Setting up mail server with Postfix and Dovecot (virtual users/domains)

[Gambler]

I want to set up a mail service for a server of mine. It needs to handle several domains, couple dozen real users, and send out subscriptions/activations for several websites.

So far I got internal mail working. Dovecot seems to work as well. Messages from the websites go out with no problem. However, I can't make SASL authentication to work, and lately inbound emails stopped coming in. That means I can send emails internally via mutt, and they show up in Thunderbird. However, when I send emails from outside to the same address, they disappear. They aren't even in the postqueue. When I try to send email (using my server) via Thunderbird, it says something about the server not supporting SMTP-AUTH.

I have reverse DNS and my MX records should be fine. Actually, it might be a bit unorthodox. But it worked for delivery a couple of month ago, and I don't get any bounce messages.

Questions.

1. In its infinite wisdom, my (home) internet provider blocked port 25. I can change it to something else on the server, but unless I'm missing something, this would mean I will not be able to receive uncoming mail from other servers. Is there a way to make Postfix to listen to several ports?
2. What exactly does login_dir do for Dovecot?
3. How do you debug postfix? I don't see any relevant messages in /var/log/maillog. There are messages, but they aren't from failed Thunderbird connections. Are there other log files?

---

In case someone interested, here are my configs. If you spot something wrong with them, please tell me about it.

Changes in /etc/rc.conf:

postfix_enable="YES"
dovecot_enable="YES"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

Contents of /usr/local/etc/postfix/main.cf:

soft_bounce = yes #temporary

queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix

mail_owner = postfix

myorigin = $myhostname #bsd.example.net
mydestination = $myhostname, localhost.$mydomain, localhost

unknown_local_recipient_reject_code = 550

mynetworks_style = host

virtual_mailbox_domains = example.net example.org example.com
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmailbox
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual

smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =
        permit_mynetworks
        permit_sasl_authenticated
        reject_unauth_destination
smtpd_sasl_authenticated_header = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client

debug_peer_level = 2

debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = no

/usr/local/etc/postfix/vmailbox:

gambler@example.net example.net/gambler/

/usr/local/etc/dovecot.conf:

protocols = imap pop3 imaps pop3s
disable_plaintext_auth = no
ssl_parameters_regenerate = 0
login_dir = /var/dovecot
login_process_per_connection = no
login_processes_count = 1
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_uid = 5000
mail_gid = 5000
mail_privileged_group = mail
mail_access_groups = mail
verbose_proctitle = yes
first_valid_uid = 1000
first_valid_gid = 1

protocol imap {
  imap_client_workarounds = delay-newmail netscape-eoh tb-extra-mailbox-sep outlook-idle
}

protocol pop3 {
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
  postmaster_address = postmaster@example.com
  sendmail_path = /usr/sbin/sendmail
}
auth_verbose = yes
auth default {
  mechanisms = plain login digest-md5
  passdb passwd-file {
    args = /usr/local/etc/dovecot.passwd
  }
  userdb static {
    args = uid=5000 gid=5000 home=/var/mail-homes/%d/%u
  }
  userdb prefetch {
  }
  user = root
  socket listen {
    client {
      path = /var/run/dovecot/auth-client
      mode = 0660
    }
  }
}
dict {
}
plugin {
}

/usr/local/etc/dovecot.passwd:

gambler@example.net:{plain}password

 

[ZhangHuangbin]

You can simplily check out the source code of iRedMail project and then setup mail server with it: http://code.google.com/p/iredmail/

The -current version works on FreeBSD now, include all features you need.

 

[dennylin93]

1. In its infinite wisdom, my (home) internet provider blocked port 25. I can change it to something else on the server, but unless I'm missing something, this would mean I will not be able to receive uncoming mail from other servers. Is there a way to make Postfix to listen to several ports?
2. What exactly does login_dir do for Dovecot?
3. How do you debug postfix? I don't see any relevant messages in /var/log/maillog. There are messages, but they aren't from failed Thunderbird connections. Are there other log files?

1. It's not necessary to change ports. Just redirect them with PF, or use SSH tunneling.

2. # Directory where authentication process places authentication UNIX sockets
   # which login needs to be able to connect to. The sockets are created when
   # running as root, so you don't have to worry about permissions. Note that
   # everything in this directory is deleted when Dovecot is started.
   #login_dir = /var/run/dovecot/login

3. The failed attempts should be there by default.

Look for something like this:

Dec 15 10:05:58 mail postfix/smtpd[5760]: warning: unknown[192.168.1.1]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

You can simplily check out the source code of iRedMail project and then setup mail server with it: http://code.google.com/p/iredmail/

The -current version works on FreeBSD now, include all features you need.

Perhaps it might useful for some people, but installations like these aren't really flexible in comparison.

 

[Gambler]

1. I'm looking into doing redirects with IPFW, since that's what I use. Is SSH tunneling a "standard" way of working with SMTP? I was under the impression that Postfix has built-in facilities for working with SSL/TLS.

2. I've seen that comment, but I still don't understand what does that directive (and directory) do. A socket is needed to connect 2 different processes. What's the second process in this case? If it's the mail server, than why there is a separate directive saying "path = /var/run/dovecot/auth-client"? I was under the impression that was where SASL takes place.

3. "There" meaning /var/log/maillog?

---

I've fixed the mail delivery issue. Apparently, I had a typo in my MX record. It took several days for the bounce-back messages to reach me.

I'm still working on sending mail out via Thunderbird. This takes way more time than I thought it would.

 

[dennylin93]

1. I'm looking into doing redirects with IPFW, since that's what I use. Is SSH tunneling a "standard" way of working with SMTP? I was under the impression that Postfix has built-in facilities for working with SSL/TLS.

I only use PF, so I don't know how to do it with IPFW. Perhaps the man page might help. SSH tunneling is just a way to get past firewalls by making the traffic go through port 22 instead.

2. I've seen that comment, but I still don't understand what does that directive (and directory) do. A socket is needed to connect 2 different processes. What's the second process in this case? If it's the mail server, than why there is a separate directive saying "path = /var/run/dovecot/auth-client"? I was under the impression that was where SASL takes place.

It's not necessary to change login_dir in order to use SASL. See Postfix and Dovecot SASL

3. "There" meaning /var/log/maillog?

Yes.