| Issues with Postfix and SquirrelMail after server crash
|
webeno
msg:4145464 | 6:59 am on Jun 2, 2010 (gmt 0) |
I have been assigned to try and make a Postfix mailsystem work again. What happened is that the server crashed (HDD damaged/replaced) the files were restored from backup. Of course postfix doesn't work anymore.
I tried to follow the documentation the person who set this up initally also followed: [howtoforge.com ] however with not much luck. Every time i had a problem or ecountered an error message I looked up google and got to the next step, up until the point where i can't get answers anymore from google.
When sending through mailx, it delivers the message, telnet localhost 25 is answering ok too, can logon to mySQL fine, tables seem to be ok.
The problem now is that I cannot get into SquirrelMail (ERROR: Connection dropped by IMAP server) with any of the active accounts and the only error message I get from the mail.log is this:
May 30 23:08:37 srv1 imapd: Connection, ip=[::ffff:127.0.0.1]
Here are some extracts of important files, I replaced the real domain names by mydomain.eu, myotherdomain.com, and mythird-domain.com, and the password by Pa55word everywhere below:
/etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = /usr/share/doc/postfix
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_use_tls = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = srv1.mydomain.eu
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = srv1.mydomain.eu, myotherdomain.com, mythird-domain.com, localhost, localhost.localdomain
#mydestination = srv1.mydomain.eu, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
html_directory = /usr/share/doc/postfix/html
message_size_limit = 30720000
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_create_maildirsize = yes
virtual_maildir_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
# Neu eingefuegt:
#relay_domains = $mydestination
my /etc/postfix/master.cf
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd -v
#submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
#hier geƤndert wegen Nichtannahme von Mails:
-o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - - - - qmqpd
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix-nn-2pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1
/etc/postfix/sasl/smtpd.conf
pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: mysql
sql_hostnames: 127.0.0.1
sql_user: mail_admin
sql_passwd: Pa55word
sql_database: mail
sql_select: select password from users where email = '%u'
my /etc/courier/authmysqlrc
MYSQL_SERVER localhost
MYSQL_USERNAME mail_admin
MYSQL_PASSWORD Pa55word
MYSQL_PORT 0
MYSQL_DATABASE mail
MYSQL_USER_TABLE users
MYSQL_CRYPT_PWFIELD password
#MYSQL_CLEAR_PWFIELD password
MYSQL_UID_FIELD 5000
MYSQL_GID_FIELD 5000
MYSQL_LOGIN_FIELD email
MYSQL_HOME_FIELD "/home/vmail"
MYSQL_MAILDIR_FIELD CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/')
#MYSQL_NAME_FIELD
MYSQL_QUOTA_FIELD quota
/etc/mysql/my.cnf
#
# The MySQL database server configuration file.
#
# You can copy this to one of:
# - "/etc/mysql/my.cnf" to set global options,
# - "~/.my.cnf" to set user-specific options.
#
# One can use all long options that the program supports.
# Run program with --help to get a list of available options and with
# --print-defaults to see which it would actually understand and use.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
# This will be passed to all mysql clients
# It has been reported that passwords should be enclosed with ticks/quotes
# escpecially if they contain "#" chars...
# Remember to edit /etc/mysql/debian.cnf when changing the socket location.
[client]
port= 3306
socket= /var/run/mysqld/mysqld.sock
# Here is entries for some specific programs
# The following values assume you have at least 32M ram
# This was formally known as [safe_mysqld]. Both versions are currently parsed.
[mysqld_safe]
socket= /var/run/mysqld/mysqld.sock
nice= 0
[mysqld]
#
# * Basic Settings
#
user= mysql
pid-file= /var/run/mysqld/mysqld.pid
socket= /var/run/mysqld/mysqld.sock
port= 3306
basedir= /usr
datadir= /var/lib/mysql
tmpdir= /tmp
language= /usr/share/mysql/english
skip-external-locking
#
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address= 127.0.0.1
#
# * Fine Tuning
#
key_buffer= 16M
max_allowed_packet= 16M
thread_stack= 128K
thread_cache_size= 8
# This replaces the startup script and checks MyISAM tables if needed
# the first time they are touched
myisam-recover= BACKUP
#max_connections = 100
#table_cache = 64
#thread_concurrency = 10
#
# * Query Cache Configuration
#
query_cache_limit = 1M
query_cache_size = 16M
#
# * Logging and Replication
#
# Both location gets rotated by the cronjob.
# Be aware that this log type is a performance killer.
log= /var/log/mysql/mysql.log
#
# Error logging goes to syslog. This is a Debian improvement :)
#
# Here you can see queries with especially long duration
#log_slow_queries= /var/log/mysql/mysql-slow.log
#long_query_time = 2
#log-queries-not-using-indexes
#
# The following can be used as easy to replay backup logs or for replication.
# note: if you are setting up a replication slave, see README.Debian about
# other settings you may need to change.
#server-id= 1
#log_bin= /var/log/mysql/mysql-bin.log
expire_logs_days= 10
max_binlog_size = 100M
#binlog_do_db= include_database_name
#binlog_ignore_db= include_database_name
#
# * BerkeleyDB
#
# Using BerkeleyDB is now discouraged as its support will cease in 5.1.12.
skip-bdb
#
# * InnoDB
#
# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
# Read the manual for more InnoDB related options. There are many!
# You might want to disable InnoDB to shrink the mysqld process by circa 100MB.
#skip-innodb
#
# * Security Features
#
# Read the manual, too, if you want chroot!
# chroot = /var/lib/mysql/
#
# For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
#
# ssl-ca=/etc/mysql/cacert.pem
# ssl-cert=/etc/mysql/server-cert.pem
# ssl-key=/etc/mysql/server-key.pem
[mysqldump]
quick
quote-names
max_allowed_packet= 16M
[mysql]
#no-auto-rehash# faster start of mysql but no tab completition
[isamchk]
key_buffer= 16M
#
# * NDB Cluster
#
# See /usr/share/doc/mysql-server-*/README.Debian for more information.
#
# The following configuration is read by the NDB Data Nodes (ndbd processes)
# not from the NDB Management Nodes (ndb_mgmd processes).
#
# [MYSQL_CLUSTER]
# ndb-connectstring=127.0.0.1
#
# * IMPORTANT: Additional settings that can override those from this file!
# The files must end with '.cnf', otherwise they'll be ignored.
#
!includedir /etc/mysql/conf.d/
netstat -tap
srv1:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost:10025 *:* LISTEN 18871/master
tcp 0 0 localhost:3305 *:* LISTEN 6393/mysqld
tcp 0 0 localhost:mysql *:* LISTEN 8616/mysqld
tcp 0 0 localhost:746 *:* LISTEN 2266/famd
tcp 0 0 *:sunrpc *:* LISTEN 1708/portmap
tcp 0 0 *:ssh *:* LISTEN 1961/sshd
tcp 0 0 *:49078 *:* LISTEN 1719/rpc.statd
tcp 0 0 *:smtp *:* LISTEN 18871/master
tcp 0 52 srv1.mydomain.eu:ssh 92-249-162-132.poo:2165 ESTABLISHED 20587/1
tcp 0 0 srv1.mydomain.eu:ssh 92-249-162-132.poo:1888 ESTABLISHED 20566/sshd: root@no
tcp 0 0 srv1.mydomain.eu:ssh 92-249-162-132.poo:1901 ESTABLISHED 20570/sshd: root@no
tcp6 0 0 [::]:imaps [::]:* LISTEN 8123/couriertcpd
tcp6 0 0 [::]:pop3s [::]:* LISTEN 8154/couriertcpd
tcp6 0 0 [::]:8009 [::]:* LISTEN 2323/jsvc
tcp6 0 0 [::]:pop3 [::]:* LISTEN 8136/couriertcpd
tcp6 0 0 [::]:imap2 [::]:* LISTEN 8101/couriertcpd
tcp6 0 0 [::]:www [::]:* LISTEN 4921/apache2
tcp6 0 0 [::]:8180 [::]:* LISTEN 2323/jsvc
tcp6 0 0 [::]:ssh [::]:* LISTEN 1961/sshd
tcp6 0 0 [::]:telnet [::]:* LISTEN 2265/xinetd
Hope this helps!
Thanks a lot in advance!
|
lammert
msg:4146175 | 10:03 am on Jun 3, 2010 (gmt 0) |
Hi webeno,
In your configuration, Courier is listening to the IMAP port 143 for requests of Squirrelmail or other IMAP clients. If that connection gets dropped, there may be an authentication problem in Courier. Reading your configuration files it seems that all the user and password information for the Courier accounts is stored in a MySQL database. The first thing you should therefore check is if that user table has been uploaded correctly in MySQL.
Another thing not directly related with your question but nevertheless important is that you may want to check the services which are currently accessible from the outside world. Almost all services in your netstat list can be accessed from the whole Internet. Some services like for example telnet, imap2 and pop3 should either have only local access, or should be switched off completely because you have already running encrypted versions of them as ssh, imaps and pop3s. Running encrypted versions of these services has no security value if at the same time unencrypted access is also allowed.
|
webeno
msg:4147072 | 6:49 pm on Jun 4, 2010 (gmt 0) |
@lammert: thank you very much for your answer, i really appreciate it, however to be very honest, as I'm a beginner (this is group for people like me, so i thought) I would need a little bit more detailed description as to what exact commands to use in terminal (putty), what exactly to check in the database... etc. Unfortunately just saying check this or check that will not help me too much, especially as i don't even know what would be a 'good' or 'bad' result. :)
on the other hand, let me provide you with some more information which might help you identifying the underlying cause of this issue:
following has been removed from master.cf as amavis is not (and should not be) installed:
amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_bind_address=127.0.0.1
important information provided by the client just now:
- IMAP gives no errors.
- the folder /home/vmail has to have owner "vmail". once he change that, i received a new error message from quirrelmail:
Error opening ../config/default_pref
Could not create initial preference file!
/var/lib/squirrelmail/data/ should be writable by user www-data
Please contact your system administrator and report this error.
i then went to the folder /var/lib/squirrelmail/data/ and tried to change its permission, but the only way that didn't turn back the same error message was 777 - well, I didn't try all versions to be honest, so what do you think, what should it be set to? also, what account should be the owner of this folder? currently it's set to vmail
once i logged in i could see the email list (well, actually it was empty) in the middle but on the left hand side it gave following error:
ERROR:
ERROR: Could not complete request.
Query: CREATE "INBOX.Sent"
Reason Given: Cannot create this folder.
I tried to give the .Sent (hidden) folder in /home/vmail 777 permission but that didn't help (it was on 700) still owned by vmail
i tested sending and it worked, then i replied but that bounced back with error
The error that the other server returned was: 550 550 5.1.1 <malcolm.spiteri@xxlwinners.com>: Recipient address rejected: User unknown in virtual mailbox table (state 14).
also, the documentation says that when i create a new mailbox and send an e-mail to it with mailx, it will create a mailbox in vmail. well, i tested that and it did not work, can you help there? If i remember well i had to create the folder myself. now, after i tried to login there, i can see that it created a hidden .Sent folder but nothing else and also it displays the folder not found error in the middle (i guess it's looking for the non-existing Inbox folder) like the for the above, working account for the sent folder.
|
|
|
