    and start it:
    Code:
    shorewall start
    Now, you have a firewall on the mail server and a nice interface for the rest of the services.

    Avoid using it for Postfix, though. ;)

    That's about the firewall.

    Next, about logs.
    Look in the /var/log folder.
    The mail.err, mail.info and mail.log contain information about the mail system.
    You can also get clues from the syslog. Here you will find logs related to some other services too, but it sure is useful.

    grasomega
     
  17. wmrwl

    wmrwl Member

    I opened those ports on the firewall and I still get the same errors. It must have something to do with SASL, but I just cant figure out what it could be. I'm really starting to pull my hair out over this. :confused:

    I must have been through the HOWTO like a million times looking for typos.
    ________
    The Cigar Boss
    ________
    CHEAP UHC PRECISION PREMIUM PLASTIC AIRSOFT
     
    Last edited: Apr 22, 2011
  18. wmrwl

    wmrwl Member

    OK, so I did some more experimenting. It seems that when I ping mail.domain.com from the local machine it pings successfully and shows that I am pinging 10.0.0.3, which is the value for my /etc/hosts file.

    When I commented this out, I was unable to telnet into anything from the local machine(110, 143, 25). This explains why I couldnt telnet from my Windows box. My windows box is outside of the network and obviously wouldnt be able to connect to an internal non-public ip address like 10.0.0.3.

    This is the content of my /etc/hosts file:
    Code:
    127.0.0.1       localhost
    10.0.0.3        [I]mail.domain.com[/I]
    
    # The following lines are desirable for IPv6 capable hosts
    ::1     ip6-localhost ip6-loopback
    fe00::0 ip6-localnet
    ff00::0 ip6-mcastprefix
    ff02::1 ip6-allnodes
    ff02::2 ip6-allrouters
    ff02::3 ip6-allhosts
    
    With this config, I can successfully send and receive emails via telnet on the local machine (where the mail server resides), but not from outside of this network.
     
  19. tommytomato

    tommytomato New Member


    Sorry mate not having alot of luck here

    webmin wont let me in to use i get, You are not authorized to view this page

    I've use webmin in the past on older platforms I used.

    Code:
    rockinghamgateway:~# apt-get install webmin
    Reading Package Lists... Done
    Building Dependency Tree... Done
    The following extra packages will be installed:
      libauthen-pam-perl
    Recommended packages:
      webmin-core logcheck
    The following NEW packages will be installed:
      libauthen-pam-perl webmin
    0 upgraded, 2 newly installed, 0 to remove and 5 not upgraded.
    Need to get 1133kB of archives.
    After unpacking 6218kB of additional disk space will be used.
    Do you want to continue? [Y/n] y
    Get:1 http://mirror.aarnet.edu.au stable/main libauthen-pam-perl 0.15-1 [35.4kB]
    Get:2 http://mirror.aarnet.edu.au stable/main webmin 1.180-3 [1097kB]
    Fetched 1133kB in 25s (44.6kB/s)
    Preconfiguring packages ...
    Selecting previously deselected package libauthen-pam-perl.
    (Reading database ... 26375 files and directories currently installed.)
    Unpacking libauthen-pam-perl (from .../libauthen-pam-perl_0.15-1_i386.deb) ...
    Selecting previously deselected package webmin.
    Unpacking webmin (from .../webmin_1.180-3_all.deb) ...
    Setting up libauthen-pam-perl (0.15-1) ...
    Setting up webmin (1.180-3) ...
    miniserv.pem: No such file or directory
    Starting webmin: webmin.
    
    rockinghamgateway:~# /etc/init.d/webmin start
    Starting webmin: webmin.
    rockinghamgateway:~#
    
    anyway thanks for help, I cant seem to get this mail server running the way i would like, it seems that my Debian wont let me check email using Outlook or Thunderbird.

    I get an error's on boot as well,
    Code:
    spamassassin mail filter daemon disabled, see /etc/default/spamassassin
    not sure what I'm looking for there

    and

    Code:
    amavisd /etc/default/spamassassin LidClamav out of date
    I also instaled the proFTP on my Debian, I can conntect to it via XP FTP program which works ok, this makes me wonder weather not the Debian is blocking the mail.

    TT
     
    Last edited: Sep 30, 2006
  20. grasomega

    grasomega Member

    wmrwl:

    The configuration of the network should be like this:

    - the DNS entry of the mail.domain.com must point to the external IP address of the network where the the mail server resides.
    - the firewall should be forwarding the connections on ports 25, 110, 143 on the external interface to the 10.0.0.3 address in the internal network
    - the firewall on the mail machine should accept connections on ports 25, 110, 143
    - if you also keep the DNS server on the same machine, forward ports 53 TCP and UDP to the machine in external firewall and accept them in the machine's own firewall.
    - accept connections on port 3306 from the local network, as you need.

    You couldn't telnet from your Windows box because you are not accepting connections from the outside world or the connections do not get forwarded to the right machine in your internal network, or if all the conditions are met, the firewall on the machine itself is blocking connections.

    I use shorewall for both the external firewall and the internal machine and it was a 5 minutes job to configure it correctly through webmin or by hand.

    I would try to portscan my machine from outside to see what ports are open. Then make sure the forwarding is ok.
    If you can telnet on the machine from inside, then the machine is accepting connections on the right ports, but they don't get forwarded correctly from the external firewall. Accepting connections is not the same thing to forward connections.

    If you can, test it from inside with a client like Outlook, Thunderbird, Evolution etc. I'm sure it's working ok.

    grasomega
     

Share This Page