Email System For The Home Network - Version 2.1

[paulfl]

I'm at step 3.2 and can't get this to work

Code: Select all

root@server # /usr/sbin/postmap hash:/etc/postfix/saslpass

I get this error

Code: Select all

newaliases: fatal: file /etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix inet_interfaces = "my FQDN", localhost  mydestination = "my FQDN", localhost."my domain"

Any ideas?
thanks

[beowulf]

Proteus:
You are correct about the hostname command I used... That's a relic from a prior version of this guide (IE: Prior version of baselayout.... I'll edit it after posting this...).

Okay... just a quick check through... as this problem is baffling to me as well...

Code: Select all

#ls -l /etc/sasl2/sasldb2
-rw-------    1 postfix  mail        12288 DATE /etc/sasl2/sasldb2

# sasldblistusers2
proteus@helios.liquid.net: userPassword

Also, this may be of some consequence.... I always have this set and never thought that it may affect the mail setup? hehe anyways.... check this (with your IP of course).

Code: Select all

# cat /etc/hosts | grep helios.liquid.net
192.168.0.1    helios.liquid.net   helios

This problem has me stumped... sorry I can't be of more assistance.... I don't understand where the problem could be....

paulfl:

Hmm... sounds like a conf file error..... does your output match mine?

Code: Select all

root@server # /usr/sbin/postfix check
root@server # cat /etc/postfix/main.cf | grep mail_owner
# The mail_owner parameter specifies the owner of the Postfix queue
mail_owner = postfix
root@server # cat /etc/passwd | grep postfix
postfix:x:207:207:postfix:/var/spool/postfix:/bin/false

Also I assume that in that output you posted you substituted your FQDN with the string "my FQDN".....

I think the missing user error can be resolved by checking those files.... but it wouldn't be the first time I've been wrong..... Anyways.... let me know how it goes

[paulfl]

Thanks for the reply.
Instead of:

Code: Select all

#ls -l /etc/sasl2/sasldb2 

-rw-------    1 postfix  mail        12288 DATE /etc/sasl2/sasldb2 

# sasldblistusers2 
proteus@helios.liquid.net: userPassword

I get

Code: Select all

#  ls -l /etc/sasl2/sasldb2
-rw-r-----    1 root     mail        12288 Nov  1 00:23 /etc/sasl2/sasldb2

I've fixed this using chown and chmod.
But running

Code: Select all

# sasldblistusers2 

Simply returns the root prompt.

I now get a similar error message but the user name postifx appears

Code: Select all

postfix: fatal: file /etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix ...

[paulfl]

Sorry, forgot to add...

My output matches yours

Code: Select all

root@server # cat /etc/postfix/main.cf | grep mail_owner 
# The mail_owner parameter specifies the owner of the Postfix queue 
mail_owner = postfix 
root@server # cat /etc/passwd | grep postfix 
postfix:x:207:207:postfix:/var/spool/postfix:/bin/false

But

Code: Select all

root@server # /usr/sbin/postfix check

is still giving the postfix: fatal file ... error

[beowulf]

Hey, well postfix check says you have an error in your conf..... so would you mind posting the output of this command here so I can look it over?

Code: Select all

root@server # grep -v "^#" /etc/postfix/main.cf | sed '/./,/^$/!d'

Thanks and sorry for taking so long getting back to you...

[paulfl]

main.cf:

Code: Select all

queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

mail_owner = postfix

 inet_interfaces = $myhostname, localhost

  mydestination = $myhostname, localhost.$mydomain

unknown_local_recipient_reject_code = 450

 mynetworks = 192.168.7.0/24, 127.0.0.0/8

 relay_domains = $mydestination

alias_maps = hash:/etc/mail/aliases

alias_database = hash:/etc/mail/aliases

home_mailbox = .maildir/

mailbox_command = /usr/bin/procmail -a $DOMAIN

local_destination_concurrency_limit = 2

default_destination_concurrency_limit = 10

debug_peer_level = 2

debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

setgid_group = postdrop

manpage_directory = /usr/share/man

sample_directory = /etc/postfix/sample

readme_directory = /usr/share/doc/postfix-2.0.11

[beowulf]

The reason postfix is choking on your conf file is that there is some whitespace before certain options... before the inet_interfaces option, there is one whitespace, the mydestination option has two whitespaces.

By removing those, running "postfix check" will be able to work and you'll be able to continue on with the guide.

Hope this helps

[paulfl]

You're right, it works!
I always thought white space was ignored, I've learnt a lesson.
thanks very much

[Bangz]

May I ask a question.

I've followed one of the earlier versions of this guide (before spam filtering and db of accepted users)

Anyways, its all working perfectly fine for my LAN. On my windows boxes I can send mail to user@server and it's fine.

However, how can I allow the public internet to send mail to me?

I have my internal LAN sitting before a router/firewall which uses NAT and port forwarding. At the moment, my gentoo server already has ssh, ftp and httpd forwarded to it, and its working fine. However when I forward port 25 to the box, if I send myself an email, from say hotmail...it doesnt work. user@<myexternalip>

Anyone got an idea why?

[beowulf]

To be able to use your SMTP server from outside your lan, you'll need a mx record pointing to your domain.... no-ip.com offers such a service.... there are quite a number of other services that offer mx records as well.... however the name eludes me at the moment...

[Bangz]

I have a no-ip account. I don't think it's a MX record though.

[Bangz]

I have a final question.

Anyone using Microsoft Outlook with this Email System? Everytime I check EMail on it, I get an "Internet Security Warning" from outlook for the SSL certificate.

How do I create a certificate from my gentoo box to install on my Machine so I don't get this warning?

[daff]

[EDIT]

Ok I am an idiot. I should NOT have uncommented the lines in /etc/pam.d/imap. Leaving them as they were would have been the way to go. I suck Now at least imapd without ssl works.

I'll leave the post here, maybe someone who has the same problem stumbles across it and can fix it this way.

imapd-ssl still gives the same error as mentioned below though

[/EDIT]

Ok, I've been at this for 2 days now, having found this guide just in time. Really, really, really, really great work! Thanks! This is supposed to save me a lot of trouble and time. Thanks!

I have a couple of problems though, nonetheless

I believe the postfix/sasl part will work, haven't tried it out yet, but configuartion seems to have been ok.

Courier-IMAP. Brrrrr! I am doing this on a nice FreeBSD 5.1 machine, but it should not matter. I know where the differences are and how to work around them (for example, it seems that /etc/pam.d/imap should not be touched at all, or at least only have the 4 lines already in there uncommented).

Running imapd-ssl and trying to authenticate against PAM (or whichever method, tried them all):
Squirrelmail times out and tells me the "imap server has dropped the connection". The log files state something like: imapd-ssl: couriertls: accept: error:140760FC:SSL routines: SSL23_GET_CLIENT_HELLO: unknown protocol

Running plain imapd without SSL and trying to authenticate against PAM:
Squirrelmail tells me that either user or password are incorrect (I am sure they are both correct ) and the log files say
imapd: Connection, ip=[::ffff:127.0.0.1]
imapd: LOGIN FAILED, ip=[blah]
imapd: DISCONNECTED, ip=[blah]

Now I have no idea why this could or should happen. I am very sure that I followed the guide in 4.3, 4.4 and 7 very thoroughly, although it is late and I might have screwed something up...don't think so though.

Can you help me finding what I am not doing right? Maybe it's something obvious but I don't see it. Help is greatly appreciated!

And thanks again for this really good guide!

I hope someone still reads this

[daff]

well, the solution to my problem was to recompile mod_php4 with support for SSL, IMAP and IMAP-SSL.

[Advo]

Thx to beowulf for the great guide. I finally could made the long planned change from sendmail/pop to postfix/imap.

I ran into some trouble integrating a virus scanner (AvMailgate]) into the system. AvMailgate can set up as content-filter through postfix. So I ended up with adjusting the smtpd_recipient_restrictions to

Code: Select all

smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,permit_auth_destination,reject

Oh, and using

Code: Select all

/usr/bin/fetchmail -a -s -m "/usr/bin/procmail -d %T" >/dev/null 2>&1

is a really bad idea because this way the mail is not handed over to port 25 (where postfix is listening) and hence the mail will not be scanned. Took me a week to figure this out .

But now everything works like a charm:)

~Advo

[beowulf]

Sorry for taking so long to get back...

Bangz: I believe you'll get that message all the time until you tell Outlook to ignore the fact that you generated the SSL cert yourself. I *think* outlook is just warning you that the cert was not signed by thawte or verisign.... If it's just you using it, it ain't worth the $150/year.... That said, I could be way off, and if you've read this whole thread, you'll notice it happens more time than I like...

daff: Hey, glad to hear it is all working for you.... I'll make a little note in the next version about using the USE flags or as in your case, recompiling mod_php with the proper configure line...

Advo: Yes, I didn't redirect to postfix since I wanted to use procmail, but since you're using that antivirus and filterer, I can see where the benefit of redirecting to port 25 would be. I'll add a little note about it... Does this mean that procmail is unneeded in your setup? Just curious, I have never touched an AV program on the serverside... Glad to hear you've taken this setup a step further than what I've written....

[Advo]

beowulf: Yes, procmail is still needed. The av-scanner gives the mail back to port 25, and postfix invokes procmail via the mailbox_command as defined in its master.cf. This way sorting the mail through ~/.procmailrc still works:).

[fizz]

Would this be easy to use if my server was the primary mx record for my domain? What would i need to change because i like this setup verty much. Currently using sendmail, and well.. we all know its not fun

[beowulf]

hey fizz,

Yes, it should work just fine... this setup has worked for others when they have an mx record pointing to the server.... but I'm pretty sure this'll work fine....

however, you might not need SASL to send email. What I mean is I used sasl to authenticate to a remote SMTP server to sort of relay the email to a SMTP server that requires AUTH.

If you run your own MX record, I doubt that step would be needed....

Hope this helps and sorry for being so late getting back here....

[JHuizingh]

I'm at the section of the guide where I edit /etc/postfix/saslpass to put my username and password in there. I have a possible problem though. My username for my isp's smtp server has a colon (:) in it. Is this going to be a problem?

[miha]

----

[miha]

It seems to work fine but.... what's up with this?

Code: Select all

* Error occurred while sending the message.
* Connecting to SMTP server: 192.168.0.3 ...
[22:54:26] SMTP< 220 zheka.miha ESMTP Postfix
[22:54:26] SMTP> HELO localhost
[22:54:26] SMTP< 250 zheka.miha
[22:54:26] SMTP> MAIL FROM: <mgl@sdf.lonestar.org>
[22:54:26] SMTP< 250 Ok
[22:54:26] SMTP> RCPT TO: <mgl@sdf.lonestar.org>
[22:54:27] SMTP< 554 <unknown[192.168.0.3]>: Client host rejected: Access denied
** error occurred on SMTP session
** Error occurred while sending the message.

Code: Select all

bash-2.05b$ fetchmail
3 messages for mgl at mail.freeshell.org. (2463 octets).
reading message mgl@mx.freeshell.org:1 of 3 (514 octets) fetchmail:  retained
reading message mgl@mx.freeshell.org:2 of 3 (1120 octets) .fetchmail: SMTP error: 554 <localhost[127.0.0.1]>: Client host rejected: Access denied
fetchmail: can't even send to mgl!
 flushed
reading message mgl@mx.freeshell.org:3 of 3 (829 octets) fetchmail: SMTP error: 554 <localhost[127.0.0.1]>: Client host rejected: Access denied
fetchmail: can't even send to mgl!
 flushed
bash-2.05b$ 

[beowulf]

JHuizingh - I'm not sure... hehe unfortunately I didn't even think about it, or know a colon was a valid character in an email address.... I really don't know....

miha - Are the servers running on your workstation? More importantly what is your hostname.... Also, at what point in the guide did that output occur? Did you telnet into the smtp server to get that response? You didn't authenticate, so no email will be allowed to send... it was setup this way....

Is fetchmail redirecting to postfix and not to procmail? Any 5## error from an SMTP server is basically a message telling the server to stop what it was asked to do and report.... Postfix will not accept anything without first being authenticated to.... this is to keep you from becoming an open relay...

A little bit more information of what you did and at what point you received those errors are needed....

[miha]

This happened at the very-very end, using Sylpheed(set-up as described in the guide).

Hostname is zheka.miha

[JHuizingh]

I don't know if a colon is valid in an email address. It's not part of my email address. It is a part of my login for my pop3 server though. I'll mess around with it more when I get some time.