View previous topic :: View next topic |
Author |
Message |
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
cach0rr0 Bodhisattva
Joined: 13 Nov 2008 Posts: 4123 Location: Houston, Republic of Texas
|
Posted: Wed Apr 20, 2011 9:43 pm Post subject: |
|
|
audiodef wrote: | I'm a little confused. |
this is what happens when I try to reply before I've had my daily dose of nicotine - I reply with confusing limericks! Awful habit (the nicotine, not the limericks), but cripes am I incoherent without it.
audiodef wrote: | I thought I did provide appropriate authentication by entering "webmaster@audiodef.com" and not just "webmaster". I listed my entry for my Thunderbird outgoing mail settings above. Is there something else I need to do? |
you were. are? were/are?
Just that there's two places to authenticate:
-send 'webmaster@audiodef.com' auth data to IMAP (or POP) for reading mail
-send 'webmaster@audiodef.com' auth data to Postfix, so that you can use the Postfix daemon to send mail to external domains
audiodef wrote: |
Everything works now. I just had to use smtp.audiodef.com instead of audiodef.com
|
hrm. strange. the test account setup i have on thunderbird, for both incoming and outgoing mail server, i specify simply 'audiodef.com', and as the username I use 'theunmentionedtestaccount@audiodef.com' - meaning, i dont use smtp.audiodef.com anywhere. As far as the username you send to Cyrus or Postfix for authentication, so long as that username exists in the 'aliases' table, it shouldn't matter.
audiodef wrote: |
I still want to know what's taking up so much space, especially when I do not store mail on the server.
|
If you want to not store mail on the server, you need to use POP rather than IMAP (that's actually a fairly easy change to make, if you want to go that route - just a quick change to cyrus.conf). The downside with POP of course being, the pitfalls I mentioned earlier - if you don't store mail on the server, if you read mail on one machine, you cant turn around later and try reading those same messages from another machine, or phone, or what have you, unless you specifically tick "leave a copy of messages on server". The main difference between this and courier, is that with the courier HOWTO you have a /home/vmail directory underneath which are 80 zillion subfolders, one for each email address, and inside each subfolder are your messages, one file per message. IMHO this is not only inefficient and slow, nevermind not being particularly scalable nor flexible, but it adds a requirement of an additional SQL lookup to determine which subdirectory to store the mail in under /home/vmail.
Nonetheless, tried the usual method of du / -h --max-depth=1 then walking up and up and up from there?
audiodef wrote: |
Oh, and I've taken Gosmackyerdaddy out of my MX records. This is awesome. Now watch me fuck it up
|
Should be safe enough to do at this stage. Give it a day or two of testing, but now that the screwy LMTP issues are sorted out, it should "just work" for a good long while. _________________ Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
Posted: Wed Apr 20, 2011 10:34 pm Post subject: |
|
|
I would think that even with imap enabled, if I use pop, it would get the messages off the server. So why would db.0005 or whatever it's called weigh 40M?
Hm... some hefty log files. I need to look up how to configure syslog-ng to limit log file sizes. Removing some files (I'm assuming they'll just be recreated anew, hence the need to look up config options for syslog-ng) drastically reduced disk usage. It's still high, though.
I need to ask Mark if my server options are correctly configured. / is 3.9G and df says I'm using 44% but I'm supposed to have a 16G disk size. That does not add up... _________________ decibel Linux: https://decibellinux.org
Github: https://github.com/Gentoo-Music-and-Audio-Technology
Facebook: https://www.facebook.com/decibellinux
Discord: https://discord.gg/73XV24dNPN |
|
Back to top |
|
|
cach0rr0 Bodhisattva
Joined: 13 Nov 2008 Posts: 4123 Location: Houston, Republic of Texas
|
Posted: Wed Apr 20, 2011 11:57 pm Post subject: |
|
|
audiodef wrote: |
I would think that even with imap enabled, if I use pop, it would get the messages off the server. So why would db.0005 or whatever it's called weigh 40M? |
If you use POP, the messages will indeed be removed from the server, unless you tell your mail client not to.
As far as the db files, I wouldn't wager yours will get much bigger than they already are. Mine's been in production for a couple years now, biggest file is 41MB.
audiodef wrote: |
Hm... some hefty log files. I need to look up how to configure syslog-ng to limit log file sizes. Removing some files (I'm assuming they'll just be recreated anew, hence the need to look up config options for syslog-ng) drastically reduced disk usage. It's still high, though.
|
emerge logrotate, then set it to rotate the logs daily (it will set up the cron job automatically, assuming youve already merged a cron daemon)
audiodef wrote: |
I need to ask Mark if my server options are correctly configured. / is 3.9G and df says I'm using 44% but I'm supposed to have a 16G disk size. That does not add up... |
Could be inode usage at 44%. Already cleaned out /usr/portage/distfiles and /var/tmp/portage?
I'd also get a bit of spam filtering set up sooner rather than later, for relatively old domains spam is going to make up the vast majority of your mail traffic.
The more spam you drop rather than quarantine, all the better; this is why I have multiple RBL's running. _________________ Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
Posted: Thu Apr 21, 2011 12:55 am Post subject: |
|
|
I just ran into a fresh problem:
Code: |
Apr 20 10:50:03 serverdef sshd[2890]: Server listening on 0.0.0.0 port 22.
Apr 20 10:50:03 serverdef sshd[2890]: Server listening on :: port 22.
Apr 20 10:50:09 serverdef sshd[3022]: SSH: Server;Ltype: Version;Remote: 71.191.169.85-36819;Protocol: 2.0;Client: OpenSSH_5.8p1-hpn13v10
Apr 20 10:50:09 serverdef saslauthd[3092]: detach_tty : master pid is: 3092
Apr 20 10:50:09 serverdef saslauthd[3092]: ipc_init : listening on socket: /var/lib/sasl2/mux
Apr 20 10:50:12 serverdef sshd[3022]: Accepted keyboard-interactive/pam for root from 71.191.169.85 port 36819 ssh2
Apr 20 10:50:12 serverdef sshd[3022]: pam_unix(sshd:session): session opened for user root by (uid=0)
Apr 20 10:51:02 serverdef pop3s[3494]: sql auxprop plugin using mysql engine
Apr 20 10:51:02 serverdef pop3s[3495]: sql auxprop plugin using mysql engine
Apr 20 10:51:02 serverdef pop3s[3496]: sql auxprop plugin using mysql engine
Apr 20 10:51:02 serverdef pop3s[3494]: sql plugin Parse the username webmaster
Apr 20 10:51:02 serverdef pop3s[3494]: sql plugin try and connect to a host
Apr 20 10:51:02 serverdef pop3s[3494]: sql plugin trying to open db 'maildb' on host 'localhost'
Apr 20 10:51:02 serverdef pop3s[3494]: sql plugin Parse the username webmaster
Apr 20 10:51:02 serverdef pop3s[3494]: sql plugin try and connect to a host
Apr 20 10:51:02 serverdef pop3s[3494]: sql plugin trying to open db 'maildb' on host 'localhost'
Apr 20 10:51:02 serverdef pop3s[3494]: begin transaction
Apr 20 10:51:02 serverdef pop3s[3494]: sql plugin create statement from userPassword webmaster serverdef
Apr 20 10:51:02 serverdef pop3s[3494]: sql plugin doing query SELECT plainpass FROM aliases WHERE email = 'webmaster@serverdef';
Apr 20 10:51:02 serverdef pop3s[3494]: sql plugin: no result found
Apr 20 10:51:02 serverdef pop3s[3494]: sql plugin create statement from cmusaslsecretPLAIN webmaster serverdef
Apr 20 10:51:02 serverdef pop3s[3494]: sql plugin doing query SELECT plainpass FROM aliases WHERE email = 'webmaster@serverdef';
Apr 20 10:51:02 serverdef pop3s[3494]: sql plugin: no result found
Apr 20 10:51:02 serverdef pop3s[3494]: commit transaction
Apr 20 10:51:02 serverdef pop3s[3494]: sql plugin Parse the username webmaster
Apr 20 10:51:02 serverdef pop3s[3494]: sql plugin try and connect to a host
Apr 20 10:51:02 serverdef pop3s[3494]: sql plugin trying to open db 'maildb' on host 'localhost'
Apr 20 10:51:02 serverdef pop3s[3495]: sql plugin Parse the username damien
|
This happened after I rebooted the server to see if that would clear up df incorrectly reporting disk usage - it worked, but now mail is bjorked somehow. I'm now getting auth failure for all of my mailboxes. I've changed nothing - merely rebooted the server.
It seems like it's going back to checking for "serverdef" instead of "audiodef.com"... but I haven't changed anything since it was finally working. _________________ decibel Linux: https://decibellinux.org
Github: https://github.com/Gentoo-Music-and-Audio-Technology
Facebook: https://www.facebook.com/decibellinux
Discord: https://discord.gg/73XV24dNPN |
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
cach0rr0 Bodhisattva
Joined: 13 Nov 2008 Posts: 4123 Location: Houston, Republic of Texas
|
Posted: Thu Apr 21, 2011 2:59 am Post subject: |
|
|
audiodef wrote: | Seems like I have to have /etc/conf.d/hostname set to "audiodef.com", not "serverdef". We are now back in action! |
Shouldn't matter. That's what I was getting at - you have to pay special attention to what you put in your 'username' settings inside e.g. thunderbird
If you just put, for example, 'cach0rr0', then it is going to try and append a default domain/realm.
If I put 'cach0rr0@audiodef.com', then it will NOT try to append a default domain/realm
Having said that, you can add this to imapd.conf:
Code: |
defaultdomain: audiodef.com
|
What this does - if a user merely provides 'cach0rr0' as their IMAP username, it will automatically append '@audiodef.com'
Postfix has a similar setting, for people who try to do authenticated mail relay but only provide 'username' instead of 'username@domain.com': http://www.postfix.org/postconf.5.html#smtpd_sasl_local_domain
I omitted this in the guide, largely because this is contrary to the idea of 'virtual hosting' with email. The idea is supposedly that you have more than one domain you host mail for, and as such the *user* needs to specify the domain, instead of your IMAP/SMTP systems just assuming which domain the user is wanting. If you're only going to host mail for 'audiodef.com' and subdomains (e.g. '*.audiodef.com'), you dont even need to do the 'virtual hosting' nonsense. In fact, you don't even need a database (though it does make some things easier). If you host multiple domains, you need some semblance of virtual domains, and you need the user to provide the domain name rather than having one as a default - for example, I have company A, company B, both have a user name 'chris'. In such a case, since they're two different people, mail for 'chris@companya.com' needs to go to a different mailbox from 'chris@companyb.com'. To that same end, those two different people will have different passwords for checking email - enter 'virtual hosting' (i hate this term, but i suppose it seems to fit)
Basically, if i only handle mail for one domain (in my example, whitehathouston.com), I can set a default domain inside both Postfix and Cyrus, and provide only the username 'meat' like so:
http://ompldr.org/vOGN1cQ/imapwhh.png
Because Postfix/Cyrus will append the @whitehathouston.com to that (as dictated by smtpd_sasl_local_domain in main.cf, and defaultdomain in imapd.conf)
Whereas if I handle multiple domains, where 'meat' at one domain is a different person/mailbox from 'meat' at another domain, has to be like so:
http://ompldr.org/vOGN1cw/imapvirtual.png
Hope that makes sense somewhat? _________________ Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
Back to top |
|
|
cach0rr0 Bodhisattva
Joined: 13 Nov 2008 Posts: 4123 Location: Houston, Republic of Texas
|
Posted: Thu Apr 21, 2011 3:03 am Post subject: |
|
|
audiodef wrote: | Just looking ahead here... I'll be hosting my gf's web site and her email on my setup. She has her own domain. Is there anything special I need to do in light of discovering that hostname needed to be set to audiodef.com to get her email working with her domain, which is not audiodef.com? |
ha! I posted my last reply before I saw this post.
Though, my last reply does explain it. I'm actually glad you're going to be doing another domain, so I didn't have you go through an unnecessary level of complexity this whole time _________________ Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
cach0rr0 Bodhisattva
Joined: 13 Nov 2008 Posts: 4123 Location: Houston, Republic of Texas
|
Posted: Thu Apr 21, 2011 7:47 pm Post subject: |
|
|
audiodef wrote: | Heh... you must be psychic!
OK, here's the problem. I've been specifying user@domain.com all along in Thunderbird, and yet, mail will not work until I've set hostname="audiodef.com".
|
Thunderbird has a neat habit of truncating things; revisit Server Settings, as well edit the settings under Outbound Servers. Even if you specify 'user@domain' on the initial setup as your email address, Thunderbird assumes you just use 'user' for auth, so it saves it as such.
You can do the same tests via telnet actually
Code: |
telnet localhost 143
01 login someuser@audiodef.com theirpassword
#this should log you in successfully
02 logout
|
I know the server portion is functional, because I can do the tests via both telnet and with a thunderbird instance here on that test account, and it lets me in
To that same end, check your logs and you'll see my logins. Obv my logins aren't successful because of anything I'm doing differently on the server, as I'm not *on* the server
audiodef wrote: |
Also, I don't have an imapd.conf anywhere. Should I? |
you should have an /etc/imapd.conf on the server yeah _________________ Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
cach0rr0 Bodhisattva
Joined: 13 Nov 2008 Posts: 4123 Location: Houston, Republic of Texas
|
Posted: Thu Apr 21, 2011 9:06 pm Post subject: |
|
|
I'd test with telnet just to be certain
But testing here via telnet all is well, testing here with thunderbird-bin 3.1.9 seems well
might PM me a screencap of your Server Settings (Edit=>Account Settings)
As well a screencap of 'Outgoing Server (SMTP)'
If that all looks kosher, toss my hands up, let's try another client. _________________ Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
Anarcho Advocate
Joined: 06 Jun 2004 Posts: 2970 Location: Germany
|
Posted: Fri Apr 22, 2011 2:57 pm Post subject: |
|
|
audiodef wrote: | I just noticed that I can't telnet audiodef.com 25. On the server, I can telnet localhost 25.
I also just noticed that pinging audiodef.com elicits a response from serverdef.audiodef.com regardless of what hostname is set to. I have both audiodef.com and serverdef associated with my IP address in /etc/hosts, but I don't think that's it, as there is no serverdef.audiodef.com in that file. |
The hostname comes from the reverse DNS lookup, see:
Code: | T410 ~ $ nslookup 209.177.157.239
Server: 192.168.2.1
Address: 192.168.2.1#53
Non-authoritative answer:
239.157.177.209.in-addr.arpa name = serverdef.audiodef.com. |
_________________ ...it's only Rock'n'Roll, but I like it! |
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
Posted: Fri Apr 22, 2011 3:27 pm Post subject: |
|
|
What's also interesting is that I just noticed I cannot log in to get mail if hostname != audiodef.com AND my IP address in /etc/hosts != serverdef.audiodef.com.
Actually, I have to leave hostname = audiodef.com for now because I need to stay on top of mail to make plans with friends for this weekend, but I would like to set aside a time for you (cach0rr0) to be able to try to login with hostname set to something other than audiodef.com so we can make sure this is working correctly. _________________ decibel Linux: https://decibellinux.org
Github: https://github.com/Gentoo-Music-and-Audio-Technology
Facebook: https://www.facebook.com/decibellinux
Discord: https://discord.gg/73XV24dNPN |
|
Back to top |
|
|
cach0rr0 Bodhisattva
Joined: 13 Nov 2008 Posts: 4123 Location: Houston, Republic of Texas
|
Posted: Fri Apr 22, 2011 7:10 pm Post subject: |
|
|
audiodef wrote: |
Actually, I have to leave hostname = audiodef.com for now because I need to stay on top of mail to make plans with friends for this weekend, but I would like to set aside a time for you (cach0rr0) to be able to try to login with hostname set to something other than audiodef.com so we can make sure this is working correctly. |
soon as you're ready to set it to something seemingly non-functional, give me a shout.
Cyrus will, flat-out, not change the login string you give it, unless you provide it a login string that does not contain a realm (rather, a 'domain', but in auth nomenclature called a realm).
If you give it a realm, it doesn't care what your hostname is set to,what you have in /etc/hosts, it will use the realm/domain you've provided. The hierarchy goes like so:
-if the user provides a domain name in the login string, no further lookups are done, it uses the user-provided domain name
(ex: user@domain => unmodified)
-if the user provides no domain name, it will append the domain name specified in 'defaultdomain' (setting in imapd.conf)
(ex: user => user + @ + $defaultdomain)
-if the user provides no domain name, and 'defaultdomain' is not set, it will append the server's hostname value
(ex: user => user + @ + `hostname`)
If your IMAP client is providing a domain on the login string, those external lookups will not be done at all, full stop.
Postfix has a similar hierarchy:
-if the user provides a domain name, the domain name will be used
ex:
Code: |
openssl s_client -connect audiodef.com:25 -starttls smtp
EHLO somehost.somedomain.tld
AUTH LOGIN
base64_encode(user@domain.com) => unmodified
base64_encode(password)
|
-if the user provides only a username, and no realm, if smtpd_sasl_local_domain is set in main.cf, it will append smtpd_sasl_local_domain
ex:
Code: |
openssl s_client -connect audiodef.com:25 -starttls smtp
EHLO somehost.somedomain.tld
AUTH LOGIN
base64_encode(user) => base64_encode(user + @ + $smtpd_sasl_local_domain)
base64_encode(password)
|
-if the user provides only a username, and smtpd_sasl_local_domain is not set in main.cf, it will append your system's hostname
ex:
Code: |
openssl s_client -connect audiodef.com:25 -starttls smtp
EHLO somehost.somedomain.tld
AUTH LOGIN
base64_encode(user) => base64_encode(user + @ + `hostname`)
base64_encode(password)
|
If you're doing "virtual hosting" type scenario, you don't ever want the lookups to external settings to be done (e.g. you dont want, it to lookup main.cf/imapd.conf settings, you dont want it to lookup `hostname`). And it won't, if your IMAP/SMTP client is providing a domain as part of the login string. _________________ Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
Posted: Fri Apr 22, 2011 7:35 pm Post subject: |
|
|
That's a really good explanation, thanks.
I'll try to remember to switch hostname before going to bed tonight - usually around 0300 GMT at the latest. I'll reset it Saturday around 1300-1400 GMT to check my mail.
Saturday I'm going to be out for a while starting at 2200 GMT. I'll not be needing mail until Sunday 1300 or 1400 GMT. I'll try to remember to have hostname set to something other than "audiodef.com" before I go out.
Hopefully, you can poke around somewhere in there.
*All times in GMT for ease of translating across time zones, daylight savings, wormholes, temporal anomalies, and (insert demographic category) time.* _________________ decibel Linux: https://decibellinux.org
Github: https://github.com/Gentoo-Music-and-Audio-Technology
Facebook: https://www.facebook.com/decibellinux
Discord: https://discord.gg/73XV24dNPN |
|
Back to top |
|
|
audiodef Watchman
Joined: 06 Jul 2005 Posts: 6639 Location: The soundosphere
|
|
Back to top |
|
|
cach0rr0 Bodhisattva
Joined: 13 Nov 2008 Posts: 4123 Location: Houston, Republic of Texas
|
Posted: Fri Apr 22, 2011 11:40 pm Post subject: |
|
|
ok, it's Fri Apr 22 18:38:43 CDT 2011 right now, just got back from epic steak dinner
tried a handful of logins:
-SMTP authentication is working fine
-IMAP authentication is not
can you ship me your logs (auth.log and mail.log ) and the contents of imapd.conf (with password and username for SQL nuked obv)? _________________ Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
Back to top |
|
|
cach0rr0 Bodhisattva
Joined: 13 Nov 2008 Posts: 4123 Location: Houston, Republic of Texas
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|