# Several Postfix Issues (sending / receiving)

## Aurora

Folks,

I'm having a real pain-in-the-bum problem with Postfix and Cyrus-SASL (both together and exclusively).  I've read a bunch of HowTos and Wikis and have found limited information regarding any of the problems that I'm having.

The first problem I'm having is regarding receiving eMail.  I have Postfix set up in such a way that it does, indeed, receive eMails from other senders (in other domains).  Based on the log, it talks to whatever server is trying to send eMails to me and doesn't seem to reject the messages.

Here's a snippet of one of the logs when I'm receiving eMails:

```
May 14 00:08:51 quasar postfix/smtpd[9242]: sql_select option missing

May 14 00:08:51 quasar postfix/smtpd[9242]: auxpropfunc error no mechanism available

May 14 00:08:51 quasar postfix/smtpd[9242]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql

May 14 00:08:51 quasar postfix/smtpd[9242]: auxpropfunc error invalid parameter supplied

May 14 00:08:51 quasar postfix/smtpd[9242]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb

May 14 00:08:51 quasar postfix/smtpd[9242]: connect from <SENDING SERVER.REMOTE SYSTEM.COM>[150.112.112.1]

May 14 00:08:51 quasar postfix/smtpd[9242]: 333B15AD3F: client=<SENDING SERVER.REMOTE SYSTEM.COM>[150.112.112.1]

May 14 00:08:51 quasar postfix/cleanup[9245]: 333B15AD3F: message-id=<Pine.LNX.4.60.023134370.23120@<SENDING SERVER.REMOTE SYSTEM.COM>>

May 14 00:08:51 quasar postfix/smtpd[9242]: disconnect from <SENDING SERVER.REMOTE SYSTEM.COM>[150.112.112.1]

May 14 00:08:51 quasar postfix/qmgr[9149]: 333B15AD3F: from=<USER@SENDING SERVER.REMOTE SYSTEM.COM>, size=915, nrcpt=1 (queue active)

May 14 00:08:51 quasar postfix/local[9246]: warning: connect #1 to subsystem private/dovecot: No such file or directory

May 14 00:09:01 quasar postfix/local[9246]: warning: connect #2 to subsystem private/dovecot: No such file or directory
```

So it seems to me that the eMail is indeed being transfered from the other end to Postfix on my server.  However, it doesn't seem like Postfix knows what to do with that eMail once it has it in its possession.  I currently have Dovecot installed on my server, and it's working beautifully in terms of serving up IMAP eMails and authenticating via CRAM-MD5.  I can create and read eMails that I have dumped into Dovecot manually without problems.

Now, here's my Postfix configuration, since apparently I'm not sure how to tell Postfix in the configuration where to drop the eMails when it receives something.

```
soft_bounce = yes

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

mail_owner = postfix

myhostname  = mail.MYDOMAIN.net

mydomain  = MYDOMAIN.net

myorigin  = $myhostname

inet_interfaces = all

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,

   mail.$mydomain, www.$mydomain, ftp.$mydomain

local_recipient_maps = unix:passwd.byname $alias_maps

unknown_local_recipient_reject_code = 450

mynetworks_style = host

relay_domains = $mydestination

alias_maps = hash:/etc/mail/aliases

alias_database = hash:/etc/mail/aliases

home_mailbox  = .mail

mail_spool_directory = /var/spool/mail

mailbox_transport  = dovecot

smtpd_banner = $myhostname ESMTP $mail_name

local_destination_concurrency_limit = 2

default_destination_concurrency_limit = 20

debug_peer_level = 2

debugger_command =

    PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

    xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

setgid_group = postdrop

html_directory = /usr/share/doc/postfix-2.2.10/html

manpage_directory = /usr/share/man

sample_directory = /etc/postfix

readme_directory = /usr/share/doc/postfix-2.2.10/readme

mail_spool_directory = /var/spool/mail

# SASL Authentication for Postfix

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain =

broken_sasl_auth_clients = yes

smtpd_client_restrictions = permit_sasl_authenticated, reject_unauth_destination
```

Now, I really don't know where to set inside of the main.cf file where Postfix should dump the eMails that it receives.  How do I tell Postfix to drop the files into the /home/<USER>/.mail directory so that Dovecot can serve the eMails?

The second part of the problem I'm having is sending mail from my computer (remotely; not via localhost).  Now, I don't even know where to begin with this.  I've compiled Postfix with sasl supoprt, and I've read all the HowTos on the Gentoo sites in terms of how to set Cyrus-SASL up to authenticate users remotely who want to send mail.

Here's a few of the files that I modified according to the configuration:

/etc/sasl2/smtpd.conf

```
# $Header: /var/cvsroot/gentoo-x86/mail-mta/postfix/files/smtp.sasl,v 1.2 2004/07/18 03:26:56 dragonheart Exp $

pwcheck_method:saslauthd

mech_list: plain login cram-md5
```

/etc/conf.d/saslauthd

```
# $Header: /var/cvsroot/gentoo-x86/dev-libs/cyrus-sasl/files/saslauthd-2.1.21.conf,v 1.1 2005/05/27 00:22:28 langthang Exp $

# Config file for /etc/init.d/saslauthd

SASLAUTH_MECH=shadow

SASL_RIMAP_HOSTNAME=""

SASL_TIME_OF_DAY_LOGIN_RESTRICTIONS=yes

SASLAUTHD_OPTS="-a ${SASLAUTH_MECH}"
```

Now, when I use Thunderbird to try to connect to the server, the mail client asks me to authenticate.  Upon typing my username and password, the server rejects my attempt to connect.  The logs show the following:

```
May 14 00:09:55 quasar postfix/smtpd[9433]: sql_select option missing

May 14 00:09:55 quasar postfix/smtpd[9433]: auxpropfunc error no mechanism available

May 14 00:09:55 quasar postfix/smtpd[9433]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql

May 14 00:09:55 quasar postfix/smtpd[9433]: auxpropfunc error invalid parameter supplied

May 14 00:09:55 quasar postfix/smtpd[9433]: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb

May 14 00:09:55 quasar postfix/smtpd[9433]: connect from <MY-ADDRESS.ISP.COM>[22.33.46.98]

May 14 00:09:55 quasar postfix/smtpd[9433]: warning: SASL authentication failure: Could not open /etc/sasl2/sasldb2: gdbm_errno=3

May 14 00:09:55 quasar postfix/smtpd[9433]: warning: SASL authentication failure: Could not open /etc/sasl2/sasldb2: gdbm_errno=3

May 14 00:09:55 quasar postfix/smtpd[9433]: warning: SASL authentication failure: no secret in database

May 14 00:09:55 quasar postfix/smtpd[9433]: warning: <MY-ADDRESS.ISP.COM>[22.33.46.98]: SASL CRAM-MD5 authentication failed

May 14 00:09:55 quasar postfix/smtpd[9433]: warning: SASL authentication failure: Could not open /etc/sasl2/sasldb2: gdbm_errno=3

May 14 00:09:55 quasar postfix/smtpd[9433]: warning: SASL authentication failure: Could not open /etc/sasl2/sasldb2: gdbm_errno=3

May 14 00:09:55 quasar postfix/smtpd[9433]: NOQUEUE: reject: RCPT from <MY-ADDRESS.ISP.COM>[22.33.46.98]: 454 <RECIPIENT ADDRESS>: Relay access denied; from=<SENDING ADDRESS> to=<RECIPIENT ADDRESS> proto=ESMTP helo=<[192.168.1.101]>

May 14 00:09:56 quasar postfix/smtpd[9433]: lost connection after RCPT from <MY-ADDRESS.ISP.COM>[22.33.46.98]

May 14 00:09:56 quasar postfix/smtpd[9433]: disconnect from <MY-ADDRESS.ISP.COM>[22.33.46.98]
```

*sigh*  So that's what I have so far...I can't receive or send eMail.   :Very Happy:   I'm stumped!  Any help or ideas would be very greatly appreciated.   :Very Happy: 

----------

## langthang

from your /etc/postfix/main.cf:

```
mailbox_transport  = dovecot
```

need to see how you set dovecot in master.cf

```
smtpd_client_restrictions = permit_sasl_authenticated, reject_unauth_destination
```

add this to main.cf

```
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination
```

to let authenticated users relay.

from your /etc/sasl2/smtpd.conf:

```
pwcheck_method:saslauthd

mech_list: plain login cram-md5
```

remove cram-md5 from above, can't use cram-md5 with saslauthd.

----------

## Aurora

Thanks for your reply langthang!  I have a few questions for you if you don't mind...

 *langthang wrote:*   

> from your /etc/postfix/main.cf:
> 
> ```
> mailbox_transport  = dovecot
> ```
> ...

 

Interesting...I was wondering how I could tell Postfix to deliver the mail to Dovecot so that I could then read it via POP or IMAP.  I don't have a line inside of master.cf for Dovecot, and a quick search online revealed nothing on what exactly would be necessary to accomplish this.

I think I might be looking at this notion of getting mail from Postfix and ultimately reading it in Dovecot the wrong way.  Is a program like procmail or maildrop "supposed" to be in the middle of the two to process mail before I can read it with Dovecot?  Or is this purely an optional (and oftentimes not used) step?

Right now I'd like to keep things as simple as possible, so putting something like procmail to process the eMails before they're handed off to Dovecot is something I'd rather avoid.  By the same token, however, I'd like to keep things semi-standard on the box, so if an MDA is generally a necessity, so be it.   :Smile: 

 *Quote:*   

> 
> 
> ```
> smtpd_client_restrictions = permit_sasl_authenticated, reject_unauth_destination
> ```
> ...

 

Okay, that's fair...but I'm not sure I understand why.  First off, this line (recipients) was not in any of the Gentoo HowTos that I found, as far as I can recall.  So in this case, a "user" like me would be a recipient?  What is the difference between the client and the recipient line in this given scenario?  And why is it that it wasn't specified in any of the HowTos (while the client line was)?  I'm just a little confused and am looking for clarification.

 *Quote:*   

> from your /etc/sasl2/smtpd.conf:
> 
> ```
> pwcheck_method:saslauthd
> 
> ...

 

Bummer.   :Sad:   What is the appropriate method to allow CRAM-MD5 authentication then?  I'm very confused on what authentication mechanisms are allowed when for Cyrus.  Any clarification would be greatly appreciated.   :Very Happy: 

Thanks!

----------

## langthang

 *Aurora wrote:*   

> Interesting...I was wondering how I could tell Postfix to deliver the mail to Dovecot so that I could then read it via POP or IMAP. I don't have a line inside of master.cf for Dovecot, and a quick search online revealed nothing on what exactly would be necessary to accomplish this.
> 
> I think I might be looking at this notion of getting mail from Postfix and ultimately reading it in Dovecot the wrong way. Is a program like procmail or maildrop "supposed" to be in the middle of the two to process mail before I can read it with Dovecot? Or is this purely an optional (and oftentimes not used) step?
> 
> Right now I'd like to keep things as simple as possible, so putting something like procmail to process the eMails before they're handed off to Dovecot is something I'd rather avoid. By the same token, however, I'd like to keep things semi-standard on the box, so if an MDA is generally a necessity, so be it. 

 

then why do you set mailbox_transport = dovecot? if you set mailbox_transport and don't set it up in master you have problem. I don't use dovecot so I don't know what is dovecot like should be. I don't really know how dovecot work either.

with courier-imap, you don't set mailbox_transport .  Postfix lookup the maildir setting for the user then deliver mail there. courier-imap read mail in that location and send it to mail client.

with cyrus, postfix can hand off mail in two ways. One is using cyrus transport. The other is using lmtp.

where is the link of the howto?

 *Aurora wrote:*   

> Okay, that's fair...but I'm not sure I understand why. First off, this line (recipients) was not in any of the Gentoo HowTos that I found, as far as I can recall. So in this case, a "user" like me would be a recipient? What is the difference between the client and the recipient line in this given scenario? And why is it that it wasn't specified in any of the HowTos (while the client line was)? I'm just a little confused and am looking for clarification. 

 

`man 5 postconf` and read it. The man page can explain a lot better than I can.

 *Aurora wrote:*   

> Bummer.  What is the appropriate method to allow CRAM-MD5 authentication then? I'm very confused on what authentication mechanisms are allowed when for Cyrus. Any clarification would be greatly appreciated. 

 

you can use PLAIN, LOGIN with TLS or {CRAM,DIGEST}-MD5 with plaintext password stored in the backend.

----------

## M.A.

You don't need to set "mailbox_transport" for using dovecot. You should instead instruct both postfix and dovecot to have the mailboxes in the same location, for instance:

```
$ postconf -n |grep maildir

home_mailbox = maildir/

$ grep maildir /etc/dovecot.conf

default_mail_env = ~/maildir

```

----------

