| View previous topic :: View next topic |
| Author |
Message |
Shane-Echosnet
n00b
Joined: 27 Nov 2010
Posts: 18
Location: Baltimore MD
|
 Posted: Sat Nov 27, 2010 11:55 pm Post subject: Postfix IMAP/SMTP Problems |
 |
|
Hi all
I have a problem that it seems alot of people have yet knowone has a answer for it.
I Wanted to setup a mail server on my network So I started with Postfix. Got that running no problems.
However I wanted to be abel to check mail from the web and have users e-mail accounts. for a SINGLE
domain.
So I did some googleing and came up with this
http://www.gentoo.org/doc/en/virt-mail-howto.xml
It helped me alot with this. However. Here is my problem.
After reading all of it I went ahead and stating setting it all up. Welp Postfix runs great but I cant connect to the server from any mail progs.
The only thing I can use is the SMTP server. I have been beating my head on the desk for about 3 weeks not trying to figure this out. here is what I know
about the issue Im having
POSTfix works fine.
All the services can be connected to with telnet
mutt will connect to it using mutt -f imap://localhost BUT it will not take my username and password.
The username and the password is all I can come up with to why its not letting me in. But then I thought well why is it that Mutt can send mail to any user already on the
server but noone can connect to any part of the mail server but the SMTP.
Im lost here. lol Can someone please help!!
Thanks in advanced!  |
|
| Back to top |
|
 |
cach0rr0
Bodhisattva
Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas
|
| Posted: Sun Nov 28, 2010 2:46 am Post subject: |
|
|
first things first
-are you indeed using courier? FYI, far as configuration for a simple setup like you have, you may have better joy with Dovecot. I can't really help too much with Courier, as it is unfamiliar to me
-does netstat show courier listening only on the loopback address, or also on eth0? Should see something like this:
| Code: |
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
|
-are you logging in with just 'user' as the username, or are you logging in with 'user@domain.tld' as the username?
NB: that document is unnecessarily complex if you just want to do a single domain, simple IMAP setup. Before my needs grew to the point I needed cyrus-imapd, I was using dovecot, and instead of using some external database of users, when I needed to add a new mail user, I did it with plain old 'useradd', and both postfix (via sasl) and dovecot would auth the users based on their system password. For just a dozen or so users, single domain, this is a much simpler setup. I can share conf files and details if needed.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
| Back to top |
|
|
Shane-Echosnet
n00b
Joined: 27 Nov 2010
Posts: 18
Location: Baltimore MD
|
| Posted: Sun Nov 28, 2010 3:10 am Post subject: |
|
|
If you think that would be better for me then Ill shot for that.
I just need something small that I can have for a few users to use SquirrelMail
Yea I started with courier. im starting to think it was a bad idea now lol.
Im going to go pull up dovecot now. |
|
| Back to top |
|
|
Shane-Echosnet
n00b
Joined: 27 Nov 2010
Posts: 18
Location: Baltimore MD
|
| Posted: Sun Nov 28, 2010 5:50 am Post subject: |
|
|
Ok I installed Dovecot and followed everything in http://www.kurzor.org/entry/16/setting-up-a-mailserver-on-gentoo
ITs prolly something stupid but its not working.
Now my postfix wont send mail to anyone on the server when it was before. IT says its running.
Im going to recheck everything in the morn. well later on today lol
Im sure there is something im missing.
Now when i try to login to the server useing imap it takes forever and still wont login.
ill try again.  |
|
| Back to top |
|
|
Shane-Echosnet
n00b
Joined: 27 Nov 2010
Posts: 18
Location: Baltimore MD
|
| Posted: Sun Nov 28, 2010 9:25 pm Post subject: working? |
|
|
Ok so I got it all working with dovecot and postfix.
It works right out of the box so to speak. However im sure there are security risks not setting anything. Any pointers there?
Also I seem to be abel to send mail to users but not abel to receive mail from the internet and I can send mail to the internet, Is there a addin for that to?
Imma a newbie to mail servers as you can see lol |
|
| Back to top |
|
|
cach0rr0
Bodhisattva
Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas
|
| Posted: Mon Nov 29, 2010 10:54 am Post subject: |
|
|
how are you doing users? rather, how are you storing their mailbox?
for my lil old setup, I just had everything going into /home/<username>/.maildir
You tell postfix where to put the mail in main.cf
You tell dovecot where it can expect to find the mail after postfix is done with it in dovecot.conf
This was my dovecot.conf (with comments stripped as always, for easier reading)
Note the mail_location setting
| Code: |
base_dir = /var/run/dovecot/
protocols = imap imaps
listen = *
disable_plaintext_auth = no
shutdown_clients = yes
log_path = /var/log/dovecot.log
ssl_cert_file = /etc/ssl/dovecot/gentoob0x.crt
ssl_key_file = /etc/ssl/dovecot/gentoob0x.key
login_dir = /var/run/dovecot/login
login_chroot = yes
login_user = dovecot
login_process_size = 64
login_process_per_connection = yes
login_processes_count = 3
login_max_processes_count = 64
login_greeting = IMAP ready.
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
login_log_format = %$: %s
mail_location = maildir:~/.maildir
mail_log_prefix = "%Us(%u): "
mail_log_max_lines_per_sec = 10
protocol imap {
}
protocol pop3 {
}
protocol lda {
postmaster_address = postmaster@whitehathouston.com
}
auth default {
mechanisms = plain
passdb pam {
args = "*"
}
userdb passwd {
}
user = root
}
|
In postfix's main.cf, there should be a setting like so:
| Code: |
home_mailbox = .maildir/
|
And in my case I didn't reject any mail to invalid users (I was harvesting spam for work research), so I set luser_relay to go to my spamtrap account.
With the above config, the process works like so, more or less:
-a remote server opens an SMTP connection to Postfix on tcp 25
-remote server sends the message
-postfix works its magic, and if it decides to accept a message for 'bob', it copies the message to /home/bob/.maildir
-bob logs in to dovecot using whatever password you set for him with the 'passwd' command
-dovecot scans ~/.maildir for mail (in this case, /home/bob/.maildir) and sends it to the IMAP client
That's greatly oversimplified, but that's more or less the process.
If what I've posted doesn't seem to help, post your main.cf (with comments stripped please - a grep -v ^\# main.cf |grep -v ^$ should do it) either in here, or throw it up on pastebin
If from the shell you look and see nothing is being placed into /home/bob/.maildir, then it is most assuredly a postfix main.cf issue
If you see that mail IS being placed there, it is an issue with dovecot.conf
(and of course all of this assumes, as I said, you're just adding local users to your system with regular old useradd)
IFFFFFFFFFFFFFF on the other hand, local=>local mail is fine, you can receive it via IMAP and whatnot, then the home_mailbox setting is fine in dovecot.conf, and most likely dovecot.conf itself is fine.
If it's only internet mail that has an issue, check your postfix logs, see if the mail is being rejected. I will say normally when a message is rejected, you should receive a bounce message. Are you receiving a bounce message? If so, post its text so we can get more info on why it's rejected.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
| Back to top |
|
|
Shane-Echosnet
n00b
Joined: 27 Nov 2010
Posts: 18
Location: Baltimore MD
|
| Posted: Tue Nov 30, 2010 12:28 am Post subject: |
|
|
Ok heres what I got.
mailboxes are stored as .mailbox in the users home dir.
As for sending mail from my server I can do so with no problems to users on the server.
I was abel to send out a E-mail to my yahoo account .
However that came in a hour later.
as for sending mail to the server from gmail and yahoo. its kinda funky
if I send to my IP address i get a bounce from yahoo and gmail.
but if I sent to my domain name I dont get nothing at all on either end.
this is the bounce back code.
| Code: |
Sorry, we were unable to deliver your message to the following address.
<shane@68.49.219.23>:
No MX or A records for 68.49.219.23
--- Below this line is a copy of the message.
Received: from [98.139.52.188] by nm18.bullet.mail.ac4.yahoo.com with NNFMP; 29 Nov 2010 23:47:08 -0000
Received: from [98.139.52.131] by tm1.bullet.mail.ac4.yahoo.com with NNFMP; 29 Nov 2010 23:47:08 -0000
Received: from [127.0.0.1] by omp1014.mail.ac4.yahoo.com with NNFMP; 29 Nov 2010 23:47:08 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 333514.51775.bm@omp1014.mail.ac4.yahoo.com
Received: (qmail 22041 invoked by uid 60001); 29 Nov 2010 23:47:08 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1291074428; bh=2hCnhABOUqvEH/PknIfaFZ/EHGWd7gjaQTW5cI77mZQ=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=EsFtYsgKzcQ2xvC<snipped because it buggered the forum layout>=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
|
My postfix main.cf
| Code: |
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = /usr/share/doc/postfix-2.7.1/html
manpage_directory = /usr/share/man
sample_directory = /etc/postfix
readme_directory = /usr/share/doc/postfix-2.7.1/readme
home_mailbox = .maildir/
|
I can send and receive mail from any mail client. so dovecot like you said is working .
Im wondering 2 diffrent things at this point.
first being Do I have the domain DNS setup right from yahoos domain control.?
and second could it be something with the SSL becouse I get a funky message when I
use
| Code: | | mutt -f imap://localhost/ |
The Cert info is wrong for starters. but could that hang up my mail when I go to send it off to server to a internet based e-mail server?
Ok on a late note I can not send mail to gmail. BUT I can to yahoo... here is the bounce back I got from gmail. this was sent back to my server. Oddly MUTT picked up the e-mail but Squrriel mail did not pick it up.
| Code: | Return-Path: <>
X-Original-To: shane@echosnetwork.com
Delivered-To: shane@echosnetwork.com
Received: by echosnetwork.com (Postfix) id 3D3B456A0D8; Mon, 29 Nov 2010
18:51:06 -0500 (EST)
Date: Mon, 29 Nov 2010 18:51:06 -0500 (EST)
From: Mail Delivery System <MAILER-DAEMON@echosnetwork.com>
Subject: Undelivered Mail Returned to Sender
To: shane@echosnetwork.com
Auto-Submitted: auto-replied
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="F14AE56A0C4.1291074666/echosnetwork.com"
Content-Transfer-Encoding: 8bit
Message-Id: <20101129235106.3D3B456A0D8@echosnetwork.com>
[-- Attachment #1: Notification --]
[-- Type: text/plain, Encoding: 7bit, Size: 0.8K --]
This is the mail system at host echosnetwork.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<darkspooky114531@gmail.com>: host gmail-smtp-in.l.google.com[74.125.91.27]
said: 550-5.7.1 [68.49.219.23] The IP you're using to send mail is not
authorized to 550-5.7.1 send email directly to our servers. Please use the
SMTP relay at your 550-5.7.1 service provider instead. Learn more at
550 5.7.1 http://mail.google.com/support/bin/answer.py?answer=10336
j6si13661229qcu.166 (in reply to end of DATA command)
[-- Attachment #2: Delivery report --]
[-- Type: message/delivery-status, Encoding: 7bit, Size: 0.7K --]
Reporting-MTA: dns; echosnetwork.com
X-Postfix-Queue-ID: F14AE56A0C4
X-Postfix-Sender: rfc822; shane@echosnetwork.com
Arrival-Date: Mon, 29 Nov 2010 18:51:04 -0500 (EST)
Final-Recipient: rfc822; darkspooky114531@gmail.com
Original-Recipient: rfc822;darkspooky114531@gmail.com
|
Thats all I got. I dunno Im lost. Just a reminder this is my first mail server setup on ANY linux let alone gentoo. so excuse my newbie ness  [/code] |
|
| Back to top |
|
|
cach0rr0
Bodhisattva
Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas
|
| Posted: Tue Nov 30, 2010 3:27 am Post subject: |
|
|
no idea as far as mutt is concerned
regarding the first bounce message, if you're just sending to an IP, you should enclose the IP within square brackets
e.g.
| Code: |
shane@[68.49.219.23]
|
That's what in mail terms is called an "address literal" (google around for the term for more info!)
Whether or not remote systems support address literals is another question - they technically should, but nobody uses them any more for anything useful, so some people are lazy and drop support for it; would not surprise me if some of the major players dropped support for address literals.
The first bounce message that says "No A or MX record found for 68.49.219.23" means just that - it is trying to parse '68.49.219.23' as a domain, and not an IP address, and when it goes to do a DNS lookup for the non-existent domain '68.49.219.23', it obviously finds nothing. Using a domain does make things much easier.
As far as the second bounce message is concerned, in an effort to combat spam, usually people will block incoming e-mail messages from residential or dynamic IP addresses.You are likely sending this from your home connection, so gmail, hotmail, yahoo, all of them will refuse to let you connect to them directly and send mail - this has nothing to do with your postfix/dovecot configuration, and everything to do with the remote company's messaging policies.
In order to get around this, you'd need to configure a relayhost within main.cf - that relayhost should be your ISP's SMTP servers. As you are on Comcast, your relayhost should be 'smtp.comcast.net'. Doing this will get outbound mail working for you.
Inbound mail is another matter. Again, try the IP enclosed in [square brackets]. Not everyone supports it, but they should. That will sort inbound email, unless there are other unrelated problems.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
| Back to top |
|
|
Shane-Echosnet
n00b
Joined: 27 Nov 2010
Posts: 18
Location: Baltimore MD
|
| Posted: Tue Nov 30, 2010 9:45 pm Post subject: [solved] |
|
|
WooHoo!
Everything is working the way it should!!!
the relay worked like a charm!
as for getting mail at the server I goofed and forgot to add the A name to the domain controls over at yahoo. DUH!
Thanks for all your help!!
But there is still one question lol where to go from here.
Should I add some sort of spam assassin? or anti virus? or should I use a firewall?
and what would be a good program for them If you think I would need them. |
|
| Back to top |
|
|
Shane-Echosnet
n00b
Joined: 27 Nov 2010
Posts: 18
Location: Baltimore MD
|
| Posted: Tue Nov 30, 2010 11:53 pm Post subject: |
|
|
*bangs head on desk*
It would seem I just ran into a brick wall!
Althought the mail server it up and running 100% fne
I cant login to Squirrelmail from my domain name. BUT I can log into it from my local IP address. Wow I cant catch a break for nothing lol |
|
| Back to top |
|
|
cach0rr0
Bodhisattva
Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas
|
| Posted: Wed Dec 01, 2010 6:15 am Post subject: Re: [solved] |
|
|
| Shane-Echosnet wrote: |
But there is still one question lol where to go from here.
Should I add some sort of spam assassin? or anti virus? or should I use a firewall?
and what would be a good program for them If you think I would need them. |
Depending on who sees this, that's a question that could very well spawn an enormous debate
Personally I do the following, which might not be a bad place to start for you:
-within postfix's main.cf, I do checks of the connecting IP address against RBL's that I'm relatively confident will have a very very low chance of false positives. Basically, if I trust the RBL to either very rarely wrongly/aggressively list an IP, I use it to block the connection. The ones I'm less confident about, I use later, as simply a contributor, but not a sole determining factor.
That's controlled by the following settings in main.cf:
| Code: |
smtpd_delay_reject = no
smtpd_client_restrictions =
permit_mynetworks
reject_rbl_client ix.dnsbl.manitu.net
reject_rbl_client cbl.abuseat.org
reject_rbl_client b.barracudacentral.org
reject_rbl_client new.spam.dnsbl.sorbs.net
|
Messages that get past this phase, and also get past the smtp_recipient_restrictions, are "accepted".
-once a message is accepted, I run it through amavisd-new; amavisd-new is somewhat of a generic daemon that allows you to plugin a ton of anti-spam checks, including spamassassin and clamav. Passing messages to amavis from postfix is done by adding the following to main.cf
| Code: |
content_filter = smtp-amavis:[127.0.0.1]:10024
|
and adding the following to the end of master.cf
| Code: |
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
|
(you will need to restart postfix for this to take effect - I'm not sure if a postfix reload will pull in the changes added to master.cf)
amavisd-new configuration is a bit lengthy to discuss in a forum post.
Years ago I used this guide for its setup - http://www.gentoo.org/doc/en/mailfilter-guide.xml
The main thing to decide, is if you want to quarantine messages on disk, quarantine them in the database, or do as I do and simply tag the subject line with [SPAM], and let the user make rules for moving it to a junk folder. In most enterprise environments, people will quarantine things on-disk at the mail filter level and have that quarantine purge itself of old messages periodically, instead of allowing it through to the user's inbox. As I only have the one machine, this is less relevant, storage is storage is storage for me, whether it's inbox storage, or quarantine storage. Since I can just put in a global sieve rule to move messages to every user's junk folder, this isn't a huge issue.
Anyway, the short version of that article, assuming you've already made the changes to main.cf and master.cf as I noted above
| Code: |
emerge -av amavisd-new spamassassin clamav
emerge -av razor dcc
rc-update add amavisd default
rc-update add clamd default
mkdir /var/amavis/virusmails
chown amavis:amavis /var/amavis/virusmails
chmod 750 /var/amavis/virusmails
|
make /etc/freshclam.conf look like so:
| Code: |
UpdateLogFile /var/log/clamav/freshclam.log
PidFile /var/run/clamav/freshclam.pid
DatabaseOwner clamav
AllowSupplementaryGroups yes
DatabaseMirror database.clamav.net
ScriptedUpdates yes
NotifyClamd /etc/clamd.conf
|
make /etc/clamd.conf look like so
| Code: |
LogFile /var/log/clamav/clamd.log
LogTime yes
LogSyslog yes
LogFacility LOG_MAIL
LogVerbose yes
PidFile /var/amavis/clamd.pid
TemporaryDirectory /var/amavis/tmp
LocalSocket /var/amavis/clamd.sock
FixStaleSocket yes
StreamMaxLength 20M
MaxDirectoryRecursion 20
User amavis
ScanMail yes
PhishingSignatures yes
PhishingScanURLs yes
ScanArchive yes
MaxScanSize 150M
MaxFileSize 60M
MaxRecursion 16
MaxFiles 15000
|
make /etc/conf.d/clamd look like so
| Code: |
START_CLAMD=yes
START_FRESHCLAM=yes
CLAMD_NICELEVEL=3
FRESHCLAM_NICELEVEL=19
|
run the following:
| Code: |
usermod -s /bin/bash amavis
su - amavis
razor-admin -create
exit
usermod -s /sbin/nologin amavis
|
The article mentions setting up /etc/mail/spamassassin/local.cf - mine just looks like so, as most of that stuff is controlled via /etc/amavisd.conf
| Code: |
use_bayes 0
skip_rbl_checks 0
ok_languages de en no sv
ok_locales en
bayes_path /var/amavis/.spamassassin/bayes
|
Then make your /etc/amavisd.conf look as it should. Again, too long to document, for that you *will* have to do a bit of reading.
I've posted my complete amavisd.conf on pastebin, obviously without my passwords:
http://pastebin.com/g4scU06h
I have tried to go through and add my own comments to the ones that the .conf has by default, but I am not too proud to admit that it was years ago that I researched what each of these means, I've copied this all over because it works for me, so my comments aren't totally complete. Just the same, I think I've covered off the places to pay attention to in amavisd.conf via comments. Bear in mind of course, my amavisd.conf is only relevant if you've followed all of the above, and want to do things as I have.
I guess the last thing to do is set up a cron job to run "sa-update" so that your spamassassin definitions get updated.
Once all of that is done, start the 'amavisd' service, start clamd, and you should be getting filtered
I don't do this because I write my own rules =/
(that's where my professional background is, and I trust myself more than I trust most)
Anyway, hopefully that gets you started. If you have questions, I will answer as best as I am able, best as my time permits.
It may not get you a hit rate as accurate as a commercial filter, but it'll be pretty darn decent, and if you decide on a sane path for managing items detected as spam, you should be happy with the results.
There are a ton of different ways you can go, and everyone has their own opinion (which usually sparks a very heated debate!) on how things should be done, this is just how I've opted to do things, and it works fairly well. It may not even be what I consider "right" so much as it is "right as far as my knowledge of the involved tools allows".
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Last edited by cach0rr0 on Wed Dec 01, 2010 6:28 am; edited 1 time in total |
|
| Back to top |
|
|
cach0rr0
Bodhisattva
Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas
|
| Posted: Wed Dec 01, 2010 6:23 am Post subject: |
|
|
| Shane-Echosnet wrote: | *bangs head on desk*
It would seem I just ran into a brick wall!
Althought the mail server it up and running 100% fne
I cant login to Squirrelmail from my domain name. BUT I can log into it from my local IP address. Wow I cant catch a break for nothing lol |
are you using "user@domain.tld" as your login, or are you using just "user" ? Try both.
is your squirrelmail configuration set to login via SSL, on the SSL port? (993) Maybe your IMAP server only allows cleartext logins on port 993, unless from the local network. Who knows.
I haven't touched squirrelmail in ages unfortunately, I can't help heaps there. I guess it might help to check your logs and see what looks different between when you login locally, and when you login remotely. I used Horde for a long while, eventually deciding to just use a regular old mail client (Kmail within Kontact). Just as an aside, webmail clients are a pain to upgrade more often than not, as most webapps are, but upgrading is critical from a security standpoint (or rather, staying patched). To make this less painful, so you don't get "owned", your webmail client's directory in Apache should be password protected within apache (using an .htaccess file, authenticating against an htpasswd file if nothing else)
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
| Back to top |
|
|
Shane-Echosnet
n00b
Joined: 27 Nov 2010
Posts: 18
Location: Baltimore MD
|
| Posted: Fri Dec 03, 2010 12:27 am Post subject: |
|
|
I got the webmail working. thanks for that.
I have not had a chance to work with the spam thing yet im going to set aside friday night for that.
ill let you know how it all works when I get the time to play with it again. |
|
| Back to top |
|
|
cach0rr0
Bodhisattva
Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas
|
| Posted: Fri Dec 03, 2010 12:39 am Post subject: |
|
|
| Shane-Echosnet wrote: | I got the webmail working. thanks for that.
I have not had a chance to work with the spam thing yet im going to set aside friday night for that.
ill let you know how it all works when I get the time to play with it again. |
The RBL's you can put in immediately and see a pretty darn nice catch rate if you use my list above.
The amavisd/spamassassin/clamav thing can wait until you have time for reading, and it will be there mainly to catch the stragglers
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
| Back to top |
|
|
Shane-Echosnet
n00b
Joined: 27 Nov 2010
Posts: 18
Location: Baltimore MD
|
| Posted: Mon Dec 06, 2010 12:29 am Post subject: Problem! already |
|
|
Ok so im stuck yet again.
When i type
| Code: | | razor-admin -create |
this is the output I get.
| Code: |
amavis@echosnetwork ~ $ razor-admin -create
Can't locate Digest/SHA1.pm in @INC (@INC contains: lib /etc/perl /usr/lib/perl5/site_perl/5.12.2/i686-linux /usr/lib/perl5/site_perl/5.12.2 /usr/lib/perl5/vendor_perl/5.12.2/i686-linux /usr/lib/perl5/vendor_perl/5.12.2 /usr/lib/perl5/5.12.2/i686-linux /usr/lib/perl5/5.12.2 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl /usr/local/lib/site_perl .) at /usr/lib/perl5/vendor_perl/5.12.2/i686-linux/Razor2/String.pm line 4.
BEGIN failed--compilation aborted at /usr/lib/perl5/vendor_perl/5.12.2/i686-linux/Razor2/String.pm line 4.
Compilation failed in require at /usr/lib/perl5/vendor_perl/5.12.2/i686-linux/Razor2/Client/Agent.pm line 18.
BEGIN failed--compilation aborted at /usr/lib/perl5/vendor_perl/5.12.2/i686-linux/Razor2/Client/Agent.pm line 18.
Compilation failed in require at /usr/bin/razor-admin line 18.
BEGIN failed--compilation aborted at /usr/bin/razor-admin line 18.
|
being I have never messed around with this I have no idea what the heck that means. |
|
| Back to top |
|
|
Shane-Echosnet
n00b
Joined: 27 Nov 2010
Posts: 18
Location: Baltimore MD
|
| Posted: Mon Dec 06, 2010 2:07 am Post subject: |
|
|
And yet almost the same error with amavis.
| Code: |
echosnetwork etc # /etc/init.d/amavisd start
* Starting amavisd-new ...
Problem in Amavis SQL base code: Can't locate DBI.pm in @INC (@INC contains: /etc/perl /usr/lib/perl5/site_perl/5.12.2/i686-linux /usr/lib/perl5/site_perl/5.12.2 /usr/lib/perl5/vendor_perl/5.12.2/i686-linux /usr/lib/perl5/vendor_perl/5.12.2 /usr/lib/perl5/5.12.2/i686-linux /usr/lib/perl5/5.12.2 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl /usr/local/lib/site_perl) at (eval 101) line 18.
BEGIN failed--compilation aborted at (eval 101) line 18. [ !! ]
|
Its getting late and that alarm clock starts yelling at 5 AM Im going to look over everything after this thing I call A job is over at 4 PM LOL
Thanks for your help again. |
|
| Back to top |
|
|
cach0rr0
Bodhisattva
Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas
|
| Posted: Mon Dec 06, 2010 5:17 am Post subject: |
|
|
I will be perfectly honest and say I've never tried this with perl 5.12
I had a similar problem upgrading from 5.8 to 5.10, and ended up simply reverting to 5.8
You might try some of the stuff mentioned here, as this was the last discussion I had on just such breakage - https://forums.gentoo.org/viewtopic-t-815620-highlight-amavis.html
This is a bit of a messy one.
Frankly I think this is a bug. The ebuild should be pulling all of this in, and it clearly isn't.
There are loads of perl dependencies, many of them which have been renamed over the years - to the extent i think even reverting to 5.8 might still be messy.
I'm not entirely sure, I have to think on that one. My first amavisd setup years ago I had no problems. The most recent one when i changed hardware I had loads of problems to fight through.
You could
| Code: |
emerge -v dev-perl/Digest-SHA1
|
for the first one, and then
| Code: |
emerge -v dev-perl/DBI
|
For the second one
But from what I recall (sorry I didn't remember this earlier) this will get you past DBI and SHA1, and then choke on something else.
I remember having to do:
| Code: |
emerge -v portage-utils
qlist -CI dev-perl/* |xargs emerge -v
|
then run perl-cleaner all
but because of what *I* feel is a bug in the amavisd ebuild, it's going to be a process of trial and error for you - amavis complains about one package missing, you emerge that package, amavis then complains about the next package missing; so lather rinse and repeat.
The point of dependencies within portage is making sure that you DON'T have to go through all this hassle. Just, there are so many packages involved, in order for me to provide the devs with an updated ebuild with correct dependencies, I would have to start from a clean system; I don't have one to do that with at the moment unfortunately. I will see if I can find one, but in the interim you are going to have a bit of a headache with the trial and error method (unless someone else has a brilliant idea!)
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Last edited by cach0rr0 on Mon Dec 06, 2010 5:42 am; edited 2 times in total |
|
| Back to top |
|
|
cach0rr0
Bodhisattva
Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas
|
| Posted: Mon Dec 06, 2010 5:31 am Post subject: |
|
|
grepping through /usr/sbin/amavisd, this seems to be what is required
| Code: |
Archive::Zip
BerkeleyDB
Carp
Compress::Zlib
Convert::TNEF
Convert::UUlib
Crypt::OpenSSL::RSA
DBI
Digest::MD5
Encode
Errno
Fcntl
File::Basename
FileHandle
IO::File
IO::Handle
IO::Socket
IO::Socket::INET
IO::Socket::UNIX
MIME::Base64
MIME::Entity
MIME::Parser
MIME::Words
Mail::DKIM::Signer
Mail::DKIM::TextWrap
Mail::DKIM::Verifier
Mail::SpamAssassin
Net::Server
POSIX
Socket
Time::HiRes
Unix::Syslog
|
Now, to see which packages in portage provide which of these. If I can sort that, I can probably put together a fixed ebuild. Or, it may not be the fault of the ebuild, we'll see.
The ebuild already handles some of these, and the base perl install covers others, just need to see what we're missing (DBI is an obvious one, though the ebuild does say to pull in "dev-perl/DBD-mysql", so I don't know, maybe that's supposed to provide DBI? Actually, yes, checking that ebuild, DBD-mysql *does* have DBI as a dependency - what the hell is broken here, then?)
Note that I'm checking all of this against amavisd-new-2.7.0_pre8
I haven't looked into this in great detail just yet
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
| Back to top |
|
|
Shane-Echosnet
n00b
Joined: 27 Nov 2010
Posts: 18
Location: Baltimore MD
|
| Posted: Mon Dec 06, 2010 10:18 pm Post subject: |
|
|
Ok i got everything working except for amavis
Im not getting any output on screen and I cant seem to find the log file even after I changed the log file to a diffrent location.
| Code: |
echosnetwork ~ # /etc/init.d/postfix restart
* Starting amavisd-new ... [ !! ]
echosnetwork ~ # tail -f /var/log/messages
Dec 6 18:14:50 echosnetwork amavis[11159]: Net::Server: 2010/12/06-18:14:50 Amavis (type Net::Server::PreForkSimple) starting! p id(11159)
Dec 6 18:14:50 echosnetwork amavis[11159]: Net::Server: Binding to UNIX socket file /var/amavis/amavisd.sock using SOCK_STREAM
Dec 6 18:14:50 echosnetwork amavis[11159]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1
Dec 6 18:14:50 echosnetwork amavis[11159]: Net::Server: Group Not Defined. Defaulting to EGID '102 102'
Dec 6 18:14:50 echosnetwork amavis[11159]: Net::Server: User Not Defined. Defaulting to EUID '104'
Dec 6 18:14:50 echosnetwork amavis[11159]: Net::Server: Setting up serialization via flock
Dec 6 18:14:50 echosnetwork amavis[11159]: after_chroot_init: EUID: 104 (104); EGID: 102 102 (102 102)
Dec 6 18:14:50 echosnetwork amavis[11159]: config files read: /etc/amavisd.conf
Dec 6 18:14:50 echosnetwork amavis[11159]: (!!)TROUBLE in pre_loop_hook: IPv6 address [#] contains fewer than 8 fields
Dec 6 18:14:50 echosnetwork amavis[11159]: (!)_DIE: Suicide () TROUBLE in pre_loop_hook: IPv6 address [#] contains fewer than 8 fields
|
|
|
| Back to top |
|
|
cach0rr0
Bodhisattva
Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas
|
| Posted: Mon Dec 06, 2010 11:53 pm Post subject: |
|
|
can you post your amavisd.conf?
you have a hash character somewhere it shouldntbe.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
| Back to top |
|
|
Shane-Echosnet
n00b
Joined: 27 Nov 2010
Posts: 18
Location: Baltimore MD
|
| Posted: Mon Dec 06, 2010 11:58 pm Post subject: |
|
|
running! I just #@mynetworks Im sure that might hurt me later but for now at lest its running?
Here is what I got so far.
The amaviss is running fine. only for some messed up reason I cant send mail to my mail box nore can I send mail from my mailbox to a local mailbox or the internet.
when I send something to my box this is what comes up in tail -f /var/log/messages
| Code: |
Along with alot of other stuff that looks right to me
Dec 6 18:50:06 echosnetwork postfix/smtp[11809]: 0859456A0D5: to=<shane@echosnetwork.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=315, delays=315/0.11/0.02/0.04, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=11651-02, sql-enter FAILED: sql exec: err=1146, 42S02, DBD::mysql::st execute failed: Table 'amavis.maddr' doesn't exist at (eval 101) line 166, <GEN6> line 31. (in reply to end of DATA command))
|
Now I did setup the SQL database as said in the guide that you posted uptop
Will | Code: | | grep -v ^\# amavisd.conf |grep -v ^$ |
work to show my file as yours did? im lost when it comes to that. |
|
| Back to top |
|
|
cach0rr0
Bodhisattva
Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas
|
| Posted: Tue Dec 07, 2010 12:09 am Post subject: |
|
|
[quote="Shane-Echosnet"]running! I just #@mynetworks Im sure that might hurt me later but for now at lest its running?
Here is what I got so far.
The amaviss is running fine. only for some messed up reason I cant send mail to my mail box nore can I send mail from my mailbox to a local mailbox or the internet.
| Code: |
DBD::mysql::st execute failed: Table 'amavis.maddr' doesn't exist at (eval 101) line 166, <GEN6> line 31. (in reply to end of DATA command))
|
What did you use to create your amavis database? The link I posted has a "mailaddr" table, but not a "maddr" table. Amavis is looking for a table in the DB that doesnt exist, and choking.
If you can, fire up the mysql command-line, then:
| Code: |
mysql> use amavis;
mysql> show tables;
|
| Shane-Echosnet wrote: |
Will | Code: | | grep -v ^\# amavisd.conf |grep -v ^$ |
work to show my file as yours did? im lost when it comes to that. |
That's one of a handful of quick ways of stripping comments and empty lines from a config file
The first bit says to see if the first character on a line (as denoted by '^') is a hash (as denoted by \# )
The second bit says to check for an empty line (^ denotes start of line, and $ denotes end, if nothing is in between the line is empty)
The -v switch on grep says "show me everything BUT lines that match this pattern"
There are better ways of stripping comments, that's just what I committed to memory =/
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
| Back to top |
|
|
Shane-Echosnet
n00b
Joined: 27 Nov 2010
Posts: 18
Location: Baltimore MD
|
| Posted: Tue Dec 07, 2010 12:13 am Post subject: |
|
|
my sql
I was useing myPHPadmin to setup the sql
| Code: |
mysql> show tables;
+------------------+
| Tables_in_amavis |
+------------------+
| mailaddr |
| policy |
| users |
| wblist |
+------------------+
4 rows in set (0.00 sec)
|
here is the conf file
http://pastebin.com/092GZtL9 |
|
| Back to top |
|
|
cach0rr0
Bodhisattva
Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas
|
| Posted: Tue Dec 07, 2010 1:59 am Post subject: |
|
|
hrmm...looks like 'maddr' is actually an expected table, just checked my own. I suppose it's a good thing we're in this thread, because I haven't documented any of this, and I know I've had these same hiccups before myself, inevitably im going to have to go back and do this all again; now when I do I can refer back to this thread
| Code: |
mysql> show tables;
+------------------+
| Tables_in_amavis |
+------------------+
| maddr |
| mailaddr |
| msgrcpt |
| msgs |
| policy |
| quarantine |
| users |
| wblist |
+------------------+
8 rows in set (0.00 sec)
|
Of course, that mail filter guide doesn't tell you to do that.
I checked the README.sql-mysql that's included in /usr/share/doc/amavisd-new-2.6.3-r2/ (your version may be different) and plucked this out of it
Drop the amavis database, paste the following SQL bits into a new textfile, amavis.sql, then create the amavis database, then create the tables and whatnot:
| Code: |
mysqladmin drop amavis -p
<enter your password>
mysqladmin create amavis -p
<enter your password>
vi amavis.sql
<paste in the contents of below>
mysql amavis < amavis.sql -p
<enter password>
|
(ideally you'd want to have amavis access the database with its own user and password, and would need to run a GRANT statement after that, but that's another story)
Anyway, here's the table creation stuff:
| Code: |
CREATE TABLE users (
id int unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY, -- unique id
priority integer NOT NULL DEFAULT '7', -- sort field, 0 is low prior.
policy_id integer unsigned NOT NULL DEFAULT '1', -- JOINs with policy.id
email varbinary(255) NOT NULL UNIQUE,
fullname varchar(255) DEFAULT NULL, -- not used by amavisd-new
local char(1) -- Y/N (optional field, see note further down)
);
CREATE TABLE mailaddr (
id int unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,
priority integer NOT NULL DEFAULT '7', -- 0 is low priority
email varbinary(255) NOT NULL UNIQUE
);
CREATE TABLE wblist (
rid integer unsigned NOT NULL, -- recipient: users.id
sid integer unsigned NOT NULL, -- sender: mailaddr.id
wb varchar(10) NOT NULL, -- W or Y / B or N / space=neutral / score
PRIMARY KEY (rid,sid)
);
CREATE TABLE policy (
id int unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,
-- 'id' this is the _only_ required field
policy_name varchar(32), -- not used by amavisd-new, a comment
virus_lover char(1) default NULL, -- Y/N
spam_lover char(1) default NULL, -- Y/N
banned_files_lover char(1) default NULL, -- Y/N
bad_header_lover char(1) default NULL, -- Y/N
bypass_virus_checks char(1) default NULL, -- Y/N
bypass_spam_checks char(1) default NULL, -- Y/N
bypass_banned_checks char(1) default NULL, -- Y/N
bypass_header_checks char(1) default NULL, -- Y/N
spam_modifies_subj char(1) default NULL, -- Y/N
virus_quarantine_to varchar(64) default NULL,
spam_quarantine_to varchar(64) default NULL,
banned_quarantine_to varchar(64) default NULL,
bad_header_quarantine_to varchar(64) default NULL,
clean_quarantine_to varchar(64) default NULL,
other_quarantine_to varchar(64) default NULL,
spam_tag_level float default NULL, -- higher score inserts spam info headers
spam_tag2_level float default NULL, -- inserts 'declared spam' header fields
spam_kill_level float default NULL, -- higher score triggers evasive actions
-- e.g. reject/drop, quarantine, ...
-- (subject to final_spam_destiny setting)
spam_dsn_cutoff_level float default NULL,
spam_quarantine_cutoff_level float default NULL,
addr_extension_virus varchar(64) default NULL,
addr_extension_spam varchar(64) default NULL,
addr_extension_banned varchar(64) default NULL,
addr_extension_bad_header varchar(64) default NULL,
warnvirusrecip char(1) default NULL, -- Y/N
warnbannedrecip char(1) default NULL, -- Y/N
warnbadhrecip char(1) default NULL, -- Y/N
newvirus_admin varchar(64) default NULL,
virus_admin varchar(64) default NULL,
banned_admin varchar(64) default NULL,
bad_header_admin varchar(64) default NULL,
spam_admin varchar(64) default NULL,
spam_subject_tag varchar(64) default NULL,
spam_subject_tag2 varchar(64) default NULL,
message_size_limit integer default NULL, -- max size in bytes, 0 disable
banned_rulenames varchar(64) default NULL -- comma-separated list of ...
-- names mapped through %banned_rules to actual banned_filename tables
);
CREATE TABLE maddr (
partition_tag integer DEFAULT 0, -- see $sql_partition_tag
id bigint unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,
email varbinary(255) NOT NULL, -- full mail address
domain varchar(255) NOT NULL, -- only domain part of the email address
-- with subdomain fields in reverse
CONSTRAINT part_email UNIQUE (partition_tag,email)
) ENGINE=InnoDB;
CREATE TABLE msgs (
partition_tag integer DEFAULT 0, -- see $sql_partition_tag
mail_id varbinary(12) NOT NULL PRIMARY KEY, -- long-term unique mail id
secret_id varbinary(12) DEFAULT '', -- authorizes release of mail_id
am_id varchar(20) NOT NULL, -- id used in the log
time_num integer unsigned NOT NULL, -- rx_time: seconds since Unix epoch
time_iso char(16) NOT NULL, -- rx_time: ISO8601 UTC ascii time
sid bigint unsigned NOT NULL, -- sender: maddr.id
policy varchar(255) DEFAULT '', -- policy bank path (like macro %p)
client_addr varchar(255) DEFAULT '', -- SMTP client IP address (IPv4 or v6)
size integer unsigned NOT NULL, -- message size in bytes
content binary(1), -- content type: V/B/S/s/M/H/O/C:
-- virus/banned/spam(kill)/spammy(tag2)/bad-mime/bad-header/oversized/clean
-- is NULL on partially processed mail
-- use binary instead of char for case sensitivity ('S' != 's')
quar_type binary(1), -- quarantined as: ' '/F/Z/B/Q/M/L
-- none/file/zipfile/bsmtp/sql/
-- /mailbox(smtp)/mailbox(lmtp)
quar_loc varbinary(255) DEFAULT '', -- quarantine location (e.g. file)
dsn_sent char(1), -- was DSN sent? Y/N/q (q=quenched)
spam_level float, -- SA spam level (no boosts)
message_id varchar(255) DEFAULT '', -- mail Message-ID header field
from_addr varchar(255) DEFAULT '', -- mail From header field, UTF8
subject varchar(255) DEFAULT '', -- mail Subject header field, UTF8
host varchar(255) NOT NULL, -- hostname where amavisd is running
FOREIGN KEY (sid) REFERENCES maddr(id) ON DELETE RESTRICT
) ENGINE=InnoDB;
CREATE INDEX msgs_idx_sid ON msgs (sid);
CREATE INDEX msgs_idx_mess_id ON msgs (message_id); -- useful with pen pals
CREATE INDEX msgs_idx_time_num ON msgs (time_num);
CREATE TABLE msgrcpt (
partition_tag integer DEFAULT 0, -- see $sql_partition_tag
mail_id varbinary(12) NOT NULL, -- (must allow duplicates)
rid bigint unsigned NOT NULL, -- recipient: maddr.id (dupl. allowed)
ds char(1) NOT NULL, -- delivery status: P/R/B/D/T
-- pass/reject/bounce/discard/tempfail
rs char(1) NOT NULL, -- release status: initialized to ' '
bl char(1) DEFAULT ' ', -- sender blacklisted by this recip
wl char(1) DEFAULT ' ', -- sender whitelisted by this recip
bspam_level float, -- spam level + per-recip boost
smtp_resp varchar(255) DEFAULT '', -- SMTP response given to MTA
FOREIGN KEY (rid) REFERENCES maddr(id) ON DELETE RESTRICT,
FOREIGN KEY (mail_id) REFERENCES msgs(mail_id) ON DELETE CASCADE
) ENGINE=InnoDB;
CREATE INDEX msgrcpt_idx_mail_id ON msgrcpt (mail_id);
CREATE INDEX msgrcpt_idx_rid ON msgrcpt (rid);
CREATE TABLE quarantine (
partition_tag integer DEFAULT 0, -- see $sql_partition_tag
mail_id varbinary(12) NOT NULL, -- long-term unique mail id
chunk_ind integer unsigned NOT NULL, -- chunk number, starting with 1
mail_text blob NOT NULL, -- store mail as chunks of octets
PRIMARY KEY (mail_id,chunk_ind),
FOREIGN KEY (mail_id) REFERENCES msgs(mail_id) ON DELETE CASCADE
) ENGINE=InnoDB;
|
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
| Back to top |
|
|
Shane-Echosnet
n00b
Joined: 27 Nov 2010
Posts: 18
Location: Baltimore MD
|
| Posted: Tue Dec 07, 2010 2:26 am Post subject: |
|
|
It is sending and receiving mail from both local and internet.
Everything seems like its working. Is there a way to test it out ?
Oh geez now my webmail isnt working again. LOL!! you know there really is alot that goes into a simple mail server
As I was watching the tail -f log file there was only one error.
| Code: |
ClamAV-clamd: Can't connect to UNIX socket /var/amavis/clamd.sock: No such file or directory, retrying (1)
|
Being everything is running could that be part of the whole bug issue?
OH before I forget Is there anything I Have to do with cron? I was reading somewhere I have to add the update thing for one of the addins.
Im really shakey with cron I never had anything in cron work for me. In fact last time I tryed I spent 2 hours undoing it ( dont ask lol )
You have no idea how much you helped me out I really thank you alot! |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
