New postfix/dovecot setup not getting mails - Network issue maybe?

Ecky · August 30, 2012, 3:39am

Installed dovecot 2.0.16-2.3.1-x86_64 and postfix 2.8.8-3.16.1-x86_64 on OS 12.1 (installed yesterday)

Proceeded to configure things for virtual domains (2 domains) and virtual users with mysql, did this following info from the comments in the confs, the postfix & dovecot online docs and the tutorial on workaround.org (dovecot’s own wiki links to this site), encountered a few difficulties getting the programs to run without errors mainly down to settings given in the online docs being obsolete in the newer versions I have installed

Now when I start postfix and dovecot I’m getting no errors and when I check mail to a configured test address it appears to authenticate fine so I don’t think there’s any issue communicating to mysql:

Aug 30 01:49:36 server dovecot: auth-worker: mysql(127.0.0.1): Connected to database mail
Aug 30 01:49:36 server dovecot: pop3-login: Login: user=<test@runestuff.co.uk>, method=PLAIN, rip=192.168.0.3, lip=192.168.0.2, mpid=8382
Aug 30 01:49:36 server dovecot: pop3(test@runestuff.co.uk): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0

I do get one error in /var/log/messages when checking for mails with thunderbird:

Aug 30 01:49:36 server auth: gkr-pam: error looking up user information

but I don’t think that’s causing the problem, seems to be trying authentication with pam maybe? But that shouldn’t stop mails getting through to the server should it?

Re Networking:

I’m using a dyndns account and I don’t think there’s an issue there as mails (and other net traffic) were getting through fine on my previous dovecot/postfix setup on another machine (motherboard died) using my current dyndns settings, though it was using dovecot 1.2 and postfix 2.7. I’ve checked these settings and that they’re sending to the correct ip several times

The isp router providing the internet connection has the necessary pop3 and smtp ports forwarded to the correct ip address of 192.168.0.2, the server’s firewall is also set to accept dovecot and postfix traffic so on the surface it looks as though everything’s good to go but when I send a testmail from gmail I get ‘connection refused’ delivery failure notifications from gmail. Not seeing any any activity in /var/log/mail or var/log/mail.err other than clamav updates and pop3 login reports

I’ve gone as far as I can on my own so all I can do now is post my confs and hope someone can spot where I’m going wrong

/etc/dovecot/dovecot.conf:


protocols = pop3 imap

#listen = *, ::
#base_dir = /var/run/dovecot/
#login_greeting = Dovecot ready.
#login_trusted_networks =
#login_access_sockets = 
#verbose_proctitle = no
#shutdown_clients = yes
#doveadm_socket_path = doveadm-server
#import_environment = TZ
dict {
  #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
  #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}
!include conf.d/*.conf
!include_try local.conf

#  my settings

disable_plaintext_auth = no
mail_location = maildir:/var/vmail/%d/%n/Maildir

auth_mechanisms = plain login

passdb {
    driver = sql
    args = /etc/dovecot/dovecot-sql.conf
}

userdb {
    driver = static
    args = uid=5000 gid=5000 home=/var/vmail/%d/%n allow_all_users=yes
}

 protocol lda {
    auth_socket_path = /var/run/dovecot/auth-master
    postmaster_address =postmaster@localhost
    mail_plugins = sieve
    log_path =
}

/etc/postfix/main.cf

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
mydomain = runestuff.co.uk
#myorigin = $myhostname
myorigin = $mydomain

#inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost

#mydestination = $myhostname, localhost.$mydomain, localhost
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
#    mail.$mydomain, www.$mydomain, ftp.$mydomain


#local_recipient_maps =
#local_recipient_maps = mysql:/etc/postfix/mysql-recipients.cf  <------- found in website examples, not tried yet

unknown_local_recipient_reject_code = 550


#mynetworks_style = class
#mynetworks_style = subnet
#mynetworks_style = host

#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table

#relay_domains = $mydestination

#relayhost = $mydomain
#relayhost = [gateway.my.domain]
#relayhost = [mailserver.isp.tld]
#relayhost = uucphost
#relayhost = [an.ip.add.ress]

#relay_recipient_maps = hash:/etc/postfix/relay_recipients

#in_flow_delay = 1s

#alias_maps = dbm:/etc/aliases
#alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases, nis:mail.aliases
#alias_maps = netinfo:/aliases
#alias_database = dbm:/etc/aliases
#alias_database = dbm:/etc/mail/aliases
#alias_database = hash:/etc/aliases
#alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases

#home_mailbox = Mailbox
#home_mailbox = Maildir/
 
#mailbox_transport = lmtp:unix:/file/name
#mailbox_transport = cyrus

#fallback_transport = lmtp:unix:/file/name
#fallback_transport = cyrus
#fallback_transport =

#luser_relay = $user@other.host
#luser_relay = $local@other.host
#luser_relay = admin+$local
  
# For details, see "man header_checks".
#
#header_checks = regexp:/etc/postfix/header_checks

#fast_flush_domains = $relay_domains

#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 20

# DEBUGGING CONTROL

#debug_peer_list = 127.0.0.1
#debug_peer_list = some.domain

debugger_command =
     PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
     ddd $daemon_directory/$process_name $process_id & sleep 5

# debugger_command =
#    PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
#    echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
#    >$config_directory/$process_name.$process_id.log & sleep 5

# INSTALL-TIME CONFIGURATION INFORMATION

sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq

setgid_group = maildrop

html_directory = /usr/share/doc/packages/postfix-doc/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix-doc/samples
readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES

biff = no
content_filter = 
delay_warning_time = 1h
disable_dns_lookups = no
disable_mime_output_conversion = no
inet_interfaces = localhost
inet_protocols = all
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains = 
masquerade_exceptions = root
mydestination = $myhostname, localhost.$mydomain, mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
myhostname = server.runestuff.co.uk
mynetworks_style = subnet
relayhost = 

alias_maps = hash:/etc/aliases
canonical_maps = hash:/etc/postfix/canonical
relocated_maps = hash:/etc/postfix/relocated
sender_canonical_maps = hash:/etc/postfix/sender_canonical
transport_maps = hash:/etc/postfix/transport
mail_spool_directory = /var/vmail
message_strip_characters = \0
defer_transports = 
mailbox_command = 
mailbox_transport = 
mailbox_size_limit = 0
message_size_limit = 0
strict_8bitmime = no
strict_rfc821_envelopes = no
smtpd_helo_required = no

smtpd_client_restrictions = 

smtpd_helo_restrictions = 

smtpd_sender_restrictions = hash:/etc/postfix/access

smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination


############################################################
# SASL stuff
############################################################
smtp_sasl_auth_enable = no
smtp_sasl_security_options = 
smtp_sasl_password_maps = 
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes

############################################################
# TLS stuff
############################################################
#tls_append_default_CA = no
relay_clientcerts = 
#tls_random_source = dev:/dev/urandom

smtp_use_tls = no
#smtp_tls_loglevel = 0
smtp_enforce_tls = no
smtp_tls_CAfile = 
smtp_tls_CApath = 
smtp_tls_cert_file = 
smtp_tls_key_file = 
#smtp_tls_session_cache_timeout = 3600s
smtp_tls_session_cache_database = 

smtpd_use_tls = no
#smtpd_tls_loglevel = 0
smtpd_tls_CAfile = 
smtpd_tls_CApath = 
smtpd_tls_cert_file = 
smtpd_tls_key_file = 
smtpd_tls_ask_ccert = no
smtpd_tls_received_header = no
############################################################
# Start MySQL from postfixwiki.org
############################################################
#relay_domains = $mydestination, hash:/etc/postfix/relay
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-alias-maps.cf
#virtual_uid_maps = static:303
#virtual_gid_maps = static:303
#virtual_minimum_uid = 303
#virtual_mailbox_base = /srv/maildirs
virtual_mailbox_base = /var/vmail
#virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf <--- specified later
#virtual_mailbox_limit = 0
#virtual_mailbox_limit_inbox = no
#virtual_mailbox_limit_maps = hash:/etc/postfix/vquota
#virtual_mailbox_limit_override = yes
#virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf <--- specified later
#virtual_transport = virtual
## Additional for quota support
#virtual_create_maildirsize = yes
#virtual_mailbox_extended = yes
### Needs Maildir++ compatible IMAP servers, like Courier-IMAP
#virtual_maildir_filter = yes
#virtual_maildir_filter_maps = hash:/etc/postfix/vfilter
#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
#virtual_mailbox_limit_override = yes
#virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota, please try again later.
#virtual_maildir_limit_message_maps = hash:/etc/postfix/vmsg
#virtual_overquota_bounce = yes
#virtual_trash_count = yes
#virtual_trash_name = ".Trash"
############################################################
# End MySQL from postfixwiki.org
############################################################
# Rewrite reject codes
############################################################
#unknown_address_reject_code = 550
#unknown_client_reject_code = 550
#unknown_hostname_reject_code = 550
#soft_bounce = yes
############################################################
#debug_peer_list = example.com
#debug_peer_level = 3

virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

added to /etc/postfix/master.cf:

dovecot unix - n n - - pipe
  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}

I know the main.cf’s a long one to trawl through but on another thread I was told I should’ve left the commented out stuff in there and I haven’t touched any of the ssl or sender/recipient stuff yet, wanted to get the thing actually sending & receiving first, if there’s anything I should have provided but havent please let me know. Thanks

Ecky · August 30, 2012, 5:07pm

Made some progress

Changed /etc/postfix/main.cf to these values:

inet_interfaces = all
myhostname = $mydomain

Also, during installation these values had got written into /etc/postfix/main.cf:

virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailbox-maps.cf

Those were the wrong files, they contained this information not the information they needed to connect with the mysql ‘mail’ database I had created

user = postfix
password = postfix
hosts = localhost
#hosts = 127.0.0.1
dbname = postfix
table = alias
select_field = goto
where_field = address

The files I had created and the necessary values needed to use them were:

virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_mailbox_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

My files have underscores in the names, the default/example files had dashes, wasn’t until I happened to look in the postfix drectory using dolphin I noticed the two sets of files and realised main.cf were pointed to the wrong ones … something to be said for a gui after all sometimes

So … on trying another test mail after making these changes I got:

postfix/smtpd[5551]: connect from mail-qa0-f46.google.com[209.85.216.46]
Aug 30 15:48:44 server postfix/smtpd[5551]: warning: SASL: Connect to private/auth failed: No such file or directory
Aug 30 15:48:44 server postfix/smtpd[5551]: fatal: no SASL authentication mechanisms
Aug 30 15:48:45 server postfix/master[5523]: warning: process /usr/lib/postfix/smtpd pid 5551 exit status 1
Aug 30 15:48:45 server postfix/master[5523]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling

Mails are getting there now, looks like something to do with sasl settings but I do seem to remember having a similar error in the past that was down to permissions … I’m off to investigate

Ecky · August 30, 2012, 7:09pm

Once I started looking into that I realised I’d put this particular issue on hold [and it’s one other people setting up dovecot 2.0 could well encounter] because I was getting confused trying to fix too many things at once, the online documentation/tutorials including dovecot’s own pretty much all say to include this in dovecot.conf for both dovecot 1.2 and 2.0:

auth default {    
  socket listen {
    client {
      path = /var/spool/postfix/private/auth
      mode = 0660
      user = postfix
      group = postfix
    }
  }    
  mechanisms = plain login
}

But that doesn’t work in dovecot 2.0, throws up this error:

Starting dovecot doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:43: add auth_ prefix to all settings inside auth {} and remove the auth {} section completely

I found that prefixing things with auth_ didn’t work either except for:

auth_mechanisms = plain login

What I had to do to get around it was this:

service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
  user = vmail
# didn;t work with user = postfix
}
}

I felt it worth posting that bit of info in case anyone else gets the same problem, I’m now left with one small issue

When dovecot is started and /var/run/dovecot/auth-master gets created the auth-master file is owned by root:root whereas it needs to be owned by vmail:vmail, I have considered adding chown vmail:vmail /var/run/dovecot/auth-master to the /etc/init.d/dovecot script but it wasn’t necessary when I was running dovecot 1.2 on another machine so I’m sure there’s a more elegant way to do it but I can’t remember if I had to specify something in dovecot.conf and not seen anything in the docs on it

Anyone know how I ‘should’ make sure that /var/run/dovecot/auth-master is owned by vmail:vmail upon creation?

Ecky · August 31, 2012, 10:54pm

After much web searching and no response here the only references I’ve found to setting ownership of /var/run/dovecot/auth-master to vmail:vmail is this section in dovecot.conf


socket listen {     master {         path = /var/run/dovecot/auth-master         mode = 0600         user = vmail     }

However as I mentioned earlier dovecot 2.0 does not accept this reporting it as obsolete so I’ve had to get around it by adding

chown vmail:vmail /var/run/dovecot/auth-master

to the start and restart sections of /etc/init.d/dovecot like this:

start)
            echo -n "Starting dovecot "
        startproc $DOVECOT_BIN
        rc_status -v
        chown vmail:vmail /var/run/dovecot/auth-master
        ;;

restart)
        $0 stop
        $0 start
        rc_status
        chown vmail:vmail /var/run/dovecot/auth-master
        ;;

Seems to be working ok so far so erm … thanks for looking guys

Maybe what I’ve posted here will be of use to someone else struggling with a dovecot 2.0 setup