View previous topic :: View next topic |
Author |
Message |
paulfl n00b
Joined: 27 Sep 2003 Posts: 22 Location: London
|
Posted: Wed Nov 05, 2003 9:29 pm Post subject: Problem creating hash file for postfix |
|
|
I'm at step 3.2 and can't get this to work
Code: | root@server # /usr/sbin/postmap hash:/etc/postfix/saslpass |
I get this error
Code: | newaliases: fatal: file /etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix inet_interfaces = "my FQDN", localhost mydestination = "my FQDN", localhost."my domain"
|
Any ideas?
thanks |
|
Back to top |
|
|
beowulf Apprentice
Joined: 07 Apr 2003 Posts: 225
|
Posted: Thu Nov 06, 2003 2:01 am Post subject: |
|
|
Proteus:
You are correct about the hostname command I used... That's a relic from a prior version of this guide (IE: Prior version of baselayout.... I'll edit it after posting this...).
Okay... just a quick check through... as this problem is baffling to me as well...
Code: |
#ls -l /etc/sasl2/sasldb2
-rw------- 1 postfix mail 12288 DATE /etc/sasl2/sasldb2
# sasldblistusers2
proteus@helios.liquid.net: userPassword
|
Also, this may be of some consequence.... I always have this set and never thought that it may affect the mail setup? hehe anyways.... check this (with your IP of course).
Code: |
# cat /etc/hosts | grep helios.liquid.net
192.168.0.1 helios.liquid.net helios
|
This problem has me stumped... sorry I can't be of more assistance.... I don't understand where the problem could be....
paulfl:
Hmm... sounds like a conf file error..... does your output match mine?
Code: |
root@server # /usr/sbin/postfix check
root@server # cat /etc/postfix/main.cf | grep mail_owner
# The mail_owner parameter specifies the owner of the Postfix queue
mail_owner = postfix
root@server # cat /etc/passwd | grep postfix
postfix:x:207:207:postfix:/var/spool/postfix:/bin/false
|
Also I assume that in that output you posted you substituted your FQDN with the string "my FQDN".....
I think the missing user error can be resolved by checking those files.... but it wouldn't be the first time I've been wrong..... Anyways.... let me know how it goes _________________ I have nothing witty to say here... ever |
|
Back to top |
|
|
paulfl n00b
Joined: 27 Sep 2003 Posts: 22 Location: London
|
Posted: Thu Nov 06, 2003 7:25 am Post subject: |
|
|
Thanks for the reply.
Instead of:
Code: | #ls -l /etc/sasl2/sasldb2
-rw------- 1 postfix mail 12288 DATE /etc/sasl2/sasldb2
# sasldblistusers2
proteus@helios.liquid.net: userPassword |
I get
Code: |
# ls -l /etc/sasl2/sasldb2
-rw-r----- 1 root mail 12288 Nov 1 00:23 /etc/sasl2/sasldb2
|
I've fixed this using chown and chmod.
But running
Simply returns the root prompt.
I now get a similar error message but the user name postifx appears
Code: | postfix: fatal: file /etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix ... |
|
|
Back to top |
|
|
paulfl n00b
Joined: 27 Sep 2003 Posts: 22 Location: London
|
Posted: Thu Nov 06, 2003 7:32 am Post subject: |
|
|
Sorry, forgot to add...
My output matches yours
Code: |
root@server # cat /etc/postfix/main.cf | grep mail_owner
# The mail_owner parameter specifies the owner of the Postfix queue
mail_owner = postfix
root@server # cat /etc/passwd | grep postfix
postfix:x:207:207:postfix:/var/spool/postfix:/bin/false
|
But Code: | root@server # /usr/sbin/postfix check |
is still giving the postfix: fatal file ... error |
|
Back to top |
|
|
beowulf Apprentice
Joined: 07 Apr 2003 Posts: 225
|
Posted: Mon Nov 10, 2003 12:55 am Post subject: |
|
|
Hey, well postfix check says you have an error in your conf..... so would you mind posting the output of this command here so I can look it over?
Code: | root@server # grep -v "^#" /etc/postfix/main.cf | sed '/./,/^$/!d' |
Thanks and sorry for taking so long getting back to you... _________________ I have nothing witty to say here... ever |
|
Back to top |
|
|
paulfl n00b
Joined: 27 Sep 2003 Posts: 22 Location: London
|
Posted: Mon Nov 10, 2003 7:27 am Post subject: |
|
|
main.cf:
Code: |
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
inet_interfaces = $myhostname, localhost
mydestination = $myhostname, localhost.$mydomain
unknown_local_recipient_reject_code = 450
mynetworks = 192.168.7.0/24, 127.0.0.0/8
relay_domains = $mydestination
alias_maps = hash:/etc/mail/aliases
alias_database = hash:/etc/mail/aliases
home_mailbox = .maildir/
mailbox_command = /usr/bin/procmail -a $DOMAIN
local_destination_concurrency_limit = 2
default_destination_concurrency_limit = 10
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
manpage_directory = /usr/share/man
sample_directory = /etc/postfix/sample
readme_directory = /usr/share/doc/postfix-2.0.11
|
|
|
Back to top |
|
|
beowulf Apprentice
Joined: 07 Apr 2003 Posts: 225
|
Posted: Mon Nov 10, 2003 8:42 pm Post subject: |
|
|
The reason postfix is choking on your conf file is that there is some whitespace before certain options... before the inet_interfaces option, there is one whitespace, the mydestination option has two whitespaces.
By removing those, running "postfix check" will be able to work and you'll be able to continue on with the guide.
Hope this helps _________________ I have nothing witty to say here... ever |
|
Back to top |
|
|
paulfl n00b
Joined: 27 Sep 2003 Posts: 22 Location: London
|
Posted: Tue Nov 11, 2003 7:26 am Post subject: |
|
|
You're right, it works!
I always thought white space was ignored, I've learnt a lesson.
thanks very much |
|
Back to top |
|
|
Bangz Tux's lil' helper
Joined: 23 Jan 2003 Posts: 148 Location: Brisbane/Austrralia
|
Posted: Sun Nov 16, 2003 11:33 am Post subject: |
|
|
May I ask a question.
I've followed one of the earlier versions of this guide (before spam filtering and db of accepted users)
Anyways, its all working perfectly fine for my LAN. On my windows boxes I can send mail to user@server and it's fine.
However, how can I allow the public internet to send mail to me?
I have my internal LAN sitting before a router/firewall which uses NAT and port forwarding. At the moment, my gentoo server already has ssh, ftp and httpd forwarded to it, and its working fine. However when I forward port 25 to the box, if I send myself an email, from say hotmail...it doesnt work. user@<myexternalip>
Anyone got an idea why? |
|
Back to top |
|
|
beowulf Apprentice
Joined: 07 Apr 2003 Posts: 225
|
Posted: Sun Nov 16, 2003 9:38 pm Post subject: |
|
|
To be able to use your SMTP server from outside your lan, you'll need a mx record pointing to your domain.... no-ip.com offers such a service.... there are quite a number of other services that offer mx records as well.... however the name eludes me at the moment... _________________ I have nothing witty to say here... ever |
|
Back to top |
|
|
Bangz Tux's lil' helper
Joined: 23 Jan 2003 Posts: 148 Location: Brisbane/Austrralia
|
Posted: Mon Nov 17, 2003 1:26 am Post subject: |
|
|
I have a no-ip account. I don't think it's a MX record though. |
|
Back to top |
|
|
Bangz Tux's lil' helper
Joined: 23 Jan 2003 Posts: 148 Location: Brisbane/Austrralia
|
Posted: Sun Nov 23, 2003 1:06 pm Post subject: |
|
|
I have a final question.
Anyone using Microsoft Outlook with this Email System? Everytime I check EMail on it, I get an "Internet Security Warning" from outlook for the SSL certificate.
How do I create a certificate from my gentoo box to install on my Machine so I don't get this warning? |
|
Back to top |
|
|
daff Apprentice
Joined: 02 Jul 2003 Posts: 232 Location: Vienna, Austria
|
Posted: Tue Nov 25, 2003 12:32 am Post subject: |
|
|
[EDIT]
Ok I am an idiot. I should NOT have uncommented the lines in /etc/pam.d/imap. Leaving them as they were would have been the way to go. I suck Now at least imapd without ssl works.
I'll leave the post here, maybe someone who has the same problem stumbles across it and can fix it this way.
imapd-ssl still gives the same error as mentioned below though
[/EDIT]
Ok, I've been at this for 2 days now, having found this guide just in time. Really, really, really, really great work! Thanks! This is supposed to save me a lot of trouble and time. Thanks!
I have a couple of problems though, nonetheless
I believe the postfix/sasl part will work, haven't tried it out yet, but configuartion seems to have been ok.
Courier-IMAP. Brrrrr! I am doing this on a nice FreeBSD 5.1 machine, but it should not matter. I know where the differences are and how to work around them (for example, it seems that /etc/pam.d/imap should not be touched at all, or at least only have the 4 lines already in there uncommented).
Running imapd-ssl and trying to authenticate against PAM (or whichever method, tried them all):
Squirrelmail times out and tells me the "imap server has dropped the connection". The log files state something like: imapd-ssl: couriertls: accept: error:140760FC:SSL routines: SSL23_GET_CLIENT_HELLO: unknown protocol
Running plain imapd without SSL and trying to authenticate against PAM:
Squirrelmail tells me that either user or password are incorrect (I am sure they are both correct ) and the log files say
imapd: Connection, ip=[::ffff:127.0.0.1]
imapd: LOGIN FAILED, ip=[blah]
imapd: DISCONNECTED, ip=[blah]
Now I have no idea why this could or should happen. I am very sure that I followed the guide in 4.3, 4.4 and 7 very thoroughly, although it is late and I might have screwed something up...don't think so though.
Can you help me finding what I am not doing right? Maybe it's something obvious but I don't see it. Help is greatly appreciated!
And thanks again for this really good guide!
I hope someone still reads this _________________ Instead of asking why a piece of software is using 1970s technology,
start asking why software is ignoring 30 years of accumulated wisdom. |
|
Back to top |
|
|
daff Apprentice
Joined: 02 Jul 2003 Posts: 232 Location: Vienna, Austria
|
Posted: Wed Nov 26, 2003 4:24 pm Post subject: |
|
|
well, the solution to my problem was to recompile mod_php4 with support for SSL, IMAP and IMAP-SSL. _________________ Instead of asking why a piece of software is using 1970s technology,
start asking why software is ignoring 30 years of accumulated wisdom. |
|
Back to top |
|
|
Advo n00b
Joined: 21 Oct 2002 Posts: 33
|
Posted: Wed Nov 26, 2003 8:09 pm Post subject: |
|
|
Thx to beowulf for the great guide. I finally could made the long planned change from sendmail/pop to postfix/imap.
I ran into some trouble integrating a virus scanner (AvMailgate]) into the system. AvMailgate can set up as content-filter through postfix. So I ended up with adjusting the smtpd_recipient_restrictions to Code: | smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,permit_auth_destination,reject |
Oh, and using Code: | /usr/bin/fetchmail -a -s -m "/usr/bin/procmail -d %T" >/dev/null 2>&1 | is a really bad idea because this way the mail is not handed over to port 25 (where postfix is listening) and hence the mail will not be scanned. Took me a week to figure this out .
But now everything works like a charm:)
~Advo |
|
Back to top |
|
|
beowulf Apprentice
Joined: 07 Apr 2003 Posts: 225
|
Posted: Thu Nov 27, 2003 1:56 am Post subject: |
|
|
Sorry for taking so long to get back...
Bangz: I believe you'll get that message all the time until you tell Outlook to ignore the fact that you generated the SSL cert yourself. I *think* outlook is just warning you that the cert was not signed by thawte or verisign.... If it's just you using it, it ain't worth the $150/year.... That said, I could be way off, and if you've read this whole thread, you'll notice it happens more time than I like...
daff: Hey, glad to hear it is all working for you.... I'll make a little note in the next version about using the USE flags or as in your case, recompiling mod_php with the proper configure line...
Advo: Yes, I didn't redirect to postfix since I wanted to use procmail, but since you're using that antivirus and filterer, I can see where the benefit of redirecting to port 25 would be. I'll add a little note about it... Does this mean that procmail is unneeded in your setup? Just curious, I have never touched an AV program on the serverside... Glad to hear you've taken this setup a step further than what I've written.... _________________ I have nothing witty to say here... ever |
|
Back to top |
|
|
Advo n00b
Joined: 21 Oct 2002 Posts: 33
|
Posted: Thu Nov 27, 2003 9:58 pm Post subject: |
|
|
beowulf: Yes, procmail is still needed. The av-scanner gives the mail back to port 25, and postfix invokes procmail via the mailbox_command as defined in its master.cf. This way sorting the mail through ~/.procmailrc still works:). |
|
Back to top |
|
|
fizz Guru
Joined: 31 Aug 2003 Posts: 309 Location: Florida
|
Posted: Tue Dec 02, 2003 2:34 pm Post subject: |
|
|
Would this be easy to use if my server was the primary mx record for my domain? What would i need to change because i like this setup verty much. Currently using sendmail, and well.. we all know its not fun _________________ Athlon 64 3200, MSI NEO NForce 3, 1Gig PC3700, EVGA Geforce 6800 GT |
|
Back to top |
|
|
beowulf Apprentice
Joined: 07 Apr 2003 Posts: 225
|
Posted: Sun Dec 07, 2003 3:36 am Post subject: |
|
|
hey fizz,
Yes, it should work just fine... this setup has worked for others when they have an mx record pointing to the server.... but I'm pretty sure this'll work fine....
however, you might not need SASL to send email. What I mean is I used sasl to authenticate to a remote SMTP server to sort of relay the email to a SMTP server that requires AUTH.
If you run your own MX record, I doubt that step would be needed....
Hope this helps and sorry for being so late getting back here.... _________________ I have nothing witty to say here... ever |
|
Back to top |
|
|
JHuizingh Tux's lil' helper
Joined: 05 Jul 2002 Posts: 100
|
Posted: Mon Dec 08, 2003 12:16 am Post subject: What happens if there's a : in the username |
|
|
I'm at the section of the guide where I edit /etc/postfix/saslpass to put my username and password in there. I have a possible problem though. My username for my isp's smtp server has a colon ( in it. Is this going to be a problem? |
|
Back to top |
|
|
miha Tux's lil' helper
Joined: 21 Nov 2003 Posts: 78
|
Posted: Mon Dec 08, 2003 3:15 am Post subject: |
|
|
----
Last edited by miha on Mon Dec 08, 2003 3:50 am; edited 1 time in total |
|
Back to top |
|
|
miha Tux's lil' helper
Joined: 21 Nov 2003 Posts: 78
|
Posted: Mon Dec 08, 2003 3:50 am Post subject: |
|
|
It seems to work fine but.... what's up with this?
Code: | * Error occurred while sending the message.
* Connecting to SMTP server: 192.168.0.3 ...
[22:54:26] SMTP< 220 zheka.miha ESMTP Postfix
[22:54:26] SMTP> HELO localhost
[22:54:26] SMTP< 250 zheka.miha
[22:54:26] SMTP> MAIL FROM: <mgl@sdf.lonestar.org>
[22:54:26] SMTP< 250 Ok
[22:54:26] SMTP> RCPT TO: <mgl@sdf.lonestar.org>
[22:54:27] SMTP< 554 <unknown[192.168.0.3]>: Client host rejected: Access denied
** error occurred on SMTP session
** Error occurred while sending the message. |
Code: | bash-2.05b$ fetchmail
3 messages for mgl at mail.freeshell.org. (2463 octets).
reading message mgl@mx.freeshell.org:1 of 3 (514 octets) fetchmail: retained
reading message mgl@mx.freeshell.org:2 of 3 (1120 octets) .fetchmail: SMTP error: 554 <localhost[127.0.0.1]>: Client host rejected: Access denied
fetchmail: can't even send to mgl!
flushed
reading message mgl@mx.freeshell.org:3 of 3 (829 octets) fetchmail: SMTP error: 554 <localhost[127.0.0.1]>: Client host rejected: Access denied
fetchmail: can't even send to mgl!
flushed
bash-2.05b$
|
|
|
Back to top |
|
|
beowulf Apprentice
Joined: 07 Apr 2003 Posts: 225
|
Posted: Mon Dec 08, 2003 8:22 pm Post subject: Re: What happens if there's a : in the username |
|
|
JHuizingh - I'm not sure... hehe unfortunately I didn't even think about it, or know a colon was a valid character in an email address.... I really don't know....
miha - Are the servers running on your workstation? More importantly what is your hostname.... Also, at what point in the guide did that output occur? Did you telnet into the smtp server to get that response? You didn't authenticate, so no email will be allowed to send... it was setup this way....
Is fetchmail redirecting to postfix and not to procmail? Any 5## error from an SMTP server is basically a message telling the server to stop what it was asked to do and report.... Postfix will not accept anything without first being authenticated to.... this is to keep you from becoming an open relay...
A little bit more information of what you did and at what point you received those errors are needed.... _________________ I have nothing witty to say here... ever |
|
Back to top |
|
|
miha Tux's lil' helper
Joined: 21 Nov 2003 Posts: 78
|
Posted: Mon Dec 08, 2003 9:43 pm Post subject: |
|
|
This happened at the very-very end, using Sylpheed(set-up as described in the guide).
Hostname is zheka.miha |
|
Back to top |
|
|
JHuizingh Tux's lil' helper
Joined: 05 Jul 2002 Posts: 100
|
Posted: Tue Dec 09, 2003 12:22 am Post subject: |
|
|
I don't know if a colon is valid in an email address. It's not part of my email address. It is a part of my login for my pop3 server though. I'll mess around with it more when I get some time. |
|
Back to top |
|
|
|