HOWTO: simple mail server (postfix/dspam/dovecot)

vermaden said:
I assume that there were zero responses here because not many experienced mail server admins here? ;)

Well, I have to work with sendmail and most of the time I don't have many time because of this fact :p ;-)
 
I haven't tried sendmail, I started 'mail experience' with postfix, but I have heard that sendmail has its 'downsides' ;)
 
First, a big thanks for vermaden for this very useful how-to.

I have a working mailserver built along these lines (mail/postfix + mail/dovecot2 + mail/dspam). I would would like to add sieve support, with mail/dovecot2-pigeonhole.

This page: Exim + Dovecot + Sieve + Roundcube + ManageSieve supplies useful instructions on configuring dovecot2 for sieve and adding support to mail/roundcube.

This page details adding sieve to postfix: Dovecot LDA with Postfix. It sounds straightforward: adding this line to master.cf:
Code:
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient}
and this to main.cf:
Code:
dovecot_destination_recipient_limit = 1
virtual_transport = dovecot

I have now gotten to the point where roundcube now has a "filter" tab in the settings and can connect with the sieve server on port 4190. I can now create a test filter from the roundcube interface.

I am still missing a piece of the puzzle however. With this line enabled in main.cf:
virtual_transport = dovecot

an incoming message bounces with a "user unknown" error:
Code:
Oct  8 17:15:20 venus postfix/pipe[90375]: 21876A42C0: to=<cb@****.**>, orig_to=<colin>, relay=dovecot, delay=0.5, delays=0.4/0.02/0/0.08, dsn=5.1.1, status=bounced (user unknown)

when I comment out that line postfix delivers an incoming message normally but obviously misses the sieve step supplied by dovecot:
Code:
Oct  8 17:16:13 venus postfix/virtual[90497]: 77025A42C0: to=<cb@****.**>, orig_to=<colin>, relay=virtual, delay=0.04, delays=0.03/0/0/0, dsn=2.0.0, status=sent (delivered to maildir)

Any ideas on what I am missing here?

TIA
 
cbrace said:
First, a big thanks for vermaden for this very useful how-to.

Welcome.

cbrace said:
It sounds straightforward: adding this line to master.cf:
Code:
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/dovecot-lda -f ${sender} -d ${recipient}
and this to main.cf:
Code:
dovecot_destination_recipient_limit = 1
virtual_transport = dovecot

I used this one:
Code:
dovecot    unix  -       n       n       -       -       pipe
  flags=DRhu user=virtual:virtual argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${recipient}

... and after switching to spamsassassin (dspam made segmentation fault often) I use now something like that:
Code:
dovecot    unix  -       n       n       -       -       pipe
  flags=DRhu user=virtual:virtual argv=/usr/local/bin/spamc -u ${recipient} -e /usr/local/libexec/dovecot/deliver -f ${sender} -d ${recipient}
 
Hi Vermaden,

I've changed the line in master.cf to ../dovecot/deliver.

Incoming mails are no longer bounced, but are now accepted, but delivery is temporarily deferred. From maillog:

Code:
Oct 16 12:39:37 paz postfix/lmtp[514]: 320883BE2D: to=<cb@lim.nl>, relay=paz[/var/run/dspam.sock], delay=0.71, delays=0.02/0.01/0/0.67, dsn=2.6.0, status=sent (250 2.6.0 <cb@lim.nl> Message accepted for delivery)
Oct 16 12:39:37 paz postfix/qmgr[414]: 320883BE2D: removed
Oct 16 12:41:02 paz postfix/qmgr[414]: CD03E3BE5B: from=<cbrace@mail.#######.net>, size=1282, nrcpt=1 (queue active)
Oct 16 12:41:02 paz postfix/pipe[516]: CD03E3BE5B: to=<cb@lim.nl>, relay=dovecot, delay=583, delays=583/0.01/0/0.06, dsn=4.3.0, status=deferred (temporary failure)

I have switched on auth-debugging in dovecot, and this is what I see in /var/log/dovecot:
Code:
Oct 16 12:31:19 auth: Debug: auth client connected (pid=0)
Oct 16 12:31:20 auth: Debug: master in: USER	1	cb@lim.nl	service=lda
Oct 16 12:31:20 auth: Debug: passwd(cb@lim.nl): lookup
Oct 16 12:31:20 auth: Info: passwd(cb@lim.nl): unknown user
Oct 16 12:31:20 auth: Debug: passwd-file /usr/local/etc/dovecot-passwd: Read # users in 0 secs
Oct 16 12:31:20 auth: Debug: passwd-file(cb@lim.nl): lookup: user=cb@lim.nl file=/usr/local/etc/dovecot-passwd
Oct 16 12:31:20 auth: Debug: userdb out: USER	1	cb@lim.nl	uid=1001	gid=6	home=/var/db/vmail/lim.nl/cb

Up until now, using postfix virtual delivery, I have had all mail incoming to various virtual domains delivered to a single system user, in my case "colin". This line in dovecot-passwd
Code:
colin:{PLAIN-MD5}516b38afeee70474b04881a633728b15
With these credentials my mail clients connect with IMAP. However, it appears from auth debug that dovecot delivery is looking for a user in the userdb (dovecot-passwd?), so I added an entry matching the actual recipient, like this:
Code:
cb@lim.nl:{SSHA}63a5fRaKfNcG2f8FPy3y4xC8Vz3o+D9e
This where I am stuck. Dovecot says USER UNKOWN, even though I have an entry.

It appears to be determining a destination:
Code:
home=/var/db/vmail/lim.nl/cb
This exists; it isn't the one IMAP when one logs in using a system name but that can be fixed. But something is still going wrong with delivery.

With my very limited knowledge of postfix and dovecot am wondering whether there is some config error between the system and virtual users. I don't need virtual users on this mailserver, but I do need virtual domains.

Any ideas?
 
I do not have any ideas how to fix this one, but I can sent You my current configuration with postfix, dovecot and spamd.
 
Ah, OK. I'm using v2.

I will go through your configuration line-by-line and see if I can figure out what you are doing that I'm not. If that fails, I'll ask on the dovecot ML.
 
My current concerns are:
-- dspam(1) daemon runs on root, it should run on its user (like dspam for example), any tips how to make the permissions?
This appears to have been fixed with release v3.10.2_2 of mail/dspam which, if I am not mistaken, was released in May. From files/UPDATING:
Code:
# dspam-3.10.2_2
#

Port Changes:
- Runs as dspam:dspam instead of root:mail [1]
- Default run directory is now /var/run/dspam [1]
- Default daemon/client communication port is now 2424 [1]
- New SETUID option to enable old insecure behavior [1]

[1] Questionable ownership and security on mail/dspam (PR #115957)
However, I am unable to get this latest version to work. I see this error in maillog:
Code:
Nov  2 14:17:07 galatea dspam[94824]: Daemon process starting
Nov  2 14:17:07 galatea dspam[94824]: Creating local domain socket /var/run/dspam.sock
Nov  2 14:17:07 galatea dspam[94824]: Daemon mode failed to start
Nov  2 14:17:07 galatea dspam[94824]: Daemon process exiting
Nov  2 14:19:37 galatea dspam[94843]: Unable to determine the destination user
Nov  2 14:19:37 galatea dspam[94843]: DSPAM agent misconfigured: aborting
I have to revert to v3.10.2 to get dspam working again.

When dspam is run on the command line, for retraining, you feed it owner of the mail like this (from my roundcube config):
Code:
$rcmail_config['markasjunk2_spam_cmd'] = "/usr/local/bin/dspam --user %u  --class=spam --source=error --signature=%xds";
I have no idea though whether this is the "destination user" referred to in the error message above. In any case, the previous version doesn't complain about this.

Has anyone here gotten this version working? vermaden ?
 
I have created this mail server in 2010, 6 years ago and this mail server has been phased out of production in late 2011, 5 years ago.

Its ok if someone finds this HOWTO useful but I think its very outdated and would need some rework/update to make it usable in 2016.

Regards,
vermaden
 
Back
Top