Welcome to WebmasterWorld Guest from 187.6.208.

34
Subscribe and Support
register, login, search, glossary, subscribe, help, library, WebmasterWorld
PubCon, announcements, recent posts, open posts,

Home / Forums Index / WebmasterWorld / New To Web Development

Forum Library : Charter : Moderators: brotherhood of lan & mack

New To Web Development Forum

These terms have been highlighted:

mail postfix/lmtp[20587] [ remove highlighting]

Issues with Postfix and SquirrelMail after server crash

webeno 6:59 am on Jun 2, 2010 (gmt 0)

I have been assigned to try and make a Postfix mailsystem work again. What
happened is that the server crashed (HDD damaged/replaced) the files were restored
#:4145464
from backup. Of course postfix doesn't work anymore.
I tried to follow the documentation the person who set this up initally also followed:
[howtoforge.com ] however with not much luck. Every time i had a problem or ecountered
an error message I looked up google and got to the next step, up until the point where
i can't get answers anymore from google.

When sending through mailx, it delivers the message, telnet localhost 25 is answering
ok too, can logon to mySQL fine, tables seem to be ok.

The problem now is that I cannot get into Squirrelmail (ERROR: Connection dropped
by IMAP server) with any of the active accounts and the only error message I get from
the mail.log is this:

May 30 23:08:37 srv1 imapd: Connection, ip=[::ffff:127.0.0.1]

Here are some extracts of important files, I replaced the real domain names by
mydomain.eu, myotherdomain.com, and mythird-domain.com, and the password by
Pa55word everywhere below:

/etc/postfix/main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete

version

# Debian specific: Specifying a file name will cause the first

# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)

biff = no

# appending .domain is the MUA's job.

append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings

#delay_warning_time = 4h

readme_directory = /usr/share/doc/postfix

# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for

# information on enabling SSL in the smtp client.

myhostname = srv1.mydomain.eu
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = srv1.mydomain.eu, myotherdomain.com, mythird-domain.com,
localhost, localhost.localdomain
#mydestination = srv1.mydomain.eu, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
message_size_limit = 30720000
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-
virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-
virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_create_maildirsize = yes
virtual_maildir_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-
virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over
quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps
$virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains
$relay_recipient_maps $relay_domains $canonical_maps
$sender_canonical_maps $recipient_canonical_maps $relocated_maps
$transport_maps $mynetworks $virtual_mailbox_limit_maps
# Neu eingefuegt:
#relay_domains = $mydestination

my /etc/postfix/master.cf

#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
#
==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
#
==========================================================================
smtp inet n - - - - smtpd -v
#submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt

#hier geändert wegen Nichtannahme von Mails:

-o smtpd_sasl_auth_enable=yes

# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX
loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix-nn-2pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}

amavis unix - - - - 2 smtp

-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd

-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1

/etc/postfix/sasl/smtpd.conf

pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: mail_admin
sql_passwd: Pa55word
sql_database: mail
sql_select: select password from users where email = '%u'

my /etc/courier/authmysqlrc

MYSQL_SERVER localhost
MYSQL_USERNAME mail_admin
MYSQL_PASSWORD Pa55word
MYSQL_PORT 0
MYSQL_DATABASE mail
MYSQL_USER_TABLE users
MYSQL_CRYPT_PWFIELD password
#MYSQL_CLEAR_PWFIELD password
MYSQL_UID_FIELD 5000
MYSQL_GID_FIELD 5000
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD "/home/vmail"
MYSQL_MAILDIR_FIELD
CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
#MYSQL_NAME_FIELD
MYSQL_QUOTA_FIELD quota

/etc/mysql/my.cnf

#
# The MySQL database server configuration file.
#
# You can copy this to one of:
# - "/etc/mysql/my.cnf" to set global options,
# - "~/.my.cnf" to set user-specific options.
#
# One can use all long options that the program supports.
# Run program with --help to get a list of available options and with
# --print-defaults to see which it would actually understand and use.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html

# This will be passed to all mysql clients

# It has been reported that passwords should be enclosed with ticks/quotes
# escpecially if they contain "#" chars...
# Remember to edit /etc/mysql/debian.cnf when changing the socket
location.
[client]
port= 3306
socket= /var/run/mysqld/mysqld.sock

# Here is entries for some specific programs

# The following values assume you have at least 32M ram

# This was formally known as [safe_mysqld]. Both versions are currently

parsed.
[mysqld_safe]
socket= /var/run/mysqld/mysqld.sock
nice= 0

[mysqld]
#
# * Basic Settings
#
user= mysql
pid-file= /var/run/mysqld/mysqld.pid
socket= /var/run/mysqld/mysqld.sock
port= 3306
basedir= /usr
datadir= /var/lib/mysql
tmpdir= /tmp
language= /usr/share/mysql/english
skip-external-locking
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address= 127.0.0.1
#
# * Fine Tuning
#
key_buffer= 16M
max_allowed_packet= 16M
thread_stack= 128K
thread_cache_size= 8
# This replaces the startup script and checks MyISAM tables if needed
# the first time they are touched
myisam-recover= BACKUP
#max_connections = 100
#table_cache = 64
#thread_concurrency = 10
#
# * Query Cache Configuration
#
query_cache_limit = 1M
query_cache_size = 16M
#
# * Logging and Replication
#
# Both location gets rotated by the cronjob.
# Be aware that this log type is a performance killer.
log= /var/log/mysql/mysql.log
#
# Error logging goes to syslog. This is a Debian improvement :)
#
# Here you can see queries with especially long duration
#log_slow_queries= /var/log/mysql/mysql-slow.log
#long_query_time = 2
#log-queries-not-using-indexes
#
# The following can be used as easy to replay backup logs or for
replication.
# note: if you are setting up a replication slave, see README.Debian about
# other settings you may need to change.
#server-id= 1
#log_bin= /var/log/mysql/mysql-bin.log
expire_logs_days= 10
max_binlog_size = 100M
#binlog_do_db= include_database_name
#binlog_ignore_db= include_database_name
#
# * BerkeleyDB
#
# Using BerkeleyDB is now discouraged as its support will cease in 5.1.12.
skip-bdb
#
# * InnoDB
#
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
# Read the manual for more InnoDB related options. There are many!
# You might want to disable InnoDB to shrink the mysqld process by circa
100MB.
#skip-innodb
#
# * Security Features
#
# Read the manual, too, if you want chroot!
# chroot = /var/lib/mysql/
#
# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
#
# ssl-ca=/etc/mysql/cacert.pem
# ssl-cert=/etc/mysql/server-cert.pem
# ssl-key=/etc/mysql/server-key.pem

[mysqldump]
quick
quote-names
max_allowed_packet= 16M

[mysql]
#no-auto-rehash# faster start of mysql but no tab completition

[isamchk]
key_buffer= 16M

#
# * NDB Cluster
#
# See /usr/share/doc/mysql-server-*/README.Debian for more information.
#
# The following configuration is read by the NDB Data Nodes (ndbd
 processes)
# not from the NDB Management Nodes (ndb_mgmd processes).
#
# [MYSQL_CLUSTER]
# ndb-connectstring=127.0.0.1

#
# * IMPORTANT: Additional settings that can override those from this file!
# The files must end with '.cnf', otherwise they'll be ignored.
#
!includedir /etc/mysql/conf.d/

netstat -tap

srv1:~# netstat -tap

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost:10025 *:* LISTEN 18871/master
tcp 0 0 localhost:3305 *:* LISTEN 6393/mysqld
tcp 0 0 localhost:mysql *:* LISTEN 8616/mysqld
tcp 0 0 localhost:746 *:* LISTEN 2266/famd
tcp 0 0 *:sunrpc *:* LISTEN 1708/portmap
tcp 0 0 *:ssh *:* LISTEN 1961/sshd
tcp 0 0 *:49078 *:* LISTEN 1719/rpc.statd
tcp 0 0 *:smtp *:* LISTEN 18871/master
tcp 0 52 srv1.mydomain.eu:ssh 92-249-162-132.poo:2165 ESTABLISHED 20587/1
tcp 0 0 srv1.mydomain.eu:ssh 92-249-162-132.poo:1888 ESTABLISHED
20566/sshd: root@no
tcp 0 0 srv1.mydomain.eu:ssh 92-249-162-132.poo:1901 ESTABLISHED
20570/sshd: root@no
tcp6 0 0 [::]:imaps [::]:* LISTEN 8123/couriertcpd
tcp6 0 0 [::]:pop3s [::]:* LISTEN 8154/couriertcpd
tcp6 0 0 [::]:8009 [::]:* LISTEN 2323/jsvc
tcp6 0 0 [::]:pop3 [::]:* LISTEN 8136/couriertcpd
tcp6 0 0 [::]:imap2 [::]:* LISTEN 8101/couriertcpd
tcp6 0 0 [::]:www [::]:* LISTEN 4921/apache2
tcp6 0 0 [::]:8180 [::]:* LISTEN 2323/jsvc
tcp6 0 0 [::]:ssh [::]:* LISTEN 1961/sshd
tcp6 0 0 [::]:telnet [::]:* LISTEN 2265/xinetd

Hope this helps!

Thanks a lot in advance!

lammert 10:03 am on Jun 3, 2010 (gmt 0)

Hi webeno,

#:4146175 In your configuration, Courier is listening to the IMAP port 143 for requests of
Squirrelmail or other IMAP clients. If that connection gets dropped, there may be an
authentication problem in Courier. Reading your configuration files it seems that all the
user and password information for the Courier accounts is stored in a MySQL database.
The first thing you should therefore check is if that user table has been uploaded
correctly in MySQL.

Another thing not directly related with your question but nevertheless important is that
you may want to check the services which are currently accessible from the outside
world. Almost all services in your netstat list can be accessed from the whole Internet.
Some services like for example telnet, imap2 and pop3 should either have only local
access, or should be switched off completely because you have already running
encrypted versions of them as ssh, imaps and pop3s. Running encrypted versions of
 these services has no security value if at the same time unencrypted access is also
allowed.

webeno 6:49 pm on Jun 4, 2010 (gmt 0)

@lammert: thank you very much for your answer, i really appreciate it, however to be
very honest, as I'm a beginner (this is group for people like me, so i thought) I would
#:4147072 need a little bit more detailed description as to what exact commands to use in terminal
(putty), what exactly to check in the database... etc. Unfortunately just saying check
this or check that will not help me too much, especially as i don't even know what would
be a 'good' or 'bad' result. :)

on the other hand, let me provide you with some more information which might help
you identifying the underlying cause of this issue:

following has been removed from master.cf as amavis is not (and should not be)
installed:

amavis unix - - - - 2 smtp

-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd

-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1

important information provided by the client just now:

- IMAP gives no errors.
- the folder /home/vmail has to have owner "vmail". once he change that, i received a
new error message from quirrelmail:

Error opening ../config/default_pref

Could not create initial preference file!
/var/lib/squirrelmail/data/ should be writable by user www-data
Please contact your system administrator and report this error.

i then went to the folder /var/lib/squirrelmail/data/ and tried to change its permission,
but the only way that didn't turn back the same error message was 777 - well, I didn't
try all versions to be honest, so what do you think, what should it be set to? also, what
account should be the owner of this folder? currently it's set to vmail

once i logged in i could see the email list (well, actually it was empty) in the middle but
on the left hand side it gave following error:

ERROR:
ERROR: Could not complete request.
Query: CREATE "INBOX.Sent"
Reason Given: Cannot create this folder.

I tried to give the .Sent (hidden) folder in /home/vmail 777 permission but that didn't
help (it was on 700) still owned by vmail

i tested sending and it worked, then i replied but that bounced back with error
 The error that the other server returned was: 550 550 5.1.1
<malcolm.spiteri@xxlwinners.com>: Recipient address rejected: User unknown
in virtual mailbox table (state 14).

also, the documentation says that when i create a new mailbox and send an e-mail to
it with mailx, it will create a mailbox in vmail. well, i tested that and it did not work,
can you help there? If i remember well i had to create the folder myself. now, after i
tried to login there, i can see that it created a hidden .Sent folder but nothing else and
also it displays the folder not found error in the middle (i guess it's looking for the
non-existing Inbox folder) like the for the above, working account for the sent folder.

Global open active posts

top home search
Options: messages 0

Home / Forums Index / WebmasterWorld / New To Web Development

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
WebmasterWorld ® and PubCon ® are a Registered Trademarks of WebmasterWorld Inc.
© WebmasterWorld Inc. 1996-2011 all rights reserved