Installing Mailserver on FreeBSD 10.2

[Mainz]

Hello Guys,

I tried to install a simple mailserver on my FreeBSD 10.2 following this tutorial:

https://www.vultr.com/docs/simple-mailserver-postfix-dovecot-sieve-freebsd-10

But at the last step I get the following error:

Mar 22 09:49:27 mailsrv postfix/qmgr[618]: F3CF119B7A5: from=<root@mailsrv.localdomain>, size=328, nrcpt=1 (queue active)
Mar 22 09:49:27 mailsrv dovecot: deliver(test): file_dotlock_create(/var/mail/test) failed: Permission denied (euid=1001(test) egid=1001(test) missing +w perm: /var/mail) (set mail_privileged_group=mail)
Mar 22 09:49:27 mailsrv dovecot: deliver(test): msgid=<20160322084926.F3CF119B7A5@mailsrv.localdomain>: save failed to INBOX: Internal error occurred. Refer to server log for more information. [2016-03-22 09:49:27]
Mar 22 09:49:27 mailsrv postfix/local[793]: F3CF119B7A5: to=<test@localhost.localdomain>, orig_to=<test@localhost>, relay=local, delay=0.03, delays=0.01/0/0/0.02, dsn=4.3.0, status=deferred (temporary failure)
Mar 22 09:50:45 mailsrv postfix/pickup[617]: 3FE9B19B7AA: uid=0 from=<root>
Mar 22 09:50:45 mailsrv postfix/cleanup[791]: 3FE9B19B7AA: message-id=<20160322085045.3FE9B19B7AA@mailsrv.localdomain>
Mar 22 09:50:45 mailsrv postfix/qmgr[618]: 3FE9B19B7AA: from=<root@mailsrv.localdomain>, size=328, nrcpt=1 (queue active)
Mar 22 09:50:45 mailsrv dovecot: deliver(test): file_dotlock_create(/var/mail/test) failed: Permission denied (euid=1001(test) egid=1001(test) missing +w perm: /var/mail) (set mail_privileged_group=mail)
Mar 22 09:50:45 mailsrv dovecot: deliver(test): msgid=<20160322085045.3FE9B19B7AA@mailsrv.localdomain>: save failed to INBOX: Internal error occurred. Refer to server log for more information. [2016-03-22 09:50:45]
Mar 22 09:50:45 mailsrv postfix/local[793]: 3FE9B19B7AA: to=<test@localhost.localdomain>, orig_to=<test@localhost>, relay=local, delay=0.05, delays=0.04/0/0/0.01, dsn=4.3.0, status=deferred (temporary failure)
Mar 22 09:52:38 mailsrv postfix/pickup[617]: 7A20D19B7BB: uid=0 from=<root>
Mar 22 09:52:38 mailsrv postfix/cleanup[867]: 7A20D19B7BB: message-id=<20160322085238.7A20D19B7BB@mailsrv.localdomain>
Mar 22 09:52:38 mailsrv postfix/qmgr[618]: 7A20D19B7BB: from=<root@mailsrv.localdomain>, size=332, nrcpt=1 (queue active)
Mar 22 09:52:38 mailsrv dovecot: deliver(youruser): file_dotlock_create(/var/mail/youruser) failed: Permission denied (euid=1002(youruser) egid=1002(youruser) missing +w perm: /var/mail) (set mail_privileged_group=mail)
Mar 22 09:52:38 mailsrv dovecot: deliver(youruser): msgid=<20160322085238.7A20D19B7BB@mailsrv.localdomain>: save failed to INBOX: Internal error occurred. Refer to server log for more information. [2016-03-22 09:52:38]
Mar 22 09:52:38 mailsrv postfix/local[869]: 7A20D19B7BB: to=<youruser@localhost.localdomain>, orig_to=<youruser@localhost>, relay=local, delay=0.07, delays=0.05/0.01/0/0.01, dsn=4.3.0, status=deferred (temporary failure)

And I don''t know how to solve this problem. Can someone give me a hint or help me? Additionaly does someone know how to implement MySQL to create / delete user via database?

Greetings

 

[SirDice]

Looks like you skipped this step:

The next step is to assign the correct path for your users' mailboxes in the same file, under the mail_location directive:

 

[Mainz]

But what did iI wrong there?
I looked into the file and there was mail_location = maildir:~/Maildir the same as in the tutorial.

 

[Mainz]

Ok iI checked the file and the settings are correct.
still get this error

root@mailsrv:/usr/local/etc/postfix # echo "TEST" | mail -s "testmail" youruser@  localhost && tail -f /var/log/maillog
Mar 25 18:13:17 mailsrv sm-mta[569]: starting daemon (8.15.2): SMTP+queueing@00:  30:00
Mar 25 18:13:17 mailsrv sm-mta[569]: STARTTLS=server: file /etc/mail/certs/dh.pa  ram unsafe: No such file or directory
Mar 25 18:13:17 mailsrv sm-msp-queue[572]: starting daemon (8.15.2): queueing@00  :30:00
Mar 25 19:01:55 mailsrv postfix/postfix-script[81830]: error: unknown command: '  '
Mar 25 19:01:55 mailsrv postfix/postfix-script[81831]: fatal: usage: postfix sta  rt (or stop, reload, abort, flush, check, status, set-permissions, upgrade-confi  guration)
Mar 25 19:05:12 mailsrv postfix/postfix-script[81931]: starting the Postfix mail  system
Mar 25 19:05:12 mailsrv postfix/master[81933]: daemon started -- version 2.11.7,  configuration /usr/local/etc/postfix
Mar 25 19:05:17 mailsrv dovecot: Dovecot v1.2.17 starting up
Mar 25 19:05:17 mailsrv dovecot: Generating Diffie-Hellman parameters for the fi  rst time. This may take a while..
Mar 25 19:05:38 mailsrv dovecot: ssl-build-param: SSL parameters regeneration co  mpleted
Mar 25 19:06:02 mailsrv postfix/pickup[81934]: 6AA7453436: uid=0 from=<root>
Mar 25 19:06:02 mailsrv postfix/cleanup[81983]: 6AA7453436: message-id=<20160325  180602.6AA7453436@mailsrv.localdomain>
Mar 25 19:06:02 mailsrv postfix/qmgr[81935]: 6AA7453436: from=<root@mailsrv.loca  ldomain>, size=330, nrcpt=1 (queue active)
Mar 25 19:06:02 mailsrv dovecot: deliver(youruser): msgid=<20160325180602.6AA745  3436@mailsrv.localdomain>: saved mail to INBOX
Mar 25 19:06:02 mailsrv postfix/local[81985]: 6AA7453436: to=<youruser@localhost  .localdomain>, orig_to=<youruser@localhost>, relay=local, delay=0.31, delays=0.0  7/0.01/0/0.24, dsn=2.0.0, status=sent (delivered to command: /usr/local/libexec/  dovecot/deliver)
Mar 25 19:06:02 mailsrv postfix/qmgr[81935]: 6AA7453436: removed

 

[Mainz]

Ok I restarted both services dovecot and postfix and now I get the following:

root@mailsrv:/var/mail # echo "TEST" | mail -s "testmail" youruser@localhost && tail -f /var/log/maillog
Mar 25 19:06:02 mailsrv dovecot: deliver(youruser): msgid=<20160325180602.6AA7453436@mailsrv.localdomain>: saved mail to INBOX
Mar 25 19:06:02 mailsrv postfix/local[81985]: 6AA7453436: to=<youruser@localhost.localdomain>, orig_to=<youruser@localhost>, relay=local, delay=0.31, delays=0.07/0.01/0/0.24, dsn=2.0.0, status=sent (delivered to command: /usr/local/libexec/dovecot/deliver)
Mar 25 19:06:02 mailsrv postfix/qmgr[81935]: 6AA7453436: removed
Mar 25 19:14:42 mailsrv postfix/master[81933]: reload -- version 2.11.7, configuration /usr/local/etc/postfix
Mar 25 19:14:45 mailsrv postfix/postfix-script[82083]: stopping the Postfix mail system
Mar 25 19:14:45 mailsrv postfix/master[81933]: terminating on signal 15
Mar 25 19:14:46 mailsrv postfix/postfix-script[82159]: starting the Postfix mail system
Mar 25 19:14:46 mailsrv postfix/master[82161]: daemon started -- version 2.11.7, configuration /usr/local/etc/postfix
Mar 25 19:14:52 mailsrv dovecot: dovecot: Killed with signal 15 (by pid=82164 uid=0 code=kill)
Mar 25 19:14:52 mailsrv dovecot: Dovecot v1.2.17 starting up
Mar 25 19:15:24 mailsrv postfix/pickup[82162]: DB5FC53461: uid=0 from=<root>
Mar 25 19:15:24 mailsrv postfix/cleanup[82215]: DB5FC53461: message-id=<20160325181524.DB5FC53461@mailsrv.localdomain>
Mar 25 19:15:24 mailsrv postfix/qmgr[82163]: DB5FC53461: from=<root@mailsrv.localdomain>, size=330, nrcpt=1 (queue active)
Mar 25 19:15:25 mailsrv dovecot: deliver(youruser): msgid=<20160325181524.DB5FC53461@mailsrv.localdomain>: saved mail to INBOX
Mar 25 19:15:25 mailsrv postfix/local[82217]: DB5FC53461: to=<youruser@localhost.localdomain>, orig_to=<youruser@localhost>, relay=local, delay=0.12, delays=0.07/0.01/0/0.05, dsn=2.0.0, status=sent (delivered to command: /usr/local/libexec/dovecot/deliver)
Mar 25 19:15:25 mailsrv postfix/qmgr[82163]: DB5FC53461: removed

 

[gkontos]

This guide is very poorly written and it also installs a very old version of Dovecot.

 

[Mainz]

Ok. Now I can send and receive emails.
But how can I install a newer version? I fetched my package, isn't it the newest version then?

 

[Mainz]

This guide is very poor written and it also installs a very old version of Dovecot.

What exactly? Are there some security issues? Or can iI use a server build from this guide securely?

 

[gkontos]

What exactly? Are there some security issues? Or can i use a server build from this guide securely?

I will set up a how to when a find some time for a proper email server.

 

[Mainz]

Thank you.
But can iI use this server or are there security reasons iI should not ?

 

[gkontos]

What you mean security reasons? As long as it is not an open relay it should be fine. You can check for errors online here: http://mxtoolbox.com/diagnostic.aspx

 

[Mainz]

I would like to use my own mailserver. But I'm not sure if iI can use this server because iI want a secure mail server. Is this setup ready for productive use ?

 

[obsigna]

I would like to use my own mailserver. But im not sure if i can use this server because i want a secure Mailserver. Is this setup ready for productive use ?

First, you installed Dovecot v1.x which has been tagged by the Developer as being obsolote, see: http://dovecot.org/documentation.html. This doesn't necessarily mean that it is highly vulnerable, however, the term "obsolete" is a warning at least to me, that security fixes for Dovecot v.1.x have a lower priority than those for Dovecot v2.x.

Second, Dovecot in your installation utilizes actual system users. This is OK, if this is for serving e-mail for you and you family, i.e. for people that you can trust as you can trust yourself. If you use Dovecot with system users for third parties, then you are urged to build in all your security considerations into your system user database. For this reason, in general, I prefer to setup Dovecot with virtual users, because this choice already prevents a mail user gaining accidentally access to other resources on my mail server.

Third, the default TLS settings are quite unrestrictive in terms of protocol and ciphers to be used. This may be a security risk as well.

Sometime ago, I wrote a series of articles in the Howto section of this forum: Home Mail Server with TLS and non-Plain authentication.

It describes utilization of Dovecot v2 + Postfix with a simple file based virtual user setup. It is quite lengthy, and perhaps it might be a somewhat boring reading for people who don't want to get explained all the bloody details. At least, it might give you an idea on what to look out for, when it comes to security.

 

[Mainz]

Much thanks for your informative answer. Its not boring iI will read it. Because I want a secure server. Thanks.

 

[Mainz]

Will this guide work with FreeBSD 10.2 ?

 

[obsigna]

Will this guide work with FreeBSD 10.2 ?

Yes definitely, I have this system running with 10.2 now. You even won't need to install OpenSSL from the ports, since v1.0.1 is part of the base system, and all the modern ciphers and TLS v1.2 is now implemented.