Email System For The Home Network - Version 2.1

[paulfl]

I'm at step 3.2 and can't get this to work

[beowulf]

Proteus:
You are correct about the hostname command I used... That's a relic from a prior version of this guide (IE: Prior version of baselayout.... I'll edit it after posting this...).

Okay... just a quick check through... as this problem is baffling to me as well...

[paulfl]

Thanks for the reply.
Instead of:

[paulfl]

Sorry, forgot to add...

My output matches yours

[beowulf]

Hey, well postfix check says you have an error in your conf..... so would you mind posting the output of this command here so I can look it over?

[paulfl]

main.cf:

[beowulf]

The reason postfix is choking on your conf file is that there is some whitespace before certain options... before the inet_interfaces option, there is one whitespace, the mydestination option has two whitespaces.

By removing those, running "postfix check" will be able to work and you'll be able to continue on with the guide.

Hope this helps
_________________
I have nothing witty to say here... ever

[paulfl]

You're right, it works!
I always thought white space was ignored, I've learnt a lesson.
thanks very much

[Bangz]

May I ask a question.

I've followed one of the earlier versions of this guide (before spam filtering and db of accepted users)

Anyways, its all working perfectly fine for my LAN. On my windows boxes I can send mail to user@server and it's fine.

However, how can I allow the public internet to send mail to me?

I have my internal LAN sitting before a router/firewall which uses NAT and port forwarding. At the moment, my gentoo server already has ssh, ftp and httpd forwarded to it, and its working fine. However when I forward port 25 to the box, if I send myself an email, from say hotmail...it doesnt work. user@<myexternalip>

Anyone got an idea why?

[beowulf]

To be able to use your SMTP server from outside your lan, you'll need a mx record pointing to your domain.... no-ip.com offers such a service.... there are quite a number of other services that offer mx records as well.... however the name eludes me at the moment...
_________________
I have nothing witty to say here... ever

[Bangz]

I have a no-ip account. I don't think it's a MX record though.

[Bangz]

I have a final question.

Anyone using Microsoft Outlook with this Email System? Everytime I check EMail on it, I get an "Internet Security Warning" from outlook for the SSL certificate.

How do I create a certificate from my gentoo box to install on my Machine so I don't get this warning?

[daff]

[EDIT]

Ok I am an idiot. I should NOT have uncommented the lines in /etc/pam.d/imap. Leaving them as they were would have been the way to go. I suck Now at least imapd without ssl works.

I'll leave the post here, maybe someone who has the same problem stumbles across it and can fix it this way.

imapd-ssl still gives the same error as mentioned below though

[/EDIT]

Ok, I've been at this for 2 days now, having found this guide just in time. Really, really, really, really great work! Thanks! This is supposed to save me a lot of trouble and time. Thanks!

I have a couple of problems though, nonetheless

I believe the postfix/sasl part will work, haven't tried it out yet, but configuartion seems to have been ok.

Courier-IMAP. Brrrrr! I am doing this on a nice FreeBSD 5.1 machine, but it should not matter. I know where the differences are and how to work around them (for example, it seems that /etc/pam.d/imap should not be touched at all, or at least only have the 4 lines already in there uncommented).

Running imapd-ssl and trying to authenticate against PAM (or whichever method, tried them all):
Squirrelmail times out and tells me the "imap server has dropped the connection". The log files state something like: imapd-ssl: couriertls: accept: error:140760FC:SSL routines: SSL23_GET_CLIENT_HELLO: unknown protocol

Running plain imapd without SSL and trying to authenticate against PAM:
Squirrelmail tells me that either user or password are incorrect (I am sure they are both correct ) and the log files say
imapd: Connection, ip=[::ffff:127.0.0.1]
imapd: LOGIN FAILED, ip=[blah]
imapd: DISCONNECTED, ip=[blah]

Now I have no idea why this could or should happen. I am very sure that I followed the guide in 4.3, 4.4 and 7 very thoroughly, although it is late and I might have screwed something up...don't think so though.

Can you help me finding what I am not doing right? Maybe it's something obvious but I don't see it. Help is greatly appreciated!

And thanks again for this really good guide!

I hope someone still reads this
_________________
Instead of asking why a piece of software is using 1970s technology,
start asking why software is ignoring 30 years of accumulated wisdom.

[daff]

well, the solution to my problem was to recompile mod_php4 with support for SSL, IMAP and IMAP-SSL.
_________________
Instead of asking why a piece of software is using 1970s technology,
start asking why software is ignoring 30 years of accumulated wisdom.

[Advo]

Thx to beowulf for the great guide. I finally could made the long planned change from sendmail/pop to postfix/imap.

I ran into some trouble integrating a virus scanner (AvMailgate]) into the system. AvMailgate can set up as content-filter through postfix. So I ended up with adjusting the smtpd_recipient_restrictions to

[beowulf]

Sorry for taking so long to get back...

Bangz: I believe you'll get that message all the time until you tell Outlook to ignore the fact that you generated the SSL cert yourself. I *think* outlook is just warning you that the cert was not signed by thawte or verisign.... If it's just you using it, it ain't worth the $150/year.... That said, I could be way off, and if you've read this whole thread, you'll notice it happens more time than I like...

daff: Hey, glad to hear it is all working for you.... I'll make a little note in the next version about using the USE flags or as in your case, recompiling mod_php with the proper configure line...

Advo: Yes, I didn't redirect to postfix since I wanted to use procmail, but since you're using that antivirus and filterer, I can see where the benefit of redirecting to port 25 would be. I'll add a little note about it... Does this mean that procmail is unneeded in your setup? Just curious, I have never touched an AV program on the serverside... Glad to hear you've taken this setup a step further than what I've written....
_________________
I have nothing witty to say here... ever

[Advo]

beowulf: Yes, procmail is still needed. The av-scanner gives the mail back to port 25, and postfix invokes procmail via the mailbox_command as defined in its master.cf. This way sorting the mail through ~/.procmailrc still works:).

[fizz]

Would this be easy to use if my server was the primary mx record for my domain? What would i need to change because i like this setup verty much. Currently using sendmail, and well.. we all know its not fun
_________________
Athlon 64 3200, MSI NEO NForce 3, 1Gig PC3700, EVGA Geforce 6800 GT

[beowulf]

hey fizz,

Yes, it should work just fine... this setup has worked for others when they have an mx record pointing to the server.... but I'm pretty sure this'll work fine....

however, you might not need SASL to send email. What I mean is I used sasl to authenticate to a remote SMTP server to sort of relay the email to a SMTP server that requires AUTH.

If you run your own MX record, I doubt that step would be needed....

Hope this helps and sorry for being so late getting back here....
_________________
I have nothing witty to say here... ever

[JHuizingh]

I'm at the section of the guide where I edit /etc/postfix/saslpass to put my username and password in there. I have a possible problem though. My username for my isp's smtp server has a colon ( in it. Is this going to be a problem?

[miha]

----

[miha]

It seems to work fine but.... what's up with this?

[beowulf]

JHuizingh - I'm not sure... hehe unfortunately I didn't even think about it, or know a colon was a valid character in an email address.... I really don't know....

miha - Are the servers running on your workstation? More importantly what is your hostname.... Also, at what point in the guide did that output occur? Did you telnet into the smtp server to get that response? You didn't authenticate, so no email will be allowed to send... it was setup this way....

Is fetchmail redirecting to postfix and not to procmail? Any 5## error from an SMTP server is basically a message telling the server to stop what it was asked to do and report.... Postfix will not accept anything without first being authenticated to.... this is to keep you from becoming an open relay...

A little bit more information of what you did and at what point you received those errors are needed....
_________________
I have nothing witty to say here... ever

[miha]

This happened at the very-very end, using Sylpheed(set-up as described in the guide).

Hostname is zheka.miha

[JHuizingh]

I don't know if a colon is valid in an email address. It's not part of my email address. It is a part of my login for my pop3 server though. I'll mess around with it more when I get some time.