# Postfix and Virtual mailbox problem

## elno

I'am trying to follow the postfix virtual hosting howto http://www.gentoo.org/doc/en/virt-mail-howto.xml

and and failled to create virtual users everything else working well with my local users I can log with them in squirrelmail and send or receive mail.

My problem is this:

first I will create my vmail user as this:

```

# adduser -d /home/vmail -s /bin/false vmail

# uid=`cat /etc/passwd | grep vmail | cut -f 3 -d :`

# groupadd -g $uid vmail

# mkdir /home/vmail

# chown vmail: /home/vmail

```

I don't understand well what the second command is meaning for the third command I don't know what uid I must set I have tried with uid=1001 and 5000 which is a value I've found in another howto. At this moment I understand that I am creating a user which is called vmail with no shell on my system, his directory is at /home/vmail and the owner of /home/vmail is vmail user.

Is that right?

Then for setting in my /etc/postfix/main.cf file my virtual_uid_maps and virtual_gid_maps value 

I'am doing this:

```

# id vmail

uid=1001(vmail) gid=100(users) groups=100(users)

```

so my main.cf is

```

virtual_minimum_uid = 1000

virtual_uid_maps = static:1001

virtual_gid_maps = static:100

```

then 

```

# postfix reload

```

At this point I have no virtual user set in my users mailsql database only my local users are set.

So I create in my users table a new user

```

# mysql -u mailsql -p mailsql

Enter password: 

mysql> INSERT INTO `users` ( `id` , `email` , `clear` , `name` , `uid` , `gid` , `homedir` , `maildir` , `quota` , `postfix` )

       VALUES ( '3', 'john@mydomain.ath.cx', 'password', 'john', '1001', '100', '/home/john/', '/home/john/.maildir/', '', 'y');

mysql> FLUSH PRIVILEGES;

mysql> EXIT

```

At this point if I try to log in squirrelmail with user john I have this error

```

Unknown user or password incorrect.

```

I don't understand what I am doing wrong, must I have to create this user like something like this:

```

# adduser -G vmail -d /home/vmail/john -s /bin/false john

# passwd john

Enter password: which is the password set in mailsql database 

# mkdir /home/vmail/john

```

When I'am doing this my error change to:

```

ERROR: Connection dropped by IMAP server.

```

and in my log messages

```

authdaemond: received auth request, service=imap, authtype=login

authdaemond: authmysql: trying this module

authdaemond: SQL query: SELECT id, "", clear, uid, gid, homedir, "", "", name, "" FROM users WHERE id = "john"

authdaemond: zero rows returned

authdaemond: no password available to compare

authdaemond: authmysql: REJECT - try next module

authdaemond: authpam: trying this module

authdaemond: authpam: sysusername=john, sysuserid=<null>, sysgroupid=100, homedir=/home/vmail/john, address=john, fullname=, maildir=<null>, quota=<null>, options=<null>

authdaemond: authpam: clearpasswd=<null>, passwd=x

authdaemond: pam_service=imap, pam_username=john

authdaemond: dopam successful

authdaemond: Authenticated: sysusername=john, sysuserid=<null>, sysgroupid=100, homedir=/home/vmail/john, address=john, fullname=, maildir=<null>, quota=<null>, options=<null>

authdaemond: Authenticated: clearpasswd=pass, passwd=$1$EFuq9UUU$7B6YuuBdpdSn1.6HTKSTK.

imapd: chdir .maildir: No such file or directory

```

here the authentification is working not in mysql but with pam and as I understand my user john is not virtual but a real local user

Did someone have any idea?

I'am also used this howto 

http://www.coxprod.net/Installation-de-postfix-sasl.html

Thanks

----------

## magic919

 *Quote:*   

> I don't understand well what the second command is meaning 

 

run the second line

```

cat /etc/passwd | grep vmail | cut -f 3 -d :

```

and it outputs the uid.

I would use postfixadmin for this virtual stuff.

----------

## elno

yes that's it I run this command and the output is:

```

$ cat /etc/passwd | grep vmail | cut -f 3 -d : 

1001

1002

```

so I understand that this tell me the uids for all users in group vmail

vmail uid is 1001

john uid is 1002

so for john user  MYSQL_UID_FIELD = 1002

and in /etc/postfix/main.cf 

```

virtual_uid_maps = static:1001

```

the point is to let postfix and squirrelmail writing in john directory but for the moment this doesn't  work at all I still have this error

```

imapd: Connection, ip=[::ffff:127.0.0.1]

authdaemond: received auth request, service=imap, authtype=login

authdaemond: authmysql: trying this module

authdaemond: SQL query: SELECT id, "", clear, uid, gid, homedir, "", "", $

authdaemond: zero rows returned

authdaemond: no password available to compare

authdaemond: authmysql: REJECT - try next module

authdaemond: authpam: trying this module

authdaemond: authpam: sysusername=john, sysuserid=<null>, sysgroupid=100,$

authdaemond: authpam: clearpasswd=<null>, passwd=x

authdaemond: pam_service=imap, pam_username=john

authdaemond: dopam successful

authdaemond: Authenticated: sysusername=john, sysuserid=<null>, sysgroupi$

authdaemond: Authenticated: clearpasswd=password, passwd=$1$Ybh8dMRF$r8ER$

imapd: chdir .maildir: No such file or directory

```

and from this log I can also see that the authentification doesn't pass through authmysql module but through authpam but this doesn't be so bad cause for my local user that what happen to and it's working for them. 

For the moment in mailsql database I only have john as virtual user, no vmail user is set perhaps this is what I forget?

Any ideas?

----------

## elno

Finally I think that my problem is in the authentification process between sasl2, courier-authlib and mysql because of the log messages is telling me that for the authmysql module there is no password to compare.

So the authentification work but with my authpam module which is not very usefull for my virtual users.

Here is my configuration files for courier-authlib, cyrus-sasl, and finally postfix main.cf

```

$ nano /etc/courier/authlib/authdaemonrc

authmodulelist="authmysql authpam authuserdb authshadow authcustom authpipe"

authmodulelistorig="authmysql authuserdb authpam authshadow authcustom authpipe"

daemons=5

authdaemonvar=/var/lib/courier/authdaemon

DEBUG_LOGIN=2

DEFAULTOPTIONS=""

LOGGEROPTS=""

```

```

$ nano /etc/courier/authlib/authmysqlrc

MYSQL_SERVER            localhost

MYSQL_USERNAME          mailsql

MYSQL_PASSWORD          dbpassword

MYSQL_SOCKET            /var/mysql/mysql.sock

MYSQL_PORT              3306

MYSQL_OPT               0

MYSQL_DATABASE          mailsql

MYSQL_USER_TABLE        users

MYSQL_CLEAR_PWFIELD     clear

MYSQL_UID_FIELD         uid

MYSQL_GID_FIELD         gid

MYSQL_LOGIN_FIELD       id

MYSQL_HOME_FIELD        homedir

MYSQL_NAME_FIELD        name

```

```

$ nano /etc/sasl2/smtpd.conf

mech_list: PLAIN LOGIN

pwcheck_method: saslauthd

```

```

$ nano /etc/conf.d/saslauthd

SASLAUTHD_OPTS=""

SASLAUTHD_OPTS="${SASLAUTH_MECH} -a rimap -r"

SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -O localhost"

```

```

$ nano /etc/postfix/main.cf

# MYSQL support

alias_maps = mysql:/etc/postfix/mysql-aliases.cf

relocated_maps = mysql:/etc/postfix/mysql-relocated.cf

local_transport = local

local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname

virtual_transport = virtual

virtual_mailbox_domains =

        virtualdomain.ath.cx,

        $other-virtual-domain.com

virtual_minimum_uid = 1000

virtual_uid_maps = static:1001

virtual_gid_maps = static:100

virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf

virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf

virtual_mailbox_base = /

virtual_mailbox_limit =

# SASL support

smtpd_sasl_auth_enable = yes

smtp_sasl_password_maps = hash:/etc/postfix/saslpass

smtpd_sasl2_auth_enable = yes

smtp_sasl2_password_maps = hash:/etc/postfix/saslpass

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_sasl_local_domain =

smtpd_recipient_restrictions =

  permit_sasl_authenticated,

  permit_mynetworks,

  reject_unauth_destination

```

finally I have this file which store my user login and password information

```

$ nano /etc/postfix/saslpass

myhost.ath.cx                   elno:password

elno@myhost.ath.cx              elno:password

```

That where I am now thinking if I resolve this authentification problem I will also resolve my virtual user authentification problem

Thanks for your help...

----------

## elno

Ok the authentification problem seem to be solved  :Smile: 

I finally find this how-to http://gentoo-wiki.com/HOWTO_Linux_Virtual_Hosting_Server

and I found another way to make authmysqlrc working:

Here it is:

We first have to return back to our different configuration files and modified them, so if you are testing the gentoo howto you can do this after emerging courier-imap, courier-authlib. and cyrus-sasl. We will edit first /etc/sasl2/smtpd.conf

```

$ nano /etc/sasl2/smtpd.conf

pwcheck_method: authdaemond

log_level: 3

mech_list: PLAIN LOGIN

authdaemond_path:/var/lib/courier/authdaemon/socket

```

Then we change /etc/conf.d/saslauthd

```

$ nano /etc/conf.d/saslauthd

SASLAUTHD_OPTS=""

SASLAUTHD_OPTS="${SASLAUTH_MECH} -a pam -r"

SASLAUTHD_OPTS="${SASLAUTHD_OPTS} -O localhost"

```

Now we will only set our needings modules in /etc/courier/authlib/authdaemonrc

```

$ nano /etc/courier/authlib/authdaemonrc

authmodulelist="authmysql authpam"

```

Then modified /etc/courier/authlib/authmysqlrc here you can choose your MYSQL_LOGIN_FIELD which the field of your choice, in the precedent file I were set it on "id", I prefer change this to "name"

```

$ nano /etc/courier/authlib/authmysqlrc

MYSQL_SERVER            localhost

MYSQL_USERNAME          mailsql

MYSQL_PASSWORD          dbpassword

MYSQL_SOCKET            /var/mysql/mysql.sock

MYSQL_PORT              3306

MYSQL_OPT               0

MYSQL_DATABASE          mailsql

MYSQL_USER_TABLE        users

MYSQL_CLEAR_PWFIELD     clear

MYSQL_UID_FIELD         uid

MYSQL_GID_FIELD         gid

MYSQL_LOGIN_FIELD       name

MYSQL_HOME_FIELD        homedir

MYSQL_NAME_FIELD        name 

```

I have added before some line in my /etc/postfix/main.cf which are not used for SASL support

I comment also support for sasl2 for the moment

```

$ nano /etc/postfix/main.cf

# SASL support

smtpd_sasl_auth_enable = yes

#smtpd_sasl2_auth_enable = yes

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_sasl_local_domain =

smtpd_recipient_restrictions =

  permit_sasl_authenticated,

  permit_mynetworks,

  reject_unauth_destination 

```

And finally the missing (?) modification in /etc/pam.d/, we are doing this for this three files: imap, pop3, and smtp

```

$ nano /etc/pam.d/imap ... and the others... 

#auth required pam_nologin.so

#auth required pam_stack.so service=system-auth

#account required pam_stack.so service=system-auth

#session required pam_stack.so service=system-auth

auth optional pam_mysql.so host=localhost db=mailsql user=mailsql \

passwd=****** table=users usercolumn=email passwdcolumn=clear crypt=0

account required pam_mysql.so host=localhost db=mailsql user=mailsql \

passwd=****** table=users usercolumn=email passwdcolumn=clear crypt=0

```

For security purpose we change the permission for those files

```

$ chmod 640 /etc/pam.d/{imap*,pop*,smtp}

```

At the end we will emerge pam_mysql, if we haven't our pam_mysql.o file in /lib/security/ directory

```

$ emerge pam_mysql

$ /etc/init.d/courier-authlib restart

$ /etc/init.d/saslauthd restart

$ postfix reload

```

I hope I forgot nothing, If we have an error like that:

```

ERROR: Connection dropped by IMAP server.

```

we will probably found something like this in our log messages

```

imapd: chdir .maildir: Permission denied

```

So check your uid and gid values for your users and replace it in mailsql database with the good one. 

Hoping this will help...

----------

