# Postfix/Dovecot Issues [Solved]

## vaguy02

I tried installing Postfix/Dovecot per the guide

http://en.gentoo-wiki.com/wiki/Mail_server_using_Postfix_and_Dovecot

All went mostely well. I'm able to login to the server and I'm able to see my inbox, but all messages sent into my email account don't show up. I don't see anything in my messages log, other than login and logout messages. 

Any thoughts?

Edit: The firewall was blocking port 25, this was allowed through. Now I'm getting the following error.

Jan 13 08:20:19 halo postfix/smtpd[23004]: connect from wf-out-1314.google.com[209.85.200.174]

Jan 13 08:20:19 halo postfix/smtpd[23004]: A39305E6D6: client=wf-out-1314.google.com[209.85.200.174]

Jan 13 08:20:19 halo postfix/cleanup[23011]: A39305E6D6: message-id=<001501c9759b$2edfa840$8c9ef8c0$@com>

Jan 13 08:20:19 halo postfix/qmgr[22985]: A39305E6D6: from=<rclowser@gmail.com>, size=4099, nrcpt=1 (queue active)

Jan 13 08:20:20 halo postfix/pipe[23013]: A39305E6D6: to=<postmaster@robshotz.com>, relay=dovecot, delay=0.85, delays=0.35/0.27/0/0.23, dsn=5.1.1, status=bounced (user unknown)

Jan 13 08:20:20 halo postfix/cleanup[23011]: 509105E6DA: message-id=<20090113162020.509105E6DA@halo.localdomain>

Jan 13 08:20:20 halo postfix/qmgr[22985]: 509105E6DA: from=<>, size=5822, nrcpt=1 (queue active)

Jan 13 08:20:20 halo postfix/qmgr[22985]: A39305E6D6: removed

Jan 13 08:20:20 halo postfix/bounce[23015]: A39305E6D6: sender non-delivery notification: 509105E6DA

And I get a email back user unknown - undelivered.

----------

## AllenJB

Turn on debugging. This should help you by showing the SQL queries that are going on.

What are the domain, mailboxes and aliases that you have set up?

----------

## vaguy02

I've been playing and tweaking a little bit on my own. This is the current error message, I'm going to wait for instructions because I think I'm making it worse, lol

 *Quote:*   

> 
> 
> Jan 13 12:40:47 halo postfix/smtpd[4092]: fatal: no SASL authentication mechanisms
> 
> Jan 13 12:40:47 halo postfix/pipe[4094]: warning: unexpected end-of-input from dovecot socket while reading input attribute name
> ...

 

I have the domain robshotz.com and I've created the mailbox postmaster@robshotz.com

/etc/postfix/main.cf

```

dovecot_destination_recipient_limit = 1

virtual_transport = dovecot

smtpd_sasl_auth_enable = yes

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/dovecot

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

data_directory = /var/lib/postfix

mail_owner = postfix

unknown_local_recipient_reject_code = 550

debug_peer_level = 2

debugger_command =

         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

         ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

setgid_group = postdrop

html_directory = /usr/share/doc/postfix-2.5.6/html

manpage_directory = /usr/share/man

sample_directory = /etc/postfix

readme_directory = /usr/share/doc/postfix-2.5.6/readme

home_mailbox = .maildir/

virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf

virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domain_maps.cf

virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf

smtpd_client_restrictions=

        permit_sasl_authenticated

smtpd_sender_restrictions=

        reject_non_fqdn_sender

        permit

smtpd_reject_unlisted_sender = yes

smtpd_recipient_restrictions=

        permit_mynetworks,

        reject_non_fqdn_recipient

        permit_sasl_authenticated

        reject_unauth_destination

```

/etc/postfix/master.cf

```

dovecot   unix  -       n       n       -       -       pipe

        flags=DRhu user=mail:mail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}

```

/etc/dovecot/dovecot.conf

```

# Protocols we want to be serving: imap imaps pop3 pop3s

# If you only want to use dovecot-auth, you can set this to "none".

protocols = imap imaps pop3 pop3s

# A space separated list of IP or host addresses where to listen in for

# connections. "*" listens in all IPv4 interfaces. "[::]" listens in all IPv6

# interfaces. Use "*, [::]" for listening both IPv4 and IPv6.

#

# If you want to specify ports for each service, you will need to configure

# these settings inside the protocol imap/pop3 { ... } section, so you can

# specify different ports for IMAP/POP3. For example:

#   protocol imap {

#     listen = *:10143

#     ssl_listen = *:10943

#     ..

#   }

#   protocol pop3 {

#     listen = *:10100

#     ..

#   }

listen = *, [::]

# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before

# dropping root privileges, so keep the key file unreadable by anyone but

# root. Included doc/mkcert.sh can be used to easily generate self-signed

# certificate, just make sure to update the domains in dovecot-openssl.cnf

ssl_cert_file = /etc/ssl/dovecot/server.pem

ssl_key_file = /etc/ssl/dovecot/server.key

mail_location = maildir:/var/mail/%d/%n/Maildir/:INDEX=/var/mail/%d/%n/indexes

mail_uid = 8

mail_gid = 12

# Valid UID range for users, defaults to 500 and above. This is mostly

# to make sure that users can't log in as daemons or other system users.

# Note that denying root logins is hardcoded to dovecot binary and can't

# be done even if first_valid_uid is set to 0.

first_valid_uid = 8

last_valid_uid = 12

# Valid GID range for users, defaults to non-root/wheel. Users having

# non-valid GID as primary group ID aren't allowed to log in. If user

# belongs to supplementary groups with non-valid GIDs, those groups are

# not set.

first_valid_gid = 8

last_valid_gid = 12

protocol imap {

  # Support for dynamically loadable plugins. mail_plugins is a space separated

  # list of plugins to load.

  mail_plugins = quota imap_quota

  #mail_plugin_dir = /usr/lib/dovecot/imap

  # Send IMAP capabilities in greeting message. This makes it unnecessary for

  # clients to request it with CAPABILITY command, so it saves one round-trip.

  # Many clients however don't understand it and ask the CAPABILITY anyway.

  #login_greeting_capability = no

}

##

## POP3 specific settings

##

protocol pop3 {

  # Support for dynamically loadable plugins. mail_plugins is a space separated

  # list of plugins to load.

  mail_plugins = quota

  #mail_plugin_dir = /usr/lib/dovecot/pop3

}

##

## LDA specific settings

##

protocol lda {

  # Address to use when sending rejection mails.

  postmaster_address = postmaster@robshotz.com

  mail_plugins = quota

  #mail_plugin_dir = /usr/lib/dovecot/lda

}

auth default {

  mechanisms = plain login

  passdb pam {

    args = dovecot

  }

  # System users (NSS, /etc/passwd, or similiar)

  # In many systems nowadays this uses Name Service Switch, which is

  # configured in /etc/nsswitch.conf. <doc/wiki/AuthDatabase.Passwd.txt>

  passdb passwd {

    # [blocking=yes] - See userdb passwd for explanation

    #args =

  }

  # Shadow passwords for system users (NSS, /etc/shadow or similiar).

  # Deprecated by PAM nowadays.

  # <doc/wiki/PasswordDatabase.Shadow.txt>

  #passdb shadow {

    # [blocking=yes] - See userdb passwd for explanation

    #args =

  #}

  # PAM-like authentication for OpenBSD.

  # <doc/wiki/PasswordDatabase.BSDAuth.txt>

  #passdb bsdauth {

    # [cache_key=<key>] - See cache_key in PAM for explanation.

    #args =

  # passwd-like file with specified location

  # <doc/wiki/AuthDatabase.PasswdFile.txt>

  #passdb passwd-file {

    # [scheme=<default password scheme>] [username_format=<format>]

    # <Path for passwd-file>

    #args =

  #}

  # checkpassword executable authentication

  # NOTE: You will probably want to use "userdb prefetch" with this.

  # <doc/wiki/PasswordDatabase.CheckPassword.txt>

  #passdb checkpassword {

    # Path for checkpassword binary

    #args =

  #}

  # SQL database <doc/wiki/AuthDatabase.SQL.txt>

  passdb sql {

    # Path for SQL configuration file, see doc/dovecot-sql-example.conf

    args = /etc/dovecot/dovecot-sql.conf

  }

  # LDAP database <doc/wiki/AuthDatabase.LDAP.txt>

  #passdb ldap {

    # Path for LDAP configuration file, see doc/dovecot-ldap-example.conf

    #args =

  #}

  # vpopmail authentication <doc/wiki/AuthDatabase.VPopMail.txt>

  #passdb vpopmail {

    # [cache_key=<key>] - See cache_key in PAM for explanation.

    # [quota_template=<template>] - %q expands to Maildir++ quota

    #   (eg. quota_template=quota_rule=*:backend=%q)

    #args =

  #}

  #

  # User database specifies where mails are located and what user/group IDs

  # own them. For single-UID configuration use "static".

  #

  # <doc/wiki/UserDatabase.txt>

  #

  # System users (NSS, /etc/passwd, or similiar). In many systems nowadays this

  # uses Name Service Switch, which is configured in /etc/nsswitch.conf.

  # <doc/wiki/AuthDatabase.Passwd.txt>

  userdb passwd {

    # [blocking=yes] - By default the lookups are done in the main dovecot-auth

    # process. This setting causes the lookups to be done in auth worker

    # proceses. Useful with remote NSS lookups that may block.

    # NOTE: Be sure to use this setting with nss_ldap or users might get

    # logged in as each others!

    #args =

  }

  # passwd-like file with specified location

  # <doc/wiki/AuthDatabase.PasswdFile.txt>

  #userdb passwd-file {

    # [username_format=<format>] <Path for passwd-file>

    #args =

  #}

  # static settings generated from template <doc/wiki/UserDatabase.Static.txt>

  #userdb static {

    # Template for the fields. Can return anything a userdb could normally

    # return. For example:

    #

    #  args = uid=500 gid=500 home=/var/mail/%u

    #

    # If you use deliver, it needs to look up users only from the userdb. This

    # of course doesn't work with static because there is no list of users.

    # Normally static userdb handles this by doing a passdb lookup. This works

    # with most passdbs, with PAM being the most notable exception. If you do

    # the user verification another way, you can add allow_all_users=yes to

    # the args in which case the passdb lookup is skipped.

    #

    #args =

  #}

  # SQL database <doc/wiki/AuthDatabase.SQL.txt>

  #userdb sql {

    # Path for SQL configuration file, see doc/dovecot-sql-example.conf

    #args = /etc/dovecot-sql.conf

  #}

  # LDAP database <doc/wiki/AuthDatabase.LDAP.txt>

  #userdb ldap {

    # Path for LDAP configuration file, see doc/dovecot-ldap-example.conf

    #args =

  #}

  # vpopmail <doc/wiki/AuthDatabase.VPopMail.txt>

  #userdb vpopmail {

  #}

  # "prefetch" user database means that the passdb already provided the

  # needed information and there's no need to do a separate userdb lookup.

  # This can be made to work with SQL and LDAP databases, see their example

  # configuration files for more information how to do it.

  # <doc/wiki/UserDatabase.Prefetch.txt>

  userdb prefetch {

  }

  # User to use for the process. This user needs access to only user and

  # password databases, nothing else. Only shadow and pam authentication

  # requires roots, so use something else if possible. Note that passwd

  # authentication with BSDs internally accesses shadow files, which also

  # requires roots. Note that this user is NOT used to access mails.

  # That user is specified by userdb above.

  user = nobody

  # Directory where to chroot the process. Most authentication backends don't

 # work if this is set, and there's no point chrooting if auth_user is root.

  # Note that valid_chroot_dirs isn't needed to use this setting.

  #chroot =

  # Number of authentication processes to create

  #count = 1

  # Require a valid SSL client certificate or the authentication fails.

  #ssl_require_client_cert = no

  # Take the username from client's SSL certificate, using

  # X509_NAME_get_text_by_NID() which returns the subject's DN's

  # CommonName.

  #ssl_username_from_cert = no

  # It's possible to export the authentication interface to other programs:

  socket listen {

    master {

      # Master socket provides access to userdb information. It's typically

      # used to give Dovecot's local delivery agent access to userdb so it

      # can find mailbox locations.

      path = /var/run/dovecot/auth-master

      mode = 0600

      # Default user/group is the one who started dovecot-auth (root)

      user = mail

      group = mail

    }

    client {

      # The client socket is generally safe to export to everyone. Typical use

      # is to export it to your SMTP server so it can do SMTP AUTH lookups

      # using it.

      path = /var/spool/postfix/private/auth

      mode = 0660

    }

  }

}

# If you wish to use another authentication server than dovecot-auth, you can

# use connect sockets. They are assumed to be already running, Dovecot's master

# process only tries to connect to them. They don't need any other settings

# than the path for the master socket, as the configuration is done elsewhere.

# Note that the client sockets must exist in the login_dir.

#auth external {

#  socket connect {

#    master {

#      path = /var/run/dovecot/auth-master

#    }

#  }

#}

##

## Dictionary server settings

##

# Dictionary can be used by some plugins to store key=value lists.

# Currently this is only used by dict quota backend. The dictionary can be

# used either directly or though a dictionary server. The following dict block

# maps dictionary names to URIs when the server is used. These can then be

# referenced using URIs in format "proxy::<name>".

dict {

  #quota = mysql:/etc/dovecot-dict-quota.conf

}

# Path to Berkeley DB's configuration file. See doc/dovecot-db-example.conf

#dict_db_config =

##

## Plugin settings

##

plugin {

  # Here you can give some extra environment variables to mail processes.

  # This is mostly meant for passing parameters to plugins. %variable

  # expansion is done for all values.

  # Quota plugin. Multiple backends are supported:

  #   dirsize: Find and sum all the files found from mail directory.

  #            Extremely SLOW with Maildir. It'll eat your CPU and disk I/O.

  #   dict: Keep quota stored in dictionary (eg. SQL)

  #   maildir: Maildir++ quota

  #   fs: Read-only support for filesystem quota

  #

  # Quota limits are set using "quota_rule" parameters, either in here or in

  # userdb. It's also possible to give mailbox-specific limits, for example:

  #   quota_rule = *:storage=1048576

  #   quota_rule2 = Trash:storage=102400

  # User has now 1GB quota, but when saving to Trash mailbox the user gets

  # additional 100MB.

  #

  # Multiple quota roots are also possible, for example:

  #   quota = dict:user::proxy::quota

  #   quota2 = dict:domain:%d:proxy::quota_domain

  #   quota_rule = *:storage=102400

  #   quota2_rule = *:storage=1048576

  # Gives each user their own 100MB quota and one shared 1GB quota within

  # the domain.

  #

  # You can execute a given command when user exceeds a specified quota limit.

  # Each quota root has separate limits. Only the command for the first

  # exceeded limit is excecuted, so put the highest limit first.

  # Note that % needs to be escaped as %%, otherwise "% " expands to empty.

  #   quota_warning = storage=95%% /usr/local/bin/quota-warning.sh 95

  #   quota_warning2 = storage=80%% /usr/local/bin/quota-warning.sh 80

  #quota = maildir

  # ACL plugin. vfile backend reads ACLs from "dovecot-acl" file from maildir

  # directory. You can also optionally give a global ACL directory path where

  # ACLs are applied to all users' mailboxes. The global ACL directory contains

  # one file for each mailbox, eg. INBOX or sub.mailbox. cache_secs parameter

  # specifies how many seconds to wait between stat()ing dovecot-acl file

  # to see if it changed.

  #acl = vfile:/etc/dovecot-acls:cache_secs=300

  # Convert plugin. If set, specifies the source storage path which is

  # converted to destination storage (mail_location) when the user logs in.

  # The existing mail directory is renamed to <dir>-converted.

  #convert_mail = mbox:%h/mail

  # Skip mailboxes which we can't open successfully instead of aborting.

  #convert_skip_broken_mailboxes = no

  # Skip directories beginning with '.'

  #convert_skip_dotdirs = no

  # If source storage has mailbox names with destination storage's hierarchy

  # separators, replace them with this character.

  #convert_alt_hierarchy_char = _

  # Trash plugin. When saving a message would make user go over quota, this

  # plugin automatically deletes the oldest mails from configured mailboxes

  # until the message can be saved within quota limits. The configuration file

  # is a text file where each line is in format: <priority> <mailbox name>

  # Mails are first deleted in lowest -> highest priority number order

  #trash = /etc/dovecot-trash.conf

  # Expire plugin. Mails are expunged from mailboxes after being there the

  # configurable time. The first expiration date for each mailbox is stored in

  # a dictionary so it can be quickly determined which mailboxes contain

  # expired mails. The actual expunging is done in a nightly cronjob, which

  # you must set up:

  #   dovecot --exec-mail ext /usr/libexec/dovecot/expire-tool

  #expire = Trash 7 Spam 30

  #expire_dict = db:/var/lib/dovecot/expire.db

  # Lazy expunge plugin. Currently works only with maildirs. When a user

  # expunges mails, the mails are moved to a mailbox in another namespace

  # (1st). When a mailbox is deleted, the mailbox is moved to another namespace

  # (2nd) as well. Also if the deleted mailbox had any expunged messages,

  # they're moved to a 3rd namespace. The mails won't be counted in quota,

  # and they're not deleted automatically (use a cronjob or something).

  #lazy_expunge = .EXPUNGED/ .DELETED/ .DELETED/.EXPUNGED/

  # Events to log. Default is all.

  #mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename

  # Available fields: uid, box, msgid, size, vsize

  # size and vsize are available only for expunge and copy events.

  #mail_log_fields = uid box msgid size

}

```

[/quote]

Thanks

----------

## vaguy02

Ignore my last post. So I fixed those errors back to the way it was, I can now login again. 

No errors on startup.

The error messages for messages is:

 *Quote:*   

> 
> 
> Jan 13 14:22:46 halo postfix/smtpd[5148]: fatal: no SASL authentication mechanisms
> 
> Jan 13 14:22:46 halo postfix/pipe[5150]: warning: unexpected end-of-input from dovecot socket while reading input attribute name
> ...

 

----------

## vaguy02

Finally got it working correctly.

The guide is missing saslauthd start.

Also, the guide is missing the config for sasl2

/etc/sasl2/smtpd.conf

 *Quote:*   

> 
> 
> # $Header: /var/cvsroot/gentoo-x86/mail-mta/postfix/files/smtp.sasl,v 1.2 2004/07/18 03:26:56 dragonheart Exp $
> 
> pwcheck_method:saslauthd
> ...

 

Anyways, working now. Thanks everyone.

----------

## AllenJB

Weird. I've never had to specifically ask saslauthd to start up. According to rc-status it hasn't been started up as a dependency either.

----------

## vaguy02

I had to start (add to runtime), my rc-status has saslauthd started, it's the only way I could make it work. Not sure why that is.....

----------

