# Postfix IMAP/SMTP Problems

## Shane-Echosnet

Hi all

I have a problem that it seems alot of people have yet knowone has a answer for it. 

I Wanted to setup a mail server on my network So I started with Postfix. Got that running no problems. 

However I wanted to be abel to check mail from the web and have users e-mail accounts. for a SINGLE

domain.

So I did some googleing and came up with this 

http://www.gentoo.org/doc/en/virt-mail-howto.xml

It helped me alot with this. However. Here is my problem.

After reading all of it I went ahead and stating setting it all up. Welp Postfix runs great but I cant connect to the server from any mail progs. 

The only thing I can use is the SMTP server. I have been beating my head on the desk for about 3 weeks not trying to figure this out. here is what I know 

about the issue Im having 

POSTfix works fine. 

All the services can be connected to with telnet 

mutt will connect to it using  mutt -f imap://localhost   BUT it will not take my username and password. 

The username and the password is all I can come up with to why its not letting me in. But then I thought well why is it that Mutt can send mail to any user already on the 

server but noone can connect to any part of the mail server but the SMTP.

Im lost here. lol Can someone please help!! 

Thanks in advanced!  :Smile: 

----------

## cach0rr0

first things first

-are you indeed using courier? FYI, far as configuration for a simple setup like you have, you may have better joy with Dovecot. I can't really help too much with Courier, as it is unfamiliar to me

-does netstat show courier listening only on the loopback address, or also on eth0? Should see something like this:

```

tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN

```

-are you logging in with just 'user' as the username, or are you logging in with 'user@domain.tld' as the username?

NB: that document is unnecessarily complex if you just want to do a single domain, simple IMAP setup. Before my needs grew to the point I needed cyrus-imapd, I was using dovecot, and instead of using some external database of users, when I needed to add a new mail user, I did it with plain old 'useradd', and both postfix (via sasl) and dovecot would auth the users based on their system password. For just a dozen or so users, single domain, this is a much simpler setup. I can share conf files and details if needed.

----------

## Shane-Echosnet

If you think that would be better for me then Ill shot for that. 

I just need something small that I can have for a few users to use SquirrelMail 

Yea I started with courier. im starting to think it was a bad idea now lol. 

Im going to go pull up dovecot now.

----------

## Shane-Echosnet

Ok I installed Dovecot and followed everything in http://www.kurzor.org/entry/16/setting-up-a-mailserver-on-gentoo

ITs prolly something stupid but its not working. 

Now my postfix wont send mail to anyone on the server when it was before. IT says its running. 

Im going to recheck everything in the morn. well later on today lol

Im sure there is something im missing. 

Now when i try to login to the server useing imap it takes forever and still wont login. 

ill try again.   :Shocked: 

----------

## Shane-Echosnet

Ok so I got it all working with dovecot and postfix. 

It works right out of the box so to speak. However im sure there are security risks not setting anything. Any pointers there? 

Also I seem to be abel to send mail to users but not abel to receive mail from the internet and I can send mail to the internet, Is there a addin for that to? 

Imma a newbie to mail servers as you can see lol

----------

## cach0rr0

how are you doing users? rather, how are you storing their mailbox? 

for my lil old setup, I just had everything going into /home/<username>/.maildir

You tell postfix where to put the mail in main.cf

You tell dovecot where it can expect to find the mail after postfix is done with it in dovecot.conf 

This was my dovecot.conf (with comments stripped as always, for easier reading)

Note the  mail_location setting

```

base_dir = /var/run/dovecot/

protocols = imap imaps

listen = *

disable_plaintext_auth = no

shutdown_clients = yes

log_path = /var/log/dovecot.log

ssl_cert_file = /etc/ssl/dovecot/gentoob0x.crt

ssl_key_file = /etc/ssl/dovecot/gentoob0x.key

login_dir = /var/run/dovecot/login

login_chroot = yes

login_user = dovecot

login_process_size = 64

login_process_per_connection = yes

login_processes_count = 3

login_max_processes_count = 64

login_greeting = IMAP ready.

login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c

login_log_format = %$: %s

mail_location = maildir:~/.maildir 

mail_log_prefix = "%Us(%u): "

mail_log_max_lines_per_sec = 10

protocol imap {

}

  

protocol pop3 {

}

protocol lda {

  postmaster_address = postmaster@whitehathouston.com

}

auth default {

  mechanisms = plain

  passdb pam {

    args = "*"

  }

  userdb passwd {

  }

  user = root

}

```

In postfix's main.cf, there should be a setting like so:

```

home_mailbox = .maildir/

```

And in my case I didn't reject any mail to invalid users (I was harvesting spam for work research), so I set luser_relay to go to my spamtrap account. 

With the above config, the process works like so, more or less:

-a remote server opens an SMTP connection to Postfix on tcp 25

-remote server sends the message

-postfix works its magic, and if it decides to accept a message for 'bob', it copies the message to /home/bob/.maildir 

-bob logs in to dovecot using whatever password you set for him with the 'passwd' command

-dovecot scans ~/.maildir for mail (in this case, /home/bob/.maildir) and sends it to the IMAP client

That's greatly oversimplified, but that's more or less the process. 

If what I've posted doesn't seem to help, post your main.cf (with comments stripped please - a grep -v ^\# main.cf |grep -v ^$ should do it) either in here, or throw it up on pastebin

If from the shell you look and see nothing is being placed into /home/bob/.maildir, then it is most assuredly a postfix main.cf issue

If you see that mail IS being placed there, it is an issue with dovecot.conf

(and of course all of this assumes, as I said, you're just adding local users to your system with regular old useradd)

IFFFFFFFFFFFFFF on the other hand, local=>local mail is fine, you can receive it via IMAP and whatnot, then the home_mailbox setting is fine in dovecot.conf, and most likely dovecot.conf itself is fine. 

If it's only internet mail that has an issue, check your postfix logs, see if the mail is being rejected. I will say normally when a message is rejected, you should receive a bounce message. Are you receiving a bounce message? If so, post its text so we can get more info on why it's rejected.

----------

## Shane-Echosnet

Ok heres what I got. 

mailboxes are stored as .mailbox in the users home dir.

As for sending mail from my server I can do so with no problems to users on the server.

I was abel to send out a E-mail to my yahoo account . 

However that came in a hour later. 

as for sending mail to the server from gmail and yahoo. its kinda funky 

if I send to my IP address i get a bounce from yahoo and gmail. 

but if I sent to my domain name I dont get nothing at all on either end.

this is the bounce back code. 

```

Sorry, we were unable to deliver your message to the following address.

<shane@68.49.219.23>:

No MX or A records for 68.49.219.23

--- Below this line is a copy of the message.

Received: from [98.139.52.188] by nm18.bullet.mail.ac4.yahoo.com with NNFMP; 29 Nov 2010 23:47:08 -0000

Received: from [98.139.52.131] by tm1.bullet.mail.ac4.yahoo.com with NNFMP; 29 Nov 2010 23:47:08 -0000

Received: from [127.0.0.1] by omp1014.mail.ac4.yahoo.com with NNFMP; 29 Nov 2010 23:47:08 -0000

X-Yahoo-Newman-Property: ymail-3

X-Yahoo-Newman-Id: 333514.51775.bm@omp1014.mail.ac4.yahoo.com

Received: (qmail 22041 invoked by uid 60001); 29 Nov 2010 23:47:08 -0000

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1291074428; bh=2hCnhABOUqvEH/PknIfaFZ/EHGWd7gjaQTW5cI77mZQ=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type; b=EsFtYsgKzcQ2xvC<snipped because it buggered the forum layout>=

DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;

  s=s1024; d=yahoo.com;

  h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;

```

My postfix main.cf

```

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

data_directory = /var/lib/postfix

mail_owner = postfix

unknown_local_recipient_reject_code = 550

debug_peer_level = 2

debugger_command =

         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

         ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

setgid_group = postdrop

html_directory = /usr/share/doc/postfix-2.7.1/html

manpage_directory = /usr/share/man

sample_directory = /etc/postfix

readme_directory = /usr/share/doc/postfix-2.7.1/readme

home_mailbox = .maildir/

```

I can send and receive mail from any mail client. so dovecot like you said is working . 

Im wondering 2 diffrent things at this point. 

first being Do I have the domain DNS setup right from yahoos domain control.? 

and second could it be something with the SSL becouse I get a funky message when I 

use 

```
 mutt -f imap://localhost/ 
```

The Cert info is wrong for starters. but could that hang up my mail when I go to send it off to server to a internet based e-mail server?

Ok on a late note I can not send mail to gmail. BUT I can to yahoo... here is the bounce back I got from gmail. this was sent back to my server. Oddly MUTT picked up the e-mail but Squrriel mail did not pick it up. 

```
 Return-Path: <>

X-Original-To: shane@echosnetwork.com

Delivered-To: shane@echosnetwork.com

Received: by echosnetwork.com (Postfix) id 3D3B456A0D8; Mon, 29 Nov 2010

        18:51:06 -0500 (EST)

Date: Mon, 29 Nov 2010 18:51:06 -0500 (EST)

From: Mail Delivery System <MAILER-DAEMON@echosnetwork.com>

Subject: Undelivered Mail Returned to Sender

To: shane@echosnetwork.com

Auto-Submitted: auto-replied

MIME-Version: 1.0

Content-Type: multipart/report; report-type=delivery-status;

        boundary="F14AE56A0C4.1291074666/echosnetwork.com"

Content-Transfer-Encoding: 8bit

Message-Id: <20101129235106.3D3B456A0D8@echosnetwork.com>

[-- Attachment #1: Notification --]

[-- Type: text/plain, Encoding: 7bit, Size: 0.8K --]

This is the mail system at host echosnetwork.com.

I'm sorry to have to inform you that your message could not

be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can

delete your own text from the attached returned message.

                   The mail system

<darkspooky114531@gmail.com>: host gmail-smtp-in.l.google.com[74.125.91.27]

    said: 550-5.7.1 [68.49.219.23] The IP you're using to send mail is not

    authorized to 550-5.7.1 send email directly to our servers. Please use the

    SMTP relay at your 550-5.7.1 service provider instead. Learn more at

    550 5.7.1 http://mail.google.com/support/bin/answer.py?answer=10336

    j6si13661229qcu.166 (in reply to end of DATA command)

[-- Attachment #2: Delivery report --]

[-- Type: message/delivery-status, Encoding: 7bit, Size: 0.7K --]

Reporting-MTA: dns; echosnetwork.com

X-Postfix-Queue-ID: F14AE56A0C4

X-Postfix-Sender: rfc822; shane@echosnetwork.com

Arrival-Date: Mon, 29 Nov 2010 18:51:04 -0500 (EST)

Final-Recipient: rfc822; darkspooky114531@gmail.com

Original-Recipient: rfc822;darkspooky114531@gmail.com

```

Thats all I got. I dunno Im lost. Just a reminder this is my first mail server setup on ANY linux let alone gentoo. so excuse my newbie ness   :Embarassed: [/code]

----------

## cach0rr0

no idea as far as mutt is concerned

regarding the first bounce message, if you're just sending to an IP, you should enclose the IP within square brackets

e.g.

```

shane@[68.49.219.23]

```

That's what in mail terms is called an "address literal" (google around for the term for more info!)

Whether or not remote systems support address literals is another question - they technically should, but nobody uses them any more for anything useful, so some people are lazy and drop support for it; would not surprise me if some of the major players dropped support for address literals. 

The first bounce message that says "No A or MX record found for 68.49.219.23" means just that - it is trying to parse '68.49.219.23' as a domain, and not an IP address, and when it goes to do a DNS lookup for the non-existent domain '68.49.219.23', it obviously finds nothing. Using a domain does make things much easier. 

As far as the second bounce message is concerned, in an effort to combat spam, usually people will block incoming e-mail messages from residential or dynamic IP addresses.You are likely sending this from your home connection, so gmail, hotmail, yahoo, all of them will refuse to let you connect to them directly and send mail - this has nothing to do with your postfix/dovecot configuration, and everything to do with the remote company's messaging policies. 

In order to get around this, you'd need to configure a relayhost within main.cf - that relayhost should be your ISP's SMTP servers. As you are on Comcast, your relayhost should be 'smtp.comcast.net'. Doing this will get outbound mail working for you. 

Inbound mail is another matter. Again, try the IP enclosed in [square brackets]. Not everyone supports it, but they should. That will sort inbound email, unless there are other unrelated problems.

----------

## Shane-Echosnet

WooHoo! 

Everything is working the way it should!!! 

the relay worked like a charm! 

as for getting mail at the server I goofed and forgot to add the A name to the domain controls over at yahoo. DUH! 

Thanks for all your help!! 

But there is still one question lol where to go from here. 

Should I add some sort of spam assassin? or anti virus?  or should I use a firewall? 

and what would be a good program for them If you think I would need them.

----------

## Shane-Echosnet

*bangs head on desk*

It would seem I just ran into a brick wall!

Althought the mail server it up and running 100% fne

I cant login to Squirrelmail from my domain name. BUT I can log into it from my local IP address. Wow I cant catch a break for nothing lol   :Shocked: 

----------

## cach0rr0

 *Shane-Echosnet wrote:*   

> 
> 
> But there is still one question lol where to go from here. 
> 
> Should I add some sort of spam assassin? or anti virus?  or should I use a firewall? 
> ...

 

Depending on who sees this, that's a question that could very well spawn an enormous debate  :Smile: 

Personally I do the following, which might not be a bad place to start for you:

-within postfix's main.cf, I do checks of the connecting IP address against RBL's that I'm relatively confident will have a very very low chance of false positives. Basically, if I trust the RBL to either very rarely wrongly/aggressively list an IP, I use it to block the connection. The ones I'm less confident about, I use later, as simply a contributor, but not a sole determining factor. 

That's controlled by the following settings in main.cf:

```

smtpd_delay_reject = no 

smtpd_client_restrictions =

        permit_mynetworks

        reject_rbl_client ix.dnsbl.manitu.net

        reject_rbl_client cbl.abuseat.org

        reject_rbl_client b.barracudacentral.org

        reject_rbl_client new.spam.dnsbl.sorbs.net

```

Messages that get past this phase, and also get past the smtp_recipient_restrictions, are "accepted". 

-once a message is accepted, I run it through amavisd-new; amavisd-new is somewhat of a generic daemon that allows you to plugin a ton of anti-spam checks, including spamassassin and clamav. Passing messages to amavis from postfix is done by adding the following to main.cf

```

content_filter = smtp-amavis:[127.0.0.1]:10024

```

and adding the following to the end of master.cf

```

smtp-amavis     unix -        -       n     -       2  smtp

  -o smtp_data_done_timeout=1200

  -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n        -       n     -       -  smtpd

  -o content_filter=

  -o local_recipient_maps=

  -o relay_recipient_maps=

  -o smtpd_restriction_classes=

  -o smtpd_client_restrictions=

  -o smtpd_helo_restrictions=

  -o smtpd_sender_restrictions=

  -o smtpd_recipient_restrictions=permit_mynetworks,reject

  -o mynetworks=127.0.0.0/8

  -o strict_rfc821_envelopes=yes

  -o smtpd_error_sleep_time=0

  -o smtpd_soft_error_limit=1001

  -o smtpd_hard_error_limit=1000

```

(you will need to restart postfix for this to take effect - I'm not sure if a postfix reload will pull in the changes added to master.cf)

amavisd-new configuration is a bit lengthy to discuss in a forum post. 

Years ago I used this guide for its setup - http://www.gentoo.org/doc/en/mailfilter-guide.xml

The main thing to decide, is if you want to quarantine messages on disk, quarantine them in the database, or do as I do and simply tag the subject line with [SPAM], and let the user make rules for moving it to a junk folder. In most enterprise environments, people will quarantine things on-disk at the mail filter level and have that quarantine purge itself of old messages periodically, instead of allowing it through to the user's inbox. As I only have the one machine, this is less relevant, storage is storage is storage for me, whether it's inbox storage, or quarantine storage. Since I can just put in a global sieve rule to move messages to every user's junk folder, this isn't a huge issue. 

Anyway, the short version of that article, assuming you've already made the changes to main.cf and master.cf as I noted above

```

emerge -av amavisd-new spamassassin clamav

emerge -av razor dcc

rc-update add amavisd default

rc-update add clamd default

mkdir /var/amavis/virusmails

chown amavis:amavis /var/amavis/virusmails

chmod 750 /var/amavis/virusmails

```

make /etc/freshclam.conf look like so:

```

UpdateLogFile /var/log/clamav/freshclam.log

PidFile /var/run/clamav/freshclam.pid

DatabaseOwner clamav

AllowSupplementaryGroups yes

DatabaseMirror database.clamav.net

ScriptedUpdates yes

NotifyClamd /etc/clamd.conf

```

make /etc/clamd.conf look like so

```

LogFile /var/log/clamav/clamd.log

LogTime yes

LogSyslog yes

LogFacility LOG_MAIL

LogVerbose yes

PidFile /var/amavis/clamd.pid

TemporaryDirectory /var/amavis/tmp

LocalSocket /var/amavis/clamd.sock

FixStaleSocket yes

StreamMaxLength 20M

MaxDirectoryRecursion 20

User amavis

ScanMail yes

PhishingSignatures yes

PhishingScanURLs yes

ScanArchive yes

MaxScanSize 150M

MaxFileSize 60M

MaxRecursion 16

MaxFiles 15000

```

make /etc/conf.d/clamd look like so

```

START_CLAMD=yes

START_FRESHCLAM=yes

CLAMD_NICELEVEL=3

FRESHCLAM_NICELEVEL=19

```

run the following:

```

usermod -s /bin/bash amavis

su - amavis

razor-admin -create

exit

usermod -s /sbin/nologin amavis

```

The article mentions setting up /etc/mail/spamassassin/local.cf - mine just looks like so, as most of that stuff is controlled via /etc/amavisd.conf

```

use_bayes 0

skip_rbl_checks 0

ok_languages de en no sv

ok_locales en

bayes_path /var/amavis/.spamassassin/bayes

```

Then make your /etc/amavisd.conf look as it should. Again, too long to document, for that you *will* have to do a bit of reading. 

I've posted my complete amavisd.conf on pastebin, obviously without my passwords:

http://pastebin.com/g4scU06h

I have tried to go through and add my own comments to the ones that the .conf has by default, but I am not too proud to admit that it was years ago that I researched what each of these means, I've copied this all over because it works for me, so my comments aren't totally complete. Just the same, I think I've covered off the places to pay attention to in amavisd.conf via comments. Bear in mind of course, my amavisd.conf is only relevant if you've followed all of the above, and want to do things as I have. 

I guess the last thing to do is set up a cron job to run "sa-update" so that your spamassassin definitions get updated.

Once all of that is done, start the 'amavisd' service, start clamd, and you should be getting filtered

I don't do this because I write my own rules =/

(that's where my professional background is, and I trust myself more than I trust most)

Anyway, hopefully that gets you started. If you have questions, I will answer as best as I am able, best as my time permits.

It may not get you a hit rate as accurate as a commercial filter, but it'll be pretty darn decent, and if you decide on a sane path for managing items detected as spam, you should be happy with the results.

There are a ton of different ways you can go, and everyone has their own opinion (which usually sparks a very heated debate!) on how things should be done, this is just how I've opted to do things, and it works fairly well. It may not even be what I consider "right" so much as it is "right as far as my knowledge of the involved tools allows".

----------

## cach0rr0

 *Shane-Echosnet wrote:*   

> *bangs head on desk*
> 
> It would seem I just ran into a brick wall!
> 
> Althought the mail server it up and running 100% fne
> ...

 

are you using "user@domain.tld" as your login, or are you using just "user" ? Try both. 

is your squirrelmail configuration set to login via SSL, on the SSL port? (993) Maybe your IMAP server only allows cleartext logins on port 993, unless from the local network. Who knows. 

I haven't touched squirrelmail in ages unfortunately, I can't help heaps there. I guess it might help to check your logs and see what looks different between when you login locally, and when you login remotely. I used Horde for a long while, eventually deciding to just use a regular old mail client (Kmail within Kontact). Just as an aside, webmail clients are a pain to upgrade more often than not, as most webapps are, but upgrading is critical from a security standpoint (or rather, staying patched). To make this less painful, so you don't get "owned", your webmail client's directory in Apache should be password protected within apache (using an .htaccess file, authenticating against an htpasswd file if nothing else)

----------

## Shane-Echosnet

I got the webmail working. thanks for that. 

I have not had a chance to work with the spam thing yet im going to set aside friday night for that. 

ill let you know how it all works when I get the time to play with it again.

----------

## cach0rr0

 *Shane-Echosnet wrote:*   

> I got the webmail working. thanks for that. 
> 
> I have not had a chance to work with the spam thing yet im going to set aside friday night for that. 
> 
> ill let you know how it all works when I get the time to play with it again.

 

The RBL's you can put in immediately and see a pretty darn nice catch rate if you use my list above.

The amavisd/spamassassin/clamav thing can wait until you have time for reading, and it will be there mainly to catch the stragglers  :Smile: 

----------

## Shane-Echosnet

Ok so im stuck yet again. 

When i type 

```
 razor-admin -create 
```

this is the output I get. 

```

amavis@echosnetwork ~ $ razor-admin -create

Can't locate Digest/SHA1.pm in @INC (@INC contains: lib /etc/perl /usr/lib/perl5/site_perl/5.12.2/i686-linux /usr/lib/perl5/site_perl/5.12.2 /usr/lib/perl5/vendor_perl/5.12.2/i686-linux /usr/lib/perl5/vendor_perl/5.12.2 /usr/lib/perl5/5.12.2/i686-linux /usr/lib/perl5/5.12.2 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl /usr/local/lib/site_perl .) at /usr/lib/perl5/vendor_perl/5.12.2/i686-linux/Razor2/String.pm line 4.

BEGIN failed--compilation aborted at /usr/lib/perl5/vendor_perl/5.12.2/i686-linux/Razor2/String.pm line 4.

Compilation failed in require at /usr/lib/perl5/vendor_perl/5.12.2/i686-linux/Razor2/Client/Agent.pm line 18.

BEGIN failed--compilation aborted at /usr/lib/perl5/vendor_perl/5.12.2/i686-linux/Razor2/Client/Agent.pm line 18.

Compilation failed in require at /usr/bin/razor-admin line 18.

BEGIN failed--compilation aborted at /usr/bin/razor-admin line 18.

```

being I have never messed around with this I have no idea what the heck that means.

----------

## Shane-Echosnet

And yet almost the same error with amavis. 

```

echosnetwork etc # /etc/init.d/amavisd start

 * Starting amavisd-new ...

Problem in Amavis SQL base code: Can't locate DBI.pm in @INC (@INC contains: /etc/perl /usr/lib/perl5/site_perl/5.12.2/i686-linux /usr/lib/perl5/site_perl/5.12.2 /usr/lib/perl5/vendor_perl/5.12.2/i686-linux /usr/lib/perl5/vendor_perl/5.12.2 /usr/lib/perl5/5.12.2/i686-linux /usr/lib/perl5/5.12.2 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl /usr/local/lib/site_perl) at (eval 101) line 18.

BEGIN failed--compilation aborted at (eval 101) line 18.                  [ !! ]

```

Its getting late and that alarm clock starts yelling at 5 AM Im going to look over everything after this thing I call A job is over at 4 PM LOL 

Thanks for your help again.

----------

## cach0rr0

I will be perfectly honest and say I've never tried this with perl 5.12

I had a similar problem upgrading from 5.8 to 5.10, and ended up simply reverting to 5.8

You might try some of the stuff mentioned here, as this was the last discussion I had on just such breakage - https://forums.gentoo.org/viewtopic-t-815620-highlight-amavis.html

This is a bit of a messy one. 

Frankly I think this is a bug. The ebuild should be pulling all of this in, and it clearly isn't. 

There are loads of perl dependencies, many of them which have been renamed over the years - to the extent i think even reverting to 5.8 might still be messy. 

I'm not entirely sure, I have to think on that one. My first amavisd setup years ago I had no problems. The most recent one when i changed hardware I had loads of problems to fight through. 

You could

```

emerge -v dev-perl/Digest-SHA1

```

for the first one, and then

```

emerge -v dev-perl/DBI

```

For the second one

But from what I recall (sorry I didn't remember this earlier) this will get you past DBI and SHA1, and then choke on something else. 

I remember having to do:

```

emerge -v portage-utils

qlist -CI dev-perl/* |xargs emerge -v

```

then run perl-cleaner all

but because of what *I* feel is a bug in the amavisd ebuild, it's going to be a process of trial and error for you - amavis complains about one package missing, you emerge that package, amavis then complains about the next package missing; so lather rinse and repeat. 

The point of dependencies within portage is making sure that you DON'T have to go through all this hassle. Just, there are so many packages involved, in order for me to provide the devs with an updated ebuild with correct dependencies, I would have to start from a clean system; I don't have one to do that with at the moment unfortunately. I will see if I can find one, but in the interim you are going to have a bit of a headache with the trial and error method (unless someone else has a brilliant idea!)

----------

## cach0rr0

grepping through /usr/sbin/amavisd, this seems to be what is required

```

Archive::Zip

BerkeleyDB

Carp

Compress::Zlib

Convert::TNEF

Convert::UUlib

Crypt::OpenSSL::RSA

DBI

Digest::MD5

Encode

Errno

Fcntl

File::Basename

FileHandle

IO::File

IO::Handle

IO::Socket

IO::Socket::INET

IO::Socket::UNIX

MIME::Base64

MIME::Entity

MIME::Parser

MIME::Words

Mail::DKIM::Signer

Mail::DKIM::TextWrap

Mail::DKIM::Verifier

Mail::SpamAssassin

Net::Server

POSIX

Socket

Time::HiRes

Unix::Syslog

```

Now, to see which packages in portage provide which of these. If I can sort that, I can probably put together a fixed ebuild. Or, it may not be the fault of the ebuild, we'll see.

The ebuild already handles some of these, and the base perl install covers others, just need to see what we're missing (DBI is an obvious one, though the ebuild does say to pull in "dev-perl/DBD-mysql", so I don't know, maybe that's supposed to provide DBI? Actually, yes, checking that ebuild, DBD-mysql *does* have DBI as a dependency - what the hell is broken here, then?)

Note that I'm checking all of this against amavisd-new-2.7.0_pre8

I haven't looked into this in great detail just yet

----------

## Shane-Echosnet

Ok i got everything working except for amavis 

Im not getting any output on screen and I cant seem to find the log file even after I changed the log file to a diffrent location. 

```

echosnetwork ~ # /etc/init.d/postfix restart

 * Starting amavisd-new ...                                                                                                [ !! ]

echosnetwork ~ # tail -f /var/log/messages

Dec  6 18:14:50 echosnetwork amavis[11159]: Net::Server: 2010/12/06-18:14:50 Amavis (type Net::Server::PreForkSimple) starting! p                   id(11159)

Dec  6 18:14:50 echosnetwork amavis[11159]: Net::Server: Binding to UNIX socket file /var/amavis/amavisd.sock using SOCK_STREAM

Dec  6 18:14:50 echosnetwork amavis[11159]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1

Dec  6 18:14:50 echosnetwork amavis[11159]: Net::Server: Group Not Defined.  Defaulting to EGID '102 102'

Dec  6 18:14:50 echosnetwork amavis[11159]: Net::Server: User Not Defined.  Defaulting to EUID '104'

Dec  6 18:14:50 echosnetwork amavis[11159]: Net::Server: Setting up serialization via flock

Dec  6 18:14:50 echosnetwork amavis[11159]: after_chroot_init: EUID: 104 (104);  EGID: 102 102 (102 102)

Dec  6 18:14:50 echosnetwork amavis[11159]: config files read: /etc/amavisd.conf

Dec  6 18:14:50 echosnetwork amavis[11159]: (!!)TROUBLE in pre_loop_hook: IPv6 address [#] contains fewer than 8 fields

Dec  6 18:14:50 echosnetwork amavis[11159]: (!)_DIE: Suicide () TROUBLE in pre_loop_hook: IPv6 address [#] contains fewer than 8                    fields

```

----------

## cach0rr0

can you post your amavisd.conf? 

you have a hash character somewhere it shouldntbe.

----------

## Shane-Echosnet

running! I just #@mynetworks  Im sure that might hurt me later but for now at lest its running? 

Here is what I got so far. 

The amaviss is running fine. only for some messed up reason I cant send mail to my mail box nore can I send mail from my mailbox to a local mailbox or the internet. 

when I send something to my box this is what comes up in tail -f /var/log/messages

```

Along with alot of other stuff that looks right to me

Dec  6 18:50:06 echosnetwork postfix/smtp[11809]: 0859456A0D5: to=<shane@echosnetwork.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=315, delays=315/0.11/0.02/0.04, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=11651-02, sql-enter FAILED: sql exec: err=1146, 42S02, DBD::mysql::st execute failed: Table 'amavis.maddr' doesn't exist at (eval 101) line 166, <GEN6> line 31. (in reply to end of DATA command))

```

Now I did setup the SQL database as said in the guide that you posted uptop

Will 

```
 grep -v ^\# amavisd.conf |grep -v ^$ 
```

 work to show my file as yours did? im lost when it comes to that.

----------

## cach0rr0

[quote="Shane-Echosnet"]running! I just #@mynetworks  Im sure that might hurt me later but for now at lest its running? 

Here is what I got so far. 

The amaviss is running fine. only for some messed up reason I cant send mail to my mail box nore can I send mail from my mailbox to a local mailbox or the internet. 

```

DBD::mysql::st execute failed: Table 'amavis.maddr' doesn't exist at (eval 101) line 166, <GEN6> line 31. (in reply to end of DATA command))

```

What did you use to create your amavis database? The link I posted has a "mailaddr" table, but not a "maddr" table. Amavis is looking for a table in the DB that doesnt exist, and choking. 

If you can, fire up the mysql command-line, then:

```

mysql> use amavis;

mysql> show tables;

```

 *Shane-Echosnet wrote:*   

> 
> 
> Will 
> 
> ```
> ...

 

That's one of a handful of quick ways of stripping comments and empty lines from a config file

The first bit says to see if the first character on a line (as denoted by '^') is a hash (as denoted by \# )

The second bit says to check for an empty line  (^ denotes start of line, and $ denotes end, if nothing is in between the line is empty)

The -v switch on grep says "show me everything BUT lines that match this pattern"

There are better ways of stripping comments, that's just what I committed to memory =/

----------

## Shane-Echosnet

my sql 

I was useing myPHPadmin to setup the sql

```

mysql> show tables;

+------------------+

| Tables_in_amavis |

+------------------+

| mailaddr         |

| policy           |

| users            |

| wblist           |

+------------------+

4 rows in set (0.00 sec)

```

here is the conf file

http://pastebin.com/092GZtL9

----------

## cach0rr0

hrmm...looks like 'maddr' is actually an expected table, just checked my own. I suppose it's a good thing we're in this thread, because I haven't documented any of this, and I know I've had these same hiccups before myself, inevitably im going to have to go back and do this all again; now when I do I can refer back to this thread  :Smile: 

```

mysql> show tables;

+------------------+

| Tables_in_amavis |

+------------------+

| maddr            |

| mailaddr         |

| msgrcpt          |

| msgs             |

| policy           |

| quarantine       |

| users            |

| wblist           |

+------------------+

8 rows in set (0.00 sec)

```

Of course, that mail filter guide doesn't tell you to do that. 

I checked the README.sql-mysql that's included in /usr/share/doc/amavisd-new-2.6.3-r2/ (your version may be different) and plucked this out of it

Drop the amavis database, paste the following SQL bits into a new textfile, amavis.sql, then create the amavis database, then create the tables and whatnot:

```

mysqladmin drop amavis -p

<enter your password>

mysqladmin create amavis -p

<enter your password>

vi amavis.sql

<paste in the contents of below>

mysql amavis < amavis.sql -p

<enter password>

```

(ideally you'd want to have amavis access the database with its own user and password, and would need to run a GRANT statement after that, but that's another story)

Anyway, here's the table creation stuff:

```

CREATE TABLE users (

  id         int unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,  -- unique id

  priority   integer      NOT NULL DEFAULT '7',  -- sort field, 0 is low prior.

  policy_id  integer unsigned NOT NULL DEFAULT '1',  -- JOINs with policy.id

  email      varbinary(255) NOT NULL UNIQUE,

  fullname   varchar(255) DEFAULT NULL,    -- not used by amavisd-new

  local      char(1)      -- Y/N  (optional field, see note further down)

);

CREATE TABLE mailaddr (

  id         int unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,

  priority   integer      NOT NULL DEFAULT '7',  -- 0 is low priority

  email      varbinary(255) NOT NULL UNIQUE

);

CREATE TABLE wblist (

  rid        integer unsigned NOT NULL,  -- recipient: users.id

  sid        integer unsigned NOT NULL,  -- sender: mailaddr.id

  wb         varchar(10)  NOT NULL,  -- W or Y / B or N / space=neutral / score

  PRIMARY KEY (rid,sid)

);

CREATE TABLE policy (

  id  int unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,

                                    -- 'id' this is the _only_ required field

  policy_name      varchar(32),     -- not used by amavisd-new, a comment

  virus_lover          char(1) default NULL,     -- Y/N

  spam_lover           char(1) default NULL,     -- Y/N

  banned_files_lover   char(1) default NULL,     -- Y/N

  bad_header_lover     char(1) default NULL,     -- Y/N

  bypass_virus_checks  char(1) default NULL,     -- Y/N

  bypass_spam_checks   char(1) default NULL,     -- Y/N

  bypass_banned_checks char(1) default NULL,     -- Y/N

  bypass_header_checks char(1) default NULL,     -- Y/N

  spam_modifies_subj   char(1) default NULL,     -- Y/N

  virus_quarantine_to      varchar(64) default NULL,

  spam_quarantine_to       varchar(64) default NULL,

  banned_quarantine_to     varchar(64) default NULL,

  bad_header_quarantine_to varchar(64) default NULL,

  clean_quarantine_to      varchar(64) default NULL,

  other_quarantine_to      varchar(64) default NULL,

  spam_tag_level  float default NULL, -- higher score inserts spam info headers

  spam_tag2_level float default NULL, -- inserts 'declared spam' header fields

  spam_kill_level float default NULL, -- higher score triggers evasive actions

                                      -- e.g. reject/drop, quarantine, ...

                                     -- (subject to final_spam_destiny setting)

  spam_dsn_cutoff_level        float default NULL,

  spam_quarantine_cutoff_level float default NULL,

  addr_extension_virus      varchar(64) default NULL,

  addr_extension_spam       varchar(64) default NULL,

  addr_extension_banned     varchar(64) default NULL,

  addr_extension_bad_header varchar(64) default NULL,

  warnvirusrecip      char(1)     default NULL, -- Y/N

  warnbannedrecip     char(1)     default NULL, -- Y/N

  warnbadhrecip       char(1)     default NULL, -- Y/N

  newvirus_admin      varchar(64) default NULL,

  virus_admin         varchar(64) default NULL,

  banned_admin        varchar(64) default NULL,

  bad_header_admin    varchar(64) default NULL,

  spam_admin          varchar(64) default NULL,

  spam_subject_tag    varchar(64) default NULL,

  spam_subject_tag2   varchar(64) default NULL,

  message_size_limit  integer     default NULL, -- max size in bytes, 0 disable

  banned_rulenames    varchar(64) default NULL  -- comma-separated list of ...

        -- names mapped through %banned_rules to actual banned_filename tables

);

CREATE TABLE maddr (

  partition_tag integer   DEFAULT 0,   -- see $sql_partition_tag

  id         bigint unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,

  email      varbinary(255) NOT NULL,  -- full mail address

  domain     varchar(255)   NOT NULL,  -- only domain part of the email address

                                       -- with subdomain fields in reverse

  CONSTRAINT part_email UNIQUE (partition_tag,email)

) ENGINE=InnoDB;

CREATE TABLE msgs (

  partition_tag integer    DEFAULT 0,   -- see $sql_partition_tag

  mail_id    varbinary(12) NOT NULL PRIMARY KEY,  -- long-term unique mail id

  secret_id  varbinary(12)   DEFAULT '',  -- authorizes release of mail_id

  am_id      varchar(20)   NOT NULL,    -- id used in the log

  time_num   integer unsigned NOT NULL, -- rx_time: seconds since Unix epoch

  time_iso   char(16)      NOT NULL,    -- rx_time: ISO8601 UTC ascii time

  sid        bigint unsigned NOT NULL, -- sender: maddr.id

  policy     varchar(255)  DEFAULT '',  -- policy bank path (like macro %p)

  client_addr varchar(255) DEFAULT '',  -- SMTP client IP address (IPv4 or v6)

  size       integer unsigned NOT NULL, -- message size in bytes

  content    binary(1),                 -- content type: V/B/S/s/M/H/O/C:

    -- virus/banned/spam(kill)/spammy(tag2)/bad-mime/bad-header/oversized/clean

    -- is NULL on partially processed mail

    -- use binary instead of char for case sensitivity ('S' != 's')

  quar_type  binary(1),                 -- quarantined as: ' '/F/Z/B/Q/M/L

                                        --  none/file/zipfile/bsmtp/sql/

                                        --  /mailbox(smtp)/mailbox(lmtp)

  quar_loc   varbinary(255) DEFAULT '', -- quarantine location (e.g. file)

  dsn_sent   char(1),                   -- was DSN sent? Y/N/q (q=quenched)

  spam_level float,                     -- SA spam level (no boosts)

  message_id varchar(255)  DEFAULT '',  -- mail Message-ID header field

  from_addr  varchar(255)  DEFAULT '',  -- mail From header field,    UTF8

  subject    varchar(255)  DEFAULT '',  -- mail Subject header field, UTF8

  host       varchar(255)  NOT NULL,    -- hostname where amavisd is running

  FOREIGN KEY (sid) REFERENCES maddr(id) ON DELETE RESTRICT

) ENGINE=InnoDB;

CREATE INDEX msgs_idx_sid      ON msgs (sid);

CREATE INDEX msgs_idx_mess_id  ON msgs (message_id); -- useful with pen pals

CREATE INDEX msgs_idx_time_num ON msgs (time_num);

CREATE TABLE msgrcpt (

  partition_tag integer    DEFAULT 0,    -- see $sql_partition_tag

  mail_id    varbinary(12) NOT NULL,     -- (must allow duplicates)

  rid        bigint unsigned NOT NULL,   -- recipient: maddr.id (dupl. allowed)

  ds         char(1)       NOT NULL,     -- delivery status: P/R/B/D/T

                                         -- pass/reject/bounce/discard/tempfail

  rs         char(1)       NOT NULL,     -- release status: initialized to ' '

  bl         char(1)       DEFAULT ' ',  -- sender blacklisted by this recip

  wl         char(1)       DEFAULT ' ',  -- sender whitelisted by this recip

  bspam_level float,                     -- spam level + per-recip boost

  smtp_resp  varchar(255)  DEFAULT '',   -- SMTP response given to MTA

  FOREIGN KEY (rid)     REFERENCES maddr(id)     ON DELETE RESTRICT,

  FOREIGN KEY (mail_id) REFERENCES msgs(mail_id) ON DELETE CASCADE

) ENGINE=InnoDB;

CREATE INDEX msgrcpt_idx_mail_id  ON msgrcpt (mail_id);

CREATE INDEX msgrcpt_idx_rid      ON msgrcpt (rid);

CREATE TABLE quarantine (

  partition_tag integer    DEFAULT 0,    -- see $sql_partition_tag

  mail_id    varbinary(12) NOT NULL,     -- long-term unique mail id

  chunk_ind  integer unsigned NOT NULL,  -- chunk number, starting with 1

  mail_text  blob          NOT NULL,     -- store mail as chunks of octets

  PRIMARY KEY (mail_id,chunk_ind),

  FOREIGN KEY (mail_id) REFERENCES msgs(mail_id) ON DELETE CASCADE

) ENGINE=InnoDB;

```

----------

## Shane-Echosnet

It is sending and receiving mail from both local and internet. 

Everything seems like its working. Is there a way to test it out ? 

Oh geez now my webmail isnt working again. LOL!! you know there really is alot that goes into a simple mail server 

As I was watching the tail -f log file there was only one error. 

```

ClamAV-clamd: Can't connect to UNIX socket /var/amavis/clamd.sock: No such file or directory, retrying (1)

```

Being everything is running could that be part of the whole bug issue? 

OH before I forget Is there anything I Have to do with cron? I was reading somewhere I have to add the update thing for one of the addins. 

Im really shakey with cron I never had anything in cron work for me. In fact last time I tryed I spent 2 hours undoing it ( dont ask lol )

You have no idea how much you helped me out I really thank you alot!

----------

## cach0rr0

the mail server portion isn't too bad, the content filtering setup is the big hurdle. At the moment there aren't really any freebie/open-source content filtering tools that have uber intuitive installation routines. 

So, "everything is started" - I presume that includes clamd? 

clamd should be added to the default runlevel and started if you haven't done so already:

```

rc-update add clamd default

/etc/init.d/clamd start

```

Checking netstat, I see this:

```

unix  2      [ ACC ]     STREAM     LISTENING     3740     3085/clamd           /var/amavis/clamd.sock

unix  2      [ ACC ]     STREAM     LISTENING     3876     3155/amavisd (maste  /var/amavis/amavisd.sock

```

What do you see in netstat -l | grep sock ?

As per this entry in /etc/clamd.conf, that's where the clamd.sock should be created:

```

LocalSocket /var/amavis/clamd.sock

```

SO...either that's not set in your clamd.conf, or, clamd isn't started, or, the directory does not have the requisite permissions:

```

renee ~ # ls -alh /var/amavis/

total 17K

drwxr-xr-x  8 amavis amavis  552 Oct 12 23:55 .

```

These are unrelated to any of the perl issues or previous issues we hit. Just a matter of clamd.sock not being where amavis expects to find it.

----------

## cach0rr0

as far as cron goes, I think clamd handles the periodic running of freshclam, so nothing needed there

you might need to add an entry like this to cron

```

@daily /usr/bin/sa-update --nogpg

```

(edited with crontab -e as root)

Nothing else I can think of that requires cron. 

UNLESS you decide you want to do a bit of reporting. 

sys-apps/logwatch sets all of the cron stuff up for you, so no worries there

The other is pflogsumm, which does require a cron entry

```

* net-mail/pflogsumm

     Available versions:  *1.0.11 1.1.0 1.1.0-r2 1.1.1 ~1.1.3

     Homepage:            http://jimsun.linxnet.com/postfix_contrib.html

     Description:         Pflogsumm is a log analyzer for Postfix logs

* sys-apps/logwatch

     Available versions:  7.3.6 ~7.3.7_pre20091210 ~7.3.7_pre20100217

     Homepage:            http://www.logwatch.org/

     Description:         Analyzes and Reports on system logs

```

----------

## Shane-Echosnet

K im going to add the stuff to cron 

After I changed the perms for the folder where the .soc is everything is working now. 

as for  netstat -l | grep sock

```

Active UNIX domain sockets (only servers)

unix  2      [ ACC ]     STREAM     LISTENING     6928     /var/run/mysqld/mysqld.sock

unix  2      [ ACC ]     STREAM     LISTENING     7139     /var/run/cgisock.15274

unix  2      [ ACC ]     STREAM     LISTENING     6629     /var/amavis/amavisd.sock

unix  2      [ ACC ]     STREAM     LISTENING     6476     /var/run/clamav/clamd.sock

```

everything seems in order.

Now one of them is telling me the virus defs are out of date. so Im going to look into that also 

I dont think I will EVER do another mail server this was almost as hard as my first wife  lol!!

----------

## Shane-Echosnet

A tad off topic. But would you have any Ideas on how to fix this small problem. 

When I try to start or even stop a service this comes up  ( not all the time ) like 1 out of 10 times

```

* Caching service dependencies ...

 *  Can't find service 'courier-authlib' needed by 'courier-imapd-ssl';  continuing...

 *  Can't find service 'courier-authlib' needed by 'courier-pop3d';  continuing...

 *  Can't find service 'courier-authlib' needed by 'courier-pop3d-ssl';  continuing...

 *  Can't find service 'courier-authlib' needed by 'courier-imapd';  continuing...                                        [ ok ]

```

Now when I started to do the whole mail server I unmerged courier. I cant find anything on the web about it. 

Its no biggie just looks ugly I guess.

----------

## cach0rr0

nice thing is, once you've done this configuration once, you're *forced* to learn and commit some of this stuff to memory. New needs arise? The postconf manpage is there! 

If you do have to configure such a thing again, most of what you've learned will be applicable. 

As far as those errors, they are cosmetic, but annoying. I'd just grep -i courier /etc/init.d/*

Then ls /etc/init.d

see if anything relating to 'courier' shows up. No real science on that one. Maybe there's a vestigial init script left over in that directory that didnt get unmerged when you unmerged the courier stuff, and that script may need the courier-authlib stuff. Making a quasi-educated guess, I would reckon the init scripts for "courier-imapd-ssl', 'courier-pop3d', 'courier-pop3d-ssl', and 'courier-imapd', are still left behind in that directory. Check and see, and if you're certain those packages are unmerged, you can simply rm those init scripts by hand.

----------

