View Full Version : PostgreSQL+Postfix+Nginx+PHP+RoundCube+Dovecot+ SpamAssassin+Clamav+Spamd
graudeejs
January 27th, 2010, 06:43
When Installing software I will use portmaster from ports-mgmt/portmaster
Goal of this howto (unsorted):
configure mail server that will handle virtual mailboxes, virtual domains and/or relay mail to other hosts.
configure webmail
let users to connect to their accounts using imaps protocol
let user to send mail using smtps protocol
configure antivirus and spam filtering software
use only OpenSource software available in FreeBSD ports
where possible/nessacery encrypt connections with OpenSSL
use static uid:gid for mail
store mail in /mail/domain/username
use sockets where possible
configure my own mailserver
Table Of Content
Preparing system
Install PostgreSQL
Install & configure Dovecot
Install & configure Postfix
Install & configure nginx
Install & configure RoundCube
Configure PostgreSQL
Configure PHP
Install and Configure Spamd
Install and Configure Clamav
Install and Configure SpamAssassin
Checking if it works
References
Change log
I've left some reserved posts for future use {perhaps security related or something else}
graudeejs
January 27th, 2010, 06:45
Preparing system
I'll use GENERIC kernel
To be able to run PostgreSQL in jail you need to {you may/will need to tune these values to your needs}
# cat < EOF >> /boot/loader.conf
kern.ipc.semmni=40
kern.ipc.semmns=240
kern.ipc.seumr=40
kern.ipc.semmnu=120
EOF
# echo 'security.jail.sysvipc_allowed=1' >> /etc/sysctl.conf
and
# echo 'jail_sysvipc_allow="YES"' >> /etc/rc.conf
Sine we'll be using jail, we also want to use nullfs
# echo 'nullfs_load="YES"' >> /boot/loader.conf
now reboot your FreeBSD, and create new jails, start it and jexec to it.
Everything below will be executed in jail
Now in your jail
By default OpenSSL from Base system will create 1024 bit RSA keys, I don't like that, It's not enough.
So in /etc/ssl/openssl.cnf
find and set
default_bits = 4096
graudeejs
January 27th, 2010, 06:58
Install PostgreSQL
Install and start postgresql
# portmaster databases/postgresql84-server
# echo 'postgresql_enable="YES"' >> /etc/rc.conf
# /usr/local/etc/rc.d/postgresql initdb
# /usr/local/etc/rc.d/postgresql start
graudeejs
January 27th, 2010, 07:16
Install & configure Dovecot
Install dovecot
# portmaster mail/dovecot
make sure to select SSL, PGSQL
Create SSL/TLS certificate for secure connections:
# mkdir -p /etc/ssl/dovecot
# cd /etc/ssl/dovecot
# openssl req -new -x509 -nodes -out cert.pem -keyout key.pem -days 365
# chmod 640 /etc/ssl/dovecot/*
more info: http://forums.freebsd.org/showthread.php?t=6490
Edit /usr/local/etc/dovecot.conf
protocols = imaps
disable_plaintext_auth = no
ssl = yes
ssl_cert_file = /etc/ssl/dovecot/cert.pem
ssl_key_file = /etc/ssl/dovecot/key.pem
mail_privileged_group = mail
dotlock_use_excl = yes
mail_location = maildir:/mail/%d/%n
verbose_proctitle = yes
# mailnull user id is 26
first_valid_uid = 26
last_valid_uid = 26
mail_uid = mailnull
# mail goup id is 6
first_valid_gid = 6
last_valid_gid = 6
mail_gid = mail
maildir_copy_with_hardlinks = yes
protocol imap {
imap_client_workarounds = delay-newmail netscape-eoh tb-extra-mailbox-sep
mail_plugins = quota imap_quota
}
protocol managesieve {
}
protocol lda {
postmaster_address = postmaster@example.com
sendmail_path = /usr/sbin/sendmail
mail_plugins = quota
}
auth_username_format = %Lu
auth default {
mechanisms = plain
passdb sql {
args = /usr/local/etc/dovecot-sql.conf
}
userdb prefetch {
# keep this, otherwise quota won't work
}
user = root
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
user = mailnull
group = mail
}
client {
path = /var/run/dovecot/auth-client
mode = 0660
user = postfix
group = mail
}
}
}
dict {
}
plugin {
quota = maildir:User quota
quota_rule = *:storage=1GB
}
Edit /usr/local/etc/dovecot-sql.conf
driver = pgsql
connect = host=/tmp dbname=mail user=dovecot password=DovecotPassword
default_pass_scheme = PLAIN-MD5
password_query = \
SELECT username, domain, password, '*:bytes=' || quota || 'M' AS userdb_quota_rule \
FROM mailbox WHERE username = '%n' AND domain = '%d' AND active = true
M in red means that SQL query will return quota in Megabytes (Consider it as modifier)
TIP: host can be IP, hostname of path to PostgreSQL socket
Enable dovecot at jail startup
# echo 'dovecot_enable="YES"' >> /etc/rc.conf
NOTE: you may want to install mail/dovecot-sieve, it will help you to automatically move different mails to different folders :)
graudeejs
January 27th, 2010, 07:23
Install & configure Postfix
Stop sendmail
# /etc/rc.d/sendmail stop
Install postfix
# portmaster mail/postfix
...
Added group "postfix".
Added group "maildrop".
Added user "postfix".
You need user "postfix" added to group "mail".
Would you like me to add it [y]? y
...
Would you like to activate Postfix in /etc/mail/mailer.conf [n]? y
make sure to select DOVECOT, TLS, PGSQL, VDA
Make system use postfix instead of sendmail
# cat < EOF >> /etc/rc.conf
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
EOF
# cat < EOF >> /etc/periodic.conf
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"
EOF
Create and secure the SMTP SSL certificate:
# mkdir -p /etc/ssl/postfix
# cd /etc/ssl/postfix
# openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 365
# chmod 640 /etc/ssl/postfix/*
# chgrp -R postfix /etc/ssl/postfix
edit red test in /usr/local/etc/postfix/main.cf
...
# SOFT BOUNCE
#
# The soft_bounce parameter provides a limited safety net for
# testing. When soft_bounce is enabled, mail will remain queued that
# would otherwise bounce. This parameter disables locally-generated
# bounces, and prevents the SMTP server from rejecting mail permanently
# (by changing 5xx replies into 4xx replies). However, soft_bounce
# is no cure for address rewriting mistakes or mail routing mistakes.
#
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
reject_rbl_client bl.spamcop.net
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
virtual_mailbox_base = /mail
virtual_mailbox_maps = pgsql:/usr/local/etc/postfix/pgsql_virtual_mailbox_maps.cf
virtual_mailbox_domains = pgsql:/usr/local/etc/postfix/pgsql_virtual_mailbox_domains.cf
virtual_alias_maps = pgsql:/usr/local/etc/postfix/pgsql_virtual_alias_maps.cf
local_recipient_maps = $virtual_mailbox_maps
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
# I use static uid:gid, dynamic ones caused problems for me {permission related}
virtual_uid_maps = static:26
virtual_gid_maps = static:6
virtual_transport = dovecot
smtpd_delay_reject = yes
smtpd_helo_required = yes
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_security_options = noanonymous
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
...
myhostname = example.com
...
mydomain = example.com
...
mydestination = localhost.$mydomain, localhost
...
#relay_domains = pgsql:/usr/local/etc/postfix/pgsql_relay_domains.cf
...
uncomment this in /usr/local/etc/postfix/master.cfsmtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject
-o message_size_limit=26214400
message_size_limit will change message size limit from 10240000B (default) to 25M
and add this to /usr/local/etc/postfix/master.cfdovecot unix - n n - - pipe
flags=DRhu user=mailnull:mail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension}
/usr/local/etc/postfix/pgsql_relay_domains.cf
user = postfix
password = postfix_password
hosts = /tmp
dbname = mail
query = SELECT domain FROM mailbox_relay_domains WHERE domain = '%s' AND active = true
/usr/local/etc/postfix/pgsql_virtual_alias_maps.cf
user = postfix
password = postfix_password
hosts = /tmp
dbname = mail
query = SELECT dest_username || '@' || dest_domain FROM mailbox_aliases WHERE address = '%s' AND active = true
/usr/local/etc/postfix/pgsql_virtual_mailbox_domains.cf
user = postfix
password = postfix_password
hosts = /tmp
dbname = mail
query = SELECT domain FROM mailbox WHERE domain = '%s' AND active = true
/usr/local/etc/postfix/pgsql_virtual_mailbox_limit_maps.cf
user = postfix
password = postfix_password
hosts = /tmp
dbname = mail
query = SELECT quota FROM mailbox WHERE username = '%u' AND domain = '%d' AND active = true
/usr/local/etc/postfix/pgsql_virtual_mailbox_maps.cf
user = postfix
password = postfix_password
hosts = /tmp
dbname = mail
query = SELECT domain || '/' || username FROM mailbox WHERE username = '%u' AND domain = '%d' AND active = true
TIP: as host you can use IP, hostname or path to postgreSQL socket
Secure Postfix’s PGSQL files:
# chmod 640 /usr/local/etc/postfix/pgsql_*
# chgrp postfix /usr/local/etc/postfix/pgsql_*
Create our virtual mail directories:
# mkdir /mail
# chown mailnull:mail /mail
Enable postfix at jail startup
echo 'postfix_enable="YES"' >> /etc/rc.conf
graudeejs
January 27th, 2010, 10:42
Install & configure nginx
Install nginx and spawn_fcgi
# portmaster www/nginx www/spawn-fcgi
enable service
# cat < EOF >> /etc/rc.conf
nginx_enable="YES"
spawn_fcgi_enable="YES"
spawn_fcgi_bindaddr=""
spawn_fcgi_bindport=""
spawn_fcgi_bindsocket="/var/run/spawn_fcgi.socket"
spawn_fcgi_bindsocket_mode="0700"
EOF
this will start spawn_fcgi with socket, instead of listening to some port
/usr/local/etc/nginx/nginx.conf#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
# This will redirect http to https :D
listen 80;
server_name example.com;
location / {
rewrite ^ https://example.com/$request_uri? permanent;
}
}
server {
listen 443;
server_name example.com;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /usr/local/www/roundcube;
index index.php;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
location ~ \.php$ {
root /usr/local/www/roundcube;
fastcgi_pass unix:/var/run/spawn_fcgi.socket;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/local/www/roundcube/$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
ssl on;
ssl_certificate /etc/ssl/www/www.pem;
ssl_certificate_key /etc/ssl/www/www.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSL v2:+EXP;
ssl_prefer_server_ciphers on;
client_max_body_size 25m;
}
}
This will listen on https port, it's a good idea to make another host to listen on port 80, and redirect to https
client_max_body_size 25m; this will set max body size to 25M which means, that you can upload up to 25M per file. It's important to set this variable, not only in php.ini {see Configure PHP section below
TIP: you can install nginx+RoundCube+PHP in different jail. I think this would add extra security layer to mail server. One thing I dislike about RoundCube is that It can't connect to db via socket
graudeejs
January 27th, 2010, 10:43
Install and configure RoundCube
Install
portmaster mail/roundcube
Make sure to select PGSQL, SSL
When asked for php5 config make sure to select FASTCGI
in /usr/local/www/roundcube/config/db.inc.php set
# you should be able to use hostname instead of IP as well
# unfortunatly it's not possible to specify socket :(
$rcmail_config['db_dsnw'] = 'pgsql://roundcube:RoundcubePassword@123.123.123.123/mail'
in /usr/local/www/roundcube/config/main.inc.php set
$rcmail_config['log_driver'] = 'syslog';
$rcmail_config['force_https'] = TRUE;
$rcmail_config['default_host'] = 'ssl://example.com';
$rcmail_config['default_port'] = 993;
$rcmail_config['imap_auth_type'] = auth;
$rcmail_config['username_domain'] = 'example.com';
$rcmail_config['mail_domain'] = 'example.com';
$rcmail_config['smtp_server'] = 'ssl://example.com';
$rcmail_config['smtp_port'] = 465;
$rcmail_config['smtp_user'] = '%u';
$rcmail_config['smtp_pass'] = '%p';
$rcmail_config['sendmail_delay'] = 20;
$rcmail_config['session_lifetime'] = 30;
// set some random password
$rcmail_config['des_key'] = 'SomeRandom24charPassword';
$rcmail_config['language'] = lv_LV;
$rcmail_config['product_name'] = 'Example.com :)';
$rcmail_config['create_default_folders'] = TRUE;
$rcmail_config['default_charset'] = 'ISO-8859-13';
$rcmail_config['identities_level'] = 1;
$rcmail_config['max_pagesize'] = 100;
$rcmail_config['log_logins'] = true;
// this doesn't seam to work.... perhaps a bug...
$rcmail_config['timezone'] = 'Europe/Riga';
$rcmail_config['show_images'] = 1;
// most average users probably prefer html emails
$rcmail_config['htmleditor'] = TRUE;
to get info what these variables means read config file, it's pretty well commented
graudeejs
January 27th, 2010, 10:49
Configure PostgreSQL
PostreSQL configuration for RoundCube
# su pgsql
$ psql template1
-- create users
CREATE USER postfix ENCRYPTED password 'PostfixPassword';
CREATE USER dovecot ENCRYPTED password 'DovecotPassword';
CREATE ROLE mailman WITH USER postfix, dovecot;
-- create group
CREATE DATABASE mail OWNER mailman;
\c mail
-- virtual mailboxes
CREATE TABLE mailbox (
username VARCHAR(128) NOT NULL,
domain VARCHAR(128) NOT NULL,
password CHAR(32) NOT NULL,
quota INTEGER DEFAULT 1024 NOT NULL,
active BOOLEAN DEFAULT true NOT NULL,
PRIMARY KEY (username, domain)
);
-- virtual mailbox aliases
CREATE TABLE mailbox_aliases (
address VARCHAR(256) PRIMARY KEY,
dest_username VARCHAR(128) NOT NULL,
dest_domain VARCHAR(128) NOT NULL,
active BOOLEAN DEFAULT true NOT NULL,
FOREIGN KEY (dest_username, dest_domain) REFERENCES mailbox (username, domain) ON DELETE CASCADE
);
-- relay domains
CREATE TABLE mailbox_relay_domains (
domain VARCHAR(256) PRIMARY KEY,
active BOOLEAN DEFAULT true NOT NULL
);
-- grant permissions
GRANT SELECT ON mailbox TO dovecot;
GRANT SELECT ON mailbox,mailbox_aliases,mailbox_relay_domains TO postfix;
-- create virtual domain
-- currently virtual domains doesn't work for me
INSERT INTO domains_relay_domains VALUES ('example.com');
-- create user
INSERT INTO mailbox VALUES ('test','example.com','MD5 Hash of password');
-- create virtual aliases
INSERT INTO mailbox_aliases VALUES ('postmaster@example.com', 'test', 'example.com');
INSERT INTO mailbox_aliases VALUES ('root@example.com', 'test', 'example.com');
INSERT INTO mailbox_aliases VALUES ('example@example.com', 'test', 'example.com');
INSERT INTO mailbox_aliases VALUES ('abuse@example.com', 'test', 'example.com');
-- create roundcube and database
CREATE USER roundcube ENCRYPTED password 'RoundcubePassword';
CREATE DATABASE webmail WITH OWNER roundcube;
\c - roundcube
-- create tables etc for roundcube
\i /usr/local/www/roundcube/SQL/postgres.initial.sql
-- exit psql
\q
in /usr/local/pgsql/data/pg_hba.conf you need to set
who is allowed access postgresql and from where. This file is pretty well
written so, you should read it yourself :)
Add this entry
local mail postfix,dovecot md5
host webmail roundcube jail_IP/32 md5
If postfix and dovecot connects to database over net, then
host mail postfix,dovecot jail_IP/32 md5
host webmail roundcube jail_IP/32 md5
also for db security I suggest you change password for pgsql user and set password authentication for everything and everyone form anywhere :)
graudeejs
January 27th, 2010, 10:57
Configure PHP
To attach files in webmail interface (roundcube) we need to configure php to allow uploading bigger files {by default it's about 2MB, which is very, very small}
copy example config file
# cp /usr/local/etc/php.ini-recommended /usr/local/etc/php.ini
edit variables in /usr/local/etc/php.ini
; Maximum size of POST data that PHP will accept.
post_max_size = 25M
; Maximum allowed size for uploaded files.
upload_max_filesize = 20M
; Maximum number of files that can be uploaded via a single request
max_file_uploads = 10
EDIT: after editing /usr/local/etc/php.ini if spawn-fcgi is started, you need to restart it, for new setting to take effect
# /usr/local/etc/rc.d/spawn-fcgi restart
graudeejs
February 5th, 2010, 19:37
This section must be done on host system, not in jail
Install and configure spamd (common)
# portmaster mail/spamd
# cat < EOF >> /etc/rc.conf
obspamlogd_enable="YES"
obspamd_enable="YES"
obspamd_flags="-l IP_mail_server -h example.com"
EOF
-l is optional, if you omit it, spamd will listen on all aliased IP's AFAIK
enable and configure pf { this one you figure out yourself :) }
you need to mount fdescfs to /dev/fs for graylisting to work.
# echo 'fdescfs /dev/fd fdescfs rw 0 0' >> /etc/fstab
And you need to create spamd database
# touch /var/db/spamd
# chown _spamd:_spamd /var/db/spamd
# chmod ug=rw,o= /var/db/spamd
Configure spamd (blacklisting)
to obspamd_flags in /etc/rc.conf add -b flag
I haven't yet figured out how exactly and does it work at all.
Run crontab -e and add this
48 * * * * /usr/local/sbin/spamd-setup
This should fetch blacklists
to /etc/pf.conf add this
table <spamd> persist
rdr pass inet proto tcp from <spamd> to any port smtp -> 127.0.0.1 port spamd
# let spamd-setup update blacklist
pass out on $e_if0 inet proto tcp from Host_IP to any port { spamd, spamd-cfg } keep state
pass out on $e_if0 inet proto udp from Host_IP to any port spamd-sync keep state
Configure spamd (graylisting)
grayisting may have a one serious dissadvangate. It may delay mail for more than 35 minutes... In case of gmail, it can be even longer, because gmail may try to deliver mail from different servers. You can probably resolve this by whitelisting all gmail IP's {but I don't have such a list, unfortunately}
to /etc/pf.confadd this
table <spamd-white> persist
rdr pass inet proto tcp from !<spamd-white> to any port smtp -> 127.0.0.1 port spamd
TIP: you can combine bough methods :D also you can create your own whitelist and use it as well
graudeejs
February 5th, 2010, 19:45
Install and configure Clamav
install clamsmtp and clamav
# portmaster security/clamav security/clamsmtp
copy example config file
# cp /usr/local/etc/clamd.conf.default /usr/local/etc/clamd.conf
# cp /usr/local/etc/clamsmtpd.conf-sample /usr/local/etc/clamsmtpd.conf
# cp /usr/local/etc/freshclam.conf.default /usr/local/etc/freshclam.conf
Edit /usr/local/etc/clamd.conf
TemporaryDirectory /tmp
LocalSocket /var/run/clamav/clamd.socket
User clamav
Edit /usr/local/etc/clamsmtpd.conf the way you like
ClamAddress: /var/run/clamav/clamd.socket
Header: X-Virus-Scanned: ClamAV using ClamSMTP
TempDirectory: /tmp
Action: drop
Quarantine: off
User: clamav
make sure that clamsmtpd and clamd use same user and socket
Now you need to add fallowing to /usr/local/etc/postfix/master.cf
# AV scan filter (used by content_filter)
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
-o smtp_enforce_tls=no
# For injecting mail back into postfix from the filter
IP_of_jail:10026 inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_chec ks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=IP_of_jail
to /usr/local/etc/postfix/main.cf add
content_filter = scan:[IP_of_jail]:10025
enable clamav, freshclam and clamsmtpd at startup
cat < EOF >> /etc/rc.conf
clamsmtpd_enable="YES"
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
clamav_freshclam_flags="--quiet -a jail_ip -c 24"
EOF
-c 12 means, that freshclam should update virus database every 2 hours (valid values 1-50)
graudeejs
February 5th, 2010, 23:35
Install and configure SpamAssassin
install
# portmaster mail/p5-Mail-SpamAssassin
Configure daemon startup
# cat < EOF >> /etc/rc.conf
spamd_enable="YES"
spamd_flags="-c --socketpath=/var/run/SpamAssassin.socket"
EOF
This will make spamassassin daemon to listen on socket, instead of opening port
# mkdir /var/spool/mqueue/.spamassassin
# chown _spamd:_spamd /var/spool/mqueue/.spamassassin
now run sa-update
# sa-update
add this to /usr/local/etc/postfix/master.cfspamassassin unix - n n - - pipe
user=nobody argv=/usr/local/bin/spamc -u mailnull -U /var/run/SpamAssassin.socket -e /usr/local/sbin/sendmail -oi -f ${sender} ${recipient}
and edit this line in /usr/local/etc/postfix/master.cf
smtp inet n - n - - smtpd
to
smtp inet n - n - - smtpd -o content_filter=spamassassin
edit /usr/local/etc/mail/spamassassin/local.cf as needed.
Personally I set required_score to 4.0
graudeejs
February 6th, 2010, 00:09
Checking if it works
You might want to restart server, to check it everything is started :D
Postfix
send mail to some user that is registered in database, mail should be delivered to /mail/domain/user/...
you can check status of mail queue with mailq
Also send mail from jail to some other email server and see if you can send mails
Dovecot
Try logging in to your server (imap) with some mail client
Here's example mutt config:
set imap_user = "user@example.com"
set folder = "imaps://example.com:993"
set postponed = "+Drafts"
set spoolfile = "+INBOX"
set record = "+Sent"
Roundcube
This is very simple, simply open example.com in browser, and try to log in. If you can't login with roundcube, but can login with some email client, then roundcube is configured incorrectly
After you have logged in you need to check if you can send emails. Send some email to other server (gmail for example). If Roundcube won't be able to connect to smtps, than it will show error.
SpamAssassin
If SpamAssassin works, in received mail headers you should see something like this:
X-Spam-Checker-Version: SpamAssassin 3.3.0 (2010-01-18) on bsdroot.lv
X-Spam-Level: *
X-Spam-Status: No, score=1.8 required=5.0 tests=MISSING_SUBJECT,
TVD_SPACE_RATIO autolearn=no version=3.3.0
Clamav
If clamav works, in received mail headers you should see something like this:
X-Virus-Scanned: ClamAV using ClamSMTP
NOTE: you my want to create 1 or 2 common certificates, and use it by all services (depending on your configuration). Certificates cost money (at least certificates signed by CA).
NOTE: passwords in config files are save unencrypted, later I'll think how to save them encrypted
More and much more detailed info in references
graudeejs
February 6th, 2010, 00:09
Don't forget to configure you MX records on your DNS :D
graudeejs
February 6th, 2010, 00:10
reserved.
graudeejs
February 6th, 2010, 00:15
Where to look for errors:
/var/log/message
/var/log/maillog
/var/log/nginx*
References (unsorted)
almost unsorted
FreeBSD-Postfix-MySQL-SpamAssassin-Maia-Virtual Setup (http://www.purplehat.org/?page_id=4)
Greylisting with PF (http://onlamp.com/pub/a/bsd/2007/01/18/greylisting-with-pf.html)
ClamSMTP: Using with Postfix (http://memberwebs.com/stef/software/clamsmtp/postfix.html)
HOWTO: Mailserver mit Postfix, Dovecot, Antispam und PostgreSQL Backend (german) (http://www.tuxj0b.de/HOWTO_Mailserver_mit_Postfix_Dovecot_Antispam_und_ PostgreSQL_Backend)
postfix master(5) (http://www.postfix.org/master.5.html)
postfix postconf(5) (http://www.postfix.org/postconf.5.html)
postfix pgsql_table(5) (http://www.postfix.org/pgsql_table.5.html)
Dovecot LDA with Postfix (http://wiki.dovecot.org/LDA/Postfix)
Postfix Howtos and FAQs (http://postfix.linux.edu.lv/docs.html)
Greylisting (http://www.greylisting.org/)
Postfix Virtual Domain Hosting Howto (http://www.postfix.org/VIRTUAL_README.html)
Integrating SpamAssassin into Postfix using spamd (http://wiki.apache.org/spamassassin/IntegratedSpamdInPostfix)
Increase upload size in your php.ini (http://drupal.org/node/97193)
http://wiki.dovecot.org/Quota
http://wiki.dovecot.org/Quota/1.1
want to change maxfile size in nginx (http://www.webhostingtalk.com/showthread.php?t=570945)
http://www.kolab.org/pipermail/kolab-users/2006-May/004885.html
nginx redirect http to https (http://www.ruby-forum.com/topic/179377)
Fighting spam with pf (http://www.freebsddiary.org/pf.php)
Some other links I came by, but didn't really use
HOW TO: Setup RoundCube Webmail on Your Server (http://paulstamatiou.com/how-to-setup-roundcube-webmail-on-your-server/)
Nginx "how to" - Fast and Secure Web Server (https://calomel.org/nginx.html)
Other Trick For Blocking Spam (http://wiki.apache.org/spamassassin/OtherTricks)
Integrate Spamassassin into Postfix/Dovecot (http://maff.ailoo.net/2009/11/integrate-spamassassin-into-postfix-dovecot/)
Howto ipfw + spamd graylisting (http://www.opennet.ru/base/net/spamd_freebsd_ipfw2.txt.html) (in Russian)
TO Read
http://www.freespamfilter.org/FC4.html#_Toc110999157
graudeejs
February 12th, 2010, 14:03
OK, it seams I've finished this Howto.
Suggestions and error correction {i'm just a human} are welcomed :D
also don't forget that you don't need to fallow this howto step by step, you can improvize :D
Originally I wanted to use lighttpd but later changed to nginx. I did that because nginx is much easier to set up, because if you make error in config, it's easier to find it.
Don't expect this tutorial to work out of the box. You will need to work yourself. I wrote this from what I could remember.
But since then, I've rebuild my mail server many times, and this tutorial helped me a lot. When I find stuff that doesn't glue well, I try to fix it. So it's not perfect... :)
graudeejs
February 18th, 2010, 21:11
Change log
2010-02-18: Added few lines in nginx.conf to redirect http to https
2010-02-22: Added 2x pf rules to smapd blacklist section. This fixes spamd-setup not being able to update blacklist
2010-02-23: Fixed many console commands (echo), Syntax was wrong, sorry
2010-02-26: Fixed SpamAssassin. Now it scans mail :D
2010-02-26: added Checking if it works section
2010-03-09: Improved PostgreSQL queries in "Configure PostgreSQL" section [didn't test, but they should work, anyway, if it doesn't let me know]
2010-03-09: Fixed may typos pointed to me by osx-addict (http://forums.freebsd.org/member.php?u=4769)
2010-03-10: Fixed typo in Postfix section (thanks to osx-addict. Fixed one PostgreSQL query in postfix section, to match updated PostgreSQL query
2010-04-10: in Install & configure Postfix section s/chmod mailnull:mail/chown mailnull:mail/
2010-05-31: Fixed SQL insert query bug in Configure PostgreSQL section pointed out by zloidemon on jabber. Fix in Install and configure Clamav section
2010-11-05: Add some missing info to SpamAssasin section. Some other fixes
2011-01-20: Remove relay_domains from /usr/local/etc/postfix/main.cf, it was not needed, as it serves different purpose. Fix spamd section: you need to create database manually
2011-01-22: Fix beginning of spamd section
Sylhouette
March 2nd, 2010, 14:05
Great howto.
Makes me try using nginx instead of apache.
One note however, something that i miss, user management!
regards,
Johan
graudeejs
March 2nd, 2010, 16:00
Ah, for user management, I will write my own php scritps :)
mikec
March 4th, 2010, 05:49
Great how-to killasmurf. Ran into a couple things when starting spamassassin, on initial startup SA wants you to run sa-update first and I believe the command
# chown _spamd:_spamd /var/spool/mqueue/.spamassassin
should be
# chown mailnull:mailnull /var/spool/mqueue/.spamassassin
My error logs complained about SA not having permission to create or write bayes files inside the directory and I noticed in master.cf your starting SA with -u mailnull. I made the change and SA runs perfect.
Hopefully you could add a section on automatically moving mail marked as spam. I created a script that greps inboxes for spam flag for half hour but it'd be nice to have something do it in real time.
Great how-to.
osx-addict
March 9th, 2010, 02:47
I read the entire thing.. End to end.. However, it might be nice on each step to indicate what is in a jail vs not.. I think you're running postgres in a jail..
Also, in the section where you're installing spamd and related 'mail' tools, you mention that they should be in the host environment.. I ran an 'smtp' jail that had everything but the roundcube/apache combination -- so it had sendmail, spamd, clamav, spamasassin, dovecot, and a few milters to glue it together. Worked just fine.. I'll be working on setting up my jails again this evening after I get home and want to set things up like :
smtp.example.com : (sendmail or postfix), spamd, clamav, spamasassin, dovecot, maildir folders for mail
www.example.com : (apache or nginx), roundcube (in a non-public directory--must know exact URL - discourage hackers), other pages, forward to other virtual domains,etc.
db.example.com : postgres -- if I can get it to behave in a jail -- otherwise it will be back in host environment
host.example.com : host environment -- user accounts,etc.
dns.example.com : dns lookups (eventually)
proxy.example.com: privoxy proxy server (or better?) - eventually
graudeejs
March 9th, 2010, 08:18
Preparing system
....
Everything below will be executed in jail
....
This section should be done on host system, not in jail {at least I did this on host}
Install and configure spamd (common)
....
Did you miss ^^^ :D
Yes, having postfix on host system, has some advantages, that I discovered later.
I wanted all jails to send daily messages to postfix jail, host couldn't do it, because it had ip alias which matched destination :D then I moved postfix, dovecot and postgresql to host (I have single server)
However I'll probably move postgresql back to jail later.
Bare with me, I'm new to this. This is my first mailserver configuration :D
I gained a lot of knowledge while doing this, however there are still many things I don't know, especially related to security. :D
osx-addict
March 9th, 2010, 18:26
Thanks for the update.. I did see the few notes about what was in jails but was looking for something (perhaps at the top) outlining the game plan (e.g. host + 4 jails with what is in each jail) or similar..
Are you interested in fixing typo's? There are a handful of places with typos such as the portmaster line for nginx (which says something like "portmaster ngnix" instead of "portmaster nginx")... I've also got an issue with one of the Dovecot SQL files with it complaining about the 'host' line not being recognized.. I've got to look into that further.
In my older FreeBSD 7.1 setup I had a jailed mail server with sendmail and the rest of what you've got (dovecot, spamd,excluding roundcube which was in an Apache jail) and all jails were able to talk to one another w/o any issues. I did have to install something from the mail tools area to forward outgoing messages to my jailed sendmail as I couldn't get the other minimal (e.g. host) sendmail to behave for this sort of 'forward' config... I don't recall what tool it was though. I'll have to look when I'm home later if there's interest, although postfix can probably be configured to do that.
I would not put roundcube (or any other PHP based site) outside of a jailed environment.. I've had one break-in due to an issue that was discovered last year (in roundcube) before I ran FreeBSD (was on Linux at the time) and a rootkit was installed and .... (you get the picture).. PHP scripts are what I'm scared most about -- they're an easy back door into a system to take control..
graudeejs
March 9th, 2010, 18:34
Thanks for info, Yes, I'm more than interested in fixing typos, problems etc :D
DutchDaemon
March 9th, 2010, 19:00
[ but please use PM for that! ]
osx-addict
March 10th, 2010, 18:22
Ok.. So I got this setup yesterday on my FreeBSD 8-stable system in the following configuration :
host : example.com
jail1 : db.example.com (PostgreSQL 8.4 server)
jail2 : smtp.example.com (Postfix, Dovecot, SpamAssassin, ClamAV -- no Spamd or PF)
I've skipped for now RoundCube and NGIx since I'll leave that for a later chapter once the main mail server is up and running as expected. I had to tweak the SQL a bit to make PostgreSQL happy with it (I dropped a note to KAS about this a bit ago so he can update the thread). I'll admit right now that I had some issues with the Postfix config files -- primarily master.cf. Initially Postfix was complaining about the stuff at the end but after a bit of googling around I found I had a line in the wrong place and moved it -- I believe in the end I disabled the 'scan' line that drives SpamAssassin.. Below are the offending lines from my files for reference :
First file : main.cf (comments removed for brevity sake)
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
mail_owner = postfix
myhostname = smtp.example.com
mydomain = example.com
unknown_local_recipient_reject_code = 550
mynetworks_style = host
debug_peer_level = 2
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = /usr/local/share/doc/postfix
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = /usr/local/share/doc/postfix
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
reject_rbl_client bl.spamcop.net
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
virtual_mailbox_base = /mail
virtual_mailbox_maps = pgsql:/usr/local/etc/postfix/pgsql_virtual_mailbox_maps.cf
virtual_mailbox_domains = pgsql:/usr/local/etc/postfix/pgsql_virtual_mailbox_domains.cf
virtual_alias_maps = pgsql:/usr/local/etc/postfix/pgsql_virtual_alias_maps.cf
local_recipient_maps = $virtual_mailbox_maps
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_uid_maps = static:26
virtual_gid_maps = static:6
virtual_transport = dovecot
smtpd_delay_reject = yes
smtpd_helo_required = yes
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_security_options = noanonymous
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
mydestination = localhost.$mydomain, localhost
relay_domains = pgsql:/usr/local/etc/postfix/pgsql_relay_domains.cf
Now for master.cf (again, no comments):
smtp inet n - n - - smtpd -o content_filter=spamassassin
# content_filter = scan:[10.0.1.4]:10025
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
spamassassin unix - n n - - pipe
user=nobody argv=/usr/local/bin/spamc -u mailnull -d 10.0.1.4 -e /usr/local/sbin/sendmail -oi -f ${sender} ${recipient}
dovecot unix - n n - - pipe
flags=DRhu user=mailnull:mail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -n -m ${extension}
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
-o smtp_enforce_tls=no
10.0.1.4:10026 inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_chec ks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=smtp.example.com
Postfix is fine with this config -- no complaints. However, when started it accepts incoming connections and doesn't appear to do anything with them.. Below is a snippet of the log data showing it running for 3 minutes -- 'top' showed no signs of life from clamav, SpamAssassin or anything else during this period.. Did I miss something -- perhaps related to the lack of running PF + Spamd (the greylisting part)? One thing I need to do is change the IP of the mail jail temporarily to allow me to diagnose these problems -- as soon as I start Postfix, I had about 5 connections within about 3 seconds.. All connections are routed to port 10.0.1.4 from my Cisco router -- if I tell it to use something else then I can diagnose in a less stressed (for me) environment.. :)
Mar 10 00:46:12 smtp postfix/master[12633]: daemon started -- version 2.7.0, configuration /usr/local/etc/postfix
Mar 10 00:46:13 smtp postfix/smtpd[12636]: connect from unknown[210.245.11.52]
Mar 10 00:46:28 smtp postfix/smtpd[12640]: connect from snt0-omc2-s7.snt0.hotmail.com[65.55.90.82]
Mar 10 00:46:35 smtp postfix/smtpd[12642]: connect from n49d.bullet.mail.sp1.yahoo.com[66.163.169.175]
Mar 10 00:46:43 smtp postfix/smtpd[12643]: connect from n47d.bullet.mail.sp1.yahoo.com[66.163.169.173]
Mar 10 00:46:43 smtp postfix/smtpd[12644]: connect from n47a.bullet.mail.sp1.yahoo.com[66.163.168.141]
Mar 10 00:47:01 smtp postfix/smtpd[12652]: connect from snt0-omc4-s4.snt0.hotmail.com[65.55.90.207]
Mar 10 00:47:53 smtp postfix/smtpd[12657]: connect from e227.en25.com[209.167.231.227]
Mar 10 00:48:10 smtp postfix/smtpd[12659]: connect from dcs-maillist.cs.uiuc.edu[128.174.252.7]
Mar 10 00:48:36 smtp postfix/smtpd[12664]: connect from bay0-omc2-s16.bay0.hotmail.com[65.54.190.91]
Mar 10 00:49:03 smtp postfix/smtpd[12671]: connect from n51c.bullet.mail.sp1.yahoo.com[66.163.168.185]
Mar 10 00:49:03 smtp postfix/smtpd[12670]: connect from bay0-omc1-s20.bay0.hotmail.com[65.54.190.31]
Mar 10 00:49:44 smtp postfix/postfix-script[12692]: stopping the Postfix mail system
Mar 10 00:49:44 smtp postfix/master[12633]: terminating on signal 15
halplus
April 10th, 2010, 12:11
Apr 10 10:54:47 somehost dovecot: auth(default): prefetch(root@somehost.tld): userdb lookup not possible with only userdb prefetch
An idea?
graudeejs
April 10th, 2010, 12:57
no clue. show config
dennylin93
April 10th, 2010, 16:24
It looks like you didn't configure userdb prefetch properly. Try taking a look at Prefetch User Database (http://wiki.dovecot.org/UserDatabase/Prefetch).
Also, do dovecot -n if you want to paste Dovecot's configuration.
halplus
April 10th, 2010, 20:21
This is the config
-- Config start ---------------------
# 1.2.10: /usr/local/etc/dovecot.conf
# OS: FreeBSD 7.0-RELEASE-p11 i386 ufs
protocols: imaps
ssl_cert_file: /etc/ssl/dovecot/cert.pem
ssl_key_file: /etc/ssl/dovecot/key.pem
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable: /usr/local/libexec/dovecot/imap-login
verbose_proctitle: yes
first_valid_uid: 26
last_valid_uid: 26
first_valid_gid: 6
last_valid_gid: 6
mail_privileged_group: mail
mail_uid: mailnull
mail_gid: mail
mail_location: maildir:/mail/%d/%n
mail_plugins: quota imap_quota
imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep
lda:
postmaster_address: postmaster@example.com
sendmail_path: /usr/sbin/sendmail
mail_plugins: quota
auth default:
username_format: %Lu
passdb:
driver: sql
args: /usr/local/etc/dovecot-sql.conf
userdb:
driver: prefetch
socket:
type: listen
client:
path: /var/run/dovecot/auth-client
mode: 432
user: postfix
group: mail
master:
path: /var/run/dovecot/auth-master
mode: 384
user: mailnull
group: mail
plugin:
quota: maildir:User quota
quota_rule: *:storage=1GB
-- Config end ---------------------
I see some postmaster@example.com weirdness but i don't think that's the thing
I remember that when i installed postfix i got this (maybe that's related).
somehost# chmod mailnull:mail /mail
chmod: invalid file mode: mailnull:mail
I honestly have no idea on what kind of permissions those softwares require and what you were trying to do.
I want to add a constructive coment about the tutorial. It is great and as i can see can be almost blindly followed but you forget at some points to explain what you are doing. I know i should RTFM but ok, my conectivity is incredibly limited (we pay 140 dollars for 80 hours of dialup internet conectivity) So every minute counts. Therefore manuals take unfortunately a second position.
I see that emails return and bounce back to the sender with an error that says something like the user is not existant. Like for instance if they weren't added to the database. HEre is a sample
-- sample start -------------
This is the mail system at host somehost.tld.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<root@somehost.tld>: user unknown
-- sample end -------------
Also i want to add that i didn't deployed inside a Jail and that i didn't installed a web server, php or roundcube. I am planning to use another solution, partially coded on my own.
What I installed so far is postgres + postfix + dovecot on top of Freebsd. (I landed in this great TUT becuse those where my choices). And i plan to add dkimproxy to sign messages. As a matters of fact i istalled it already but haven't configured postfix to use it, in order to not add extra configuration noise. I plan some time in the future to add spamassasin as you did, as well as clamav and maybe greylisting and SPF checking. But that is future polishment.
graudeejs
April 10th, 2010, 21:18
I remember that when i installed postfix i got this (maybe that's related).
somehost# chmod mailnull:mail /mail
chmod: invalid file mode: mailnull:mail
That was bug in my thread, I fixed it.
It was supposed to be chown
I honestly have no idea on what kind of permissions those softwares require and what you were trying to do.
You obviously lack basic Unix knowledge
I want to add a constructive coment about the tutorial. It is great and as i can see can be almost blindly followed but you forget at some points to explain what you are doing. I know i should RTFM but ok, my conectivity is incredibly limited (we pay 140 dollars for 80 hours of dialup internet conectivity) So every minute counts. Therefore manuals take unfortunately a second position.
If I had like 48h / day, I'd be glad to provide extra details, but I have lot's and lot's of stuff to do for University, and currently my time is very limited.
Also, before you run your mail server you should understand how it works. Otherwise when problems occur, you won't be able to fix them on your own
I see that emails return and bounce back to the sender with an error that says something like the user is not existant. Like for instance if they weren't added to the database. HEre is a sample
-- sample start -------------
This is the mail system at host somehost.tld.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
<root@somehost.tld>: user unknown
-- sample end -------------
Maybe this is because you didn't chown mailnull:mail /mnt see Update section
graudeejs
April 10th, 2010, 21:22
show /usr/local/etc/dovecot-sql.conf
halplus
April 11th, 2010, 13:45
You obviously lack basic Unix knowledge
I don't think that dovecot configuration can be considered "Basic Unix Knowledge".
When I said "those softwares" I meant dovecot and postfix not chmod which is only one ;). (Unless i am a supergenious and tried to let you realize by yourself that i knew that we were talking about chown too ;) in wich case we could say "those" so with that word i manipulated your head into thinking that, so you then could say that you made a mistake on your own without me having you to tell you). I just tried that line, saw that was wrong and didn't recognized that it was supposed to be chown. Simple. That kind of stuff happens when you work under heavy pressure during 5 hours the entire night because over the day the poor line couples with your neighbor and when she speaks (lots of sh..) takes down your connection which of course is not nice when you work with root in a server on the other side of the sea and you really don't want to break it. In any case we won a better tutorial. Now is fixed! Right?
If I had like 48h / day, I'd be glad to provide extra details, but I have lot's and lot's of stuff to do for University, and currently my time is very limited.
Well was just an idea, since i saw that you solicited opinions. And don't worry I studied computer science too, so I know what you mean. I remember the discrete Math teacher was a Nazi that putted Informatics Olympiad questions in the final tests. "Ahh.. they are so easy" pretending he was the smartest ass. Used to say "see... trivial". (yes well now that you see the proof couldn't be easier) Jaj, some students were smarter and nobody left the room before 8 hours in the test. I think i would love to see him doing one of those tests sweating a lot and telling everyone "see... trivial" with a blank page while we think "sure let's see if you can do what we could". Ajajajajja.
Also, before you run your mail server you should understand how it works. Otherwise when problems occur, you won't be able to fix them on your own.
Nahh I plan to drop all of the software over time and write highly scalable java based alternatives
with reduced complexity and also store mail directly inside the database (whether conventional database on top of distributed cluster in async multimaster mode or hbase on top of hadoop), and not in those mbox or the other non_portable_outside_unix_non_scalable standard. Anyway right now i need this thingie. I am not that big and is likely to take a while before I conquer the entire planet/universe and beat yahoo mail and gmail :P. By then they will be so poor and i will have so many billions stolen from them that I will not care to hand you a few to fix such a little thing for me ;). Just joking around. I believe that i will be able. Right now i need to cancel the debt, i still do not take down yahoo ;).
Maybe this is because you didn't # chown mailnull:mail /mnt see Update section
I believe you mean /mail. No, that made no difference at all. Is something else. I think dovecot is not properly configured or something.
Another thing. It seems to me that you changed email storage from /var/mail to /mail right? Any specific purpose on that? I want to take things back there instead of showing in root dir, i simply don't want to add extra noise ATM.
show /usr/local/etc/dovecot-sql.conf
somehost# cat /usr/local/etc/dovecot-sql.conf
... (comments)
driver = pgsql
connect = host=/tmp dbname=mail user=dovecot password=SOMEPASSWORD
default_pass_scheme = PLAIN-MD5
password_query = \
SELECT username, domain, password, '*:bytes=' || quota || 'M' AS userdb_quota_
rule \
FROM mailbox WHERE username = '%n' AND domain = '%d' AND active = true
somehost#
I don't see user_query or tables with userdb_ prefixes or uids and gids like in
http://wiki.dovecot.org/UserDatabase/Prefetch
Here http://wiki.dovecot.org/AuthDatabase/SQL you can read:
If you're using a single UID and GID for all users, you can use a SQL query such as:
user_query = SELECT 500 AS uid, 500 AS gid, home FROM users WHERE userid = '%n'
seems to me that's the way should be done since i do not have such users in my system therefore no uid or gid.
so i added in dovecot-sql.conf (and the consequent line in dovecot.conf) this line:
user_query = SELECT username,26 AS uid,6 AS gid FROM mailbox WHERE username = '%n'
However now i am getting this:
Apr 11 12:15:48 somehost dovecot: deliver(root@somehost.tld): msgid<400669.91433.qm@web65702.mail.ac4.yahoo.com>: saved mail to INBOX
...
Apr 11 12:26:34 somehost dovecot: imap-login: Aborted login (auth failed, 4 attempts): user=<root>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS
Note that i haven't added any userdb_ prefix. However i don't know exactly how i should do that if ever.
BeastieBoy
June 27th, 2010, 21:20
Excellent tutorial!
And you did well not to get into the details as they belong into other threads.
Concerning the Postgresql post initialization, I got the following message:
Success. You can now start the database server using:
/usr/local/bin/postgres -D /usr/local/pgsql/data
or
/usr/local/bin/pg_ctl -D /usr/local/pgsql/data -l logfile start
Your /usr/local/etc/rc.d/postgresql start does work, I was just wondering why your command is different from what's output?
BeastieBoy
June 27th, 2010, 23:18
I think you're missing some Postgresql details. This database is a beast, and knowing how to configure it, create users, databases is important. Just to "to get started" command should be enough.
BeastieBoy
June 27th, 2010, 23:25
Oh and for god sake, remove these stupid echo and cat /etc/rc.conf statements! They are too dangerous!
graudeejs
June 27th, 2010, 23:27
Thanks for feedback...
I'll try to fix this tomorrow..... if I can [lately I have problems posting to forum]
If I can't I will ask mods to fix this for me
graudeejs
June 27th, 2010, 23:29
Concerning the Postgresql post initialization, I got the following message:
Your /usr/local/etc/rc.d/postgresql start does work, I was just wondering why your command is different from what's output?
Not sure right now... cause lot of time have passed, and I did many things diferently each time I rebuild system :)
Also I wrote this tutorial, after I actually implemented everything, and I tried to keep it generic, so no wonder some things may be incorrect... but at least I think it's a good starting point... [at least every time I need, I look for help here :D ]
BeastieBoy
July 4th, 2010, 13:08
I can't edit dovecot's configuration file, by default its rights are set to -r--r--r--, why is that?
dennylin93
July 4th, 2010, 13:13
Did you copy the file from dovecot-example.conf? Change the permissions to 644 using chmod.
graudeejs
July 4th, 2010, 14:08
If you use vim or vi to save it you can use :w!
BeastieBoy
July 5th, 2010, 00:51
In the configuration of dovecot, in the socket listen { ... }, you specify a client path in /var/run/dovecot/auth-client, but I think it's wrong, it should be in /var/spool/postfix/private, because user postfix cannot create a file under /var/run/dovecot unless I missed a step.
graudeejs
July 5th, 2010, 14:22
In the configuration of dovecot, in the socket listen { ... }, you specify a client path in /var/run/dovecot/auth-client, but I think it's wrong, it should be in /var/spool/postfix/private, because user postfix cannot create a file under /var/run/dovecot unless I missed a step.
in postifx /usr/local/etc/main.cf I have
smtpd_sasl_path = /var/run/dovecot/auth-client
and it works.... {I'm not chrooting.... Probably will fix this one day}
BeastieBoy
September 4th, 2010, 21:10
Hi,
I decided to add support for smtps. And guess what, ItFails™.
imaps connection works so I think I'm not too far from getting it to work.
Here is what I have got in /var/log/maillog:
postfix/smtpd[16773]: SSL_accept error from ...
Any idea what could cause that? The error isn't very verbose.
graudeejs
September 4th, 2010, 21:24
check in main.cf
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
in master.cf
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject
-o message_size_limit=26214400
maybe you're missing something important :D
also check file permissions on your certificate
BeastieBoy
September 4th, 2010, 23:24
Speaking about certificate. For imaps access I get an annoying warning message about a self-signed certificate. How to get rid of that? Do you have that problem too?
graudeejs
September 5th, 2010, 00:38
well, you can either pay some trusted authority to sign it for you
https://www.startssl.com/ offers free signing of certificates (but I haven't read license terms)
I import my certificate to apps (opera for example [using opera M2 mail client])
after that there is no annoying message about self-signed certificates :D
kpa
September 5th, 2010, 01:12
Or create your own CA and sign your application certificates yourself :P
graudeejs
September 5th, 2010, 07:27
Or create your own CA and sign your application certificates yourself :P
Which will
For imaps access I get an annoying warning message about a self-signed certificate. How to get rid of that? Do you have that problem too?
kpa
September 5th, 2010, 11:12
Well that's self signed too but in a different way. If you have your own CA you'll have to import only one certificate to applications, the CA certificate. Certificates signed by your CA will be then automatically trusted.
ikbendeman
October 13th, 2010, 19:18
# cat < EOF >> /boot/loader.conf
kern.ipc.semmni=40
kern.ipc.semmns=240
kern.ipc.seumr=40
kern.ipc.semmnu=120
EOF
# echo 'security.jail.sysvipc_allowed=1' >> /etc/sysctl.conf
I believe the correct syntax for loader.conf should be kern.ipc.semmni="40" and the correct syntax for sysctl.conf would be kern.ipc.semmni=40
e.g:
# loader.conf
kern.ipc.semmni="40"
# sysctl.conf
kern.ipc.semmns=240
If I am wrong, somebody please correct me but I remember having problems with this because loader.conf wouldn't accept the sysctl.conf syntax.
graudeejs
October 13th, 2010, 20:13
Works fine for me on my server
ikbendeman
October 14th, 2010, 23:38
Read loader.conf and check sysctl to see that those values are actually being inputed. I'm curious because on my laptop, in 7.0 it worked like that at setting up the synaptics touchpad via sysctl values in loader.conf worked but when going to 8.0 it gave me error messages until I switched to the SETTING="VALUE" format.
graudeejs
October 15th, 2010, 08:50
I checked values on server, they are correct
ikbendeman
October 15th, 2010, 11:43
Huh, interesting. Sorry then!
buttmanizer
January 20th, 2011, 16:32
I have followed this tutorial, except that i skipped Nginx (I prefer Apache) and Roundcube.
When i boot my server, I have this message:
Jan 20 22:22:08 lexie root: /etc/rc: WARNING: failed to start obspamd
Jan 20 22:22:08 lexie kernel: em0: link state changed to UP
Jan 20 22:22:08 lexie spamlogd: Failed to initialize:
Jan 20 22:22:08 lexie root: /etc/rc: WARNING: failed to start obspamlogd
I can't receive and send emails. I hope you can point me to the right direction.
When sending an email from Gmail to my mail server, here's the log:
Jan 20 22:38:38 lexie postfix/smtpd[1741]: connect from mail-qw0-f41.google.com[209.85.216.41]
...
...
Jan 20 22:40:47 lexie spamd[1070]: spamd: clean message (-0.8/4.0) for mailnull:26 in 4.5 seconds, 9631 bytes.
Jan 20 22:40:47 lexie spamd[1070]: spamd: result: . 0 -
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM ,RCVD_IN_DNSWL_LOW,T_TO_NO_BRKTS_FREEMAIL
scantime=4.5,size=9631,user=mailnull,uid=26,requir ed_score=4.0,rhost=localhost,raddr=127.0.0.1,rport =/var/run/SpamAssassin.socket,mid=
<ACDD3496-A5EE-453E-989F-88AF6CBCB99E@gmail.com>,autolearn=unavailable
Jan 20 22:40:47 lexie postfix/pipe[1751]: 308EB3D1BBC: to=<me@mydomain.com>, relay=spamassassin, delay=4.6, delays=0.11/0/0/4.5, dsn=2.0.0,
status=sent (delivered via spamassassin service)
Jan 20 22:40:47 lexie postfix/pickup[1244]: CCEDD3D1BC2: uid=65534 from=<me@gmail.com>
Jan 20 22:40:47 lexie postfix/qmgr[1245]: 308EB3D1BBC: removed
Jan 20 22:40:47 lexie postfix/cleanup[1749]: CCEDD3D1BC2: message-id=<ACDD3496-A5EE-453E-989F-88AF6CBCB99E@gmail.com>
Jan 20 22:40:47 lexie postfix/qmgr[1245]: CCEDD3D1BC2: from=<me@gmail.com>, size=9922, nrcpt=1 (queue active)
Jan 20 22:40:47 lexie clamsmtpd: 10002D: accepted connection from: 192.168.0.121
Jan 20 22:40:47 lexie postfix/smtpd[1741]: connect from localhost[192.168.0.121]
Jan 20 22:40:47 lexie spamd[1069]: prefork: child states: II
Jan 20 22:40:47 lexie postfix/smtpd[1741]: E795F3D1BBC: client=localhost[192.168.0.121]
Jan 20 22:40:48 lexie clamsmtpd: 10002D: from=me@gmail.com, to=me@mydomain.com, status=CLEAN
Jan 20 22:40:48 lexie postfix/smtp[1757]: CCEDD3D1BC2: to=<me@mydomain.com>, relay=192.168.0.121[192.168.0.121]:10025, delay=0.22,
delays=0.01/0/0.1/0.11, dsn=5.4.0, status=bounced (host 192.168.0.121[192.168.0.121] said: 554 5.4.0 Error: too many hops (in reply to end of
DATA command))
Jan 20 22:40:48 lexie postfix/smtpd[1741]: disconnect from localhost[192.168.0.121]
Jan 20 22:40:48 lexie postfix/cleanup[1749]: 103C43D1BBE: message-id=<20110120144048.103C43D1BBE@jjjsoftware.com>
Jan 20 22:40:48 lexie postfix/bounce[1851]: CCEDD3D1BC2: sender non-delivery notification: 103C43D1BBE
Jan 20 22:40:48 lexie postfix/qmgr[1245]: 103C43D1BBE: from=<>, size=11778, nrcpt=1 (queue active)
Jan 20 22:40:48 lexie postfix/qmgr[1245]: CCEDD3D1BC2: removed
Jan 20 22:40:48 lexie postfix/qmgr[1245]: warning: connect to transport private/smtp: Connection refused
Jan 20 22:40:48 lexie postfix/error[1855]: 103C43D1BBE: to=<me@gmail.com>, relay=none, delay=0.03, delays=0/0.02/0/0.01, dsn=4.3.0,
status=deferred (mail transport unavailable)
Jan 20 22:42:11 lexie dovecot: imap-login: Disconnected (no auth attempts): rip=this.is.my.ip, lip=192.168.0.121, TLS handshaking: Disconnected
Jan 20 22:42:11 lexie dovecot: imap-login: Disconnected (no auth attempts): rip=this.is.my.ip, lip=192.168.0.121, TLS handshaking: Disconnected
Jan 20 22:42:12 lexie dovecot: auth(default): new auth connection: pid=1871
Jan 20 22:42:12 lexie dovecot: auth(default): new auth connection: pid=1872
Jan 20 22:42:34 lexie postfix/qmgr[1245]: AE6353D1B96: from=<>, size=11773, nrcpt=1 (queue active)
Jan 20 22:42:34 lexie postfix/qmgr[1245]: warning: connect to transport private/smtp: Connection refused
Jan 20 22:42:34 lexie postfix/qmgr[1245]: AA56C3D1B98: from=<>, size=11789, nrcpt=1 (queue active)
Jan 20 22:42:34 lexie postfix/error[1879]: AE6353D1B96: to=<me@gmail.com>, relay=none, delay=17366, delays=17366/0.04/0/0.01, dsn=4.3.0,
status=deferred (mail transport unavailable)
Jan 20 22:42:34 lexie postfix/error[1880]: AA56C3D1B98: to=<me@gmail.com>, relay=none, delay=17362, delays=17362/0.02/0/0, dsn=4.3.0,
status=deferred (mail transport unavailable)
Jan 20 22:44:11 lexie postfix/anvil[1742]: statistics: max connection rate 1/60s for (smtp:209.85.216.41) at Jan 20 22:38:38
Jan 20 22:44:11 lexie postfix/anvil[1742]: statistics: max connection count 1 for (smtp:209.85.216.41) at Jan 20 22:38:38
Jan 20 22:44:11 lexie postfix/anvil[1742]: statistics: max cache size 1 at Jan 20 22:38:38
I alse have these errors:
egrep '(warning|error|fatal|panic):' /var/log/maillog | more
Jan 20 15:20:19 lexie postfix[30394]: fatal: myhostname and relayhost parameter settings must not be identical: mail.mydomain.com
Jan 20 15:48:02 lexie postfix/sendmail[35019]: fatal: myhostname and relayhost parameter settings must not be identical: mydomain.com
Jan 20 16:10:39 lexie postfix[1131]: fatal: myhostname and relayhost parameter settings must not be identical: mydomain.com
Jan 20 16:17:06 lexie postfix/qmgr[1534]: warning: connect to transport private/smtp: Connection refused
Jan 20 16:17:08 lexie postfix/trivial-rewrite[1535]: warning: do not list domain mydomain.com in BOTH virtual_mailbox_domains and relay_domains
Jan 20 16:17:08 lexie postfix/trivial-rewrite[1535]: warning: do not list domain mydomain.com in BOTH virtual_mailbox_domains and relay_domains
Jan 20 16:26:50 lexie postfix/qmgr[1240]: warning: connect to transport private/smtp: Connection refused
Jan 20 16:40:17 lexie postfix/qmgr[1240]: warning: connect to transport private/smtp: Connection refused
Jan 20 16:53:40 lexie postfix/smtpd[1494]: warning: www.mydomain.com[this.is.my.ip]: SASL PLAIN authentication failed:
Here's my postconf -n:
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = scan:[192.168.0.121]:10025
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
default_privs = nobody
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
local_recipient_maps = $virtual_mailbox_maps
mail_owner = postfix
mail_spool_directory = /var/home/mail
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = localhost.$mydomain, localhost
mydomain = mydomain.com
myhostname = mydomain.com
mynetworks = 192.168.0.0/24, 127.0.0.0/8
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
relay_domains = pgsql:/usr/local/etc/postfix/pgsql_relay_domains.cf
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_rbl_client bl.spamcop.net
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = pgsql:/usr/local/etc/postfix/pgsql_virtual_alias_maps.cf
virtual_gid_maps = static:6
virtual_mailbox_base = /mail
virtual_mailbox_domains = pgsql:/usr/local/etc/postfix/pgsql_virtual_mailbox_domains.cf
virtual_mailbox_maps = pgsql:/usr/local/etc/postfix/pgsql_virtual_mailbox_maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:26
Here's my dovecot -n:
dovecot -n
# 1.2.16: /usr/local/etc/dovecot.conf
# OS: FreeBSD 8.1-RELEASE amd64 ufs
protocols: imaps
ssl_cert_file: /etc/ssl/dovecot/cert.pem
ssl_key_file: /etc/ssl/dovecot/key.pem
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable: /usr/local/libexec/dovecot/imap-login
verbose_proctitle: yes
first_valid_uid: 26
last_valid_uid: 26
first_valid_gid: 6
last_valid_gid: 6
mail_privileged_group: mail
mail_uid: mailnull
mail_gid: mail
mail_location: maildir:/mail/%d/%n
mail_plugins: quota imap_quota
imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep
lda:
postmaster_address: postmaster@mydomain.com
mail_plugins: quota
sendmail_path: /usr/sbin/sendmail
auth default:
username_format: %Lu
verbose: yes
debug_passwords: yes
passdb:
driver: sql
args: /usr/local/etc/dovecot-sql.conf
userdb:
driver: prefetch
socket:
type: listen
client:
path: /var/run/dovecot/auth-client
mode: 432
user: postfix
group: mail
master:
path: /var/run/dovecot/auth-master
mode: 384
user: mailnull
group: mail
plugin:
quota: maildir:User quota
quota_rule: *:storage=1GB
graudeejs
January 20th, 2011, 17:11
remove relay_domains
It is not needed (I edited postix part and commented out relay_domains)
See what changes
graudeejs
January 20th, 2011, 17:17
About spamd:
# touch /var/db/spamd
# chown _spamd:_spamd
Did that fix the problem?
buttmanizer
January 21st, 2011, 01:34
I commented out relay_domains, and chowned /var/db/spamd to _spamd.
After rebooting, I still have this error:
Starting obspamd.
spamd: bind: Can't assign requested address
/etc/rc: WARNING: failed to start obspamd
Starting obspamlogd.
spamlogd: couldn't initialize pcap: Device not configured
/etc/rc.conf: WARNING: failed to start obspamlogd
When sending email from Gmail to my mail, it's the same log from my previous post. And these:
...
Jan 21 08:29:23 lexie postfix/qmgr[1250]: warning: connect to transport private/smtp: Connection refused
Jan 21 08:29:23 lexie postfix/error[1576]: C528A3D1BC2: to=<me@gmail.com>, relay=none, delay=0.05, delays=0/0.04/0/0.01, dsn=4.3.0,
status=deferred (mail transport unavailable)
graudeejs
January 21st, 2011, 10:38
Did you run this test with spamd enabled or disabled? and did you adjust firewall rules.
The problem is, that both postfix and spamd don't work. And we can't figure about which one prevents mail from getting to your mailbox.
Right now, I suggest you disable your spamd if it was enabled, and adjust your firewall rules, so that your mail is passed straight to postfix.
Then send test mail.... and see what happens. Once we get postfix to work, we can fix spamd :)
buttmanizer
January 21st, 2011, 16:13
I removed obspamlogd from /etc/rc.conf and when I reboot, the error of starting obspamlogd no longer appears.
However, I still can't send an email from GMail to my mail server. Here's the end of the log:
Jan 21 22:45:46 lexie postfix/pickup[1235]: 798143D1BCB: uid=65534 from=<me@gmail.com>
Jan 21 22:45:46 lexie postfix/qmgr[1236]: 8652E3D1BC5: removed
Jan 21 22:45:46 lexie postfix/cleanup[1526]: 798143D1BCB: message-id=<971FF512-AAB8-43F2-8413-691189C2F0D2@gmail.com>
Jan 21 22:45:46 lexie postfix/qmgr[1236]: 798143D1BCB: from=<me@gmail.com>, size=9580, nrcpt=1 (queue active)
Jan 21 22:45:46 lexie clamsmtpd: 100015: accepted connection from: 192.168.0.121
Jan 21 22:45:46 lexie postfix/smtpd[1517]: connect from localhost[192.168.0.121]
Jan 21 22:45:46 lexie spamd[1059]: prefork: child states: II
Jan 21 22:45:46 lexie postfix/smtpd[1517]: 942863D1BC5: client=localhost[192.168.0.121]
Jan 21 22:45:46 lexie postfix/cleanup[1526]: 942863D1BC5: message-id=<971FF512-AAB8-43F2-8413-691189C2F0D2@gmail.com>
Jan 21 22:45:46 lexie clamsmtpd: 100015: from=me@gmail.com, to=me@mydomain.com, status=CLEAN
Jan 21 22:45:46 lexie postfix/smtp[1544]: 798143D1BCB: to=<me@mydomain.com>, relay=192.168.0.121[192.168.0.121]:10025, delay=0.22,
delays=0.01/0/0.1/0.11, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 942863D1BC5)
Jan 21 22:45:46 lexie postfix/smtpd[1517]: disconnect from localhost[192.168.0.121]
Jan 21 22:45:46 lexie postfix/qmgr[1236]: 942863D1BC5: from=<me@gmail.com>, size=9807, nrcpt=1 (queue active)
Jan 21 22:45:46 lexie postfix/qmgr[1236]: 798143D1BCB: removed
Jan 21 22:45:46 lexie spamd[1060]: spamd: got connection over /var/run/SpamAssassin.socket
Jan 21 22:45:46 lexie spamd[1060]: spamd: setuid to mailnull succeeded
Jan 21 22:45:46 lexie spamd[1060]: spamd: processing message <971FF512-AAB8-43F2-8413-691189C2F0D2@gmail.com> for mailnull:26
Jan 21 22:45:51 lexie spamd[1060]: spamd: clean message (-0.8/4.0) for mailnull:26 in 5.2 seconds, 9630 bytes.
Jan 21 22:45:51 lexie spamd[1060]: spamd: result: . 0 -
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM ,RCVD_IN_DNSWL_LOW,T_TO_NO_BRKTS_FREEMAIL
scantime=5.2,size=9630,user=mailnull,uid=26,requir ed_score=4.0,rhost=localhost,raddr=127.0.0.1,rport =/var/run/SpamAssassin.socket,mid=
<971FF512-AAB8-43F2-8413-691189C2F0D2@gmail.com>,autolearn=unavailable
Jan 21 22:45:51 lexie postfix/pipe[1528]: 942863D1BC5: to=<me@mydomain.com>, relay=spamassassin, delay=5.4, delays=0.11/0/0/5.3, dsn=2.0.0,
status=sent (delivered via spamassassin service)
Jan 21 22:45:51 lexie postfix/pickup[1235]: EC5D63D1BCB: uid=65534 from=<me@gmail.com>
Jan 21 22:45:51 lexie postfix/qmgr[1236]: 942863D1BC5: removed
Jan 21 22:45:51 lexie postfix/cleanup[1526]: EC5D63D1BCB: message-id=<971FF512-AAB8-43F2-8413-691189C2F0D2@gmail.com>
Jan 21 22:45:51 lexie postfix/qmgr[1236]: EC5D63D1BCB: from=<me@gmail.com>, size=9922, nrcpt=1 (queue active)
Jan 21 22:45:51 lexie clamsmtpd: 100016: accepted connection from: 192.168.0.121
Jan 21 22:45:51 lexie postfix/smtpd[1545]: connect from localhost[192.168.0.121]
Jan 21 22:45:51 lexie spamd[1059]: prefork: child states: II
Jan 21 22:45:52 lexie postfix/smtpd[1545]: 12C823D1BC5: client=localhost[192.168.0.121]
Jan 21 22:45:52 lexie clamsmtpd: 100016: from=me@gmail.com, to=me@mydomain.com, status=CLEAN
Jan 21 22:45:52 lexie postfix/smtp[1544]: EC5D63D1BCB: to=<me@mydomain.com>, relay=192.168.0.121[192.168.0.121]:10025, delay=0.22,
delays=0.01/0/0.1/0.11, dsn=5.4.0, status=bounced (host 192.168.0.121[192.168.0.121] said: 554 5.4.0 Error: too many hops (in reply to end of
DATA command))
Jan 21 22:45:52 lexie postfix/smtpd[1545]: disconnect from localhost[192.168.0.121]
Jan 21 22:45:52 lexie postfix/cleanup[1526]: 2F8FE3D1BC7: message-id=<20110121144552.2F8FE3D1BC7@jjjsoftware.com>
Jan 21 22:45:52 lexie postfix/bounce[1629]: EC5D63D1BCB: sender non-delivery notification: 2F8FE3D1BC7
Jan 21 22:45:52 lexie postfix/qmgr[1236]: 2F8FE3D1BC7: from=<>, size=11778, nrcpt=1 (queue active)
Jan 21 22:45:52 lexie postfix/qmgr[1236]: EC5D63D1BCB: removed
Jan 21 22:45:52 lexie postfix/qmgr[1236]: warning: connect to transport private/smtp: Connection refused
Jan 21 22:45:52 lexie postfix/error[1632]: 2F8FE3D1BC7: to=<me@gmail.com>, relay=none, delay=0.03, delays=0/0.02/0/0.01, dsn=4.3.0,
status=deferred (mail transport unavailable)
I also have not modified my firewall firewall rules yet. Can you show me how to do this?
Thanks a lot.
graudeejs
January 21st, 2011, 20:13
So your domain name is mydomain.com, Is that true? (did you just set it, or did you paid for it?)
And the box is behind router?
buttmanizer
January 22nd, 2011, 03:07
Of course not. I just substituted it for my real domain. Actually my real domain is jjjsoftware.com.
Yes my server is behind a router, an Apple Airport Extreme Base Station. I have opened up ports 993 and and 25, even 10025.
I have also setup an MX record for mail.jjjsoftware.com in my domain registrar's control panel.
This section should be done on host system, not in jail {at least I did this on host}
...
enable and configure pf { this one you figure out yourself :) }
...
Can you teach me how to do this? I have not edited my /etc/pf.conf except your instructions for spamd.
Again thanks a lot for helping me.
graudeejs
January 22nd, 2011, 21:19
That color hurts eyes. For file/directory names use file tags.
Can you teach me how to do this? I have not edited my /etc/pf.conf except your instructions for spamd.
No, this is out of scope... it's HUGE topic.
But, hey here's pf and http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-pf.html
Also in I've got some info about setting up spamd in resources section
buttmanizer
January 24th, 2011, 04:57
Oks now I have enabled pf as you described, except the whitelisting part.
But again when test sending from GMail to my mail server, here's the error:
...
Jan 24 11:49:43 lexie postfix/cleanup[66420]: 2EEF33D1D1D: message-id=<20110124034801.E5FF83D1BDB@jjjsoftware.com>
Jan 24 11:49:43 lexie postfix/qmgr[25768]: 2EEF33D1D1D: from=<root@jjjsoftware.com>, size=7920, nrcpt=1 (queue active)
Jan 24 11:49:43 lexie clamsmtpd: 10074D: accepted connection from: 192.168.0.121
Jan 24 11:49:43 lexie postfix/smtpd[66431]: connect from localhost[192.168.0.121]
Jan 24 11:49:43 lexie spamd[1059]: prefork: child states: II
Jan 24 11:49:43 lexie postfix/smtpd[66431]: 4988B3D1BD9: client=localhost[192.168.0.121]
Jan 24 11:49:43 lexie postfix/cleanup[66420]: 4988B3D1BD9: message-id=<20110124034801.E5FF83D1BDB@jjjsoftware.com>
Jan 24 11:49:43 lexie clamsmtpd: 10074D: from=root@jjjsoftware.com, to=jovito@jjjsoftware.com, status=CLEAN
Jan 24 11:49:43 lexie postfix/smtp[66430]: 2EEF33D1D1D: to=<jovito@jjjsoftware.com>, relay=192.168.0.121[192.168.0.121]:10025, delay=0.22,
delays=0.01/0/0.1/0.11, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 4988B3D1BD9)
Jan 24 11:49:43 lexie postfix/smtpd[66431]: disconnect from localhost[192.168.0.121]
Jan 24 11:49:43 lexie postfix/qmgr[25768]: 4988B3D1BD9: from=<root@jjjsoftware.com>, size=8147, nrcpt=1 (queue active)
Jan 24 11:49:43 lexie postfix/qmgr[25768]: 2EEF33D1D1D: removed
Jan 24 11:49:43 lexie spamd[51792]: spamd: got connection over /var/run/SpamAssassin.socket
Jan 24 11:49:43 lexie spamd[51792]: spamd: setuid to mailnull succeeded
Jan 24 11:49:43 lexie spamd[51792]: spamd: processing message <20110124034801.E5FF83D1BDB@jjjsoftware.com> for mailnull:26
Jan 24 11:49:47 lexie spamd[51792]: spamd: clean message (-1.0/4.0) for mailnull:26 in 4.5 seconds, 7999 bytes.
Jan 24 11:49:47 lexie spamd[51792]: spamd: result: . -1 - ALL_TRUSTED
scantime=4.5,size=7999,user=mailnull,uid=26,requir ed_score=4.0,rhost=localhost,raddr=127.0.0.1,rport =/var/run/SpamAssassin.socket,mid=
<20110124034801.E5FF83D1BDB@jjjsoftware.com>,autolearn=unavailable
Jan 24 11:49:47 lexie postfix/pickup[66559]: E708E3D1D1D: uid=65534 from=<root@jjjsoftware.com>
Jan 24 11:49:47 lexie postfix/pipe[66538]: 4988B3D1BD9: to=<jovito@jjjsoftware.com>, relay=spamassassin, delay=4.6, delays=0.11/0/0/4.5,
dsn=2.0.0, status=sent (delivered via spamassassin service)
Jan 24 11:49:47 lexie postfix/qmgr[25768]: 4988B3D1BD9: removed
Jan 24 11:49:47 lexie postfix/cleanup[66420]: E708E3D1D1D: message-id=<20110124034801.E5FF83D1BDB@jjjsoftware.com>
Jan 24 11:49:47 lexie postfix/qmgr[25768]: E708E3D1D1D: from=<root@jjjsoftware.com>, size=8262, nrcpt=1 (queue active)
Jan 24 11:49:47 lexie clamsmtpd: 10074E: accepted connection from: 192.168.0.121
Jan 24 11:49:47 lexie postfix/smtpd[66411]: connect from localhost[192.168.0.121]
Jan 24 11:49:47 lexie spamd[1059]: prefork: child states: II
Jan 24 11:49:48 lexie postfix/smtpd[66411]: 0DACD3D1BD9: client=localhost[192.168.0.121]
Jan 24 11:49:48 lexie postfix/cleanup[66420]: 0DACD3D1BD9: message-id=<20110124034801.E5FF83D1BDB@jjjsoftware.com>
Jan 24 11:49:48 lexie clamsmtpd: 10074E: from=root@jjjsoftware.com, to=jovito@jjjsoftware.com, status=CLEAN
Jan 24 11:49:48 lexie postfix/smtp[66430]: E708E3D1D1D: to=<jovito@jjjsoftware.com>, relay=192.168.0.121[192.168.0.121]:10025, delay=0.22,
delays=0.01/0/0.1/0.11, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 0DACD3D1BD9)
Jan 24 11:49:48 lexie postfix/smtpd[66411]: disconnect from localhost[192.168.0.121]
Jan 24 11:49:48 lexie postfix/qmgr[25768]: 0DACD3D1BD9: from=<root@jjjsoftware.com>, size=8489, nrcpt=1 (queue active)
Jan 24 11:49:48 lexie postfix/qmgr[25768]: E708E3D1D1D: removed
Jan 24 11:49:48 lexie spamd[51792]: spamd: got connection over /var/run/SpamAssassin.socket
Jan 24 11:49:48 lexie spamd[51792]: spamd: setuid to mailnull succeeded
Jan 24 11:49:48 lexie spamd[51792]: spamd: processing message <20110124034801.E5FF83D1BDB@jjjsoftware.com> for mailnull:26
Jan 24 11:49:52 lexie spamd[51792]: spamd: clean message (-1.0/4.0) for mailnull:26 in 4.5 seconds, 8335 bytes.
Jan 24 11:49:52 lexie spamd[51792]: spamd: result: . -1 - ALL_TRUSTED
scantime=4.5,size=8335,user=mailnull,uid=26,requir ed_score=4.0,rhost=localhost,raddr=127.0.0.1,rport =/var/run/SpamAssassin.socket,mid=
<20110124034801.E5FF83D1BDB@jjjsoftware.com>,autolearn=unavailable
Jan 24 11:49:52 lexie postfix/pickup[66559]: AF5BB3D1D1D: uid=65534 from=<root@jjjsoftware.com>
Jan 24 11:49:52 lexie postfix/pipe[66423]: 0DACD3D1BD9: to=<jovito@jjjsoftware.com>, relay=spamassassin, delay=4.7, delays=0.11/0/0/4.6,
dsn=2.0.0, status=sent (delivered via spamassassin service)
Jan 24 11:49:52 lexie postfix/cleanup[66420]: AF5BB3D1D1D: message-id=<20110124034801.E5FF83D1BDB@jjjsoftware.com>
Jan 24 11:49:52 lexie postfix/qmgr[25768]: 0DACD3D1BD9: removed
Jan 24 11:49:52 lexie postfix/qmgr[25768]: AF5BB3D1D1D: from=<root@jjjsoftware.com>, size=8604, nrcpt=1 (queue active)
Jan 24 11:49:52 lexie clamsmtpd: 10074F: accepted connection from: 192.168.0.121
Jan 24 11:49:52 lexie postfix/smtpd[66431]: connect from localhost[192.168.0.121]
Jan 24 11:49:52 lexie spamd[1059]: prefork: child states: II
Jan 24 11:49:52 lexie postfix/smtpd[66431]: CA0473D1BD9: client=localhost[192.168.0.121]
Jan 24 11:49:52 lexie postfix/cleanup[66420]: CA0473D1BD9: message-id=<20110124034801.E5FF83D1BDB@jjjsoftware.com>
Jan 24 11:49:52 lexie clamsmtpd: 10074F: from=root@jjjsoftware.com, to=jovito@jjjsoftware.com, status=CLEAN
Jan 24 11:49:52 lexie postfix/smtp[66430]: AF5BB3D1D1D: to=<jovito@jjjsoftware.com>, relay=192.168.0.121[192.168.0.121]:10025, delay=0.22,
delays=0.01/0/0.1/0.11, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as CA0473D1BD9)
Jan 24 11:49:52 lexie postfix/smtpd[66431]: disconnect from localhost[192.168.0.121]
Jan 24 11:49:52 lexie postfix/qmgr[25768]: CA0473D1BD9: from=<root@jjjsoftware.com>, size=8831, nrcpt=1 (queue active)
Jan 24 11:49:52 lexie postfix/qmgr[25768]: AF5BB3D1D1D: removed
Jan 24 11:49:52 lexie spamd[51792]: spamd: got connection over /var/run/SpamAssassin.socket
Jan 24 11:49:52 lexie spamd[51792]: spamd: setuid to mailnull succeeded
Jan 24 11:49:52 lexie spamd[51792]: spamd: processing message <20110124034801.E5FF83D1BDB@jjjsoftware.com> for mailnull:26
Jan 24 11:49:57 lexie spamd[51792]: spamd: clean message (-1.0/4.0) for mailnull:26 in 4.5 seconds, 8671 bytes.
Jan 24 11:49:57 lexie spamd[51792]: spamd: result: . -1 - ALL_TRUSTED
scantime=4.5,size=8671,user=mailnull,uid=26,requir ed_score=4.0,rhost=localhost,raddr=127.0.0.1,rport =/var/run/SpamAssassin.socket,mid=
<20110124034801.E5FF83D1BDB@jjjsoftware.com>,autolearn=unavailable
Jan 24 11:49:57 lexie postfix/pickup[66559]: 735443D1D1D: uid=65534 from=<root@jjjsoftware.com>
Jan 24 11:49:57 lexie postfix/cleanup[66420]: 735443D1D1D: message-id=<20110124034801.E5FF83D1BDB@jjjsoftware.com>
Jan 24 11:49:57 lexie postfix/pipe[66538]: CA0473D1BD9: to=<jovito@jjjsoftware.com>, relay=spamassassin, delay=4.6, delays=0.11/0/0/4.5,
dsn=2.0.0, status=sent (delivered via spamassassin service)
Jan 24 11:49:57 lexie postfix/qmgr[25768]: CA0473D1BD9: removed
Jan 24 11:49:57 lexie postfix/qmgr[25768]: 735443D1D1D: from=<root@jjjsoftware.com>, size=8946, nrcpt=1 (queue active)
Jan 24 11:49:57 lexie clamsmtpd: 100750: accepted connection from: 192.168.0.121
Jan 24 11:49:57 lexie postfix/smtpd[66411]: connect from localhost[192.168.0.121]
Jan 24 11:49:57 lexie spamd[1059]: prefork: child states: II
Jan 24 11:49:57 lexie postfix/smtpd[66411]: 8DF633D1BD9: client=localhost[192.168.0.121]
Jan 24 11:49:57 lexie clamsmtpd: 100750: from=root@jjjsoftware.com, to=jovito@jjjsoftware.com, status=CLEAN
Jan 24 11:49:57 lexie postfix/smtp[66430]: 735443D1D1D: to=<jovito@jjjsoftware.com>, relay=192.168.0.121[192.168.0.121]:10025, delay=0.22,
delays=0.01/0/0.1/0.11, dsn=5.4.0, status=bounced (host 192.168.0.121[192.168.0.121] said: 554 5.4.0 Error: too many hops (in reply to end of DATA command))
Jan 24 11:49:57 lexie postfix/smtpd[66411]: disconnect from localhost[192.168.0.121]
Jan 24 11:49:57 lexie postfix/cleanup[66420]: A8E273D1C48: message-id=<20110124034957.A8E273D1C48@jjjsoftware.com>
Jan 24 11:49:57 lexie postfix/bounce[66593]: 735443D1D1D: sender non-delivery notification: A8E273D1C48
Jan 24 11:49:57 lexie postfix/qmgr[25768]: A8E273D1C48: from=<>, size=10799, nrcpt=1 (queue active)
Jan 24 11:49:57 lexie postfix/qmgr[25768]: 735443D1D1D: removed
Jan 24 11:49:57 lexie dovecot: auth(default): master in: USER 1 jovito@jjjsoftware.com service=deliver
Jan 24 11:49:57 lexie dovecot: auth(default): prefetch(jovito@jjjsoftware.com): userdb lookup not possible with only userdb prefetch
Jan 24 11:49:57 lexie dovecot: auth(default): master out: NOTFOUND 1
Jan 24 11:49:57 lexie postfix/pipe[66706]: A8E273D1C48: to=<jovito@jjjsoftware.com>, orig_to=<root@jjjsoftware.com>, relay=dovecot, delay=0.05,
delays=0/0.03/0/0.02, dsn=5.1.1, status=bounced (user unknown)
Jan 24 11:49:57 lexie postfix/qmgr[25768]: A8E273D1C48: removed
Jan 24 11:53:20 lexie postfix/anvil[66412]: statistics: max connection rate 1/60s for (smtp:74.125.83.41) at Jan 24 11:46:35
Jan 24 11:53:20 lexie postfix/anvil[66412]: statistics: max connection count 1 for (smtp:74.125.83.41) at Jan 24 11:46:35
Jan 24 11:53:20 lexie postfix/anvil[66412]: statistics: max cache size 1 at Jan 24 11:46:35
Jan 24 11:55:30 lexie postfix/qmgr[25768]: 6FFC33D1BDB: from=<>, size=11778, nrcpt=1 (queue active)
Jan 24 11:55:30 lexie postfix/qmgr[25768]: warning: connect to transport private/smtp: Connection refused
Jan 24 11:55:30 lexie postfix/error[66813]: 6FFC33D1BDB: to=<buttmanizer@gmail.com>, relay=none, delay=421, delays=421/0.03/0/0.01, dsn=4.3.0,
status=deferred (mail transport unavailable)
graudeejs
January 24th, 2011, 13:11
It's something in postfix config.
Are you using postgres? What are logs related to postgres?
I think you Should provide your entire main.cf, sql querys for tables that you created, and all postfix maps files, Also rc.conf and maybe even pg_hba.conf (from postgtres database) any of these can make problems
buttmanizer
January 24th, 2011, 14:26
Yes I'm using PostgreSQL and it seems to work fine:
...
2011-01-24 20:49:56.669 PHT,"postfix","maildb",5969,"192.168.0.121:57347",4d3d7574.1751,2,"",2011-01-24 20:49:56
PHT,5/1517,0,LOG,00000,"connection authorized: user=postfix database=maildb",,,,,,,,,""
...
postconf -n
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = scan:[192.168.0.121]:10025
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
default_privs = nobody
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
local_recipient_maps = $virtual_mailbox_maps
mail_owner = postfix
mail_spool_directory = /var/home/mail
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydestination = localhost.$mydomain, localhost
mydomain = jjjsoftware.com
myhostname = jjjsoftware.com
mynetworks = 192.168.0.0/24, 127.0.0.0/8
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender,
reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_rbl_client bl.spamcop.net
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = pgsql:/usr/local/etc/postfix/pgsql_virtual_alias_maps.cf
virtual_gid_maps = static:6
virtual_mailbox_base = /mail
virtual_mailbox_domains = pgsql:/usr/local/etc/postfix/pgsql_virtual_mailbox_domains.cf
virtual_mailbox_maps = pgsql:/usr/local/etc/postfix/pgsql_virtual_mailbox_maps.cf
virtual_transport = dovecot
virtual_uid_maps = static:26
For all the postfix maps here're the connection parameters:
user = postfix
password = xxx
hosts = lexie
dbname = maildb
pgsql_virtual_alias_maps.cf
query = SELECT dest_username || '@' || dest_domain FROM mailbox_aliases WHERE address = '%s' AND active = true
pgsql_virtual_mailbox_domains.cf
query = SELECT domain FROM mailbox WHERE domain = '%s' AND active = true
pgsql_virtual_mailbox_maps.cf
query = SELECT domain || '/' || username FROM mailbox WHERE username = '%u' AND domain = '%d' AND active = true
SQL tables:
maildb=# \dS+ mailbox
Table "public.mailbox"
Column | Type | Modifiers | Storage | Description
----------+------------------------+-----------------------+----------+-------------
username | character varying(128) | not null | extended |
domain | character varying(128) | not null | extended |
password | character varying(32) | not null | extended |
quota | integer | not null default 1024 | plain |
active | boolean | not null default true | plain |
Indexes:
"mailbox_pkey" PRIMARY KEY, btree (username, domain)
Referenced by:
TABLE "mailbox_aliases" CONSTRAINT "mailbox_aliases_dest_username_fkey" FOREIGN KEY (dest_username, dest_domain) REFERENCES
mailbox(username, domain) ON DELETE CASCADE
Has OIDs: no
maildb=# \dS+ mailbox_aliases
Table "public.mailbox_aliases"
Column | Type | Modifiers | Storage | Description
---------------+------------------------+-----------------------+----------+-------------
address | character varying(256) | not null | extended |
dest_username | character varying(128) | not null | extended |
dest_domain | character varying(128) | not null | extended |
active | boolean | not null default true | plain |
Indexes:
"mailbox_aliases_pkey" PRIMARY KEY, btree (address)
Foreign-key constraints:
"mailbox_aliases_dest_username_fkey" FOREIGN KEY (dest_username, dest_domain) REFERENCES mailbox(username, domain) ON DELETE CASCADE
Has OIDs: no
maildb=# \dS+ mailbox_relay_domains
Table "public.mailbox_relay_domains"
Column | Type | Modifiers | Storage | Description
--------+------------------------+-----------------------+----------+-------------
domain | character varying(256) | not null | extended |
active | boolean | not null default true | plain |
Indexes:
"mailbox_relay_domains_pkey" PRIMARY KEY, btree (domain)
Has OIDs: no
pg_hba.conf
# IPv4 local connections:
...
local maildb dovecot,postfix md5
...
/etc/rc.conf
hostname="lexie"
ifconfig_em0="DHCP"
keymap="us.iso"
sshd_enable="YES"
linux_enable="YES"
dbus_enable="YES"
hald_enable="YES"
polkitd_enable="YES"
#PostgreSQL
postgresql_enable="YES"
postgresql_data="/mnt/data/pg_data"
postgresql_flags="-w -s -m fast"
postgresql_initdb_flags="--encoding=utf-8 --lc-collate=C"
postgresql_class="postgres"
postgresql_user="postgres"
vboxnet_enable="YES"
apache22_enable="YES"
#Printer Settings
cupsd_enable="YES"
devfs_system_ruleset="system"
#Firewall Settings
#firewall_enable="YES"
#firewall_logging="YES"
#firewall_type="/etc/ipfw2.conf"
pf_enable="YES"
pflog_enable="YES"
#Email Settings
dovecot_enable="YES"
postfix_enable="YES"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
#Spamd
#obspamlogd_enable="YES"
#obspamd_enable="YES"
#obspamd_flags="-l 192.168.0.121 -h jjjsoftware.com"
#Clamav
clamsmtpd_enable="YES"
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
clamav_freshclam_flags="--quiet -a 192.168.0.121 -c 24"
#SpamAssassin
spamd_enable="YES"
spamd_flags="-c --socketpath=/var/run/SpamAssassin.socket"
bsdstats_enable="YES"
graudeejs
January 24th, 2011, 15:50
I think setting mynetworks_style = host is wrong, because you already defined mynetworks which contains list of addresses, that can freely relay email using your mail server. (however this is not your problem)
Check that your queries:
SELECT dest_username || '@' || dest_domain FROM mailbox_aliases WHERE address = '%s' AND active = true;
SELECT domain FROM mailbox WHERE domain = '%s' AND active = true;
Work as expected
buttmanizer
January 24th, 2011, 17:43
PostgreSQL seems to be fine:
2011-01-25 00:25:08.765 PHT,"postfix","maildb",10408,"192.168.0.121:31464",4d3da7e4.28a8,4,"",2011-01-25 00:25:08
PHT,8/17,0,LOG,00000,"statement: SELECT domain FROM mailbox WHERE domain = 'jjjsoftware.com' AND active = true",,,,,,,,,""
2011-01-25 00:27:34.824 PHT,"dovecot","maildb",10175,"192.168.0.121:50699",4d3da73c.27bf,6,"",2011-01-25 00:22:20
PHT,2/5,0,LOG,00000,"statement: SELECT username, domain, password, '*:bytes=' || quota || 'M' AS userdb_quota_rule FROM mailbox WHERE username
= 'jovito' AND domain = 'jjjsoftware.com' AND active = true",,,,,,,,,""
mailq:
lexie# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
32DE43D1A40* 8680 Tue Jan 25 00:24:59 jovito@jjjsoftware.com
buttmanizer@gmail.com
-- 9 Kbytes in 1 Request.
lexie# mailq
Mail queue is empty
spamd, clamsmtpd, and spamassasin all seem to work fine as the message gets passed between them.
However, status=bounced (too many hops), userdb lookup not possible with only userdb prefetch, and status=bounced (user unknown) are weird. And I didn't received any mail in GMail :(
...
...
Jan 25 00:25:08 lexie postfix/pickup[10256]: B133B3D1A43: uid=65534 from=<jovito@jjjsoftware.com>
Jan 25 00:25:08 lexie postfix/pipe[10280]: EB5CC3D1A40: to=<buttmanizer@gmail.com>, relay=spamassassin, delay=4.8, delays=0.11/0/0/4.7,
dsn=2.0.0, status=sent (delivered via spamassassin service)
Jan 25 00:25:08 lexie postfix/qmgr[10257]: EB5CC3D1A40: removed
Jan 25 00:25:08 lexie postfix/cleanup[10278]: B133B3D1A43: message-id=<20FA642C-10C0-4979-A12C-F57769D7BEFC@jjjsoftware.com>
Jan 25 00:25:08 lexie postfix/cleanup[10278]: B133B3D1A43: to=<buttmanizer@gmail.com>, relay=none, delay=0.01, delays=0.01/0/0/0, dsn=5.4.0,
status=bounced (too many hops)
Jan 25 00:25:08 lexie postfix/cleanup[10405]: B5C083D1ABA: message-id=<20110124162508.B5C083D1ABA@jjjsoftware.com>
Jan 25 00:25:08 lexie postfix/bounce[10404]: B133B3D1A43: sender non-delivery notification: B5C083D1ABA
Jan 25 00:25:08 lexie postfix/qmgr[10257]: B5C083D1ABA: from=<>, size=10853, nrcpt=1 (queue active)
Jan 25 00:25:08 lexie spamd[1059]: prefork: child states: II
Jan 25 00:25:08 lexie dovecot: auth(default): master in: USER 1 jovito@jjjsoftware.com service=deliver
Jan 25 00:25:08 lexie dovecot: auth(default): prefetch(jovito@jjjsoftware.com): userdb lookup not possible with only userdb prefetch
Jan 25 00:25:08 lexie dovecot: auth(default): master out: NOTFOUND 1
Jan 25 00:25:08 lexie postfix/pipe[10409]: B5C083D1ABA: to=<jovito@jjjsoftware.com>, relay=dovecot, delay=0.04, delays=0.02/0.02/0/0,
dsn=5.1.1, status=bounced (user unknown)
Jan 25 00:25:08 lexie postfix/qmgr[10257]: B5C083D1ABA: removed
Jan 25 00:27:34 lexie dovecot: auth(default): client in: AUTH 1 PLAIN service=imap secured lip=192.168.0.121
rip=112.201.119.168 lport=993 rport=48842 resp=AGpvdml0b0Bqampzb2Z0d2FyZS5jb20AZGFyY2luX2Nvb GU=
Jan 25 00:27:34 lexie dovecot: auth(default): sql(jovito@jjjsoftware.com,112.201.119.168): query: SELECT username, domain, password, '*:bytes='
|| quota || 'M' AS userdb_quota_rule FROM mailbox WHERE username = 'jovito' AND domain = 'jjjsoftware.com' AND active = true
Jan 25 00:27:34 lexie dovecot: auth(default): client out: OK 1 user=jovito@jjjsoftware.com
Jan 25 00:27:34 lexie dovecot: auth(default): master in: REQUEST 3 10263 1
Jan 25 00:27:34 lexie dovecot: auth(default): prefetch(jovito@jjjsoftware.com,112.201.119.168): success
Jan 25 00:27:34 lexie dovecot: auth(default): master out: USER 3 jovito@jjjsoftware.com quota_rule=*:bytes=1024M
Jan 25 00:27:34 lexie dovecot: imap-login: Login: user=<jovito@jjjsoftware.com>, method=PLAIN, rip=112.201.119.168, lip=192.168.0.121, TLS
Jan 25 00:27:35 lexie dovecot: auth(default): new auth connection: pid=10436
buttmanizer
January 24th, 2011, 17:51
How can I unblock my GMail?
Jan 25 00:50:16 lexie dovecot: imap-login: Login: user=<jovito@jjjsoftware.com>, method=PLAIN, rip=112.201.119.168, lip=192.168.0.121, TLS
Jan 25 00:50:17 lexie dovecot: auth(default): new auth connection: pid=10754
Jan 25 00:52:53 lexie postfix/smtpd[10789]: connect from mail-gx0-f169.google.com[209.85.161.169]
Jan 25 00:52:53 lexie dovecot: auth(default): new auth connection: pid=10789
Jan 25 00:52:56 lexie postfix/smtpd[10789]: NOQUEUE: reject: RCPT from mail-gx0-f169.google.com[209.85.161.169]: 554 5.7.1 Service unavailable;
Client host [209.85.161.169] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?209.85.161.169; from=
<buttmanizer@gmail.com> to=<jovito@jjjsoftware.com> proto=ESMTP helo=<mail-gx0-f169.google.com>
Jan 25 00:52:57 lexie postfix/smtpd[10789]: disconnect from mail-gx0-f169.google.com[209.85.161.169]
graudeejs
January 24th, 2011, 18:36
Hmm, why in your config I don't see relay_domains = $mydestination (This is default value, don't modify, set it like it is)?
Set it, reload postfix, and test... (ugh... I hate debugging mail servers :D)
Also I tried to send mail to you using telnet... Server seems to have accepted my message.
buttmanizer
January 24th, 2011, 19:01
I put relay_domains = $mydestination in main.cf and restarted postfix.
Still can't receive any mails, even yours:
Jan 25 01:33:30 lexie postfix/pickup[1274]: 0E1913D1A42: uid=65534 from=<aldis@bsdroot.lv>
Jan 25 01:33:30 lexie postfix/qmgr[1275]: 5DE703D1A3B: removed
Jan 25 01:33:30 lexie postfix/cleanup[1742]: 0E1913D1A42: message-id=<20110124173132.E25B63D1A42@jjjsoftware.com>
Jan 25 01:33:30 lexie postfix/cleanup[1742]: 0E1913D1A42: to=<jovito@jjjsoftware.com>, relay=none, delay=0.01, delays=0.01/0/0/0, dsn=5.4.0,
status=bounced (too many hops)
Jan 25 01:33:30 lexie postfix/cleanup[1866]: 120843D1A43: message-id=<20110124173330.120843D1A43@jjjsoftware.com>
Jan 25 01:33:30 lexie postfix/bounce[1865]: 0E1913D1A42: sender non-delivery notification: 120843D1A43
Jan 25 01:33:30 lexie postfix/qmgr[1275]: 120843D1A43: from=<>, size=12308, nrcpt=1 (queue active)
Jan 25 01:33:30 lexie spamd[1098]: prefork: child states: II
Jan 25 01:33:46 lexie postfix/anvil[1573]: statistics: max connection rate 1/60s for (smtp:112.201.119.168) at Jan 25 01:23:44
Jan 25 01:33:46 lexie postfix/anvil[1573]: statistics: max connection count 1 for (smtp:112.201.119.168) at Jan 25 01:23:44
Jan 25 01:33:46 lexie postfix/anvil[1573]: statistics: max cache size 2 at Jan 25 01:28:51
Jan 25 01:34:00 lexie postfix/smtp[1870]: connect to mx.bsdroot.lv[83.241.11.155]:25: Operation timed out
Jan 25 01:34:00 lexie postfix/smtp[1870]: 120843D1A43: to=<aldis@bsdroot.lv>, relay=none, delay=31, delays=0.02/0.02/31/0, dsn=4.4.1,
status=deferred (connect to mx.bsdroot.lv[83.241.11.155]:25: Operation timed out)
Email verification at network-tools.com for my MX records seems fine:
Validation results
canonical address: <jovito@jjjsoftware.com>
MX records
preference exchange IP address (if included)
10 mail.jjjsoftware.com [112.201.119.168]
SMTP session
[Contacting mail.jjjsoftware.com [112.201.119.168]...]
[Connected]
220 jjjsoftware.com ESMTP Postfix (2.7.2)
EHLO Network-Tools.com
250-jjjsoftware.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
VRFY jovito
504 5.5.2 <jovito>: Recipient address rejected: need fully-qualified address
RSET
250 2.0.0 Ok
EXPN jovito
502 5.5.2 Error: command not recognized
RSET
250 2.0.0 Ok
MAIL FROM:<admin@Network-Tools.com>
250 2.1.0 Ok
RCPT TO:<jovito@jjjsoftware.com>
250 2.1.5 Ok
RSET
250 2.0.0 Ok
QUIT
221 2.0.0 Bye
[Connection closed]
graudeejs
February 17th, 2011, 20:38
I'm trying to rewrite (write better) this HOWTO at http://wiki.bsdroot.lv/freebsd:mailserver
Probably it will be much more up to date
kenyloveg
February 23rd, 2011, 15:47
Hi, killasmurf86
Since 8.2 is released, would you update your scenario along with other updates like Postgresql 9.0.3?
graudeejs
February 23rd, 2011, 17:58
Hi, killasmurf86
Since 8.2 is released, would you update your scenario along with other updates like Postgresql 9.0.3?
Nothing (that I'm aware of) except version number change in this matter.
kenyloveg
February 24th, 2011, 09:23
Hi, killasmurf86
Thanks anyway.
My problem is failed to install Postgresql90-server, steps are below. Fresh install 8.2 release, choose minimal install
portsnap fetch
portsnap extract
cd /usr/port/database/postgresql90-server
make clean install
At last I get error code 1 say something like open-sasl install failed/Postgresql client 8.4 failed.
Now I'm installing binary not compiling from port, looks everything all right now, but need to go on your rest scenario.
kenyloveg
February 24th, 2011, 09:30
And another question is regarding certification. I've already get class 1 cert from StartSSL, which is a .p12 file, how can i using this file as SSL/TLS cert? PS: I don't wanner get popup in Outlook client, saying should i trust this or not...
Thanks.
graudeejs
February 24th, 2011, 10:27
Hi, killasmurf86
Thanks anyway.
My problem is failed to install Postgresql90-server, steps are below
Fresh install 8.2 release, choose minimal install, "portsnap fetch", "portsnap extract", "cd /usr/port/database/postgresql90-server", "make clean install", at last i get "error code 1", say something like open-sasl install failed/Postgresql client 8.4 failed.
This is your specific problem (don't know why it won't build for you), I had no problem installing PostgreSQL server/client :)
Excuse me for bad English, and replied by using quick reply...
Have a good day.
Your English fine :)
And another question is regarding certification. I've already get class 1 cert from StartSSL, which is a .p12 file, how can i using this file as SSL/TLS cert? PS: I don't wanner get popup in Outlook client, saying should i trust this or not...
Thanks.
see CONVERTING CERTIFICATE TO/FROM PKCS #12 FORMAT at http://forums.freebsd.org/showthread.php?t=6490
I think that's the answer
kenyloveg
February 24th, 2011, 12:58
Hi, killasmurf86
Thanks for your reply.
Could you let me know what is your exact step to install Postgresql90-server from scratch?
The problem should be build scripts for Postgresql90-server, cuz I've no idea why would it need postgresql84 client to be installed...
And one thing for newbies like me, you need to install portmaster first then reboot, then portmaster should work.
graudeejs
February 24th, 2011, 13:16
# cd /usr/ports/databases/postgresql90-server
# make install clean
or if you have portmaster installed
portmaster databases/postgresql90-server
That's it
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/ports.html
kenyloveg
February 24th, 2011, 14:04
Hi, killasmurf86
Excuse me if I had so many noob questions. As configuration in dovecot.conf need both cert.pem and key.pem, after putting this openssl pkcs12 -in mycert.p12 -out cert.pem -nodes -clcerts I still need key.pem which I've no idea how to get this.
Thank you.
DutchDaemon
February 24th, 2011, 15:47
And one thing for newbies like me, you need to install portmaster first then reboot, then portmaster should work.
Nonsense, this is not Windows. Just run hash -r or rehash after installing a port/package.
kenyloveg
February 24th, 2011, 15:55
Nonsense, this is not Windows. Just run hash -r or rehash after installing a port/package.
Hi, DutchDaemon
Thanks for your information. Just because after I installed portmaster, I still got command not found Thought reboot may fix it. But never thought heard about "hash -r".
BTW, how do I check binary package information on ftp site like port?
graudeejs
February 24th, 2011, 16:44
Hi, killasmurf86
Excuse me if I had so many noob questions. As configuration in dovecot.conf need both cert.pem and key.pem, after putting this openssl pkcs12 -in mycert.p12 -out cert.pem -nodes -clcerts I still need key.pem which I've no idea how to get this.
Thank you.
Depends on your certificate. If you have only one file, then you probably have everything in one file, in this case point all necessary parameters to your only ssl key
IrishWristwatch
March 10th, 2011, 02:42
Where is the UserDB in this setup? My logs keep showing that the user is not found every time I send a message to the server.
to=<test@fakeurl.com>, relay=dovecot, delay=0.24, delays=0.16/0.01/0/0.06, dsn=5.1.1, status=bounced (user unknown)
IrishWristwatch
March 10th, 2011, 05:26
Where is the UserDB in this setup? My logs keep showing that the user is not found every time I send a message to the server.
to=<test@fakeurl.com>, relay=dovecot, delay=0.24, delays=0.16/0.01/0/0.06, dsn=5.1.1, status=bounced (user unknown)
Fixed it. I added
passdb sql {
args = /usr/local/etc/dovecot-sql.conf
}
userdb prefetch {
# keep this, otherwise quota won't work
}
userdb static {
args = uid=mailnull gid=mail home=/mail/%d/%n
# keep this, otherwise quota won't work
}
graudeejs
March 10th, 2011, 08:07
On my setup I don't use userdb, I get info about user from passdb, this way I save 1 SQL call
IrishWristwatch
March 10th, 2011, 08:46
On my setup I don't use userdb, I get info about user from passdb, this way I save 1 SQL call
Strange, it couldn't find the user by just using a passdb SQL call (as shown in the log in my first post). It worked after I added that "userdb static" call into the file.
graudeejs
March 10th, 2011, 09:37
Strange, it couldn't find the user by just using a passdb SQL call (as shown in the log in my first post). It worked after I added that "userdb static" call into the file.
Howto may contain some errors, because I wrote it off my memory.
I hope to fix these, next time I reinstall my server
IrishWristwatch
March 13th, 2011, 04:08
Howto may contain some errors, because I wrote it off my memory.
I hope to fix these, next time I reinstall my server
Do you know how virtual mailbox forwarding would be done on this setup? For instance, if I wanted joe@example.com to go to the mailbox joe, but also to joe@gmail.com. I know how to do this with the /etc/aliases file, but I'm not too sure with virtual mailboxes in postgresql.
graudeejs
March 13th, 2011, 09:35
Do you know how virtual mailbox forwarding would be done on this setup? For instance, if I wanted joe@example.com to go to the mailbox joe, but also to joe@gmail.com. I know how to do this with the /etc/aliases file, but I'm not too sure with virtual mailboxes in postgresql.
Sorry, I've no clue (never needed such feature)
henrixd
June 2nd, 2012, 09:05
This was great tutorial. I got things running, with almost no problems. Here is few things I did differently.
RoundCube uses fsockopen, so why not use unix sockets. First disable inet_listener and add unix socket for imaps.
dovecot config:
inet_listener imaps {
port = 0
}
unix_listener imaps {
mode = 0666
}
RounCube main config:
$rcmail_config['default_host'] = 'unix:///var/run/dovecot/imaps';
$rcmail_config['default_port'] = -1;
This is part from my nginx.conf. We start with default deny all and move towards to allowing. Only PHP script that needs fcgi_pass is index.php and rest is just static files.
There is so much crap and exposed files in roundcube dirs, that I won't let them open nor want I keep checking them too often.
nginx config:
root /usr/local/www/roundcube;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
## Only allow these request methods
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
location / { deny all; }
location = / { index index.php; }
location = /index.php {
fastcgi_pass unix:/var/run/spawn_fcgi.socket;
}
location = /program/blank.gif {}
location = /program/blocked.gif {}
location ~ ^/program/js/.*\.js$ {}
location ~ ^/skins/.*\.jpg|jpeg|gif|png|html|css|js$ {}
location ~ ^/plugins/.*\.jpg|jpeg|gif|png|html|css|js$ {}
Here is my test code for nginx.conf (in case someone wants to validate).
First in server run this:
find /usr/local/www/roundcube -true > ./check.list
Run check.list file with this.
#!/bin/sh
while read url; do
echo -n "${url}: "
curl -o /dev/null --silent --head --write-out '%{http_code}\n' ${url}
done < check.list
Remember to put security/sshguard to check mail.info too, to have a little extra security for the web login form. Keep in mind that max-src-conn-rate type of filter rules might lock you out (I didn't).
There, hope this helps secure someone's web-mail.
henrixd
June 2nd, 2012, 09:25
Do you know how virtual mailbox forwarding would be done on this setup? For instance, if I wanted joe@example.com to go to the mailbox joe, but also to joe@gmail.com. I know how to do this with the /etc/aliases file, but I'm not too sure with virtual mailboxes in postgresql.
Postfix to Database Mappings (http://workaround.org/book/export/html/58)
Find virtual_alias_maps from somewhat middle of the page.
graudeejs
June 3rd, 2012, 09:39
This was great tutorial. I got things running, with almost no problems. Here is few things I did differently.
RoundCube uses fsockopen, so why not use unix sockets. First disable inet_listener and add unix socket for imaps.
dovecot config:
inet_listener imaps {
port = 0
}
unix_listener imaps {
mode = 0666
}
RounCube main config:
$rcmail_config['default_host'] = 'unix:///var/run/dovecot/imaps';
$rcmail_config['default_port'] = -1;
This is part from my nginx.conf. We start with default deny all and move towards to allowing. Only PHP script that needs fcgi_pass is index.php and rest is just static files.
There is so much crap and exposed files in roundcube dirs, that I won't let them open nor want I keep checking them too often.
nginx config:
root /usr/local/www/roundcube;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
## Only allow these request methods
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
location / { deny all; }
location = / { index index.php; }
location = /index.php {
fastcgi_pass unix:/var/run/spawn_fcgi.socket;
}
location = /program/blank.gif {}
location = /program/blocked.gif {}
location ~ ^/program/js/.*\.js$ {}
location ~ ^/skins/.*\.jpg|jpeg|gif|png|html|css|js$ {}
location ~ ^/plugins/.*\.jpg|jpeg|gif|png|html|css|js$ {}
Here is my test code for nginx.conf (in case someone wants to validate).
First in server run this:
find /usr/local/www/roundcube -true > ./check.list
Run check.list file with this.
#!/bin/sh
while read url; do
echo -n "${url}: "
curl -o /dev/null --silent --head --write-out '%{http_code}\n' ${url}
done < check.list
Remember to put security/sshguard to check mail.info too, to have a little extra security for the web login form. Keep in mind that max-src-conn-rate type of filter rules might lock you out (I didn't).
There, hope this helps secure someone's web-mail.
BTW, later I discovered www/hastymail2 (http://www.hastymail.org/)
I really like it much more than RoundCube. It has much more advanced features.
However hastymail in ports and doesn't work very well for multiple domains.
Unfortunately I don't have my own server any more, so I haven't updated hastymail (yet).
I should probably give Hastymail to the pool....
(hope to get new server some day, soon [few months maybe])
henrixd
June 4th, 2012, 04:42
Little bug fix.
I should have validated my own config better, this is what you get when you set up your box with minimum sleep.
location ~ ^/program/js/.*\.js|jpg|jpeg|gif|png|html|htm|css$ {}
location ~ ^/skins/.*\.js|jpg|jpeg|gif|png|html|htm|css$ {}
location ~ ^/plugins/.*\.js|jpg|jpeg|gif|png|html|htm|css$ {}
I must say, that www/hastymail2 looks really nice, I'll go give it a try immediately.
makdaddy8888
June 21st, 2012, 12:32
I think you mean:
-- create virtual domain
-- currently virtual domains doesn't work for me
INSERT INTO domains_relay_domains VALUES ('example.com');
to say INSERT INTO mailbox_relay_domains VALUES etc
makdaddy8888
June 21st, 2012, 12:53
Can you please expand on this?
also for db security I suggest you change password for pgsql user and set password authentication for everything and everyone form anywhere
Thanks.
NuLL3rr0r
August 16th, 2012, 05:05
Hi,
Tnx for such a great tutorial, this is exactly the one I needed.
I did setup my VPS using your tutorial, and now I can send messages out.
But when I send a message from gmail to one of mailboxes on my VPS I got
Aug 16 03:16:00 3rr0r postfix/pickup[1607]: 42B72B87E: uid=80 from=<www>
Aug 16 03:16:00 3rr0r postfix/cleanup[5049]: 42B72B87E: message-id=<20120816031600.42B72B87E@babaei.net>
Aug 16 03:16:00 3rr0r postfix/qmgr[1608]: 42B72B87E: from=<www@babaei.net>, size=501, nrcpt=1 (queue active)
Aug 16 03:16:00 3rr0r dovecot: auth(default): prefetch(www@babaei.net): userdb lookup not possible with only userdb prefetch
Aug 16 03:16:00 3rr0r postfix/pipe[5057]: 42B72B87E: to=<www@babaei.net>, orig_to=<www>, relay=dovecot, delay=0.03,
delays=0.01/0.01/0/0, dsn=5.1.1, status=bounced (user unknown)
Aug 16 03:16:00 3rr0r postfix/cleanup[1690]: 4892DB93B: message-id=<20120816031600.4892DB93B@babaei.net>
Aug 16 03:16:00 3rr0r postfix/bounce[5059]: 42B72B87E: sender non-delivery notification: 4892DB93B
Aug 16 03:16:00 3rr0r postfix/qmgr[1608]: 4892DB93B: from=<>, size=2164, nrcpt=1 (queue active)
Aug 16 03:16:00 3rr0r postfix/qmgr[1608]: 42B72B87E: removed
Aug 16 03:16:00 3rr0r dovecot: auth(default): prefetch(www@babaei.net): userdb lookup not possible with only userdb prefetch
Aug 16 03:16:00 3rr0r postfix/pipe[2400]: 4892DB93B: to=<www@babaei.net>, relay=dovecot, delay=0.53, delays=0.53/0/0/0,
dsn=5.1.1, status=bounced (user unknown)
Aug 16 03:16:00 3rr0r postfix/qmgr[1608]: 4892DB93B: removed
The only reason I found http://comments.gmane.org/gmane.mail.postfix.user/83221
The user with the UID 80 (www?) injects a mail using the sendmail
command.
I really don't know what's wrong??
Also when I start postfix manually I see a bunch of warnings:
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
postfix/postfix-script: stopping the Postfix mail system
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
/usr/local/sbin/postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: virtual_mailbox_extended=yes
postfix/postfix-script: starting the Postfix mail system
I found this one: http://sourceforge.net/mailarchive/forum.php?thread_name=4FAC07D5.3030908%40quip.cz&forum_name=vda-users
graudeejs
August 16th, 2012, 06:20
Do you have user (or alias) www in database?
NuLL3rr0r
August 17th, 2012, 01:14
Do you have user (or alias) www in database?
Nope. this is my only user with two aliases
-- create user
INSERT INTO mailbox VALUES ('3rr0r','babaei.net','{########################## ###}');
-- create virtual aliases
INSERT INTO mailbox_aliases VALUES ('postmaster@babaei.net', '3rr0r', 'babaei.net');
INSERT INTO mailbox_aliases VALUES ('root@babaei.net', '3rr0r', 'babaei.net');
NuLL3rr0r
August 17th, 2012, 14:54
Delivery failure report by gmail
This is an automatically generated Delivery Status Notification
THIS IS A WARNING MESSAGE ONLY.
YOU DO NOT NEED TO RESEND YOUR MESSAGE.
Delivery to the following recipient has been delayed:
root@babaei.net
Message will be retried for 2 more day(s)
Technical details of temporary failure:
The recipient server did not accept our requests to connect. Learn more at
http://support.google.com/mail/bin/answer.py?answer=7720
[(10) mx.babaei.net. [199.48.133.134]:25: Connection dropped]
[(10) mail.babaei.net. [199.48.133.134]:25: Connection dropped]
graudeejs
August 17th, 2012, 16:16
Nope. this is my only user with two aliases
-- create user
INSERT INTO mailbox VALUES ('3rr0r','babaei.net','{########################## ###}');
-- create virtual aliases
INSERT INTO mailbox_aliases VALUES ('postmaster@babaei.net', '3rr0r', 'babaei.net');
INSERT INTO mailbox_aliases VALUES ('root@babaei.net', '3rr0r', 'babaei.net');
I think you need to
INSERT INTO mailbox_aliases VALUES ('www@babaei.net', '3rr0r', 'babaei.net');
P.S. I'm rusty on this. I don't have my own server for about year or so
NuLL3rr0r
August 18th, 2012, 21:28
Hi graudeejs,
tnx for the answer. I added www to mailbox_aliases. To check if it's added:
SELECT * FROM mailbox_aliases;
address | dest_username | dest_domain | active
-----------------------+---------------+-------------+--------
postmaster@babaei.net | 3rr0r | babaei.net | t
root@babaei.net | 3rr0r | babaei.net | t
www@babaei.net | 3rr0r | babaei.net | t
(3 rows)
Still www is unknown user:
Aug 18 20:13:12 3rr0r postfix/smtpd[1543]: connect from mail-bk0-
f44.google.com[209.85.214.44]
Aug 18 20:14:00 3rr0r postfix/pickup[99224]: 1726BBA48: uid=80 from=<www>
Aug 18 20:14:00 3rr0r postfix/cleanup[85682]: 1726BBA48: message-id=<20120818201400.1726BBA48@babaei.net>
Aug 18 20:14:00 3rr0r postfix/qmgr[30223]: 1726BBA48: from=<www@babaei.net>, size=501,
nrcpt=1 (queue active)
Aug 18 20:14:00 3rr0r dovecot: auth(default): prefetch(3rr0r@babaei.net): userdb lookup not
possible with only userdb prefetch
Aug 18 20:14:00 3rr0r postfix/pipe[69649]: 1726BBA48: to=<3rr0r@babaei.net>, orig_to=<www>,
relay=dovecot, delay=0.03, delays=0.01/0.01/0/0, dsn=5.1.1, status=bounced (user unknown)
Aug 18 20:14:00 3rr0r postfix/cleanup[95668]: 1CD9BBACA: message-id=
<20120818201400.1CD9BBACA@babaei.net>
Aug 18 20:14:00 3rr0r postfix/bounce[99157]: 1726BBA48: sender non-delivery notification:
1CD9BBACA
Aug 18 20:14:00 3rr0r postfix/qmgr[30223]: 1CD9BBACA: from=<>, size=2168, nrcpt=1 (queue
active)
Aug 18 20:14:00 3rr0r postfix/qmgr[30223]: 1726BBA48: removed
Aug 18 20:14:00 3rr0r dovecot: auth(default): prefetch(3rr0r@babaei.net): userdb lookup not
possible with only userdb prefetch
Aug 18 20:14:00 3rr0r postfix/pipe[69652]: 1CD9BBACA: to=<3rr0r@babaei.net>, orig_to=
<www@babaei.net>, relay=dovecot, delay=0.01, delays=0.01/0/0/0, dsn=5.1.1, status=bounced
(user unknown)
Aug 18 20:14:00 3rr0r postfix/qmgr[30223]: 1CD9BBACA: removed
Maybe I did something wrong. I'll try to do it from the begging to see what happens.
Cthulhux
April 9th, 2013, 21:41
Not sure if I made some mistake...
I own the mail address root@somedomain.org which runs on FreeBSD 9.1. I copied and pasted the commands to create the cert.pem and key.pem files and entered somedomain.org when it asked for "my name". Then I added the cert.pem certificate to my MUA.
Still it fails to fetch mails:
Apr 9 22:06:59 servername dovecot: imap-login: Disconnected (no auth attempts): rip=91.11.9.88, lip=46.38.239.230, TLS handshaking: SSL_accept() failed: error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access denied
According to my MUA log, the domain does not match.
What has gone wrong here?
graudeejs
April 11th, 2013, 20:47
I haven't done this for quite a while now, But depending on your config, perhaps you needed to type
*.somedomain.org
just a guess.
If I remember correctly, this allows you to have subdomains, which you probably have (main.somedomain.org ?)
Cthulhux
April 11th, 2013, 20:51
No, I don't.
My Dovecot/Postfix entirely listen(s) to the somedomain.org domain, no subdomains of it.
vBulletin® v3.8.7, Copyright ©2000-2013, vBulletin Solutions, Inc.
0