| View previous topic :: View next topic |
| Author |
Message |
Aurora
l33t
Joined: 26 Sep 2003
Posts: 658
Location: Classified
|
 Posted: Sun May 14, 2006 5:27 am Post subject: Several Postfix Issues (sending / receiving) |
 |
|
Folks,
I'm having a real pain-in-the-bum problem with Postfix and Cyrus-SASL (both together and exclusively). I've read a bunch of HowTos and Wikis and have found limited information regarding any of the problems that I'm having.
The first problem I'm having is regarding receiving eMail. I have Postfix set up in such a way that it does, indeed, receive eMails from other senders (in other domains). Based on the log, it talks to whatever server is trying to send eMails to me and doesn't seem to reject the messages.
Here's a snippet of one of the logs when I'm receiving eMails:
| Code: | May 14 00:08:51 quasar postfix/smtpd[9242]: sql_select option missing
May 14 00:08:51 quasar postfix/smtpd[9242]: auxpropfunc error no mechanism available
May 14 00:08:51 quasar postfix/smtpd[9242]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql
May 14 00:08:51 quasar postfix/smtpd[9242]: auxpropfunc error invalid parameter supplied
May 14 00:08:51 quasar postfix/smtpd[9242]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb
May 14 00:08:51 quasar postfix/smtpd[9242]: connect from <SENDING SERVER.REMOTE SYSTEM.COM>[150.112.112.1]
May 14 00:08:51 quasar postfix/smtpd[9242]: 333B15AD3F: client=<SENDING SERVER.REMOTE SYSTEM.COM>[150.112.112.1]
May 14 00:08:51 quasar postfix/cleanup[9245]: 333B15AD3F: message-id=<Pine.LNX.4.60.023134370.23120@<SENDING SERVER.REMOTE SYSTEM.COM>>
May 14 00:08:51 quasar postfix/smtpd[9242]: disconnect from <SENDING SERVER.REMOTE SYSTEM.COM>[150.112.112.1]
May 14 00:08:51 quasar postfix/qmgr[9149]: 333B15AD3F: from=<USER@SENDING SERVER.REMOTE SYSTEM.COM>, size=915, nrcpt=1 (queue active)
May 14 00:08:51 quasar postfix/local[9246]: warning: connect #1 to subsystem private/dovecot: No such file or directory
May 14 00:09:01 quasar postfix/local[9246]: warning: connect #2 to subsystem private/dovecot: No such file or directory |
So it seems to me that the eMail is indeed being transfered from the other end to Postfix on my server. However, it doesn't seem like Postfix knows what to do with that eMail once it has it in its possession. I currently have Dovecot installed on my server, and it's working beautifully in terms of serving up IMAP eMails and authenticating via CRAM-MD5. I can create and read eMails that I have dumped into Dovecot manually without problems.
Now, here's my Postfix configuration, since apparently I'm not sure how to tell Postfix in the configuration where to drop the eMails when it receives something.
| Code: | soft_bounce = yes
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
myhostname = mail.MYDOMAIN.net
mydomain = MYDOMAIN.net
myorigin = $myhostname
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
mail.$mydomain, www.$mydomain, ftp.$mydomain
local_recipient_maps = unix:passwd.byname $alias_maps
unknown_local_recipient_reject_code = 450
mynetworks_style = host
relay_domains = $mydestination
alias_maps = hash:/etc/mail/aliases
alias_database = hash:/etc/mail/aliases
home_mailbox = .mail
mail_spool_directory = /var/spool/mail
mailbox_transport = dovecot
smtpd_banner = $myhostname ESMTP $mail_name
local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 20
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = /usr/share/doc/postfix-2.2.10/html
manpage_directory = /usr/share/man
sample_directory = /etc/postfix
readme_directory = /usr/share/doc/postfix-2.2.10/readme
mail_spool_directory = /var/spool/mail
# SASL Authentication for Postfix
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_client_restrictions = permit_sasl_authenticated, reject_unauth_destination |
Now, I really don't know where to set inside of the main.cf file where Postfix should dump the eMails that it receives. How do I tell Postfix to drop the files into the /home/<USER>/.mail directory so that Dovecot can serve the eMails?
The second part of the problem I'm having is sending mail from my computer (remotely; not via localhost). Now, I don't even know where to begin with this. I've compiled Postfix with sasl supoprt, and I've read all the HowTos on the Gentoo sites in terms of how to set Cyrus-SASL up to authenticate users remotely who want to send mail.
Here's a few of the files that I modified according to the configuration:
/etc/sasl2/smtpd.conf
| Code: | # $Header: /var/cvsroot/gentoo-x86/mail-mta/postfix/files/smtp.sasl,v 1.2 2004/07/18 03:26:56 dragonheart Exp $
pwcheck_method:saslauthd
mech_list: plain login cram-md5 |
/etc/conf.d/saslauthd
| Code: | # $Header: /var/cvsroot/gentoo-x86/dev-libs/cyrus-sasl/files/saslauthd-2.1.21.conf,v 1.1 2005/05/27 00:22:28 langthang Exp $
# Config file for /etc/init.d/saslauthd
SASLAUTH_MECH=shadow
SASL_RIMAP_HOSTNAME=""
SASL_TIME_OF_DAY_LOGIN_RESTRICTIONS=yes
SASLAUTHD_OPTS="-a ${SASLAUTH_MECH}" |
Now, when I use Thunderbird to try to connect to the server, the mail client asks me to authenticate. Upon typing my username and password, the server rejects my attempt to connect. The logs show the following:
| Code: | May 14 00:09:55 quasar postfix/smtpd[9433]: sql_select option missing
May 14 00:09:55 quasar postfix/smtpd[9433]: auxpropfunc error no mechanism available
May 14 00:09:55 quasar postfix/smtpd[9433]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql
May 14 00:09:55 quasar postfix/smtpd[9433]: auxpropfunc error invalid parameter supplied
May 14 00:09:55 quasar postfix/smtpd[9433]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb
May 14 00:09:55 quasar postfix/smtpd[9433]: connect from <MY-ADDRESS.ISP.COM>[22.33.46.98]
May 14 00:09:55 quasar postfix/smtpd[9433]: warning: SASL authentication failure: Could not open /etc/sasl2/sasldb2: gdbm_errno=3
May 14 00:09:55 quasar postfix/smtpd[9433]: warning: SASL authentication failure: Could not open /etc/sasl2/sasldb2: gdbm_errno=3
May 14 00:09:55 quasar postfix/smtpd[9433]: warning: SASL authentication failure: no secret in database
May 14 00:09:55 quasar postfix/smtpd[9433]: warning: <MY-ADDRESS.ISP.COM>[22.33.46.98]: SASL CRAM-MD5 authentication failed
May 14 00:09:55 quasar postfix/smtpd[9433]: warning: SASL authentication failure: Could not open /etc/sasl2/sasldb2: gdbm_errno=3
May 14 00:09:55 quasar postfix/smtpd[9433]: warning: SASL authentication failure: Could not open /etc/sasl2/sasldb2: gdbm_errno=3
May 14 00:09:55 quasar postfix/smtpd[9433]: NOQUEUE: reject: RCPT from <MY-ADDRESS.ISP.COM>[22.33.46.98]: 454 <RECIPIENT ADDRESS>: Relay access denied; from=<SENDING ADDRESS> to=<RECIPIENT ADDRESS> proto=ESMTP helo=<[192.168.1.101]>
May 14 00:09:56 quasar postfix/smtpd[9433]: lost connection after RCPT from <MY-ADDRESS.ISP.COM>[22.33.46.98]
May 14 00:09:56 quasar postfix/smtpd[9433]: disconnect from <MY-ADDRESS.ISP.COM>[22.33.46.98] |
*sigh* So that's what I have so far...I can't receive or send eMail.  I'm stumped! Any help or ideas would be very greatly appreciated.
_________________
"My downfall raises me to infinite heights." -Napoleon Bonaparte |
|
| Back to top |
|
 |
langthang
Retired Dev
Joined: 27 Nov 2003
Posts: 620
|
| Posted: Sun May 14, 2006 6:41 am Post subject: |
|
|
from your /etc/postfix/main.cf: | Code: | | mailbox_transport = dovecot |
need to see how you set dovecot in master.cf
| Code: | | smtpd_client_restrictions = permit_sasl_authenticated, reject_unauth_destination |
add this to main.cf | Code: | | smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination |
to let authenticated users relay.
from your /etc/sasl2/smtpd.conf: | Code: | pwcheck_method:saslauthd
mech_list: plain login cram-md5 |
remove cram-md5 from above, can't use cram-md5 with saslauthd.
_________________
Gentoo users' map |
|
| Back to top |
|
|
Aurora
l33t
Joined: 26 Sep 2003
Posts: 658
Location: Classified
|
| Posted: Sun May 14, 2006 3:27 pm Post subject: |
|
|
Thanks for your reply langthang! I have a few questions for you if you don't mind...
| langthang wrote: | from your /etc/postfix/main.cf: | Code: | | mailbox_transport = dovecot |
need to see how you set dovecot in master.cf |
Interesting...I was wondering how I could tell Postfix to deliver the mail to Dovecot so that I could then read it via POP or IMAP. I don't have a line inside of master.cf for Dovecot, and a quick search online revealed nothing on what exactly would be necessary to accomplish this.
I think I might be looking at this notion of getting mail from Postfix and ultimately reading it in Dovecot the wrong way. Is a program like procmail or maildrop "supposed" to be in the middle of the two to process mail before I can read it with Dovecot? Or is this purely an optional (and oftentimes not used) step?
Right now I'd like to keep things as simple as possible, so putting something like procmail to process the eMails before they're handed off to Dovecot is something I'd rather avoid. By the same token, however, I'd like to keep things semi-standard on the box, so if an MDA is generally a necessity, so be it. 
| Quote: | | Code: | | smtpd_client_restrictions = permit_sasl_authenticated, reject_unauth_destination |
add this to main.cf | Code: | | smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination |
to let authenticated users relay. |
Okay, that's fair...but I'm not sure I understand why. First off, this line (recipients) was not in any of the Gentoo HowTos that I found, as far as I can recall. So in this case, a "user" like me would be a recipient? What is the difference between the client and the recipient line in this given scenario? And why is it that it wasn't specified in any of the HowTos (while the client line was)? I'm just a little confused and am looking for clarification.
| Quote: | from your /etc/sasl2/smtpd.conf: | Code: | pwcheck_method:saslauthd
mech_list: plain login cram-md5 |
remove cram-md5 from above, can't use cram-md5 with saslauthd. |
Bummer.  What is the appropriate method to allow CRAM-MD5 authentication then? I'm very confused on what authentication mechanisms are allowed when for Cyrus. Any clarification would be greatly appreciated.
Thanks!
_________________
"My downfall raises me to infinite heights." -Napoleon Bonaparte |
|
| Back to top |
|
|
langthang
Retired Dev
Joined: 27 Nov 2003
Posts: 620
|
| Posted: Sun May 14, 2006 5:32 pm Post subject: |
|
|
| Aurora wrote: | Interesting...I was wondering how I could tell Postfix to deliver the mail to Dovecot so that I could then read it via POP or IMAP. I don't have a line inside of master.cf for Dovecot, and a quick search online revealed nothing on what exactly would be necessary to accomplish this.
I think I might be looking at this notion of getting mail from Postfix and ultimately reading it in Dovecot the wrong way. Is a program like procmail or maildrop "supposed" to be in the middle of the two to process mail before I can read it with Dovecot? Or is this purely an optional (and oftentimes not used) step?
Right now I'd like to keep things as simple as possible, so putting something like procmail to process the eMails before they're handed off to Dovecot is something I'd rather avoid. By the same token, however, I'd like to keep things semi-standard on the box, so if an MDA is generally a necessity, so be it. |
then why do you set mailbox_transport = dovecot? if you set mailbox_transport and don't set it up in master you have problem. I don't use dovecot so I don't know what is dovecot like should be. I don't really know how dovecot work either.
with courier-imap, you don't set mailbox_transport . Postfix lookup the maildir setting for the user then deliver mail there. courier-imap read mail in that location and send it to mail client.
with cyrus, postfix can hand off mail in two ways. One is using cyrus transport. The other is using lmtp.
where is the link of the howto?
| Aurora wrote: | | Okay, that's fair...but I'm not sure I understand why. First off, this line (recipients) was not in any of the Gentoo HowTos that I found, as far as I can recall. So in this case, a "user" like me would be a recipient? What is the difference between the client and the recipient line in this given scenario? And why is it that it wasn't specified in any of the HowTos (while the client line was)? I'm just a little confused and am looking for clarification. |
`man 5 postconf` and read it. The man page can explain a lot better than I can.
| Aurora wrote: | | Bummer. What is the appropriate method to allow CRAM-MD5 authentication then? I'm very confused on what authentication mechanisms are allowed when for Cyrus. Any clarification would be greatly appreciated. |
you can use PLAIN, LOGIN with TLS or {CRAM,DIGEST}-MD5 with plaintext password stored in the backend.
_________________
Gentoo users' map |
|
| Back to top |
|
|
M.A.
Apprentice
Joined: 21 Mar 2003
Posts: 168
Location: /home/España/Valencia
|
| Posted: Tue May 16, 2006 7:40 am Post subject: |
|
|
You don't need to set "mailbox_transport" for using dovecot. You should instead instruct both postfix and dovecot to have the mailboxes in the same location, for instance:
| Code: | $ postconf -n |grep maildir
home_mailbox = maildir/
$ grep maildir /etc/dovecot.conf
default_mail_env = ~/maildir
|
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
