# [solved] postfixadmin - script execution

## pogwizd

Hello everyone,

I am trying for several days now to configure my mail server and I am stuck at the point where I should be able to add my e-mail accounts via postfixadmin.

I followed to the letters the instruction of the hot-to available at there: https://wiki.gentoo.org/wiki/Complete_Virtual_Mail_Server.

The problem is that when I try to add an -email account, I have the message

 *Quote:*   

> The mailbox postcreate script failed, check the error log for details!
> 
> Unable to send email to abcd@efghij.klm!

 

And so to be sure, yes:

  - I added the scripts path in my config.local.php of my postfixadmin instanciation in my apache virtual host.

  - I added the scripts in the correct folder as describe

  - I modified those script to point to the correct folder

  - The scripts are executable

  - I edited the sudouser file as mentioned

I've made some test, and tried to execute the  *Quote:*   

> postfixadmin-mailbox-postcreation.sh

  script directly via the shell and I discovered that:

  - With my current system version, I had to modify the script to use  *Quote:*   

> courier-maildirmake

  instead of  *Quote:*   

> maildirmake

 

  - The script does work properly if executed by the root user (which is not to do usually  :Embarassed:  )

  - The script does not work if used by a normal user (after having added the correct line in visudo). In that case, I have the following error

 *Quote:*   

> mkdir: cannot open folder „/var/vmail”: Access denied
> 
> ./postfixadmin-mailbox-postcreation.sh: mkdir -p '/var/vmail/efghij.klm' returned non-zero; bailing out.

 

I really do not know where the problem lies, could someone help please?

Thanks a lot

For info, I am using an ~amd64 system, here are the packages version I am using, and my use flags:

```
emerge apache php postfix postfixadmin postgresql -p

These are the packages that would be merged, in order:

Calculating dependencies... done!

[ebuild   R    ] www-servers/apache-2.4.39:2::gentoo  USE="gdbm ldap ssl suexec-caps threads -debug -doc -libressl (-selinux) -static -suexec -suexec-syslog" APACHE2_MODULES="access_compat actions alias asis auth_basic auth_digest authn_alias authn_anon authn_core authn_dbd authn_dbm authn_file authz_core authz_dbd authz_dbm authz_groupfile authz_host authz_owner authz_user autoindex cache cache_disk cern_meta cgi cgid charset_lite dav dav_fs dav_lock dbd deflate dir dumpio env expires ext_filter file_cache filter headers http2 ident imagemap include info lbmethod_bybusyness lbmethod_byrequests lbmethod_bytraffic lbmethod_heartbeat log_config log_forensic logio macro mime mime_magic negotiation proxy proxy_ajp proxy_balancer proxy_connect proxy_fcgi proxy_ftp proxy_html proxy_http proxy_scgi proxy_wstunnel ratelimit remoteip reqtimeout rewrite setenvif slotmem_shm socache_shmcb speling status substitute unique_id unixd userdir usertrack version vhost_alias xml2enc -brotli -cache_socache -md -proxy_http2 -watchdog" APACHE2_MPMS="worker -event -prefork" 0 KiB

[ebuild   R    ] dev-db/postgresql-11.5:11::gentoo  USE="icu kerberos ldap nls pam perl python readline server ssl systemd threads xml zlib -debug -doc -libressl -llvm (-selinux) -static-libs -tcl -uuid" PYTHON_SINGLE_TARGET="python3_6 -python2_7 -python3_5 -python3_7" PYTHON_TARGETS="python2_7 python3_6 python3_7 -python3_5" 0 KiB

[ebuild   R    ] mail-mta/postfix-3.4.6::gentoo  USE="berkdb eai ldap memcached pam postgres sasl sqlite ssl -cdb -dovecot-sasl -hardened -ldap-bind -libressl -lmdb -mbox -mysql -nis (-selinux)" 0 KiB

[ebuild   R    ] dev-lang/php-7.3.8:7.3::gentoo  USE="acl apache2 berkdb bzip2 cgi cli ctype curl exif fileinfo filter flatfile ftp gd gdbm hash iconv imap intl ipv6 json kerberos ldap nls opcache pcntl pdo phar posix postgres readline session simplexml snmp sockets spell sqlite ssl systemd threads tidy tokenizer truetype unicode webp xml xmlreader xmlrpc xmlwriter xpm zip zlib -argon2 -bcmath -calendar -cdb -cjk -coverage -debug -embed -enchant -firebird -fpm -gmp -inifile -iodbc -ldap-sasl -libedit -libressl -lmdb -mhash -mssql -mysql -mysqli -oci8-instant-client -odbc -phpdbg -qdbm -recode (-selinux) -session-mm -sharedmem -soap -sodium -sysvipc -test -tokyocabinet -wddx -xslt -zip-encryption" 0 KiB

[ebuild   R    ] www-apps/postfixadmin-3.2:3.2::gentoo  USE="postgres vacation vhosts -mysql" 0 KiB

Total: 5 packages (5 reinstalls), Size of downloads: 0 KiB

 * IMPORTANT: 21 news items need reading for repository 'gentoo'.

 * Use eselect news read to view new items.

```

```
USE="X a52 aac aalib accessibility acl acpi activities aio alsa alsaao amd64 anacron apache2 apm archive atm audiofile authdaemond avahi bash-completion berkdb bluray branding browser-integration bs2b bzip2 cairo caps cdda cddb cdio cdparanoia cdr cgi cgroups clamav clamdtop clang cli client cover cplugins cracklib cron crypt cscope css ctype cups curl cvs cxx dbus declarative designer dga directfb display-manager djvu dos down-root dri driver drm dts dv dvd dvdr efiemu egl emboss enca encode enscript exif expat fam fastcgi fbcon flac flatfile fontconfig fonts fortran ftp gbm gd gdbm gdm gegl geoip geolocation ggi gif gimp glamor gles glut gnome-keyring gnuefi gnutls gold gphoto2 gpm gps graphviz grub gtk gtk3 gzip hddtemp hscolour iconv icu idn imagemagick imap imlib inotify intl introspection ipv6 java javascript jbig jpeg jpeg2k kde kerberos kipi kms kwallet lame lash lcms ldap legacy-systray libass libcaca libguess libkms libmpv libnotify libtirpc lm_sensors lua lzma lzo mad maildir matroska mdnsresponder-compat memcached messages metadata-analysis-api mikmod mime minizip mms mng modplug modules moodbar mp3 mp4 mpeg multilib musepack ncurses netapi networkmanager nls nntp nptl nsplugin nvidia ocamlopt odk offensive ogg openal openexr opengl openmp orc osc osmesa pam pango pcntl pcre pda pdf pdfimport pdo perl phonon php pipelight plasma plugins plymouth pm-utils png policykit postfix postgres postscript ppds printsupport projectm pulseaudio pvr python qml qt5 quicktime raw rdp readline rubberband ruby run-exes samba sasl sddm sdl seccomp semantic-desktop session shorten smp sndfile snmp sockets sound spamassassin spell split-usr sqlite ssl staging startup-notification svc svg syslogszip system-wine systemd taglib tcpd themes theora threads tidy tiff tokenizer tools truetype uchardet udev udisks unicode upnp upnp-av upower urandom usb user-session uvm v4l vaapi vacation vcd vdpau vhosts vim-pager vim-syntax vorbis wavpack wayland webkit webp webui widgets winbind wxwidgets x264 xattr xcb xcomposite xface xft xine xinerama xml xmlreader xmlrpc xmlwriter xosd xpm xscreensaver xv xvid xvmc zeroconf zip zlib zsh-completion" ABI_X86="32 64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="access_compat actions alias auth_basic auth_digest authn_alias authn_anon authn_core authn_dbd authn_dbm authn_default authn_file authz_core authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock dbd deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif socache_shmcb speling status unique_id unixd userdir usertrack vhost_alias asis authz_dbd cache_disk cern_meta charset_lite dumpio http2 ident imagemap lbmethod_bybusyness lbmethod_byrequests lbmethod_bytraffic lbmethod_heartbeat log_forensic macro proxy proxy_ajp proxy_balancer proxy_connect proxy_fcgi proxy_ftp proxy_html proxy_http proxy_scgi proxy_wstunnel ratelimit remoteip reqtimeout slotmem_shm substitute version xml2enc" APACHE2_MPMS="worker" CALLIGRA_FEATURES="karbon sheets words" CAMERAS="canon" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" CURL_SSL="nss" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="evdev" KERNEL="linux" L10N="pl en ru en-US" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="nlpsolver wiki-publisher scripting-beanshell scripting-javascript" NETBEANS_MODULES="apisupport cnd groovy gsf harness ide identity j2ee java mobility nb php profiler soa visualweb webcommon websvccommon xml" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-3" POSTGRES_TARGETS="postgres10 postgres11" PYTHON_SINGLE_TARGET="python3_6" PYTHON_TARGETS="python2_7 python3_6 python3_7" RUBY_TARGETS="ruby24 ruby25 ruby26" USERLAND="GNU" VIDEO_CARDS="nvidia" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
```

Last edited by pogwizd on Wed Feb 16, 2022 2:20 pm; edited 2 times in total

----------

## pogwizd

Hello guys,

So I tried furthermore, and discovered  two points:

  - The first one, was that at the script execution attempt, I had this error:

```
sudo: Effective UID is not 0. Is /usr/bin/sudo on a file system with a set nosuid option or on an NFS file system without root privileges?
```

So I change the apache2 init script as mentioned here: https://forums.gentoo.org/viewtopic-t-1089193-start-0.html

  - After that, it still did not worked, but I had no more the error message written abose. I found on the web, that there are some problems with sudo, so I downgraded it to the stable version (1.8.25_p1-r1), and it worked   :Laughing: 

So now the question is what happened with sudo?

----------

## alamahant

I havent used postfixadmin but instead I created an /etc/postfixvirtual-mailbox file to map the virtual accounts(you can give any name you like).

It looks like this:

```

user@domain   domain/user/Maildir/

.....

....

```

repeat for your desired virtual accounts

Then in /etc/dovecot/users add your passwords thus:

```

user@domain:{CRAM-MD5}xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

```

Use doveadm to create the passwords.

You need to run 

```

postmap virtual-mailbox

```

every time you add new accounts.

Ofcource you need to define your virtual domains and the vmail user in main.cf

Mine looks like this 

```

virtual_mailbox_domains = dom1, dom2, dom3 ........etc

virtual_mailbox_base = /home/vmail

virtual_mailbox_maps = hash:/etc/postfix/virtual-mailbox

virtual_uid_maps = static:20000

virtual_gid_maps = static:20000

```

Plus you need ALOT of configuration in dovecot.

Mine works...

But I gather you are working on something more extreme or prod like

If I were you I would start small with postfix plus a pop3/imap server(i like dovecot)

Add a few virtual accounts...See if everything works fine(sending-receiving email)

Then may be use a db backend...

Recheck.

Then use the anti-virus/spam packages etc...

By the way why do you need a web server?Is this webmail you are trying to configure?

 :Very Happy: 

----------

## pogwizd

Hello Alamahant,

Thanks for the tips, I will try it this evening after getting back from work  :Wink: 

But it seams quite nice, especially that I do not have a lot of mailboxes to manage.

By the way, you mentionned a lot of configuration for dovecot, could you give some hint please. I ask because till now I used courier on my previous system, but was considering switching (I've read it is quite more powerfull than courier)

Thanks,

----------

## alamahant

Please have a look here

https://www.server-world.info/en/note?os=CentOS_7&p=mail&f=10

I do not know if you have registered domains in your name but if you havent then you can use dyndns solution like dynu.

https://www.dynu.com/en-US

Just register a domain or two and use their chrome addon for updating your domains to point to your external IP(if that is you are behind a firewall like a home network).

Then add some virtual mailboxes based on these domains configure the whole thing,use a gmail account as a relay host open 25 465 and 587 ports in your router and et voila!!!

You will have your own email server with your own domains being able to send and receive email to/from anywhere.(there is some small config to do with thunderbird)..

But I have to warn you will be massively attacked by hackers when opening ports in your router so be careful.Once I had forgotten open the ssh port on my router for a day or two and then when I loged in i had something like 1700 failed ssh logins...

 :Very Happy: 

----------

## pogwizd

Hello,

OK, so I manage to reconfigure from scratch my mail server with just postfix & dovecot for the moment, by following those two instructions: http://www.postfix.org/VIRTUAL_README.html#virtual_mailbox and the one you gave me https://www.server-world.info/en/note?os=CentOS_7&p=mail&f=10.

Postfix is working with a virtual mailbox, and automatically created all the folder when tried to send an e-mail with telnet   :Laughing: 

But I still have problems to login using the imap protocol for the moment   :Crying or Very sad: 

I have a :authentification failed" message. Here is exactly the error message:

```

gentoo-home /etc/dovecot # systemctl status dovecot

● dovecot.service - Dovecot IMAP/POP3 email server

   Loaded: loaded (/lib/systemd/system/dovecot.service; enabled; vendor preset: disabled)

   Active: active (running) since Tue 2019-08-20 11:19:07 CEST; 6min ago

     Docs: man:dovecot(1)

           http://wiki2.dovecot.org/

 Main PID: 1293343 (dovecot)

      CPU: 98ms

   CGroup: /system.slice/dovecot.service

           ├─1293343 /usr/sbin/dovecot -F

           ├─1293346 dovecot/anvil

           ├─1293347 dovecot/log

           ├─1293348 dovecot/config

           ├─1293355 dovecot/stats

           └─1293499 dovecot/auth

sie 20 11:19:07 gentoo-home systemd[1]: Started Dovecot IMAP/POP3 email server.

sie 20 11:19:07 gentoo-home dovecot[1293343]: master: Dovecot v2.3.7.1 (0152c8b10) starting up for imap, pop3, lmtp

sie 20 11:19:15 gentoo-home dovecot[1293347]: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<MyName@MyDomain>, method=CRAM-MD5, rip=::1, lip=::1, secured, session=<HnE284iQouwAAAAAAAAAAAAAAAAAAAAB>

sie 20 11:25:53 gentoo-home dovecot[1293347]: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<MyName>, method=CRAM-MD5, rip=::1, lip=::1, secured, session=<gtfuComQpOwAAAAAAAAAAAAAAAAAAAAB>

```

As you can see, I've tried twice to check if it was because the login had to be put with the domain or not.

Now I guess that could be in fact due to the method how the password is emcrypted. In dovecot it is configure to use "CRAM-MD5", and we can see that this is what it expects, but when I try to get the password for my accound, I have it only in "CRYPT"

```

gentoo-home /etc/dovecot # doveadm pw

Enter new password:

Retype new password:

{CRYPT}$2y$05$qH0IkLH3z97UOzXQs/3kB.RompZ15ypDZ9t8.LzozicfIG94vXKAi

```

Any ideas?

----------

## alamahant

As a "doveadm pw help" would show there is the -s flag to specify the scheme or type of passwd.

So just use 

```

doveadm pw -s cram-md5

```

Also dont forget to build postfix with the "dovecot-sasl" USE flag.

 :Very Happy: Last edited by alamahant on Tue Aug 20, 2019 9:38 pm; edited 1 time in total

----------

## pogwizd

I confess, haven't seen that one.

Changed the password, and everything worked out   :Laughing:  .

So thank a lot for the help. For the moment this will do. When I will have some time, I will try to incorporate the data base  :Wink: 

By the way, yes, I have the "dovecot-sasl" use flag, and forgot to write before, I have my domain using noip.com dynamic DNS  :Wink: 

----------

