# HowTO: Postfix - MailScanner - DBMail - SASL - TLS

## msalerno

Updated 27/06/05

postfix main.cf tweaks

- Spam bounce

- Virtual Domains

- Trim main.cf

- Additional Notes added

This has been in the planning for quite some time, but I just recently got the time and equipment to get it started.  Here are my notes so far.  I do not cover every step along this process, most of these programs come with well written README or INSTALL files that should not be overlooked.  I am very new to postfix, so if anyone spots somthing that should be changed, please post it.

This is without a doubt the easiest virtual mail server I have ever setup.

postfix->MailScanner->postfix->DBMail

Minimum recommended use flags: sasl mysql pam apache2 innodb ssl postfix crypt

If you updated any of your use flags, try the following command to see what might need to be rebuild with the new libraries

#  emerge -N world --deep -pv

Here are the packages I am currently using:mail-filter/spamassassin 3.0.2-r1

mail-filter/razor 2.61

dev-python/pyzor 0.4.0-r1

mail-filter/dcc 1.2.28-r1

app-antivirus/clamav 0.83

mail-mta/postfix 2.1.5-r2

dev-db/mysql 4.0.24You have the option to use either just use SASL or SASL with pam_mysql.  

Completely your choice.

In order to avoid problems with MailScanner, it is very important that after you emerge razor, you execute the following commands:

```
mkdir /etc/razor

razor-admin -create -home=/etc/razor
```

Razor has been known to create it's log file in /var/spool/postfix/hold, and MailScanner will stop scanning if any files are in this dir.

If you choose just to use sasl, then you will need to emerge dev-libs/cyrus-sasl >= 2.1.20-r2

Which is currently masked.  I just used:

```
ACCEPT_KEYWORDS="~x86" emerge -v cyrus-sasl
```

If you don't want to emerge a masked package and you want to go the other route, then you will need

dev-libs/cyrus-sasl 2.1.20

sys-libs/pam_mysql 0.5I used the MailScanner ebuild from https://bugs.gentoo.org/show_bug.cgi?id=36060

I know that there is a dbmail ebuild, but I built it from source - http://www.dbmail.org/

I configured postfix to run in the chroot'd env by executing:

```
/usr/share/doc/postfix-2.1.5-r2/examples/chroot-setup/LINUX2
```

I also had to change the following line in the master.cf

 *Quote:*   

> smtp      inet  n       -       -       -       -       smtpd

 

All I did was replace the second "n" with a "-".  This tells postfix to run in a chroot.

I got postfix working before I made any of the following changes.  Mail in and out with no problems.  The postfix website http://www.postfix.org/documentation.html has lots of great documentation.  If you are new to postfix, like me, I strongly recommend going through the docs.

Next, I setup MailScanner. Make sure postfix is in your use flags! I put it in my portage_overlay, and emergd it. Currently, it setups up 2 init scripts, MailScanner and MailScanner-mta. Due to my configuration, I dont start the MailScanner-mta service and I comment out MailScanner-mta in the /etc/init.d/MailScanner: 

```
depend() {

        need net # MailScanner-mta

        after postfix

        use logger dns

}
```

In the /etc/MailScanner/MailScanner.conf, I only changed some basic settings. (setting the Queue paths is required!):

There are many more options to set, but I just wanted to get things working first.  Many of those options are just set so that I know that MailScanner is working.  Read through the file, it is well commented.

```
Incoming Queue Dir = /var/spool/postfix/hold

Outgoing Queue Dir = /var/spool/postfix/incoming

Always Include SpamAssassin Report = yes

Sign Clean Messages = yes

Use SpamAssassin = yes
```

/etc/mail/spamassassin/local/cf:

```
rewrite_header Subject *****SPAM*****

bayes_sql_override_username     "global"

bayes_store_module              Mail::SpamAssassin::BayesStore::SQL

bayes_sql_dsn                   DBI:mysql:spamassassin:localhost

bayes_sql_username              bayesdb

bayes_sql_password              mypassword

use_bayes 1

use_bayes_rules 1

bayes_auto_learn 1

required_hits 5.5

report_safe 2

use_terse_report 1

dns_available yes

skip_rbl_checks 1

use_razor2 1

use_pyzor 1

use_dcc 1

ok_languages all

ok_locales all

```

For spamassassin, I imported my old bayes_db into my SQL database and could check connectivity by just executing:

sa-learn --dump magic -D

At this point, you should be able to start postfix and mailscanner.

/etc/init.d/postfix start

/etc/init.d/MailScanner start

Send an e-mail to an external account

# echo Test | mutt me@foo.yahoo.com

When you receive the e-mail, check the headers for MailScanner entries.

In order to get SASL w/ TLS working with the chroot'd Postfix, I added the following lines to my /etc/fstab:

/var/lib/sasl2 /var/spool/postfix/var/lib/sasl2 bind    bind  0 0

/var/run/mysqld /var/spool/postfix/var/run/mysqld       bind    bind    0 0

Of course I created the /var/spool/postfix/var/lib/sasl2 and the /var/spool/postfix/var/run/mysqld directories first

I also generated my own certs using:

```
cd /etc/ssl/misc/

perl CA.pl -newca

perl CA.pl -newreq

perl CA.pl -sign
```

And then copying them to /etc/postfix/ssl/

These lines will allow postfix to access the mysql and sasl sockets from the chroot.

For my master.cf, I added the below line under the line for smtp:

 *Quote:*   

> dbmail-lmtp     unix    -       -       n       -       -       lmtp

 

This is to tell postfix to hand the mail over to dbmail.

Current main.cf

```

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

mail_owner = postfix

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

setgid_group = postdrop

html_directory = no

manpage_directory = /usr/share/man

sample_directory = /etc/postfix

readme_directory = /usr/share/doc/postfix-2.1.5-r2/readme

debug_peer_level = 2

debug_peer_list = 127.0.0.1

debugger_command =

        PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

        xxgdb $daemon_directory/$process_name $process_id & sleep 5

# SASL

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain =

broken_sasl_auth_clients = yes

# TLS

smtpd_tls_auth_only = yes

smtp_use_tls = yes

smtpd_use_tls = yes

smtp_tls_note_starttls_offer = yes

smtpd_tls_key_file = /etc/postfix/ssl/ozone.key

smtpd_tls_cert_file = /etc/postfix/ssl/ozone.crt

smtpd_tls_CAfile = /etc/postfix/ssl/ozone.pem

smtpd_tls_loglevel = 1

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

mynetworks_style = subnet

mynetworks = 127.0.0.0/8 192.168.10.0/24

alias_database = hash:/etc/mail/aliases

alias_maps = hash:/etc/mail/aliases

# Server

mailbox_transport = dbmail-lmtp:localhost:24

header_checks = regexp:/etc/postfix/header_checks

myhostname = your.fqdn.tld

mydomain = your.fqdn.tld

myorigin = $mydomain

mydestination = localhost, your.fqdn.tld, $virtual_alias_domains

local_recipient_maps = $virtual_alias_domains $virtual_alias_maps

unknown_local_recipient_reject_code = 550

virtual_alias_domains = mysql:/etc/postfix/virtual-domains.cf

virtual_alias_maps =mysql:/etc/postfix/valiasdom.cf mysql:/etc/postfix/virtual_aliases.cf

smtpd_recipient_restrictions =  reject_invalid_hostname, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unauth_pipelining, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unknown_recipient_domain, reject_unauth_destination, permit

smtpd_sender_restrictions =  permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/all-users.cf
```

/etc/postfix/header_checks:

```
/^Received:/ HOLD
```

/etc/postfix/virtual-domains.cf:

```
user = dbmail

password = password

dbname = dbmail

table = dbmail_vdomains

select_field = domain

where_field = domain
```

/etc/postfix/virtual_aliases.cf:

```
user = dbmail

password = password

hosts = localhost

dbname = dbmail

table = dbmail_aliases

select_field = alias

where_field = alias
```

/etc/postfix/valiasdom.cf:

```
user = dbmail

password = password

dbname = dbmail

table = dbmail_vdomains

select_field = concat( '@', pridomain )

where_field = concat( '@', domain )

additional_conditions = and pridomain is not NULL
```

/etc/postfix/all-users.cf

```

user = dbmail

password = password

hosts = localhost

dbname = dbmail

table = dbmail_aliases left join dbmail_vdomains on dbmail_vdomains.client_idnr = dbmail_aliases.client_idnr

select_field = case when count(dbmail_aliases.alias) > 0  then "OK" when count(dbmail_aliases.alias) = 0  then "REJECT" END AS 'access'

where_field = concat(LEFT(dbmail_aliases.alias, LOCATE('@', dbmail_aliases.alias)),dbmail_vdomains.domain)
```

Table structure for table 'dbmail_vdomains'

```
+------------+-------------+------+-----+---------+----------------+

| Field      | Type        | Null | Key | Default | Extra          |

+------------+-------------+------+-----+---------+----------------+

| id         | int(7)      |      | PRI | NULL    | auto_increment |

| domain     | varchar(40) |      | UNI |         |                |

| comment    | varchar(40) | YES  |     | NULL    |                |

| pridomain  | varchar(40) | YES  |     | NULL    |                |

| client_idnr| bigint(21)  | NO   |     | NULL    |                |

+------------+-------------+------+-----+---------+----------------+
```

```

id   domain            comment               pridomain      client_idnr

1    foo.bar          Primary Domain            NULL         6

2    domain.tld       Primary Domain            NULL         7

3    foo.bar.uk       Alias for foo.bar         foo.bar      6

4    domain.tld.mx    Alias for domain.tld      domain.tld   7

5    foo.bar.mx       Alias for foo.bar         foo.bar      6
```

SQL to create table 'dbmail_vdomains':

```
CREATE TABLE `dbmail_vdomains` (

  `id` int(7) NOT NULL auto_increment,

  `domain` varchar(40) NOT NULL default '',

  `comment` varchar(40) default NULL,

  `pridomain` varchar(40) default NULL,

  `client_idnr` bigint(21) NOT NULL default '0',

  PRIMARY KEY  (`id`),

  UNIQUE KEY `domain` (`domain`)

) TYPE=InnoDB AUTO_INCREMENT=27 ;
```

Download the DBMail source and unpack it.  Read through the README and INSTALL and the INSTALL.postfix for better instructions.  You will need to copy the given dbmail.conf to /etc/ and make some changes.  The only changes I made were for the database connection.

/etc/dbmail.conf:

```
[DBMAIL]

host=localhost

sqlport=3306

sqlsocket=/var/run/mysqld/mysqld.sock

user=dbmail

pass=mypassword

db=dbmail

POSTMASTER=postmaster@foo.com

TRACE_LEVEL=1

[SMTP]

SENDMAIL=/usr/sbin/sendmail

AUTO_NOTIFY=no

AUTO_REPLY=no

TRACE_LEVEL=1

[LMTP]

EFFECTIVE_USER=nobody

EFFECTIVE_GROUP=nogroup

BINDIP=127.0.0.1

                         

PORT=24

NCHILDREN=20

MAXCHILDREN=15

MINSPARECHILDREN=2

MAXSPARECHILDREN=4

MAXCONNECTS=10000

TIMEOUT=300

RESOLVE_IP=yes

TRACE_LEVEL=1

MAX_ERRORS=500

[POP]

EFFECTIVE_USER=nobody

EFFECTIVE_GROUP=nogroup

BINDIP=*

PORT=110

NCHILDREN=30

MAXCHILDREN=200

MINSPARECHILDREN=2

MAXSPARECHILDREN=4

MAXCONNECTS=10000

TIMEOUT=300

RESOLVE_IP=yes

POP_BEFORE_SMTP=no

TRACE_LEVEL=1

[IMAP]

EFFECTIVE_USER=nobody

EFFECTIVE_GROUP=nogroup

BINDIP=*

PORT=143

NCHILDREN=5

MAXCHILDREN=100

MINSPARECHILDREN=2

MAXSPARECHILDREN=4

MAXCONNECTS=10000

TIMEOUT=4000

RESOLVE_IP=yes

IMAP_BEFORE_SMTP=no

TRACE_LEVEL=1
```

I got the init scripts from the ebuild

/etc/conf.d/saslauthd:

```
SASLAUTHD_OPTS=""

SASLAUTHD_OPTS="${SASLAUTH_MECH} -a pam -r"
```

<Just SASL>

If you plan on using just SASL:

This will allow you to authenticate your through your SMTP server using: crypt, plaintext, md5

/etc/sasl2/smtpd.conf:

```
pwcheck_method: auxprop

auxprop_plugin: sql

allowanonymouslogin: no

allowplaintext: yes

mech_list: PLAIN LOGIN

srp_mda: md5

srvtab: /dev/null

opiekeys: /dev/null

password_format: crypt

sql_user: dbmail

sql_passwd: mypassword

sql_hostnames: localhost

sql_database: dbmail

sql_select: SELECT passwd FROM dbmail_users WHERE userid = '%u@%r'

log_level: 10

sql_verbose: yes
```

</Just SASL>

<SASL with pam_mysql>

If you plan on using SASL with pam_mysql:

/etc/pam.d/smtp:

This will allow you to authenticate your through your SMTP server using: crypt, plaintext, md5

Watch out for the line wrap.  When you create the smtp file, there should only be 2 lines.

```
auth    sufficient      pam_mysql.so user=dbmail passwd=password host=127.0.0.1 db=dbmail table=dbmail_users usercolumn=userid passwdcolumn=passwd crypt=1

account required        pam_mysql.so user=dbmail passwd=password host=127.0.0.1 db=dbmail table=dbmail_users usercolumn=userid passwdcolumn=passwd crypt=1
```

/etc/sasl2/smtpd.conf:

```
pwcheck_method:saslauthd

mech_list: plain login
```

</SASL with pam_mysql>

/etc/init.d/dbmail-lmtpd:

```
#!/sbin/runscript

#

# chkconfig: - 91 35

# description: Starts and stops the dbmail-lmtpd daemon

#

PROGRAM=dbmail-lmtpd

BIN_DIR=/usr/local/sbin

PID_DIR=/var/run

PID=pid

# Where is the dbmail.conf file located?

CONFIG=/etc/dbmail.conf

# opts="${opts} reload"

depend() {

        need net

        # This won't cause a hard failure if neither is installed, however.

        use mysql

        after mysql mta

}

initService() {

    # Avoid using root's TMPDIR

    unset TMPDIR

    # Check that config file exists.

    [ -f $CONFIG ] || exit 0

    RETVAL=0

}

start() {

        initService

        ebegin "Starting DBMail LMTP daemon ($PROGRAM)"

            start-stop-daemon --start --quiet \

              --pidfile $PID_DIR/$PROGRAM.$PID \

              --exec $BIN_DIR/$PROGRAM \

              --name $PROGRAM \

              -- -f $CONFIG -p $PID_DIR/$PROGRAM.$PID 2>&1

        eend $?

}

stop() {

        initService

        ebegin "Stopping DBMail LMTP daemon ($PROGRAM)"

            start-stop-daemon --stop --quiet --retry 5 \

              --pidfile $PID_DIR/$PROGRAM.$PID

        eend $?

}
```

/etc/init.d/dbmail-pop3d:

```
#!/sbin/runscript

#

# chkconfig: - 91 35

# description: Starts and stops the dbmail-pop3d daemon

#

PROGRAM=dbmail-pop3d

BIN_DIR=/usr/local/sbin

PID_DIR=/var/run

PID=pid

# Where is the dbmail.conf file located?

CONFIG=/etc/dbmail.conf

# opts="${opts} reload"

depend() {

        need net

        # This won't cause a hard failure if neither is installed, however.

        use mysql

        use pgsql

        after mta

}

initService() {

    # Avoid using root's TMPDIR

    unset TMPDIR

    # Check that config file exists.

    [ -f $CONFIG ] || exit 0

    RETVAL=0

}

start() {

        initService

        ebegin "Starting DBMail POP3 daemon ($PROGRAM)"

            start-stop-daemon --start --quiet \

              --pidfile $PID_DIR/$PROGRAM.$PID \

              --exec $BIN_DIR/$PROGRAM \

              --name $PROGRAM \

              -- -f $CONFIG -p $PID_DIR/$PROGRAM.$PID 2>&1

        eend $?

}

stop() {

        initService

        ebegin "Stopping DBMail POP3 daemon ($PROGRAM)"

            start-stop-daemon --stop --quiet --retry 5 \

              --pidfile $PID_DIR/$PROGRAM.$PID

        eend $?

}
```

/etc/init.d/dbmail-imapd:

```
#!/sbin/runscript

#

# chkconfig: - 91 35

# description: Starts and stops the dbmail-imapd daemon

#

PROGRAM=dbmail-imapd

BIN_DIR=/usr/local/sbin

PID_DIR=/var/run

PID=pid

# Where is the dbmail.conf file located?

CONFIG=/etc/dbmail.conf

# opts="${opts} reload"

depend() {

        need net

        # This won't cause a hard failure if neither is installed, however.

        use mysql

        use pgsql

        after mta

}

initService() {

    # Avoid using root's TMPDIR

    unset TMPDIR

    # Check that config file exists.

    [ -f $CONFIG ] || exit 0

    RETVAL=0

}

start() {

        initService

        ebegin "Starting DBMail IMAP daemon ($PROGRAM)"

            start-stop-daemon --start --quiet \

              --pidfile $PID_DIR/$PROGRAM.$PID \

              --exec $BIN_DIR/$PROGRAM \

              --name $PROGRAM \

              -- -f $CONFIG -p $PID_DIR/$PROGRAM.$PID 2>&1

        eend $?

}

stop() {

        initService

        ebegin "Stopping DBMail IMAP daemon ($PROGRAM)"

            start-stop-daemon --stop --quiet --retry 5 \

              --pidfile $PID_DIR/$PROGRAM.$PID

        eend $?

}
```

Currently with this setup, my mail server is working great.  Now all I have to do is setup mysql to listen on an external ip address, setup another server with almost the same settings, setup sql replication and I should have some pretty reliable and redundant mail servers.  Of course the switchover won't be automatic, yet...

Additional Notes:

Taken from my Wiki entry at dbmail.org

While building my first DBMail server, I was happy to see that the full migration from my old mail server worked almost flawlessly, I ran into one snag. My company has many domains, and most of those domains are just aliases. I knew that I could create an alias for every user for every aliased domain, but that would exponentially increase the size of my alias table, I could have also created and alias like @foo.bar →deliver_to→ @foo.bar.uk, but I wanted to do something a bit cleaner and easier to manage since they are constantly adding and removing alias domains. So what I did was create a table for managing the domains. I named it dbmail_vdomains and its structure is very minimal. It contains the following columns: id, domain, comment,pridomain, client_idnr.

When I created my user accounts, I used a unique client_idnr for each new domain. So, each user had its main alias as user@foo.bar deliver_to user_idnr, and every account and alias for the foo.bar domain uses the same client_idnr. By giving all of the accounts in the same domain the same client_idnr, you can use sql to do some nice things. The next step is to populate the table.

After putting the server up and watching the logs all day long, I noticed that about 50% of all mail was spam, and even worse, it was being sent to non-existing e-mail addresses. I know that postix will deny mail for non-existing users (local_recipient_maps), but when you alias an entire domain, it wont block e-mail to non-existing users for the aliased domain. So e-mail sent to baduser@foo.bar will immediatly bounce back with a 550, but if it were sent to baduser@foo.bar.uk, then postifx would accept the mail, and then bounce it. Since I am doing spam, content and virus checking for every piece of mail, I didnt want to waste the resources on this junk. So I implemented the check_recipient_access in the smtpd_sender_restrictions.

The check_recipient_access will basically lookup an e-mail address and will see if the mail server will accept mail for that account. So all-users.cf, uses the dbmail_vdomains and the dbmail_aliases tables joining them using the client_idnr. So it creates a list of all possible e-mail addresses including all aliases including all aliased domains. When postfix is receiving an e-mail, it will check the recipient e-mail address to see if it accepts mail for that address. If it finds an e-mail address that matches, it will return, OK and the mail will be accepted and processed, if no e-mail address is found, it will return REJECT, and postfix will reject the mail, not accepting it for processing. So far my mail server has rejected over 50,000 pieces of mail because of this. The overhead of looking up the e-mail address is much much less than processing mail that couldnt be delivered in the first place.

Good luck

03/38/05 Just found this link.  It does not include DBMail, but it is a good reference

http://gentoo-wiki.com/HOWTO_Email_Virus_Scanner_--_MailscannerLast edited by msalerno on Tue Nov 22, 2005 5:24 pm; edited 33 times in total

----------

## cchee

dbmail also has administrator interface.

http://library.mobrien.com/dbmailadministrator/

----------

## msalerno

I have set it up, and it looks pretty good.  I just have to do some more reading on it.

Thanks

----------

## msalerno

I started writing some scripts to make the migration from Qmail/Vpopmail/SQL to the above configuration easier.  I posted them on the dbmail wiki if anyone is ever interested.

http://dbmail.org/dokuwiki/doku.php?id=mirgating_from_qmail_vpopmail_sql

----------

## MooktaKiNG

There is no config file /etc/postfix/valias.cf

What do i put inside it? this is not mentioned above.

----------

## srid

Ok, this is killing me..

I've been trying to get SMTP AUTH working from past one and half weeks now but nothing seems to work

I will paste the configuration files below..

I'm using the howto on http://high5.net/howto

main.cf file

```

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

mail_owner = postfix

default_privs = nobody

myhostname = domain.com

mydomain = domain.com

myorigin = $mydomain

inet_interfaces = all

mydestination = localhost.$mydomain, localhost

unknown_local_recipient_reject_code = 550

mynetworks = 10.1.0.0/16, 127.0.0.0/8

alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases

transport_maps = hash:/etc/postfix/transport_maps

mail_spool_directory = /var/spool/mail

local_destination_concurrency_limit = 2

default_destination_concurrency_limit = 20

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

setgid_group = postdrop

html_directory = no

manpage_directory = /usr/share/man

sample_directory = /etc/postfix

readme_directory = /usr/share/doc/postfix-2.1.5-r2/readme

default_destination_concurrency_limit = 2

alias_database = hash:/etc/mail/aliases

local_destination_concurrency_limit = 2

alias_maps = hash:/etc/mail/aliases

virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf

virtual_gid_maps = static:207

virtual_mailbox_base = /usr/local/virtual

virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf

virtual_mailbox_limit = 51200000

virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

virtual_minimum_uid = 207

virtual_transport = virtual

virtual_uid_maps = static:207

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain = $myhostname

broken_sasl_auth_clients = yes

smtpd_recipient_restrictions =

        reject_non_fqdn_sender,

        reject_non_fqdn_recipient,

        reject_unlisted_recipient,

        reject_unknown_sender_domain,

        reject_unknown_recipient_domain,

        permit_mynetworks,

        permit_sasl_authenticated,

        reject_unauth_destination

disable_vrfy_command = yes

```

The problem is that postfix does'nt even bother to check for smtp auth. Even if nothing is specified, it just relay's the mail if the mynetworks parameter is satisfied

dev-libs/cyrus-sasl-2.1.20-r2  +authdaemond -berkdb* +crypt -debug* +gdbm* +java -kerberos -ldap +mysql -ntlm_unsupported_patch +pam -postgres -sample -srp +ssl -static -urandom

net-libs/courier-authlib-0.55  -berkdb +crypt -debug +gdbm -ldap +mysql +pam -postgres (-uclibc)

net-mail/courier-imap-4.0.1  -berkdb -debug -fam +gdbm -ipv6 +nls (-selinux)

mail-mta/postfix-2.1.5-r2  -ipv6 -ldap -mailwrapper -mbox +mysql +pam -postgres +sasl (-selinux) +ssl -vda

This is my configuration files..

```
sasl2 # cat /etc/sasl2/smtpd.conf

 $Header: /var/cvsroot/gentoo-x86/mail-mta/postfix/files/smtp.sasl,v 1.2 2004/07/18 03:26:56 dragonheart Exp $

pwcheck_method:pam

pwcheck_method: auxprop

auxprop_plugin: mysql

allowanonymouslogin: no

allowplaintext: yes

mech_list: PLAIN LOGIN DIGEST-MD5 CRAM-MD5

#mech_list: CRAM-MD5 DIGEST-MD5

srp_mda: md5

srvtab: /dev/null

opiekeys: /dev/null

password_format: crypt

sql_user: postfix

sql_passwd: password-replaced

sql_hostnames: localhost

ql_database: postfix

sql_select: SELECT password FROM mailbox WHERE username = '%u@%r'
```

I am confused on how to start saslauthd as it only supports 

sasl2 # saslauthd -v

saslauthd 2.1.20

authentication mechanisms: getpwent pam rimap shadow

I tried with shadow but nothing worked.

This is my

/etc/courier/authlib/authmysqlrc

```
#DEFAULT_DOMAIN         

MYSQL_CRYPT_PWFIELD     password

#MYSQL_CLEAR_PWFIELD     clear

MYSQL_DATABASE          postfix

MYSQL_GID_FIELD         '207'

MYSQL_HOME_FIELD        '/usr/local/virtual'

MYSQL_LOGIN_FIELD       username

MYSQL_MAILDIR_FIELD     maildir

MYSQL_NAME_FIELD        name

MYSQL_OPT               0

MYSQL_PASSWORD        password-replaced

MYSQL_PORT              3306

MYSQL_SERVER            localhost

MYSQL_SOCKET            /var/run/mysqld/mysqld.sock

MYSQL_UID_FIELD         '207'

MYSQL_USERNAME          postfix

MYSQL_USER_TABLE        mailbox
```

Extracts of ldd /usr/lib/postfix/smtp

```

        libpam.so.0 => /lib/libpam.so.0 (0xb7f4a000)

        libmysqlclient.so.12 => /usr/lib/libmysqlclient.so.12 (0xb7f0d000)

        libssl.so.0.9.7 => /usr/lib/libssl.so.0.9.7 (0xb7eaf000)

        libcrypto.so.0.9.7 => /usr/lib/libcrypto.so.0.9.7 (0xb7dcc000)

        libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7db9000)

        libdb-4.1.so => /usr/lib/libdb-4.1.so (0xb7d0f000)

```

```

     ldd /usr/lib/courier/courier-authlib/authdaemond

        linux-gate.so.1 =>  (0xffffe000)

        libltdl.so.3 => /usr/lib/libltdl.so.3 (0xb7fd9000)

        libdl.so.2 => /lib/libdl.so.2 (0xb7fd6000)

        libcourierauthcommon.so.0 => /usr/lib/courier-authlib/libcourierauthcommon.so.0 (0xb7fcc000)

        libcourierauth.so.0 => /usr/lib/courier-authlib/libcourierauth.so.0 (0xb7fc7000)

        libc.so.6 => /lib/libc.so.6 (0xb7ecc000)

        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0xb7fee000)

        libcrypt.so.1 => /lib/libcrypt.so.1 (0xb7ea0000)

```

The problem is that postfix is not even querying for the user name and the password. What might be the problem? 

Thx in advance

----------

## msalerno

 *MooktaKiNG wrote:*   

> There is no config file /etc/postfix/valias.cf
> 
> What do i put inside it? this is not mentioned above.

 

My apologies, I have updated the above howto.

----------

## msalerno

 *srid wrote:*   

> I've been trying to get SMTP AUTH working from past one and half weeks now but nothing seems to work
> 
> I will paste the configuration files below..
> 
> I'm using the howto on http://high5.net/howto

 

I'm sorry, but I have never setup a postfixadmin system.  You should try comparing your main.cf with the one I have posted above.

One thing I see is that your smtpd_sasl_local_domain, is set.  I have read a few posts that setting it to a value might cause problems.

----------

## Larro

 *srid wrote:*   

> Ok, this is killing me..
> 
> I've been trying to get SMTP AUTH working from past one and half weeks now but nothing seems to work
> 
> I will paste the configuration files below..
> ...

 

I would start with changing your my networks field to display the following.

```

mynetworks = 127.0.0.0/8

```

This way when you send an email from another computer (besides your server)  inside your network it's treated like it's authenticating from outside your network. I would also tail -f /var/log/mail/current (while sending an email) to give a better idea where the problem lies.

I think you might be missing some sasl entries in your main.cf here's what I have.

```

smtpd_sasl_auth_enable = yes

smtpd_sasl2_auth_enable = yes

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_sasl_local_domain =

smtpd_sasl_application_name = smtpd

smtpd_recipient_restrictions =

        permit_sasl_authenticated,

        permit_mynetworks,

        check_relay_domains

```

Also I'm using saslauthd in my /etc/sasl2/smtp.conf. I don't think your supposed to have two pwcheck_method.

If all fails you might want to try using pam_mysql. Msalerno has some really good documentation on it above.

----------

## MooktaKiNG

 *msalerno wrote:*   

>  *MooktaKiNG wrote:*   There is no config file /etc/postfix/valias.cf
> 
> What do i put inside it? this is not mentioned above. 
> 
> My apologies, I have updated the above howto.

 

The dbmail_vdomains needs to be created by hand, correct? if so is this compatible with the way dbmail does things.

Do i need to enter the domains by hand?

also could you give the sql codes for this.

----------

## msalerno

Correct, the dbmail_vdomains needs to be manually created and populated.

I have updated the howto to include the sql to create and populate the table.

I don't know of any reason that this change would effect dbmail.  It is working great over here.

FYI. I also found an error regarding populating the table and updated the howto.

Basically, the seconday domains need to be put in with a @ before the domain name.

----------

## MooktaKiNG

I have done everything you said in the howto, but it seems that i can't send an email to dbmail.

Postfix collects all the email, and i can see it in mailq, but it doesn't seem to get deliverd to dbmail.

The output that i get is:

```

Apr 27 17:55:03 mail postfix/pickup[3133]: 286DA61C5B: uid=0 from=<root>

Apr 27 17:55:03 mail postfix/cleanup[3518]: 286DA61C5B: hold: header Received: by mail.mooktakim.com (Postfix, from userid 0)??id 286DA61C5B; Wed, 27 Apr 2005 17:55:03 +0100 (BST) from local; from=<root@mooktakim.com> to=<mma@mooktakim.com>

Apr 27 17:55:03 mail postfix/cleanup[3518]: 286DA61C5B: message-id=<20050427165502.GA3514@mail.mooktakim.com>

```

As you can postfix knows the email is being sent. but it doesn't go to dbmail.

dbmail is working i think becuase i can access it through imap.

----------

## msalerno

Is the lmtp daemon running?

Do you have this line in your main.cf?

mailbox_transport = dbmail-lmtp:localhost:24 

If you post your configs, I'll see what I can find.

Does the output of `ps -ef | grep dbmail` show dbmail-pop3d dbmail-imapd and dbmail-lmtpd ?

----------

## MooktaKiNG

What i have is exactly what you posted.

I'll copy it here anyway:

```
queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

mail_owner = postfix

myhostname = mail.mooktakim.com

mydomain = mooktakim.com

myorigin = $mydomain

inet_interfaces = all

mydestination = mysql:/etc/postfix/virtual-domains.cf

local_recipient_maps = $alias_maps $virtual_mailbox_maps

mynetworks_style = host

mynetworks = 127.0.0.0/8

relayhost =

mailbox_transport = dbmail-lmtp:localhost:24

header_checks = regexp:/etc/postfix/header_checks

debug_peer_level = 2

debugger_command =

         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

         xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

setgid_group = postdrop

html_directory = no

manpage_directory = /usr/share/man

sample_directory = /etc/postfix

readme_directory = /usr/share/doc/postfix-2.1.5-r2/readme

default_destination_concurrency_limit = 2

local_destination_concurrency_limit = 2

alias_database = mysql:/etc/postfix/sql-recipients.cf

alias_maps = mysql:/etc/postfix/sql-recipients.cf

virtual_alias_maps = mysql:/etc/postfix/valias.cf

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain =

broken_sasl_auth_clients = yes

smtpd_tls_auth_only = yes

smtp_use_tls = yes

smtpd_use_tls = yes

smtp_tls_note_starttls_offer = yes

smtpd_tls_key_file = /etc/postfix/newreq.pem

smtpd_tls_cert_file = /etc/postfix/newcert.pem

smtpd_tls_CAfile = /etc/postfix/cacert.pem

smtpd_tls_loglevel = 1

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

smtpd_recipient_restrictions = reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, reject_unknown_sender_domain, reject_unknown_recipient_do

main, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unlisted_recipien, reject_unauth_pipelining, permit

smtpd_client_connection_count_limit = 15

disable_vrfy_command = yes
```

I really have no idea why this is. I've also tried with:

```
smtpd_recipient_restrictions =  permit_mynetworks,

                                permit_sasl_authenticated,

                                reject_unauth_destination
```

Becuase i had problems with that in the past.

I know dbmail is amazing. But for god sakes some documentation is needed. There is nothing in their homepage.

----------

## msalerno

Looks good, what about the output of the ps command

ps -ef | grep dbmail

Do you have verbose logging enabled for postfix and lmtp?

Just add the -v

/etc/postfix/master.cf

smtp      inet  n       -       y       -       -       smtpd -v

dbmail-lmtp     unix    -       -       n       -       -       lmtp -v

In your /etc/dbmail.conf

Increase the trace levels to increast verbose output to your maillog, then post any errors.Last edited by msalerno on Wed Apr 27, 2005 5:24 pm; edited 1 time in total

----------

## MooktaKiNG

```
root      3305     1  0 17:53 ?        00:00:00 /usr/sbin/dbmail-lmtpd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-lmtpd.pid

nobody    3307  3305  0 17:53 ?        00:00:00 /usr/sbin/dbmail-lmtpd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-lmtpd.pid

nobody    3309  3307  0 17:53 ?        00:00:00 /usr/sbin/dbmail-lmtpd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-lmtpd.pid

nobody    3311  3307  0 17:53 ?        00:00:00 /usr/sbin/dbmail-lmtpd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-lmtpd.pid

nobody    3313  3307  0 17:53 ?        00:00:00 /usr/sbin/dbmail-lmtpd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-lmtpd.pid

nobody    3315  3307  0 17:53 ?        00:00:00 /usr/sbin/dbmail-lmtpd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-lmtpd.pid

nobody    3317  3307  0 17:53 ?        00:00:00 /usr/sbin/dbmail-lmtpd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-lmtpd.pid

nobody    3319  3307  0 17:53 ?        00:00:00 /usr/sbin/dbmail-lmtpd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-lmtpd.pid

nobody    3321  3307  0 17:53 ?        00:00:00 /usr/sbin/dbmail-lmtpd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-lmtpd.pid

nobody    3323  3307  0 17:53 ?        00:00:00 /usr/sbin/dbmail-lmtpd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-lmtpd.pid

nobody    3325  3307  0 17:53 ?        00:00:00 /usr/sbin/dbmail-lmtpd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-lmtpd.pid

nobody    3327  3307  0 17:53 ?        00:00:00 /usr/sbin/dbmail-lmtpd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-lmtpd.pid

nobody    3329  3307  0 17:53 ?        00:00:00 /usr/sbin/dbmail-lmtpd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-lmtpd.pid

nobody    3331  3307  0 17:53 ?        00:00:00 /usr/sbin/dbmail-lmtpd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-lmtpd.pid

nobody    3333  3307  0 17:53 ?        00:00:00 /usr/sbin/dbmail-lmtpd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-lmtpd.pid

nobody    3335  3307  0 17:53 ?        00:00:00 /usr/sbin/dbmail-lmtpd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-lmtpd.pid

nobody    3337  3307  0 17:53 ?        00:00:00 /usr/sbin/dbmail-lmtpd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-lmtpd.pid

nobody    3339  3307  0 17:53 ?        00:00:00 /usr/sbin/dbmail-lmtpd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-lmtpd.pid

nobody    3341  3307  0 17:53 ?        00:00:00 /usr/sbin/dbmail-lmtpd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-lmtpd.pid

nobody    3343  3307  0 17:53 ?        00:00:00 /usr/sbin/dbmail-lmtpd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-lmtpd.pid

nobody    3345  3307  0 17:53 ?        00:00:00 /usr/sbin/dbmail-lmtpd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-lmtpd.pid

nobody    3347  3307  0 17:53 ?        00:00:00 /usr/sbin/dbmail-lmtpd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-lmtpd.pid

root      3407     1  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3409  3407  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3411  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3413  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3415  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3417  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3419  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3421  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3423  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3425  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3427  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3429  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3431  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3433  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3435  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3437  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3439  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3441  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3443  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3445  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3447  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3449  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3451  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3453  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3455  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3457  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3459  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3461  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

nobody    3463  3409  0 17:53 ?        00:00:00 /usr/sbin/dbmail-imapd -f /etc/dbmail.conf -p /var/run/dbmail/dbmail-imapd.pid

```

By the way i'm using the ebuild, i didn't want to compile from scratch, i would like an easy uninstall  :Very Happy: 

----------

## MooktaKiNG

also i'm not using chroot

----------

## MooktaKiNG

```
smtp      inet  n       -       n       -       -       smtpd -v
```

and:

```
# DBMail

dbmail-lmtp     unix    -       -       n       -       -       lmtp -v
```

tried it. but it doesn't give any extra messages.

----------

## msalerno

Did you restart postfix and dbmail-lmtp after making the changes ?

If you installed from source, the way to uninstall is to remove the installed files, the binary files in /usr/local/sbin, the config file in /etc and the man files in /usr/local/man

A rm would work just as good as an unmergeLast edited by msalerno on Wed Apr 27, 2005 5:37 pm; edited 1 time in total

----------

## MooktaKiNG

yes

----------

## msalerno

Did you install MailScanner too?

----------

## MooktaKiNG

no i didn't. i was thinking of installing amavis.

----------

## msalerno

Ahhh, that is good information to have!!

Comment out the line that reads:

header_checks = regexp:/etc/postfix/header_checks

FYI - MailScanner is now in Portage as a masked package.

----------

## MooktaKiNG

WAAAHHHH!!! i was getting crazy over this  :Very Happy:  :Very Happy:  :Very Happy: 

Anyway i got another problem:

```

Apr 27 18:50:51 mail postfix/pickup[4553]: E7CDE61E08: uid=0 from=<root>

Apr 27 18:50:52 mail postfix/cleanup[4921]: E7CDE61E08: message-id=<20050427175051.GA4917@mail.mooktakim.com>

Apr 27 18:50:52 mail postfix/qmgr[4554]: E7CDE61E08: from=<root@mooktakim.com>, size=425, nrcpt=1 (queue active)

Apr 27 18:50:52 mail postfix/lmtp[4928]: E7CDE61E08: to=<mma@mooktakim.com>, relay=none, delay=1, status=bounced (Host or domain name not found. Name service error for name=localhost type=A: Host not found)

Apr 27 18:50:52 mail postfix/cleanup[4921]: F02A261CD1: message-id=<20050427175052.F02A261CD1@mail.mooktakim.com>

Apr 27 18:50:53 mail postfix/qmgr[4554]: F02A261CD1: from=<>, size=2218, nrcpt=1 (queue active)

Apr 27 18:50:53 mail postfix/qmgr[4554]: E7CDE61E08: removed

Apr 27 18:50:53 mail postfix/lmtp[4928]: F02A261CD1: to=<root@mooktakim.com>, relay=none, delay=1, status=bounced (Host or domain name not found. Name service error for name=localhost type=A: Host not found)

Apr 27 18:50:53 mail postfix/qmgr[4554]: F02A261CD1: removed

```

The email is bouncing.

----------

## MooktaKiNG

it now only works when i disable dns lookup (INSTALL.postfix.gz):

```
-o disable_dns_lookups=yes
```

I would rather have this turned on  :Very Happy: 

Anyway for the time being it works well. Its SUPER fast!!!

Does anyone know of a better admin, then mensioned, already. Since that admin is just unnecesarily complicated.

----------

## msalerno

On the dbmail mailing list I have head a reference to a webmin plugin, but I have not looked for it.  I will eventually write my own scripts to do what I need

When I do, I'll post them on the dbmail wiki

----------

## MooktaKiNG

 *msalerno wrote:*   

> On the dbmail mailing list I have head a reference to a webmin plugin, but I have not looked for it.  I will eventually write my own scripts to do what I need
> 
> When I do, I'll post them on the dbmail wiki

 

It might also be good idea if you copy the howto here to the dbmail wiki  :Very Happy:  :Very Happy:  it is fairly generic.

I just hate it when there is so documentation on the homepage of a product  :Very Happy: 

----------

## MooktaKiNG

it might also be a good idea to add file named /etc/postfix/sql-recipients-users.cf

```
user = dbmail

password = password

hosts = localhost

dbname = dbmail

table = dbmail_users

select_field = userid

where_field = userid

```

And then add to main.cf:

```
local_recipient_maps = $alias_maps $virtual_mailbox_maps mysql:/etc/postfix/sql-recipients-users.cf
```

Also i needed to add this:

```
smtpd_recipient_restrictions =  permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
```

All this was needed for me to recieve any email.

I'm not sure why i got the error before.

----------

## msalerno

One problem I had with the  local_recipient_maps is that it would reject mail for users at virtual aliased domains.

So if I sent mail for user@foo.net and foo.net is an alias for foo.com (foo.com is a primary domain in the vdomains table) I would get a 550 error message.  Currently I have the local_recipient_maps commented out.

Have you tested the above problem on your system?

<Edit>

I added the local_recipient_maps as your post instructed, and it works great

I have already added it to the howto.

Thanks

</Edit>

----------

## MooktaKiNG

yeh i also commented out the local_recipient_maps bit. I don't think it'll be needed.

Also after using the dbmail admin it now can automaticly add domains to the domains list so what i did was removed the vdomain table and used the table dbmail admin created, its basicly the same, but its more automatic  :Smile: 

I have a masssive question to ask to anyone who's reading this thread.

Does anyone know how to turn on timsieved on  dbmail? i believe there is support for it but i just don't know how to get it started. There is absolutely no mension of it anywhere.

Thank you.

PS: i must say dbmail is lightning fast. I send email through mutt and instant it comes to my maildir  :Very Happy:  :Very Happy:  its amazing.

----------

## msalerno

Are you referring to the admin on: http://library.mobrien.com/dbmailadministrator/

Where do you add the domain?  I just started messing with it, but I cannot find a place to add the domain.

----------

## MooktaKiNG

 *msalerno wrote:*   

> Are you referring to the admin on: http://library.mobrien.com/dbmailadministrator/
> 
> Where do you add the domain?  I just started messing with it, but I cannot find a place to add the domain.

 

if you goto the configuration part of it. its the last option to change to yes or no. Click on the Help link. i'll show you what to do with postfix.

----------

## msalerno

Thanks, found it.

The only thing that I see missing is the ability to create domain aliases.  The table layout they use to store domain names in sql does not allow for aliasing.  And their add alias page does not let you add non rfc compliant e-mail addresses.  I have already found a few problems with the dbmail administrator.  So far though, it seems pretty good.

----------

## srid

I've spent too much time to get SMTP AUTH working so decided to follow this HOWTO.

I've got one query

 *Quote:*   

> I used the MailScanner ebuild from https://bugs.gentoo.org/show_bug.cgi?id=36060 

 

I went to that site and download the ebuild file and copied it as

/usr/portage/net-mail/mailscanner/MailScanner-4.25.ebuild

And when I run 

```
ebuild MailScanner-4.25.ebuild digest 
```

I get the error 

!!! aux_get(): ebuild path for 'net-mail/MailScanner-4.25' not specified:

!!!            None

!!! aux_get(): ebuild path for 'net-mail/MailScanner-4.25' not specified:

!!!            None

doebuild(): aux_get() error reading net-mail/MailScanner-4.25; aborting.

What's wrong here?[/code]

----------

## tf

 *MooktaKiNG wrote:*   

> WAAAHHHH!!! i was getting crazy over this 
> 
> Anyway i got another problem:
> 
> ```
> ...

 

I had same error and fixed it in /etc/postfix/main.cf:

mailbox_transport = dbmail-lmtp:127.0.0.1:24

----------

## srid

Getting errors with the init.d scripts..

dbmail-2.1.0 # /etc/init.d/dbmail-imapd start

: command not foundimapd: line 1:

: command not foundimapd: line 2:

: command not foundimapd: line 3:

: command not foundimapd: line 4:

: command not foundimapd: line 5:

: command not foundimapd: line 6:

: command not foundimapd: line 8:

: command not foundimapd: line 9:

: command not foundimapd: line 11:

'etc/init.d/dbmail-imapd: line 18: syntax error near unexpected token `

'etc/init.d/dbmail-imapd: line 18: `}

/etc/init.d/dbmail-pop3d start

/etc/init.d/dbmail-pop3d: line 1: =dbmail-pop3d: command not found

: command not foundpop3d: line 2:

: command not foundpop3d: line 3:

: command not foundpop3d: line 4:

: command not foundpop3d: line 5:

: command not foundpop3d: line 6:

: command not foundpop3d: line 8:

: command not foundpop3d: line 9:

: command not foundpop3d: line 11:

'etc/init.d/dbmail-pop3d: line 18: syntax error near unexpected token `

'etc/init.d/dbmail-pop3d: line 18: `}

....

I've copied the code from your post and I've copied that to my /etc/init.d directory

and I've done a chmod +x on those 3 files..

----------

## msalerno

Damn!  I fixed the scripts.  They were missing the headers:

#!/sbin/runscript

#

# chkconfig: - 91 35

# description: Starts and stops the dbmail-xxxx daemon

#

I updated the howto

----------

## MooktaKiNG

migrate your existing users emails to the dbmail server.

I only had a dozen or so users, but they have hundreds of emails. here's what did,

I wrote a pythint script to automate this.

My users a stored like this:

```
/home/vmail/domain.com/user/.maildir
```

Goto the /home/vmail/domain.com dir and run the script. Obviously you can add one more for loop to make each domain auto, but i only have 2 domains  :Very Happy:  :Very Happy: 

Also edit the script if you store the folders differently. I used the gentoo howto to do this, and all the email is stored as:

.maildir/.MyFolder.Subfolder

So don't just blindly run this.

```

#! /usr/bin/python

import os, os.path

root = "/root/vmail/domain.com/"

users = os.listdir(root)

for user in users:

   mailboxs = os.listdir(root + user + "/.maildir")

   print "\n### Looking at user: ", user, " ### "

   os.system("mkdir " + root + user + "/.maildir/new >/dev/null 2>&1")

   os.system("mkdir " + root + user + "/.maildir/cur >/dev/null 2>&1")

   command = "mailbox2dbmail --user " + user + "@domain.com --type maildir --mail " + root + user + "/.maildir/ --box Inbox"

   print command

   os.system(command)

   for box in mailboxs:

      #print "- Current maildir: ", box

      if (box[:5] == ".Spam"

         or box[:] == "."

         or box[:] == ".."

         or box[:] == ".Drafts"

         or box[:13] == ".MailingLists"

         or box[:11] == ".Newsgroups"  ## ANY folders you want to ignore

         or box[:] == ".Sent"

         or box[:] == ".Sent Items"

         or box[:6] == ".Trash"

         or box[:] == ".Undelivered"

         or box[:] == ".cron-jobs"

         or box[:] == "courierimaphieracl"

         or box[:] == "courierimapsubscribed"

         or box[:] == "courierimapuiddb"

         or box[:1] != "."

         ):

         #print "Ignore dir"

         pass

      else:

         print "Restore email"

         tmp = box[1:]

         tmp = tmp.replace(".", "/")

         ## just incase cur or new doesn't exist. this is just so that the mailbox2dbmail doesn't exit etc

         os.system("mkdir " + root + user + "/.maildir/" + box + "/cur >/dev/null 2>&1")

         os.system("mkdir " + root + user + "/.maildir/" + box + "/new >/dev/null 2>&1")

         command = "mailbox2dbmail --user " + user + "@domain.com --type maildir --mail " + root + user + "/.maildir/" + box + " --box " + tmp

         print command

         os.system(command)

```

Anyway i'm sure this can be improved sssoo much. I'm not bothered at the moment, too much other things to do, it works for me. and also i only need to restore once correctly  :Very Happy: 

Do what you want with this script, have my permission  :Wink: 

----------

## MooktaKiNG

ALSO comment out the os.system command and see what the printout is like. if its correct then use the os.system  :Very Happy: 

----------

## MooktaKiNG

does anyone know how to filter emails? is it possible to use something like maildrop or procmail?

----------

## msalerno

I believe that both of those packages will filter mail.

You could go through the mail-filter/ branch in portage.

http://www.gentoo-portage.com/mail-filter

Personally, I am a big fan of MailScanner.

----------

## MooktaKiNG

 *msalerno wrote:*   

> I believe that both of those packages will filter mail.
> 
> You could go through the mail-filter/ branch in portage.
> 
> http://www.gentoo-portage.com/mail-filter
> ...

 

i know what the filters are. what i'm saying is that programs like procmail and maildrop require filesystem access to be able to move email from one place to another, they use maildir etc.

Since dbmail stores everything in a database, will these programs still work?

----------

## msalerno

You should be able to have procmail pipe the mail out to dbmail-smtp, and use the -m switch of dbmail-smtp to deliver the mail to a specified mailbox and folder.

----------

## wmartino

I am thinking about making the plunge to dbmail. My question is do I have to have postfix working with mysql first? I currently am running postfix and mailscanner w/o mysql.

----------

## msalerno

Yes - Do you have mysql in your use flags already?

----------

## wmartino

I am sorry. I know that mysql support has to be built into postfix. My question is do I have to have a postfix server already running mysql. That is to say an already active mysql database.

----------

## gissberg

I'm loosing my sanity here, I'v got the server working through this howto(+ 3 more  :Razz: ). When I had it at my home I could recieve and send mail via pop3 without problems. Then I put the server where it's supposed to reside and all I can do now i recieve mail. When I try to telnet to port 25 it times out and ofcourse the sam thinh happens when I try to send mail from Thunderbird- Anyone got an idea how to make it pop over internet?

/Patrick Gissberg

----------

## msalerno

POP3 = Retreive mail - Port 110

SMTP = Send Mail - Port 25

If you cannot telnet to port 25 of the server, then you cannot hit the smtp service.  So the problem probably is with postfix or maybe a firewall.

If you are logged into the system, can you telnet to localhost 25 or rea.lip.add.ress 25 ?

----------

## gissberg

Yep, telnet from local machine is flawless and from another machine on another subnet. I don't get any logentrys either so it can be a firewallissue too I guess. But I'm currently letting all traffic in to the mailserver.

----------

## msalerno

But are you telneting to port 25 ?

On the server itself, can you telnet to every IP (on port 25) that appears in the output of the ifconfig command?

Have you checked to see if postfix is running?

If you are telnetting to port 25 from a remote computer and it still doesn't work, are you sure your DNS is setup properly?

dig yourdomain.foo MX

Then:    dig <domain from output above> 

Then telnet to the server in the MX record on port 25 from a remote system.  Is it pointing to the correct IP?

----------

## gissberg

The answer seems to simple  :Razz:  My isp has blocked port 25 so we can't have any mailservers at home. The fight the big spamwar and obviously this little feature seems to mess this up too. I was successfully telenting from another computer that resides on a third net. You could try to telnet to mail1.leetab.se 25 and see if it works. It probably will.

/Patrick Gissberg

----------

## gissberg

I have one little question: How do I get this contraption  :Very Happy:  to relay vdomains. I get Recipient address rejected: User unknown in virtual alias table.

I want to relay some domains without having to do a user, is it possible to have postfix lookup in alias-field in aliases?

/Patrick Gissberg

----------

## msalerno

I recently updated the howto to include this.

Also, you can get more details at:

http://www.dbmail.org/dokuwiki/doku.php?id=domain_alias__spam_bounce

----------

## gissberg

msalerno U rock, I do have to wonder if I have a hidden camera or something here. And I have to start reading this thread from page 1  :Razz: , it is up and runniong and relaying vdomains. Had to change check_relay_domains to reject_unauth_destination 'cus:

```

warning: support for restriction "check_relay_domains" will be removed from Postfix; use "reject_unauth_destination" instead

warning: restriction `permit' after `check_relay_domains' is ignored

```

Thanks again!!

/Patrick Gissberg

----------

## msalerno

Thanks, must have missed that one.  Howto updated.

Oh, and by the way, you are missing a button on your shirt

----------

## gissberg

Hi again msalerno, I'm back with a new button, new problem and less hair  :Wink: 

For some reason MailScanners stops scanning emails so they all hang out in a nice queue and this is a freshsly restarted server, all I have to do is restart MailScanner and they're off to their destinations. And this is a new mailserver btw  :Smile:  The first one does all the things it should still.

I made this new one from your updated howto. Been through all configs more than twice and they are all correct(A few corrections of my own mistakes went away in the checks). Since this feels like a random error I find it hard to guess where the problem lies, it might be something else that makes MailScanner stop scanning.

Greets

Patrick Gissberg

----------

## msalerno

Trying to stay one step ahead of you!

Are there any files in your /var/spool/postfix/hold ?  <-(Follow this topic for further reading)

The other option is to run MailScanner in debug mode, in the MailScanner.conf change:

Debug = no

to

Debug = yes

Then restart MailScanner and check the output.

----------

## gissberg

I have the same fault and files as you describe in that mailinglist so I guess deleting that file will fix my problem too. I actually looked into that file before I noticed this little error, but I didn't find out how to change logdir for razor either so I took the lazy way out and gave up  :Razz: 

The output of debumode is:

 * Stopping MailScanner ...                                               [ ok ]

 * Starting MailScanner ...

In Debugging mode, not forking...

SA bayes lock is /var/spool/MailScanner/spamassassin/bayes.lock

Bayes lock is at /var/spool/MailScanner/spamassassin/bayes.lock

And that's it, 2 mails in queue at that point too. I looked through the logfiles at work now this evening and noticed that this situation ocurred(Probaly bad spelling here  :Razz: ) when an old childprocess died and respawned.

/me like this mailserver btw, many viruses and spams have been caught on the first one I installed.

Patrick Gissberg

----------

## msalerno

Let me know if that keeps your system working.

----------

## gissberg

Still working, many childprocesses has died and it still keeps scanning my mails. Spank you very much again msalerno!!

```

mkdir /etc/razor

razor-admin -create -home=/etc/razor

```

Patrick gissberg

----------

## gissberg

That did the trick, but now I have another question for you. Is it possible to make this server to act as a smtp for nets others than the ones listed in main.cf? If I have a customer on a net far far away  :Razz:  and he wants to us ethis server as a smtp aswell. Isn't there any way to do that? He already has an account so wouldn't it be possible to grant actual users to send mails through it too without making the server less secure or to an open relay?

Cheers

Patrick Gissberg

----------

## msalerno

You can use SMTP authentication.  It's already included in the howto.  Just have them authenticate

----------

## gissberg

Hi

I configured the mailclient to auth to the smtp too and I get this error:

```

Recipient address rejected: Access denied'

```

And I get this in the log:

```

Oct 15 02:33:04 yoda postfix/smtpd[29240]: connect from unknown[62.116.225.190]

Oct 15 02:33:04 yoda postfix/smtpd[29240]: NOQUEUE: reject: RCPT from unknown[62.116.225.190]: 554 <p.gissberg@gmail.com>: Recipient address rejected: Access denied; from=<patrick@leetab.se> to=<p.gissberg@gmail.com> proto=ESMTP helo=<autodidactic>

Oct 15 02:33:04 yoda postfix/smtpd[29240]: disconnect from unknown[62.116.225.190]

Oct 15 02:33:04 yoda dbmail/pop3d[10508]: PerformChildTask(): incoming connection from [62.116.225.190 (Lookup failed)]

Oct 15 02:33:04 yoda dbmail/pop3d[10508]: pop3(): user patrik logged in [messages=1, octets=2099]

Oct 15 02:33:04 yoda dbmail/pop3d[10508]: pop3_handle_connection(): user patrik logging out [messages=0, octets=0]

```

Greets

Patrick Gissberg

----------

## gissberg

Hm, I don't think I got SASL to work.

```

220 mail.clan-spf.com ESMTP Postfix

EHLO clan-spf.com

250-mail.clan-spf.com

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-STARTTLS

250 8BITMIME

```

That's all I get and it says nothing like:

```

250-AUTH DIGEST-MD5 PLAIN CRAM-MD5

```

I must have missed something trivial I guess, in every howto it seems so simple to get this sasl-story to work.

Patrick Gissberg

----------

## msalerno

You should increase the logging on your postfix.  In you master.cf, set "smtpd -vv" and watch the logs.

----------

## gissberg

Heippa

Managed to get it working with the <SASL with pam_mysql> section, but it only works vith crypt=0 in pam.d/smtp otherwise I fail every attempt to auth. I have some odd lines in auth.log, and it just grows as I use the smtp-auth:

```

Oct 19 01:16:17 caroline postfix/smtpd[6088]: sql plugin try and connect to a host

Oct 19 01:16:17 caroline postfix/smtpd[6088]: sql plugin trying to open db 'dbmail ' on host '127.0.0.1:3306 '

Oct 19 01:16:17 caroline postfix/smtpd[6088]: sql plugin could not connect to host 127.0.0.1

Oct 19 01:16:17 caroline postfix/smtpd[6088]: sql plugin couldn't connect to any host

Oct 19 01:16:17 caroline postfix/smtpd[6088]: sql plugin Parse the username patrick

Oct 19 01:16:17 caroline postfix/smtpd[6088]: sql plugin try and connect to a host

Oct 19 01:16:17 caroline postfix/smtpd[6088]: sql plugin trying to open db 'dbmail ' on host '127.0.0.1:3306 '

Oct 19 01:16:17 caroline postfix/smtpd[6088]: sql plugin could not connect to host 127.0.0.1

Oct 19 01:16:17 caroline postfix/smtpd[6088]: sql plugin couldn't connect to any host

```

I've added the port just in case but it didn't make any difference  :Sad:  any suggestions since I've run out of possible solutions.

Greets

Patrick Gissberg

----------

## msalerno

What's the output of:

postconf -m

emerge -s cyrus-sasl

Did you check the settingins in you /etc/sasl2/smtpd.conf ?

Did you make sure the username and password you put in the file can connect to the localhost?

----------

## gissberg

The user can connect to mysql and this is the output of postconf -m:

```

caroline linux # postconf -m

btree

cidr

environ

hash

mysql

pcre

proxy

regexp

static

unix

```

And this is emerge -s cyrus-sasl:

```

caroline linux # emerge -s cyrus-sasl

Searching...

[ Results for search key : cyrus-sasl ]

[ Applications found : 2 ]

*  dev-libs/cyrus-sasl

      Latest version available: 2.1.20

      Latest version installed: 2.1.21-r1

      Size of downloaded files: 1,733 kB

      Homepage:    http://asg.web.cmu.edu/sasl/

      Description: The Cyrus SASL (Simple Authentication and Security Layer)

      License:     as-is

*  sec-policy/selinux-cyrus-sasl [ Masked ]

      Latest version available: 20050918

      Latest version installed: [ Not Installed ]

      Size of downloaded files: 0 kB

      Homepage:    http://www.gentoo.org/proj/en/hardened/selinux/

      Description: SELinux policy for cyrus-sasl

      License:     GPL-2

```

And this is my smtpd.conf:

```

pwcheck_method:saslauthd

allowanonymouslogin: no

allowplaintext: yes

mech_list: PLAIN LOGIN

auxprop_plugin: sql

srp_mda: md5

srvtab: /dev/null

opiekeys: /dev/null

password_format: crypt

sql_user: dbmail

sql_passwd: värstafejklösenordet

sql_hostnames: localhost

sql_database: dbmail

sql_select: SELECT passwd FROM dbmail_users WHERE userid = '%u@%r'

log_level: 10

```

I run postfix version 2.2.5 but had 2.1.5-r2 with the same result. Tried with all stable and have now moved over to the masked packages. I don't run it in chroot for now either just to rule any problems with that.

Regards

Patrick Gissberg

----------

## msalerno

Your sasl config (/etc/sasl2/smtpd.conf) is different from the example I have in the howto.

My config is currently working with dev-libs/cyrus-sasl 2.1.20-r2

What do your passwords look like in the database?  Hopefully something like: $1$ujAvcDL.$2Zjxn7Wvntb7B66/pAE.40

In your dbmail database, look at the output of:    Select userid, passwd from dbmail_users

Don't post the results of the above query, just make sure that the passwords are encrypted.

Can you increase the logging of postfix and post the errors?  Just add more v's to the smtpd line in the master.cf

smtp      inet  n       -       y       -       -       smtpd -vvv

----------

## jtillwick

what version of dbmail was used in this how to?

----------

## msalerno

2.0.4 was used, but it has been updated to 2.0.7.  Everything has been working fine since, so I havn't bothered with an update since.

----------

## metalchaos

Hi

I've followed the setup, I receive mails, but I can't send any. Thunderbird says that server doesn't offer STARTTLS in EHLO response.

telnet:

```

EHLO domain

250-mail.domain

250-PIPELINING

250-SIZE 10240000

250-VRFY

250-ETRN

250-STARTTLS

250-ENHANCEDSTATUSCODES

250-8BITMIME

250 DSN

```

With -vv I've found this:

454 4.3.0 TLS not available due to local problem

```

postconf -m

btree

cidr

environ

hash

mysql

pcre

proxy

regexp

static

unix

```

```

main:

# SASL

smtpd_sasl_auth_enable = yes

smtpd_sasl2_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain =

broken_sasl_auth_clients = yes

# TLS

smtpd_tls_auth_only = yes

smtp_use_tls = yes

smtpd_use_tls = yes

smtp_tls_note_starttls_offer = yes

smtpd_tls_key_file = /etc/postfix/ssl/f.key

smtpd_tls_cert_file = /etc/postfix/ssl/f.crt

smtpd_tls_CAfile = /etc/postfix/ssl/f.pem

smtpd_tls_loglevel = 1

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unauth_pipelining, reject_unknown_recipient_domain, reject_unknown_sender_domain, permit_mx_backup, permit_mynetworks, permit_sasl_authenticated, check_relay_domains, permit

```

```

sasl:

pwcheck_method: auxprop

auxprop_plugin: sql

allowanonymouslogin: no

allowplaintext: yes

mech_list: PLAIN LOGIN

srp_mda: md5

srvtab: /dev/null

opiekeys: /dev/null

password_format: md5

sql_user: dbmail

sql_passwd: pass

sql_hostnames: localhost

sql_database: dbmail

sql_select: SELECT passwd FROM dbmail_users WHERE userid = '%u@%r'

log_level: 10

sql_verbose: yes

```

I use Cyrus-SASL 2.1.21-r2, postfix 2.3.2, dbmail 2.0.10.

----------

## metalchaos

Ok, with TLS deactivated it's working  :Smile: 

I don't think I will need TLS for now so I will not bother with it.

But I want to ask you something: dbmail knows about sieve filters? How can I set up sieve with dbmail?

Thanks.

----------

## msalerno

You could ask MooktaKiNG.  He posted the same question on page 2 of this thread.  I don't know about sieve.  Sorry.

----------

## gohmdoree

are there any intended updates for this?

----------

## msalerno

I would love to, but I'm not at the same company, and the company that I work for already has a mail solution in place.  I was looking at these instructions last week remembering how much fun it was to figure out.  If you are willing to put in the time and a server, I'm willing to help out as much as possible.

----------

## gohmdoree

sounds good.  

just wondering how out of date the instructions might have been, considering it was written two years ago.

what kind of setup do you have now?  at one of the companies i used to work with, they had dual instance of postfix running, but i was there a few years ago, so i'm a little foggy on the actual set up.

----------

## msalerno

There was a huge discussion on the mailscanner list about running dual vs split instances of postfix.  Unless something changed, one of the main developers of Mailscanner said that there was no problem running the split postifix config.  My best guess is that the biggest change from instructions I wrote and the present versions of the apps would come from DBMail.  Postfix is pretty solid and I don't expect them to make any big changes, same with Mailscanner, but due to Mysql updates and better table design, indexes etc... I would expect that dbmail has some schema changes.

The system I built using the posted instructions is still running at my old company, but my current employer is running Lotus Notes.  It's very very painful

----------

