I am a danish programmer living in Bangkok.
Read more about me @ rasmus.rummel.dk.
Webmodelling Home > Ubuntu Email Server - how to
Do good

Ubuntu Email Server

10 Feb 2012. This tutorial is a step-by-step how to make Ubuntu into a powerful email server using Postfix, Dovecot, MySQL and Squirrelmail.

To make it easy, I have made an email server installation script which allows you to choose one of the 3 following scenarios :

  • You want to install a standalone full-fledged email server - installation script option 1.
  • You want to enhance your LAMP stack with an email server - installation script option 2.
  • You want to understand how to install an email server - installation script option 3 will hold your hand while following this tutorial.

Too much talking already

Install basic mail components

An Email server is about letting a Mail User Agent (MUA) also called an email client, eg. Outlook Express
or Thunderbird, sending and receiving email messages. A minimal working email server consists of 2 components :

  • A Mail Transfer Agent (MTA) : we will use Postfix : basically responsible for letting a MUA send an email message.
  • A Mail Delivery Agent (MDA) : we will use Dovecot : basically responsible for letting a MUA receive an email message.

Basic mail components - install Postfix

(alternatively execute email server installation script step 3 -> 1)
  1. Logon to your server as root (or logon as your normal user and then switch user to root : shell> su root).
  2. shell> apt-get update : always start with updating package information.
  3. Install Postfix :
    1. shell> apt-get -y install postfix postfix-doc :
      • postfix : MTA mail server
      • postfix-doc : documentation for Postfix, not necessary but nice to have.
      • Installing the postfix package will prompt you for :
        1. general type : you should choose internet site.
        2. System mail name : you internet domain name used to qualify your emails, eg. if you want to receive rasmus@webmodelling.com, then the value should be webmodelling.com
  4. Configure Postfix : (postconf -e is a convenient way to set configuration properties in /etc/postfix/main.cf)
    1. shell> postconf -e 'myhostname = host.example.tld' : change host.example.tld to your own servers FQDN (Fully Qualified Domain Name), eg. web1.webmodelling.com or maybe just webmodelling.com.
    2. shell> postconf -e 'mydomain = example.tld' : standard is to use your servers internet domain without the hostname. If your FQDN is host.example.tld, then you should only have example.tld here.
    3. shell> postconf -e 'mydestination = $mydomain, localhost, localhost.localdomain' : list of domains that Postfix should deliver locally. If mydestination is set to webmodelling.com, then all email messages xxx@webmodelling.com will be delivered locally (and all other email messages will be forwarded to another MTA). Here the value is set to $mydomain and localhost etc.
    4. shell> postconf -e 'mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128' : list of trusted networks from which SMTP clients (MUAs & other MTAs) have more priviledges, typicall trusted SMTP clients are allowed to relay email messages while non-trusted are not.
    5. shell> postconf -e 'inet_interfaces = all' : what interfaces to receive email on, either specify comma seperated IP addresses or specify all.
    6. shell> postconf -e 'home_mailbox = Maildir/' : set mailbox format to Maildir (each email message in its own file).
    7. shell> postconf -e 'smtpd_sasl_auth_enable = no' : while documentation states this values is default set to no, actually it seems default to be yes and since we do not want to enable saslauth yet, we set it explicitly to no here.
    8. shell> /etc/init.d/postfix restart : restart Postfix to apply the changed configuration.

Basic mail components - install Dovecot

(alternatively execute email server installation script step 3 -> 2)
  1. Logon to your server as root (or logon as your normal user and then switch user to root : shell> su root).
  2. Install Dovecot :
    1. shell> apt-get -y install dovecot-common dovecot-imapd dovecot-pop3d dovecot-postfix
      • dovecot-common : MDA (Mail Delivery Agent). Is responsible for storing final received email messages (typically on harddrive). Also dovecot-pop3d and dovecot-imap depends on this package.
      • dovecot-imapd : Allows MUAs (Mail User Agents) to download email messages using the IMAP protocol.
      • dovecot-pop3d : Allows MUAs (Mail User Agents) to download email messages using the POP3 protocol.
      • dovecot-postfix : Mail stack delivery integration - I have not tested it, but I guess the package will try to setup Postfix to use Dovecot LDA as well as install Sieve.
  3. Configure Dovecot :
    Dovecot main configuration file /etc/dovecot/dovecot.conf now includes lots of separate configuration files under /etc/dovecot/conf.d/ for default configuration settings. The most important of these is /etc/dovecot/conf.d/01-mail-stack-delivery.conf.
    1. shell> dovecot -n | head -n 1 : displays path to Dovecot main config file - should be /etc/dovecot/dovecot.conf.
    2. shell> nano /etc/dovecot/dovecot.conf : load Dovecot main configuration file in the nano editor and be sure it contains the following lines (except those striked-through).
      • protocols = pop3 imap : not necessary to set, already set in conf.d/01-mail-stack-delivery.conf.
      • mail_location = maildir:~/Maildir/ : not necessary to set, already set in conf.d/01-mail-stack-delivery.conf.
      • pop3_client_workarounds = outlook-no-nuls oe-ns-eoh : not necessary to set, already set in conf.d/01-mail-stack-delivery.conf. Workarounds for email client bugs. Outlook & Outlook Express hangs if mail contains NUL characters. outlook-no-nuls replaces NULs with 0x80. Outlook Express and Netscape Mail breaks if end of headers-line is missing. oe-ns-eoh sends end of headers-line if it's missing.
      • !include conf.d/*.conf : load all configuration files.
      • pop3_uidl_format = %08Xu%08Xv : format of POP3 unique mail identifier.
      • log_timestamp = "%Y-%m-%d %H:%M:%S" : prefix for each line written to log file.
      • imap_client_workarounds = delay-newmail outlook-idle netscape-eoh : this is also set in conf.d/01-mail-stack-delivery.conf, however the value is not correct, so we overwrite it here. Workarounds for email client bugs.
      • namespace { : namespace is not strictly required as a default namespace will be created if you don't create it yourself.
      •     type = private : this namespace contains only the users own mailboxes. (there are also shared and public types).
      •     separator = . : char for separating child folders, eg. work.design or work.programming.
      •     prefix = INBOX.
      •     inbox = yes : this namespace contains the inbox (there are only one inbox).
      • }
    3. shell> /etc/init.d/dovecot stop && sleep 5 && /etc/init.d/dovecot start : restart the Dovecot server to enable the configuration changes (wait 5 seconds between stop and start qua the ansil child process bug).

Basic mail server - Test it works


  • Logon to your server as root (or logon as your normal user and then switch user to root : shell> su root).
  • Test that servers are on the right ports :
    1. shell> nmap localhost : shows all ports on which servers are listening using which protocol - you should have at least :
      • 25/tcp open smtp
      • 110/tcp open pop3
      • 143/tcp open imap
      • 993/tcp open imaps
      • 995/tcp open pop3s
  • Test that Postfix works : (manually sending an email through Postfix)
    1. shell> telnet localhost 25 : probe the server on port 25 (Postfix) to be sure Postfix is listening.
      1. Trying 127.0.0.1...
        Connected to localhost.
        Escape character is '^]'.
        220 Your.Domain.Name ESMTP Postfix (Ubuntu)
      2. helo localhost : (more info with ehlo localhost)
      3. 250 your.domain.name
      4. mail from: root@localhost
      5. 250 2.1.0 Ok
      6. rcpt to: rasmus@localhost : use a valid user different from root (the user need to have a password, otherwise the user cannot retrieve mail)
      7. 250 2.1.5 Ok
      8. data : begin the data section.
      9. 354 End data with <CR><LF>.<CR><LF>
      10. Subject: my first subject
      11. My first body
      12. . : a dot on a new line followed by Enter will end the data section.
      13. 250 2.0.0 Ok: queued as 31410102286
      14. quit :
      15. 221 2.0.0 Bye
        Connection closed by foreign host.
    2. shell> ls -l /home/rasmus/Maildir/new : list the email message to see that it have been locally delivered (be sure to change rasmus to your own user)
    3. shell> cat /home/rasmus/Maildir/new/* : you can also read the email message.
    4. shell> telnet your.server.domain 25 : should give the same result as telnet localhost 25 and confirms that you have indeed used the correct FQDN for Postfix myhostname above.
  • Test that Dovecot works : (retrieving the email using Dovecot pop3 just sent through Postfix above)
    1. shell> telnet localhost pop3
      1. Trying 127.0.0.1...
        Connected to localhost.
        Escape character is '^]'.
        +OK Dovecot ready.
      2. user rasmus : the user
      3. +OK
      4. pass PASSWORD : insert the password for the rasmus user.
      5. +OK Logged in.
      6. list
      7. +OK 1 messages:
        1 420
        .
      8. retr 1
      9. +OK 420 octets
        Return-Path: <root@localhost>
        X-Original-To: rasmus@localhost
        Delivered-To: rasmus@localhost
        Received: from localhost (localhost [127.0.0.1])
            by your.server.domain (Postfix) with SMTP id 31410102286
            for <rasmus@localhost>; Wed, 7 Dec 2011 19:58:25 +0700 (ICT)
        Subject: my first subject
        Message-Id: <20111207125833.31410102286@your.server.domain>
        Date: Wed, 7 Dec 2011 19:58:25 +0700 (ICT)
        From: root@localhost

        My first body
        .
      10. quit
    2. shell> ls -l /home/rasmus/Maildir/new : after retrieving the email using pop3, the email message have been removed from the new folder ...
    3. shell> ls -l /home/rasmus/Maildir/cur : ... to the cur folder.

If you passed the tests, you now have a basic email server that actually works.

Configure Postfix for virtual domains using MySQL

(alternatively execute email server installation script step 3 -> 3)

Most email servers need to be final MTA recipient for multiple virtual domains and many many email addresses. These 2 tasks are by far most easily handled using a MySQL database.

While we store virtual domains and virtual email addresses in a MySQL database, we still store the actual email messages on standard storage (harddrive). Also we will use one system account, vmail, in which home folder we will write a folder, email_box, for each email address.

If we did not use virtual domains and therefore virtual mailboxes, default is to store email messages in the system users home directory. However, since our users are virtual, we instead have a virtual_mailbox_base, we will use /home/vmail, and then subfolders for each virtual_mailbox_domain.

  1. shell> apt-get -y install mysql-client mysql-server postfix-mysql dovecot-mysql : if you already have MySQL installed, then just install the postfix-mysql & dovecot-mysql packages.
    • mysql-server : the actual mysql server that enables you to create databases.
    • mysql-client : this is the mysql CLI that allows you to access and manage mysql server and databases using the command line (a GUI alternative is phpMyAdmin).
    • postfix-mysql : adds MySQL maps support to Postfix. Makes it possible to configure Postfix to use MySQL to store user accounts and related data.
    • dovecot-mysql : adds MySQL driver support to Dovecot.
    • Installing the mysql-server package will prompt you for :
      1. root user password : create a password for MySQL root user (not Ubuntu root user).
      2. confirm root user password.
  2. Create the Postfix MySQL database :
    1. shell> mysql -u root -pRootPassword : use mysql-client to logon to MySQL. Be sure to change Password to the correct password (notice there is no space between -p and Password).
    2. mysql> CREATE DATABASE Postfix; :
    3. mysql> GRANT SELECT, INSERT, UPDATE, DELETE ON Postfix.* TO 'mail_admin'@'localhost' IDENTIFIED BY 'MailAdminPassword'; : You make up the MailAdminPassword yourself.
    4. mysql> GRANT SELECT, INSERT, UPDATE, DELETE ON Postfix.* TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'MailAdminPassword'; :
    5. mysql> USE Postfix; :
    6. mysql> CREATE TABLE domains (domain varchar(50) NOT NULL, PRIMARY KEY (domain) ); :
    7. mysql> CREATE TABLE forwardings (source varchar(80) NOT NULL, destination TEXT NOT NULL, PRIMARY KEY (source) ); :
    8. mysql> CREATE TABLE users (email varchar(80) NOT NULL, password varchar(20) NOT NULL, PRIMARY KEY (email) ); :
    9. mysql> CREATE TABLE transport (domain varchar(128) NOT NULL default '', transport varchar(128) NOT NULL default '', UNIQUE KEY domain (domain) ); :
    10. mysql> quit : Postfix database schema is finished.
    11. shell> sed -i -e "s/^[ \t#]*bind-address.*$/bind-address = 127.0.0.1/" /etc/mysql/my.cnf : uncomment the MySQL local bind-address to get MySQL to bind to localhost so that the Postfix mail_admin user can connect (if you need to use another IP, you will need 1) to create a mail_admin user on that IP instead of localhost and 2) change the host value of the mysql map files below).
    12. shell> service mysql restart : reload MySQL configuration file.
  3. Write Postfix/MySQL map files : 4 files that defines how Postfix maps domains, mailboxes, forwardings and accounts to tables in the above Postfix MySQL database :
    (A natural place to save the 4 files is in /etc/postfix. Also note that the files differ only with respect to the query line)
    1. shell> cd /etc/postfix : change location to the place there the 4 files should be created.
    2. shell> nano mysql-virtual_domains.cf : create a file called mysql-virtual_domains.cf
      • user = mail_admin
      • password = MailAdminPassword : be sure to substitute MailAdminPassword with the password you created for mail_admin@localhost above.
      • dbname = "postfix"
      • query = SELECT domain AS virtual FROM domains WHERE domain='%s'
      • hosts = 127.0.0.1
    3. shell> nano mysql-virtual_mailboxes.cf : create a file called mysql-virtual_mailboxes.cf
      • user = mail_admin
      • password = MailAdminPassword
      • dbname = "postfix"
      • query = SELECT CONCAT(SUBSTRING_INDEX(email, '@', -1), '/', SUBSTRING_INDEX(email, '@', 1), '/') FROM users WHERE email='%s'
      • hosts = 127.0.0.1
    4. shell> nano mysql-virtual_forwardings.cf : create a file called mysql-virtual_forwardings.cf
      • user = mail_admin
      • password = MailAdminPassword
      • dbname = "postfix"
      • query = SELECT destination FROM forwardings WHERE source='%s'
      • hosts = 127.0.0.1
    5. shell> nano mysql-virtual_email2email.cf : create a file called mysql-virtual_email2email.cf
      • user = mail_admin
      • password = MailAdminPassword
      • dbname = "postfix"
      • query = SELECT email FROM users WHERE email='%s'
      • hosts = 127.0.0.1
    6. shell> chmod o= /etc/postfix/mysql-virtual_*.cf : change access for the above 4 mapping files.
    7. shell> chgrp postfix /etc/postfix/mysql-virtual_*.cf change the group for the above 4 mapping files.
  4. Create the system group and user that virtual domain email message files belongs to :
    1. shell> groupadd -g 5000 vmail : create a group called vmail with GroupID=5000 (-g)
    2. shell> useradd -g vmail -u 5000 -s /sbin/nologin vmail -d /home/vmail -m : create a user called vmail with UserID=5000 (-u) belonging to the vmail group (-g) without a shell login (-s) and with home directory /home/vmail (-d). If /home/vmail does not exist, then make it (-m).
    3. shell> chmod 770 /home/vmail : give owner and group full access and others no access.
  5. Configure Postfix virtual domains : (using the above files to map domains list and email accounts list to MySQL) :
    1. shell> postconf -e 'virtual_alias_domains =' :
      A virtual alias domain is a domain on which email accounts are mapped to system users, eg. if example.tld is specified as a virtual alias domain then contact@example.tld could be mapped to a system user called rasmus thereby giving that system user access to having email accounts on multiple domains. However, I think this setting is deprecated especially it does not allow anyone to have an email address without also having a system account, a problem solved with virtual_mailbox_domains. NEVER list a virtual alias domain as a mydestination domain.
    2. shell> postconf -e 'virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf' :
      list of domain aliases and email address aliases. Eg. example.tld could be an alias for webmodelling.com, so rasmus@example.tld would actually be rewritten to rasmus@webmodelling.com.
    3. shell> postconf -e 'virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf' :
      Same as mydestination, that is : all the domains for which Postfix should deliver locally and in the /etc/vmail folder there will be created a subfolder for each of these domains to save email messages received, eg. an email message to rasmus@webmodelling.com will be saved in the webmodelling.com mailbox folder (it is the virtual delivery agent that delivers domains in virtual_mailbox_domains, while I think it is the local delivery agent that delivers domains in mydestination).
      if not using MySQL, we could write this instead : postconf -e 'virtual_mailbox_domains = webmodelling.com another.domain athird.domain' or we could create a file and then reference the file like : postconf -e 'virtual_mailbox_domains = /etc/postfix/virtual_mailboxes' (virtual_mailboxes would then have one domain per line) NEVER list a virtual mailbox domain as a mydestination domain.
    4. shell> postconf -e 'virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf' :
      Maps each and every virtual email address to a mailbox file, eg. rasmus@webmodelling.com must be mapped to the folder webmodelling.com/rasmus, the mapping should not contain the virtual_mailbox_base, only the mailbox folder and the user file/folder. If using Maildir format, the virtual_mailbox_maps file must append a forward slash to the pathname like : rasmus@webmodelling.com webmodelling.com/rasmus/.
    5. shell> postconf -e 'virtual_mailbox_base = /home/vmail' :
      Virtual_mailbox_base is just a folder there the mailboxes will be created. The virtual local delivery agent will prefix virtual_mailbox_base to all pathnames from virtual_mailbox_maps to keep mailboxes in the virtual_mailbox_base folder.
    6. shell> postconf -e 'virtual_uid_maps = static:5000' :
      Specifies the system user that Postfix uses then delivering virtual mailbox files (all files must belong to a system user, here vmail with UserID=5000).
    7. shell> postconf -e 'virtual_gid_maps = static:5000' :
      Specifies the system group that Postfix uses then delivering virtual mailbox files (all files must also belong to a system group, here vmail with GroupID=5000).
    8. shell> postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps' :
    9. Specify to use DovecotLDA for local delivery (instead of Postfix virtual delivery agent):
      1. shell> postconf -e virtual_transport=dovecot : :
      2. shell> postconf -e dovecot_destination_recipient_limit=1 : note that you have to write dovecot_destination_recipient_limit instead of the generic transport_destination_recipient_limit.
      3. shell> nano /etc/postfix/master.cf : open Postfix master.cf file and register Dovecot LDA service by adding the following line :
        • dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
    10. shell> postconf -# mydomain : out-comment mydomain, otherwise DovecotLDA will try to deliver mail to that domain to system accounts and not virtual accounts, eg. if mydomain is example.com and postfix sends an email to rasmus@example.com to DovecotLDA, then DovecotLDA will try to deliver the mail to a rasmus system account eg. /home/rasmus/Maildir/new resulting in an error if the rasmus system account does not exist.
    11. shell> postconf -e 'mydestination = localhost, localhost.localdomain' : to be sure we also better remove $mydomain from mydestination.
    12. shell> service postfix reload : reload Postfix configuration to make the changes active.
  6. Configure Dovecot virtual domains :
    1. shell> nano /etc/dovecot/dovecot.conf : open dovecot.conf in the nano editor and make it look like the following : (new properties in Fuchsia)
      • !include conf.d/*.conf
      • pop3_uidl_format = %08Xu%08Xv
      • log_timestamp = "%Y-%m-%d %H:%M:%S "
      • imap_client_workarounds = delay-newmail outlook-idle netscape-eoh
      • mail_location = maildir:/home/vmail/%d/%n/Maildir : overwrite the default mail_location value. %d is domain, %n is account.
        (email messages to rasmus@example.com will be stored in /home/vmail/example.com/rasmus/Maildir)
      • disable_plaintext_auth = no : otherwise I cannot get Gmail POP3 integration to work.
      • namespace {
      •     type = private : this namespace contains only the users own mailboxes. (there are also shared and public types).
      •     separator = . : char for separating child folders, eg. work.design or work.programming.
      •     prefix = INBOX.
      •     inbox = yes : this namespace contains the inbox (there are only one inbox).
      • }
      • protocol lda { : we need to overwrite the protocol lda setting in conf.d/01-mail-stack-delivery.conf
      •     auth_socket_path = /var/run/dovecot/auth-master : UNIX socket path to Dovecot LDA.
      •     postmaster_address = root@localhost : here it may be better to use your own email address
      •     mail_plugins = sieve
      •     log_path = /home/vmail/dovecot-deliver.log
      •     deliver_log_format = msgid=%m: %$
      •     rejection_reason = Your message to <%t> was automatically rejected:%n%r
      • }
      • auth default {
      •     user = root
      •     passdb sql {
      •         args = /etc/dovecot/dovecot-sql.conf
      •     }
      •     userdb static {
      •         args = uid=5000 gid=5000 home=/home/vmail/%d/%n allow_all_users=yes
      •     }
      •     socket listen {
      •         master { : master socket gives access to userdb information typically so the Dovecot LDA can find mailbox locations
      •             path = /var/run/dovecot/auth-master
      •             mode = 0600
      •             user = vmail
      •         }
      •     }
      • }
    2. shell> nano /etc/dovecot/dovecot-sql.conf : open/create dovecot-sql.conf in the nano editor and add the following :
      • driver = mysql
      • connect = host=127.0.0.1 dbname=Postfix user=mail_admin password=MailAdminPassword : the same MailAdminPassword as then you created the mail_admin user for the Postfix database above.
      • default_pass_scheme = PLAIN
      • password_query = SELECT email AS user, password FROM users WHERE email='%u';
    3. shell> chmod 600 /etc/dovecot/dovecot-sql.conf : be sure only root can access the file since it contains your MailAdminPassword.
    4. shell> /etc/init.d/dovecot stop && sleep 5 && /etc/init.d/dovecot start : restart the Dovecot server to enable the configuration changes (as usually wait 5 seconds between stop and start qua the ansil child process bug).

Virtual domains - Test it works


Your email server is now ready to handle huge amounts of domains and email addresses, however we better test some of it before we continue to enhance the email server with spam control and security.

  1. shell> mysql -u root -pPassword : logon to MySQL server.
  2. mysql> USE Postfix;
  3. mysql> INSERT INTO domains (domain) VALUES ('example.com');
  4. mysql> INSERT INTO users (email, password) VALUES ('rasmus@example.com', 'abc');
  5. mysql> quit
  6. shell> postmap -q example.com mysql:/etc/postfix/mysql-virtual_domains.cf : if that command outputs example.com, then Postfix virtual domains works using MySQL.
  7. shell> postmap -q rasmus@example.com mysql:/etc/postfix/mysql-virtual_email2email.cf : if that command outputs rasmus@example.com, then Postfix virtual users works using MySQL.
  8. shell> echo "127.0.0.1 example.com" >> /etc/hosts : resolve example.com to localhost.
  9. Test Postfix :
    1. shell> telnet localhost 25 : probe the server on port 25 (Postfix) to be sure Postfix is listening.
      1. Trying 127.0.0.1...
        Connected to localhost.
        Escape character is '^]'.
        : notice the escape character, ctrl+], should you get in any trouble here
        220 Your.Domain.Name ESMTP Postfix (Ubuntu)
      2. helo localhost : (more info with ehlo localhost)
      3. 250 your.domain.name
      4. mail from: root@localhost
      5. 250 2.1.0 Ok
      6. rcpt to: rasmus@example.com
      7. 250 2.1.5 Ok
      8. data : begin the data section.
      9. 354 End data with <CR><LF>.<CR><LF>
      10. Subject: My second subject
      11. My second body
      12. . : a dot on a new line followed by Enter will end the data section.
      13. 250 2.0.0 Ok: queued as B58B2102478
      14. quit :
      15. 221 2.0.0 Bye
        Connection closed by foreign host.
  10. Test Dovecot LDA : (registered in /etc/postfix/master.cf, since it is Postfix that decides what agent is responsible for local delivery)
    1. shell> ls -l /home/vmail/example.com/rasmus/Maildir/new : there should be one email message file, which confirms that Dovecot LDA is activated for local delivery, that it functions and that the path is correct (the path is defined using mail_location in /etc/dovecot/dovecot.conf).
  11. Test Dovecot : (here using imap instead of pop3 just for fun)
    1. shell> telnet localhost imap
      1. Trying 127.0.0.1...
        Connected to localhost.
        Escape character is '^]'.
        * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
      2. 1 login rasmus@example.com PASSWORD : every command need to start with a number
      3. 1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in : note that the answer starts with the same number as the command.
      4. 2 list "" "*" : ask for a list of all email folders belonging to rasmus@example.com.
      5. * LIST (\HasChildren) "." "INBOX"
        2 OK List completed.
      6. 3 select "INBOX" : select the INBOX folder. As you can see below, I have 15 emails of which 1 is new (the one I just sent above).
      7. * FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
        * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
        * 15 EXISTS
        * 1 RECENT
        * OK [UNSEEN 4] First unseen.
        * OK [UIDVALIDITY 1323581618] UIDs valid
        * OK [UIDNEXT 16] Predicted next UID
        * OK [HIGHESTMODSEQ 1] Highest
        3 OK [READ-WRITE] Select completed.
      8. 4 fetch 1 all : fetch the first email message.
      9. * 1 FETCH (FLAGS () INTERNALDATE "12-Dec-2011 12:22:00 +0700" RFC822.SIZE 394 ENVELOPE ("Mon, 12 Dec 2011 12:21:37 +0700 (ICT)" "My second subject" ((NIL NIL "root" "localhost")) ((NIL NIL "root" "localhost")) ((NIL NIL "root" "localhost")) NIL NIL NIL NIL "<20111212052145.B06DC101AB3@your.server.domain>"))
        4 OK Fetch completed.
      10. 5 fetch 1 body[] : the body needs to be fetched explicitly.
      11. * 1 FETCH (FLAGS (\Seen) BODY[] {394}
        Return-Path: <root@localhost>
        Delivered-To: rasmus@example.com
        Received: from localhost (localhost [127.0.0.1])
            by your.server.domain (Postfix) with SMTP id B06DC101AB3
            for <rasmus@example.com>; Mon, 12 Dec 2011 12:21:37 +0700 (ICT)
        Subject: My second subject
        Message-Id: <20111212052145.B06DC101AB3@mail3.example.tld>
        Date: Mon, 12 Dec 2011 12:21:37 +0700 (ICT)
        From: root@localhost

        My second body
        )
        5 OK Fetch completed.
      12. 6 logout
      13. * BYE Logging out
        6 OK Logout completed.
        Connection closed by foreign host.

If you passed the tests, you now have an email server that can handle email addresses on multiple domains. Also you are using MySQL to store the domains and addresses which makes creating new domains and email addresses a breeze and serves for easy integration with other programs, eg the PostfixAdmin program that among other things will give you a webbased tool to handle domains and email accounts through MySQL.

Configure SASL

(alternatively execute email server installation script step 3 -> 5)

Currently we rely on trusted networks (specified in /etc/postfix/main.cf mynetworks property) to decide whether Postfix will allow relaying an email message, however instead we want to configure Postfix to use account authentication to decide whether to allow relaying an email message rather than whether the IP of the email client is within our trusted networks.

SASL (Simple Authentication and Security Layer) is an authentication protocol and Postfix can use SASL to authenticate email clients (MUA's) then they connect to Postfix to forward (relay) an email message, that is then an email client ask to relay an email message using SMTP.

If we did NOT configure Postfix to use SASL for SMTP authentication, we would have to rely on trusted networks like this :

  • Any MUA sending an email from an IP belonging to the trusted networks are ALLOWED to send.
  • Any MUA sending an email from an IP NOT belonging to the trusted networks are REJECTED to send.
If we allowed everyone to send, then our mail server would be an open relay and fast blacklisted by other MTA's.

If we want to allow people on many different IPs to send email messages through our server, we have the following solutions :

  • Adding the IP to our trusted networks each and every time a new person want to send email : that is just too heavy maintenance.
  • Using the SMTP-after-POP method, which requires a MUA to POP before SMTP to temporarily add the IP to trusted networks : that is not supported by all MUA's, it is a security issue especially on dynamic IP's and it is just plain awkward.
  • Using SASL to authenticate the MUA allowing the MUA to forward email messages even if it's IP is not in the trusted networks : this is easy to implement, well supported by MUA's and the industry standard of today.

Postfix supports 2 SASL plugins : Cyrus SASL and Dovecot SASL, we will use Dovecot SASL because we already use Dovecot for MDA and for LDA and because we have already installed all necessary packages and because the configuration is more easy than for Cyrus SASL.

Let's get to it :

  1. Configure Dovecot to provide SASL authentication :
    1. shell> nano /etc/dovecot/dovecot.conf : load the Dovecot configuration file in the nano editor and make the auth default section look like this : (new properties in Fuchsia)
      • !include conf.d/*.conf
      • pop3_uidl_format = %08Xu%08Xv
      • log_timestamp = "%Y-%m-%d %H:%M:%S "
      • imap_client_workarounds = delay-newmail outlook-idle netscape-eoh
      • mail_location = maildir:/home/vmail/%d/%n/Maildir
      • namespace {
      •     type = private
      •     separator = .
      •     prefix = INBOX.
      •     inbox = yes
      • }
      • protocol lda {
      •     auth_socket_path = /var/run/dovecot/auth-master
      •     postmaster_address = root@localhost
      •     mail_plugins = sieve
      •     log_path = /home/vmail/dovecot-deliver.log
      •     deliver_log_format = msgid=%m: %$
      •     rejection_reason = Your message to <%t> was automatically rejected:%n%r
      • }
      • auth default {
      •     user = root
      •     mechanisms = plain login : plain is the standard verb for unencrypted (Outlook Express expects login instead).
      •     passdb sql {
      •         args = /etc/dovecot/dovecot-sql.conf
      •     }
      •     userdb static {
      •         args = uid=5000 gid=5000 home=/home/vmail/%d/%n allow_all_users=yes
      •     }
      •     socket listen {
      •         master {
      •             path = /var/run/dovecot/auth-master
      •             mode = 0600
      •             user = vmail
      •         }
      •         client {
      •             path = /var/spool/postfix/private/auth : tells Dovecot where to communicate with Postfix authentication.
      •             mode = 0660 : tells Dovecot that there are read & write access.
      •             user = postfix : tells Dovecot to use the postfix user for access.
      •             group = postfix : tells Dovecot use the postfix group for access.
      •         }
      •     }
      • }
    2. shell> /etc/init.d/dovecot stop && sleep 5 && /etc/init.d/dovecot start : restart the Dovecot server to enable the configuration changes (as usually wait 5 seconds between stop and start qua the ansil child process bug).
  2. Configure Postfix to use the SASL authentication provided by Dovecot :
    1. shell> postconf -e 'smtpd_sasl_type = dovecot' : specify the SASL plugin to use, here Dovecot SASL (as opposed to Cyrus SASL which is default).
    2. shell> postconf -e 'smtpd_sasl_path = private/dovecot-auth' : this path is relative to /var/spool/postfix (note that private/auth was automatically changed to private/dovecot-auth then installing the dovecot-postfix package. Also I tried to change it back to private/auth but I would then get fatal: no SASL authentication mechanisms in /var/log/mail.err and also telnet localhost 25 would disconnect).
    3. shell> postconf -e 'smtpd_sasl_auth_enable = yes' : enable the use of SASL. If this value is no (default), then only MUA's on trusted networks will be able to relay email messages.
    4. shell> postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination' : here we specify to permit relay for MUA's that are either authenticated using SASL or is on our trusted networks and to reject all other MUA's to relay.
    5. shell> postconf -e 'broken_sasl_auth_clients = yes' : support for older MUA's like Outlook up to version 2003 and Outlook Express up to version 6 with an obsolete version of the AUTH command. Default value is no, however I guess there is no security risk involved.
    6. shell> postconf -e 'smtpd_tls_auth_only = no' : we have not configured TLS yet, so if this setting is set to yes, the SASL authentication would fail.
    7. shell> service postfix reload : reload the configuration.

SASL - Test it works

What we need to test is :

  • That we are NOT allowed to relay email messages without logging in.
  • That we CAN login and that we are then allowed to relay email messages.

To run this test, you need to telnet from a remote box - a shell on eg. your Windows or Ubuntu box. DO NOT try to telnet from the same OS that host your mail server, the idea is to get an IP outside of the Postfix trusted networks. (If you run the whole tutorial on your dev machine, you can use eg. VirtualBox to fast setup a virtual machine to test from).

  1. First confirm that Postfix announces the SASL capability and that you can send email that does not need to be relayed :
    1. remote shell> telnet MailServerIP 25
      1. Trying 127.0.0.1...
        Connected to localhost.
        Escape character is '^]'.
        220 Your.Domain.Name ESMTP Postfix (Ubuntu)
      2. ehlo localhost
      3. 250-your.server.domain
        250-PIPELINING
        250-SIZE 10240000
        250-VRFY
        250-ETRN
        250-AUTH PLAIN LOGIN
        : Postfix announces that it supports authentication using plain or login mechanisms
        250-AUTH=PLAIN LOGIN
        : Postfix announces it twice because broken_sasl_auth_clients is set to yes.
        250-ENHANCEDSTATUSCODES
        250-8BITMIME
        250 DSN
      4. mail from: root@localhost
      5. 250 2.1.0 Ok
      6. rcpt to: rasmus@example.com : rasmus@example.com is a local address (remember we added this domain and email address above then testing virtual domains).
      7. 250 2.1.5 Ok
      8. data
      9. 354 End data with <CR><LF>.<CR><LF>
      10. Subject: sub remote 1
      11. body remote 1
      12. .
      13. quit
      14. 221 2.0.0 Bye
        Connection closed by foreign host.
    2. local shell> ls -l /home/vmail/example.com/rasmus/Maildir/new : check the mail has arrived (this command should be executed on the same OS that host your mail server).
  2. Second confirm that you cannot relay an email message without logging in :
    1. remote shell> telnet MailServerIP 25
      1. Trying 127.0.0.1...
        Connected to localhost.
        Escape character is '^]'.
        : notice the escape character, ctrl+], you are going to need it
        220 Your.Domain.Name ESMTP Postfix (Ubuntu)
      2. mail from: root@localhost
      3. 250 2.1.0 Ok
      4. rcpt to: rasmus@webmodelling.com : rasmus@webmodelling.com is not a localhost address.
      5. 554 5.7.1 <rasmus@webmodelling.com>: Relay access denied : indeed Postfix correctly rejected to relay the email message.
      6. ctrl+] : press ctrl+] to escape, it is not possible to continue.
      7. ^]
      8. telnet> quit
      9. Connection closed.
  3. Third confirm that you can logon and that Postfix accept to relay the message :
    1. shell> apt-get install openssl : install openssl to base64 encode your email credentials.
    2. shell> printf '\0%s\0%s' 'username' 'password' | openssl base64 : create a base64 encoded value of your username and password to use for SASL authentication below.
    3. remote shell> telnet MailServerIP 25 : again, be sure to use a remote shell.
      1. Trying 127.0.0.1...
        Connected to localhost.
        Escape character is '^]'.
        220 Your.Domain.Name ESMTP Postfix (Ubuntu)
      2. AUTH PLAIN AHJhc211c0BleGFtcGxlLmNvbQBhYmM= : 'AHJhc211c0BleGFtcGxlLmNvbQBhYmM=' is the base64 encoded value of rasmus@example.comabc (I use abc for password) - be sure to create your own base64 encoding of the local email account you will use to send from.
      3. 235 2.7.0 Authentication successful : There you got it - SASL works !
      4. mail from: rasmus@example.com
      5. 250 2.1.0 Ok
      6. rcpt to: rasmus@webmodelling.com : use one of your own email accounts.
      7. 250 2.1.5 Ok
      8. data
      9. 354 End data with <CR><LF>.<CR><LF>
      10. Subject: sub remote 1
      11. body remote 1
      12. .
      13. quit
      14. 221 2.0.0 Bye
        Connection closed by foreign host.
    4. Confirm that you have received the email (in my case rasmus@webmodelling.com).

Configure TLS

(alternatively execute email server installation script step 3 -> 6)

While SASL provides a mechanism to authenticate remote users by username and password then they try relay an email message through the email server, both username and password are sent in plain text and could be easily intercepted and stolen.

Using TLS (Transport Layer Security) we can encrypt the communication between the email client and the email server, so that if the communication is intercepted, the credentials will not be in plain text.

There are 2 ways to secure a protocol with TLS :

  • The client connect to a servers secure port - email typically 993 (imaps) or 995 (pop3s) - and immediately begin an encrypted handshake.
  • The client connect to a servers plain text port - email typically 25 (smtp), 110 (pop3) or 143 (imap) - and begin an unencrypted handshake. If the server respond the STARTTLS capability, then the subsequent communication can be encrypted which includes the authentication process (where username and password are sent).

Regardless of which TLS method is applied, the server must sent a public key to the client, which the client will then use to encrypt the rest of the session. Only the server that have the corresponding private key will be able to decrypt. However, the client will need to trust that it is connected to the right server, therefore the server displays a signed certificate, which the client will automatically accept if the signing is done by a trusted authority, while if it is a self-signed certificate (which we will do) then the client will ask the user whether to trust it.

All-in-all we therefore need :

  • A private key
  • A signed public key certificate (created from the private key)

Create the 2 TLS key files

Dovecot may likely already have created the 2 keys in /etc/ssl/certs/dovecot.pem & /etc/ssl/private/dovecot.pem, however we want to create our own

  1. shell> cd $HOME : change current directory to your home directory to make the key files there.
  2. shell> openssl genrsa -des3 -out server.key 1024 : use openssl genrsa to generate a triple-DES (-des3) encrypted private key file (server.key). You will be prompted for a passphrase for the triple-DES encryption.
  3. Unencrypt the private key : (Otherwise we would have to manually write the passphrase each time Postfix starts up, which is not practical)
    1. shell> openssl rsa -in server.key -out server.insecure : use openssl rsa to create an unencrypted version of the private key.
    2. shell> mv server.key server.key.secure : store the encrypted private key as server.key.secure.
    3. shell> mv server.key.insecure server.key : rename the unencrypted private key to server.key.
  4. shell> openssl req -new -key server.key -out server.csr : use openssl req to generate a Certificate Signing Request file (server.csr) using the private key (server.key). You will be prompted for relevant information to be incorporated into your certificate signing request : (you don't need to answer them all)
    1. Country Name (2 letter code) [TH]:TH : TH for Thailand (where I live).
    2. State or Province Name (full name) [Some-State]:Nonthaburi : more precisely I live in Nonthaburi.
    3. Locality Name (eg, city) []: : I don't answer.
    4. Organization Name (eg, company) [Internet Widgits Pty Ltd]:FD : FD for Favourite Design.
    5. Organizational Unit Name (eg, section) []: : I don't answer.
    6. Common Name (eg, YOUR name) []:your.server.domain : this is the most important question to answer.
    7. Email Address []:rasmus@webmodelling.com
    8. A challenge password []: : I don't answer.
    9. An optional company name []: : my good, then will it end.
  5. shell> openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt : use openssl x509 to create a (self)signed certificate file (server.crt) that is valid for 365 days using the signing request file (server.csr) containing your organizations information and using (server.key)
    • Signature ok
      subject=/C=TH/ST=Nonthaburi/O=FD/CN=Rasmus Rummel
      Getting Private key
  6. shell> mv server.key /etc/ssl/private/ : move the private key file to /etc/ssl/private/.
  7. shell> mv server.crt /etc/ssl/certs/ : move the certificate file to /etc/ssl/certs/.
  8. shell> chown root:root /etc/ssl/private/server.key : set full ownership to root for the private key file.
  9. shell> chmod 600 /etc/ssl/private/server.key : be sure that only root have access to the private key file (since it is not encrypted).

Configure Postfix to offer TLS

  1. shell> postconf -e 'smtp_tls_security_level = may' : security level for the SMTP client. 'may' means that Postfix will use TLS if the remote SMTP server supports it (other values are 'none', 'encrypt' 'fingerprint', 'verify' and 'secure').
  2. shell> postconf -e 'smtpd_tls_security_level = may' : 'security level for the SMTP server. may' means that Postfix will announce STARTTLS capability to clients, but not require that clients use TLS (other values are 'none' and 'encrypt', encrypt will require the client to use TLS).
  3. shell> postconf -e 'smtpd_tls_auth_only = no' : this will allow email clients to logon without encrypting. If you want to force email clients to enable encrypting, you need to set this value to yes and ehlo localhost will not any longer show the AUTH PLAIN capability (be prepared to help people with email accounts on your server to setup encryption in their email clients).
  4. shell> postconf -e 'smtpd_tls_key_file = /etc/ssl/private/server.key' :
  5. shell> postconf -e 'smtpd_tls_cert_file = /etc/ssl/certs/server.crt' :
  6. shell> postconf -e 'smtpd_tls_loglevel = 1' : log-levels run from 0 (very little logging) to 4 (extreme logging).
  7. shell> postconf -e 'smtpd_tls_session_cache_timeout = 3600s' : define a TLS session cache to avoid multiple relatively expensive key exchanges and clear the cache every hour.
  8. shell> postconf -e 'tls_random_source = dev:/dev/urandom' :

TLS - Test it works

  1. shell> telnet MailServerIP 25 : again, be sure to use a remote shell.
    1. Trying 127.0.0.1...
      Connected to localhost.
      Escape character is '^]'.
      220 Your.Domain.Name ESMTP Postfix (Ubuntu)
    2. ehlo localhost
    3. 250-mail6.example.tld
      250-PIPELINING
      250-SIZE 10240000
      250-VRFY
      250-ETRN
      250-STARTTLS
      : Postfix announces STARTTLS capability
      250-AUTH PLAIN LOGIN
      250-AUTH=PLAIN LOGIN
      250-ENHANCEDSTATUSCODES
      250-8BITMIME
      250 DSN
    4. quit : it's too difficult to encrypt on the command line, so just quit.
    5. 221 2.0.0 Bye
      Connection closed by foreign host.
  2. Lets test with a real email client on a remote machine, eg. your Windows or Ubuntu dev box
    1. On your dev box, map our test domain, example.com, to your email servers IP using the dev box hosts file :
      • On an Ubuntu dev box:
        1. dev box shell> echo -e "\nYouEmailServerIP example.com" >> /etc/hosts : the -e "\n" is to start on a new line.
        2. dev box shell> ping example.com : be sure you get YourEmailServerIP.
      1. On a Windows 7 dev box :
        1. Open C:\Windows\System32\drivers\etc\hosts in your favourite text editor and add the following line :
          • YourEmailServerIP example.com : eg. for me it is 192.168.1.72 example.com
        2. dev box shell> ping example.com : be sure you get YourEmailServerIP.
    2. On your dev box open an email client, eg. Outlook Express or Thunderbird.
    3. Set your email client to use STARTTLS : (here Thunderbird)
      1. Create a new account for rasmus@example.com.
      2. Add Mail Account.
      3. Mail Account Setup
      4. IMAP & SMTP are automatically configured to use STARTTLS.
      5. Press the Create button and wait for Thunderbird to test the password.
      6. Success - account created. Also note the Outgoing Server is example.com using rasmus@example.com for authentication.
    4. Use your email client to fetch (using IMAP) email messages from your email server : (here Thunderbird)
      1. In the left panel select the new account and then in the right panel click on Read Messages.
      2. Accept the certificate (this is the Dovecot default certificate).
      3. Success - earlier test mails fetched using TLS.
    5. Use your email client to relay an email message through your email server from your test address (for me it is rasmus@example.com) to one of your real email addresses (for me it is rasmus@webmodelling.com) : (here Thunderbird)
      1. Write an email to one of your real email addresses.
      2. Dreadful unknown error - however the reason is the missing certificate.
      3. Accept the certificate again (actually this is a new certificate, the one we made for SMTP).
      4. Success - mail relayed using TLS (note your test server cannot send directly to gmail because gmail refuses to receive email messages if senders IP address and domain name does not match, see more here (this problem will go away then you publish your email server for production with domain names acknowledged by public dns)).

If you passed the tests, you now have a secure full working email server, congratulations.



Install spam control


UNDER CONSTRUCTION

Install Squirrelmail

Squirrelmail is among the most, if not the most, popular webmail programs for linux machines (and can also be installed on windows).

Install Apache

(alternatively execute email server installation script step 3 -> 7)

Webmail needs to run on top of a webserver, therefore we need to install Apache first (if you already have Apache on your system, eg. if you have a LAMP stack, you should skip this step).

  1. shell> apt-get install apache2 : install Apache.
  2. shell> /etc/init.d/apache2 restart : restart Apache.

That was kind of easy!

Install Squirrelmail

(alternatively execute email server installation script step 3 -> 8)
  1. shell> apt-get install squirrelmail squirrelmail-compatibility php-pear php-db
    • squirrelmail : the webmail program with support for IMAP & SMTP.
    • squirrelmail-compatibility : support for plugins.
    • php-pear : MAYBE necessary for Squirrelmail to run on Apache (Squirrelmail is a PHP program). php-pear is necessary for php-db though.
    • php-db : MAYBE necessary for Squirrelmail to run (though I think Squirrelmail do not access MySQL only Postfix & Dovecot)
  2. shell> ln -s /etc/squirrelmail/apache.conf /etc/apache2/conf.d/squirrelmail.conf : Squirrelmail comes with a predefined Apache configuration file which we symlink to /etc/apache2/conf.d - that will enable Apache to load the configuration.
  3. shell> /etc/init.d/apache2 restart : restart Apache to start the Squirrelmail web.

Note that Squirrelmail is not using SASL and therefore depends on :

  • Being installed on the same server as Postfix.
  • /etc/postfix/main.cf smtpd_recipient_restrictions MUST include permit_mynetworks.

Otherwise you will get Transaction failed 554 5.7.1 : Relay access denied everytime you try to send an email from Squirrelmail.



Webmail - Test it works

  1. Open a browser on a remote machine and put in the following url : http://YouEmailServerIP/squirrelmail : you should see the login page.
  2. Login with the user we have used throughout the tutorial (for me it is rasmus@example.com with password abc) : you should now come to your inbox and it should show the email messages we have test send earlier.
  3. Compose a test email in squirrelmail and send it to one of your own email addresses (in my case rasmus@webmodelling.com) : after some time you should receive the email (if it have not arrived within half an hour, it is likely not to arrive).

If you passed the test, congratulations you webmail is functioning.



Appendix - Access Squirrelmail on multiple custom urls

Since this email server supports virtual domains, you may want to access Squirrelmail on different custom urls, here we will configure Squirrelmail to be accessible on 2 test domains :

  • http://webmail.test1.com
  • http://webmail.test2.com

Also we need 2 machines for the test :

  • Your email server machine.
  • A remote machine, eg. your Windows or Ubuntu dev box, on which the above domains will resolve to YourEmailServerIP.
  1. On your email server edit the squirrelmail.conf file to map to webmail.test1.com and webmail.test2.com :
    1. shell> nano /etc/apache2/conf.d/squirrelmail.conf : load squirrelmail.conf in the nano editor and add the following :
      • <VirtualHost *> : * means that this virtual host is defined for all IP addresses.
      •     ServerName webmail.test1.com : this virtual host maps to webmail.test1.com
      •     ServerName webmail.test2.com : this virtual host maps to webmail.test1.com
      •     DocumentRoot /usr/share/squirrelmail : this virtual host have document root in /urs/share/squirrelmail
      • </VirtualHost>
    2. Press ctrl+x and then y to save and return to prompt.
    3. shell> /etc/init.d/apache2 restart : restart Apache to load the changed configuration.
  2. On your dev box map our test domains, test1.com & test2.com, to your email servers IP address by adding the test domains to the dev box hosts file :
    • On a Windows7 dev box :
      1. Open C:\Windows\System32\drivers\etc\hosts in your favourite text editor and add the following lines :
        • YourEmailServerIP webmail.test1.com : eg. for me it is 192.168.1.72 test1.com
        • YourEmailServerIP webmail.test2.com : eg. for me it is 192.168.1.72 test2.com
      2. dev box shell> ping webmail.test1.com : be sure you see YourEmailServerIP (in my case 192.168.1.72)
    • On an Ubuntu dev box :
      1. dev box shell> echo -e "\nYourEmailServerIP webmail.test1.com" >> /etc/hosts : echo -e "\n" will insert a new line.
      2. dev box shell> echo "YourEmailServerIP webmail.test2.com" >> /etc/hosts
      3. dev box shell> ping webmail.test1.com : be sure you see YourEmailServerIP (in my case 192.168.1.72)
  3. Start a web browser on your dev box and navigate to webmail.test1.com : you should see Squirrelmail login page.
  4. Navigate the same web browser to webmail.test2.com : you should again see Squirrelmail login page.


Appendix : Management & Debugging Commands

The following is a small collection of commands to empower you somewhat in case of problems eg. if under attack.

  • shell> tail -30 /var/log/mail.log : display the last 30 lines in the mail log.
  • shell> tail -30 /var/log/mail.err : display the last 30 lines in the mail error log.
  • shell> tail -1000 /var/log/mail.log | grep -i ': to=<.*@webmodelling\.com>,' | less : focus the log on deliveries to webmodelling.com.
  • shell> tail -1000 /var/log/mail.log | grep -i ': from=<.@webmodelling\.com>,' | less : focus the log on emails send by webmodelling.com.


Working with the mail queue

The postfix mail queue is a queue of mail messages that Postfix have not yet delivered. The postfix mail queue is actually consisting of several sub queues. Messages are moved between these sub queues by the queue manager that also is responsible for delivering the messages :

  • incoming queue : then a message arrives at the postfix server, the cleanup service will write the message to a file owned by the postfix user and mask it 0600. Then the message is finished written to file, the cleanup service change the file mask to 0700. If the active queue is not full, the queue manager will periodically scan the incoming queue (all the new message files) and move files with mask 0700 to the active queue. If mails are coming in faster than the queue manager can move them from incoming to active, the incoming queue will grow.
  • active queue : messages in the active queue are ready to be sent (runable) but not necessarily in the process of being sent (running). While the incoming, deferred, maildrop and hold queues are only files on disk not occupying memory, the active queue is also a data structure in memory owned by the queue manager process. Because messages in the active queue are represented in memory, there is a limit to how many messages can be hold in the active queue at which point the queue manager stop scanning the incoming and the deferred queues (since no more messages can be moved to the active queue).
  • deferred queue : if delivery failed for one or more recipients of a message (eg. a recipient address could not be validated), the message will be moved to the deferred queue and assigned a cool-off time (between minimal_backup_time and maximum_backoff_time) before which the queue manager will not move the message back into the active queue.
  • hold queue : the administrator can create rules (eg. based on content in headers or body) that will move messages to the hold queue outside of normal processing. A message in hold is not handled by the queue manager but needs to be manually moved to another queue. postsuper -r will move messages from hold to maildrop, while postsuper -H will move messages from hold to deferred.
  • maildrop queue : container for messages locally submitted using postfix sendmail. The maildrop queue is not considered part of the postfix main queue as messages have not yet been checked and rewritten by the cleanup service. Messages are moved to incoming queue by the pickup service from which point on the cleanup service is taking over.

Note that the queue manager is mainly slowed down by I/O operations (moving the messages between queues) and by transport lookup queries.

  • shell> mailq : list all mails in the mail queue (maildrop, incoming, active & deferred).
  • shell> mailq | grep "webmodelling.com" : display all messages containing "webmodelling.com".
  • Folder actions :
    • shell> ls -l /var/spool/postfix : list all folders involved with the mail queue.
    • shell> find /var/spool/postfix -type f | wc -l : very fast way to approcimately count files in a huge mail queue (the result is not precise because other folders than the 4 main queue folders are counted).
    • shell> find /var/spool/postfix/deferred -type f | wc -l : count messages in the deferred queue.
    • shell> grep "webmodelling.com" /var/spool/postfix/deferred/* | wc -l : count messages in the deferred queue containing "webmodelling.com".
  • postsuper
    • shell> postsuper -d MESSAGEID : delete a message by it's messageID.
    • shell> postsuper -d ALL : delete all mails in the queue (typically used then your queue is flooded with eg. spam).
    • shell> postsuper -d All deferred : delete all mails in the deferred queue.
    • shell> postsuper -h MESSAGEID : move message with ID = MESSAGEID from incoming queue to hold queue.
    • shell> postsuper -r MESSAGEID : requeue message with ID = MESSAGEID from any queue to incoming queue.
    • shell> postsuper -h ALL : move all messages from incoming queue to hold queue.
    • shell> postsuper -r ALL : requeue all messages from any queue to incoming queue.
    • Delete messages from a specific domain or user or messages containing a specific text :
      • shell> mailq | grep 'webmodelling.com' | awk '{print $1}' | postsuper -d - : delete all messages containing 'webmodelling.com'.
      • shell> mailq | grep 'webmodelling.com' | awk '{print substr($1,0,12)}' | postsuper -d - : sometimes the message ID field have a star (*) appended, which must be removed before postsuper will recognise the message ID field.
  • postqueue :
    • shell> postqueue -p
    • shell> postqueue -f : flush all mails in the deferred queue, that is : move all messages to the active queue to try to deliver all mails immediately. This is most often a bad idea as mails in the deferred queue are there because of delivery trouble, so if trying to deliver them all at once, the active queue may easily become congested and messages in the incoming queue may wait a long time before they can be delivered.
  • postcat :
    • shell> postcat -q MESSAGEID : read all headers of a the message with ID = MESSAGEID. This is very useful to identify the reason why a message is in the deferred queue.
  • qshape : (qshape tutorial)
    • shell> qshape : shows postfix queue content in a tabular form ordering destination domains after occurrence on the vertical axis and queue age along the horizontal axis.
    • shell> qshape -s : shows sender domains instead of destination domains - useful to identify from which domains spam are being sent.
    • shell> qshape deferred : shows which destinations have been unable to be delivered.
    • shell> qshape active : shows which destinations are in the process of trying to be delivered.
  • shell> postconf -e maximal_queue_lifetime=1d : setting the queue lifetime to 1 day, which means that a message undeliverable after 1 day will be returned to sender with an "undelivered" notice. The default queue lifetime is 5 days. The queue lifetime value can be set in seconds (s), minutes (m), hours (h), days (d) and weeks (w). (reload postfix after setting this property service postfix reload).


Mail Log

Log files : (Postfix logs through syslog, /etc/syslog.conf, on Ubuntu this is default to /var/log)

  • /var/log/mail.log : Postfix sends ALL log messages to this file.
  • /var/log/mail.err : Postfix also sends error messages to this file (because it can be difficult to find the error messages in mail.log)
  • /var/log/mail.warn : Postfix also sends warning messages to this file.

Use the tail command to view the log files :

  • shell> tail -30 /var/log/mail.log : print the last 30 messages to screen.
  • shell> tail -f /var/log/mail.log : keep printing new messages to screen in real time.

Postfix log format : (Postfix consist of several components that each logs to mail.log in their own format, however all entries consist of 4 elementary parts :

  1. Datetime : eg. Mar 13 12:54:07.
  2. Hostname : eg. mail1.
  3. Component ID : eg. postfix/smtpd[27559]: (other examples are postfix/master[932]: or Dovecot: or amavis[2021]:).
  4. Message : this is very different depending on the component (I am not sure if the same component always have the same format)

Elements of the postfix/smtpd component log :

  • delays a/b/c/d :
    • a : time before queue manager, including message transmission.
    • b : time in queue manager.
    • c : connection setup including DNS, HELO and TLS.
    • d : message transmission time.


My email server is sending a lot of spam - help

If your email server starts to send a lot of spam, your email server will be blacklisted by different email blacklist servers and you cannot any longer send email to anyone using these blacklist servers.

To fight the problem, you can among others try to :

  • Test that your email server is not an open relay :
    • Go to http://abuse.net
    • Make an account and test if your email server can be used as an open relay
  • Set your log level to maximum
  • Focus on a certain log

If you host many websites, it can be very difficult, eg. if there are an old version of Joomla, Mambo, Wordpress etc., someone may be able to break in and upload a mail sending script.



Appendix : Basic Concepts


  • MTA : Mail Transfer Agent : An MTA receives and sends out mail. Postfix is the default MTA on Ubuntu (though Exim4 is also in the main repository).
  • MDA : Mail Delivery Agent : An MDA makes messages received by MTA available for download using eg. IMAP or POP3. Dovecot is the default MDA on Ubuntu (though Courier with support for external database server is also in the main repository). Since Dovecot supports IMAP & POP3, Dovecot is also called an IMAP & POP3 server.
  • MUA : Mail User Agent : A MUA is the email program you use to create email messages and to receive and read them, eg. Outlook Express or Thunderbird.
  • LDA : Local Delivery Agent : Then an MTA decides that it is itself the final MTA destination for an email message, the MTA instead of forwarding the email message to yet another MTA needs to store the email message on local storage. Postfix can store an email message if the storage format is either mbox or Maildir, however the MTA can also let an LDA handle the local storage, eg. DovecotLDA is a Postfix plugin that handles delivering email messages from the Postfix server to the local storage media.
  • IMAP : : High bandwith protocol for MUA to download email messages from MDA. Typically email messages are only cached on the MUA (also other good stuff).
  • POP3 : : Low bandwith protocol for MUA to download email messages from MDA. Typically email messages are downloaded to the MUA and deleted on the server by the MDA.
  • SMTP : Simple Mail Transfer Protocol : Protocol for transfering email messages from MUA to MTA and from MTA to another MTA.
  • Mailbox : A mailbox is an email message storage format. The two most popular are mbox and Maildir (both supported by Postfix for direct local delivery without using an LDA). mbox stores email messages in one big file for each email account while Maildir stores each email message in its own file.
  • SASL : Simple Authentication and Security Layer : SASL is an SMTP Authentication protocol/plugin. Postfix supports 2 SASL implementations, Cyrus SASL & Dovecot SASL.


Appendix : Relevant links



Appendix : Squirrelmail in thai

First off : sorry for spamming with an appendix that is without interest for the majority, however partly I also use this page as personal documentation and partly the logic is applicable for other less prominent languages as well.

Configure Squirrelmail to display thai characters correct then email is not arriving in utf8 :

  1. In /usr/share/squirrelmail/functions/i8n.php :
    1. Change the US charset from iso-8859-1 to tis-620 : (tis-620 is the thai characterset)
      • #$languages['en_US']['CHARSET'] = 'iso-8859-1'; : outcomment this record.
      • $languages['en_US']['CHARSET'] = 'tis-620'; : insert this record below the record just outcommented.
    2. The thai label translations are default outcommented because less than 50% is translated, however we want to use them :
      • Search the i8n.php file for $languages['th_TH']['NAME'] and uncomment the 4 records defining the thai language.
  2. In /etc/squirrelmail/config.php :
    • #$squirrelmail_default_language = 'en_US'; : outcomment this record.
    • #$default_charset = 'iso-8859-1'; : outcomment this record.
    • $squirrelmail_default_language = 'th_TH'; : insert this record below the 2 just outcommented records.
    • $default_charset = 'tis-620'; : and then insert this record also.


Appendix : Common errors and solutions

  1. Dovecot unknown database driver mysql.

Reason : If you have the above error 1, you have forgot to add mysql support for dovecot.

Solution : Install the dovecot-mysql package :

  1. shell> apt-get install dovecot-mysql.

  1. Dovecot fatal: pipe_command: execvp /usr/local/libexec/dovecot/deliver: No such file or directory.

Reason : If you have the above error 2, then Dovecot LDA is registered with Postfix in master.cf but with a wrong path. I think /usr/local/libexec/dovecot/deliver is the old path to Dovecot LDA and therefore many guides and documentation will specify that path. The dovecot-postfix package version 2.0.13 stores Dovecot LDA in /usr/lib/dovecot/deliver.

Solution : Register Dovecot LDA with the right path :

  1. shell> sed -i -e "/\/usr\/local\/libexec\/dovecot/,s/local\/libexec/lib/" /etc/postfix/master.cf : change the path to Dovecot LDA. (You can also open /etc/postfix/master.cf in nano and change the path there if you don't like the sed command).
  2. shell> /etc/init.d/postfix restart : make the new path active.

  1. Dovecot dovecot: master: Error: service(anvil): Socket already exists: /var/run/dovecot/anvil.

Reason : This is a known bug in dovecot-common 2.0.13, see here, that the anvil child process is slow to close and therefore may block Dovecot startup.

Solution : I use the following workaround that instead of restarting Dovecot, I first stop Dovecot then wait 5 seconds and then start Dovecot (it seems to work every time).

  1. shell> /etc/init.d/dovecot stop : stop the dovecot server and WAIT 5 seconds hoping that the anvil child process is also stopping
  2. shell> /etc/init.d/dovecot start : start the dovecot server
  3. shell> nmap localhost : check if pop3 & imap are up, if not then stop Dovecot and again wait sometime before trying to start Dovecot.
  • shell> /etc/init.d/dovecot stop && sleep 5 && /etc/init.d/dovecot start : alternatively you can execute the whole procedure in one go.

  1. Postfix postfix/qmgr[6080]: warning: connect to transport private/dovecot: No such file or directory.

Reason : If you have the above error 4, one reason could be that you have enabled saslauth for smtp without actually configuring saslauth. I got this error with the following relevant default entries in /etc/postfix/main.cf :

  • smtpd_sasl_auth_enable = yes : tell Postfix to use saslauth.
  • smtpd_sasl_type = dovecot : tell Postfix that the saslauth is dovecot.
  • smtpd_sasl_path = private/dovecot-auth : tell Postfix where to find dovecot saslauth - and indeed this path is replicated in the error message.

Solution : Tell postfix to NOT use saslauth :

  1. shell> postconf -e "smtpd_sasl_auth_enable = no
  1. Trying to use Gmails Mail Fetcher to check mail using POP3 errors :
    Server denied POP3 access for the give username and password. and
    Server returned error: "Plaintext authentication disallowed on non-secure (SSL/TLS) connections."

Reason : Dovecot default disables plaintext authentication over non-secure connections.

Solution : It would be best if Gmail Mail Fetcher could work over a secure connection (eg. POP3S on port 995), however I have not been able to make that work. Instead I simply configure Dovecot to allow plaintext authentication also over non-secure connections :

  1. email server shell> nano /etc/dovecot/dovecot.conf : open the Dovecot main configuration file and add this record :
    • disable_plaintext_auth = no
  2. Press ctrl+x and then y to close and save the hosts file.
  3. email server shell> /etc/init.d/dovecot stop && sleep 5 && /etc/init.d/dovecot start : restart Dovecot waiting 5 seconds between stop and start to bypass the anvil child process bug in Dovecot 2.0.13 (and possible other versions as well).
  1. status=deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)
  2. NOQUEUE: reject: RCPT from unknown[]: 554 5.7.1 <target email account>: Relay access denied; from=<> to=<target email account> proto=ESMTP helo=<FQDN sender>

Reason : Last time my Amavisd-new was down, I got the 2 above 6 & 7 error messages. Confirm that Amavisd-new is down :

  • shell> nmap localhost : if you don't see port 10024 in use, then likely Amavisd-new is not listening.
  • shell> netstap -tap : another way to check listening daemons.

Solution 1 : Restart Amavisd-new and Postfix :

  1. shell> /etc/init.d/amavisd-new restart
  2. shell> service postfix restart

Solution 2 : Restart the mail server

  1. amavis (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect to UNIX socket /var/run/clamav/clamd.ctl: Connection refused).
  2. amavis (!!)WARN: all primary virus scanners failed, considering backups

Reason : If you have the above error 6 & 7

Solution :

  • shell> ps -ef | grep clam : test if the clamd is running.
  • shell> /etc/init.d/clamav-daemon start : start the clamd.
  1. 450 4.7.1 : Recipient address rejected: SPF-Result=webmodelling.com: 'SERVFAIL' error on DNS 'SPF' lookup of 'webmodelling.com' (in reply to RCPT TO command))

Reason :

Solution :


Comments

You can comment without logging in
 
 B  U  I  S 
Words: Chars: Chars left: 
 Captcha 
 Nickname
Facebook
    
uwil
User type : Standard
Register : 2013-Feb-22
Topics : 1
Replies : 6
--------------
      report  reply  
hay..
it's awesome guide and i just follow this guide step by step, but i have problem in step virtual domain..

after command >>
postmap -q example.com mysql:/etc/postfix/mysql-virtual_domains.cf

output was >>
postmap: warning: connect to mysql server 127.0.0.1: Access denied for user 'mail_admin'@'localhost' to database '"postfix"'
postmap: fatal: table mysql:/etc/postfix/mysql-virtual_domains.cf: query error: Success

so, can you help me ? what i supposed to do ??
thanks

Rasmus
User type : Admin
Register : 2012-Dec-21
Topics : 0
Replies : 108
--------------
      report  reply  
Hi uwil

My guess is the password specified for mail_admin user in /etc/dovecot/dovecot-sql.conf is not identical to the password specified for the mail_admin user in /etc/postfix/mysql-virtual_domains.cf or not identical to the password specified for the mail_admin user then adding mail_admin user to MySql.

To test if the mail_admin user can connect, do the following :
shell> mysql -u mail_admin -pMailAdminPassword : (there is no space between -p and MailAdminPassword).

Redo the "Configure Postfix for virtual domains using MySQL" section and pay close attention to the password each time you engage the mail_admin user.

web fiddler by nature

Anonymous
--------------
      report  reply  
hi rasmus

thank for reply.
I guess in /etc/dovecot/dovecot-sql.conf is indentical, same as in /etc/postfix/mysql-virtual_domains.cf and MySQL user too

/etc/postfix/mysql-virtual_domains.cf
user = mail_admin
password = MailAdmin
dbname = "Postfix"
query = SELECT domain AS virtual FROM domains WHERE domain='%s'
localhost = 127.0.0.1

/etc/dovecot/dovecot-sql.conf
driver = mysql
connect = host=127.0.0.1 dbname=Postfix user=mail_admin password=MailAdmin
default_pass_scheme = PLAIN
password_query = SELECT email AS user, password FROM users WHERE email='%u';

mysql
mysql > CREATE DATABASE Postfix;
mysql > GRANT SELECT, INSERT, UPDATE, DELETE ON Postfix.* TO 'mail_admin'@'localhost' IDENTIFIED BY 'MailAdmin';

GRANT SELECT, INSERT, UPDATE, DELETE ON Postfix.* TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'MailAdmin';

please, correct me if i'm wrong, is looks different ?

i using ubuntu 12.04
thank you 
Rasmus
User type : Admin
Register : 2012-Dec-21
Topics : 0
Replies : 108
--------------
      report  reply  
Hi uwil

Your configuration looks correct, however you did not write whether you had tried to manually connect to the Postfix database and if you did whether you could connect or not : 
shell> mysql -u mail_admin -pMailAdminPassword

web fiddler by nature

uwil
User type : Standard
Register : 2013-Feb-22
Topics : 1
Replies : 6
--------------
      report  reply  
hi

oh, i had tried to mauanlly connect to the Postfix database, and i guess not problem here..

shell > mysql -u mail_admin -pMailAdmin

output command
mysql >

anything else ? i get stuck in this part :(
can you help me, please

uwil
User type : Standard
Register : 2013-Feb-22
Topics : 1
Replies : 6
--------------
      report  reply  
hi

good news, i just want to make correction. the issue was work fine now

in /etc/postfix/mysql-virtual_domains.cf i just removed " " in dbname.

/etc/postfix/mysql-virtual_domains.cf
user = mail_admin
password = MailAdmin
dbname = Postfix
query = SELECT domain AS virtual FROM domains WHERE domain='%s'
localhost = 127.0.0.1

postmap -q example.com mysql:/etc/postfix/mysql-virtual_domains.cf

output command >>
example.com

its working now
 
thank you :)

uwil
User type : Standard
Register : 2013-Feb-22
Topics : 1
Replies : 6
--------------
      report  reply  
hi rasmus

i have another issue again.. *sign*

after input command >>
ls -l /home/vmail/examples.com/uwil/Maildir/new
output was >>
ls: cannot access /home/vmail/example.com/uwil/Maildir/new: No such file or directory

i guess mail_location was right in /etc/dovecot/dovecot.conf

and, when i tried telnet localhost imap
shell > telnet localhost imap
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK Waiting for authentication process to respond..
* BYE Disconnected for inactivity.
Connection closed by foreign host.

can you help me again ?? plz

thank you :)

Rasmus
User type : Admin
Register : 2012-Dec-21
Topics : 0
Replies : 108
--------------
      report  reply  
Hi uwil
It is a long time since I manually worked with Postfix, however I think I can remember that the domains are not written to /home/vmail before the first user on that domain receives an email - this means that to see the folder : /home/vmail/example.com/uwil/Maildir/new, you will need to successfully sending an email to uwil@example.com, eg. using telnet to send the email through postfix like : shell> telnet localhost 25. I guess you have already tried to use telnet to send an email to uwil@example.com through Postfix in which case the email have not been delivered correctly.

Re-confirm that :
  1. /etc/dovecot/dovecot.conf contains the correct mail_location : mail_location = maildir:/home/vmail/%d/%n/Maildir
  2. /etc/postfix/main.cf contains the correct virtual transport  : virtual_transport = dovecot
  3. /etc/postfix/master.cf register the dovecot lda : dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
  4. That no email is written to /home/uwil/Maildir/new : if there is an email there after you used telnet to send an email through Postfix to uwil@example.com, dovecot lda will send email to system accounts instead virtual accounts.
  5. Remember to restart dovecot & postfix after making changes : 
    1. shell> etc/init.d/dovecot stop && sleep 5 && /etc/init.d/dovecot start 
    2. shell> service postfix restart

You will need to see an email in /home/vmail/example.com/uwil/Maildir/new before it gives meaning to continue with shell> telnet localhost imap

web fiddler by nature

uwil
User type : Standard
Register : 2013-Feb-22
Topics : 1
Replies : 6
--------------
      report  reply  
hi rasmus

I want to ask something about the mail server this tutorial. Should we install and configure DNS server (bind9) in ubuntu before we start the configuration of the mail server?

Rasmus
User type : Admin
Register : 2012-Dec-21
Topics : 0
Replies : 108
--------------
      report  reply  
Hi uwil

It is not necessary to configure a DNS server before configure the mail server (as I remember : the tutorial have one test with gmail (under TLS - Test it works) that will fail without proper DNS, but that should be all)

web fiddler by nature

Anonymous
--------------
      report  reply  
hi rasmus

I want to ask something about the mail server this tutorial. i just make configuration in SASL now, you relaying email to 'rasmus@webmodelling.com', that is not local domain ? like account in gmail ?
Rasmus
User type : Admin
Register : 2012-Dec-21
Topics : 0
Replies : 108
--------------
      report  reply  
Hi Anonymous

Yes, rasmus@webmodelling.com is a remote domain relative to the context of the tutorial just like your account on gmail would be. In the SASL section it is paramount to test with a remote domain.

Note though that gmail is not good for testing because gmail will refuse emails if it cannot confirm the IP address of the sending domain (called reverse lookup or r-DNS), eg. if you send from example.com on your local machine, then gmail will lookup example.com and receive an IP different from the IP you are sending from.

web fiddler by nature

uwil
User type : Standard
Register : 2013-Feb-22
Topics : 1
Replies : 6
--------------
      report  reply  
hi rasmus

thank for reply
sorry i'm forget to login, i'm person who ask the question

so, what i supposed to do, to get make testing if the SASL- TLS working in my mailserver as relaying email like your tutorial . i have only accounts gmail for the real email, and i don't have domain like 'webmodelling.com' as you.

can you advice me ?

Rasmus
User type : Admin
Register : 2012-Dec-21
Topics : 0
Replies : 108
--------------
      report  reply  
Hi uwil

I have created an email address for you : uwil@webmodelling.com, you can access your email online at webmail.webmodelling.com using uwil@webmodelling.com for username and the password I have PM'ed you.

web fiddler by nature

Anonymous
--------------
      report  reply  
hi rasmus

thank you so much for everything your help.. i'm so pleasure

i have tried to relaying email from my mailserver to uwil@webmodelling.com, but it's working. my inbox in uwil@webmodelling keeps empty.. just stuck in here :(

can help me again ?
thank

Rasmus
User type : Admin
Register : 2012-Dec-21
Topics : 0
Replies : 108
--------------
      report  reply  
Hi uwil

In the "SASL - test it works" there are 3 tests. Tell me exactly what parts of the tests you can pass and what you cannot pass.

web fiddler by nature

uwil
User type : Standard
Register : 2013-Feb-22
Topics : 1
Replies : 6
--------------
      report  reply  
" Third confirm that you can logon and that Postfix accept to relay the message "

i have tried relaying my email from mailserver to uwil@modelling.com, but i cannot recieve that emai.. inbox still empty..

before that i guess i have passed the AUTH PLAIN, and success..



Rasmus
User type : Admin
Register : 2012-Dec-21
Topics : 0
Replies : 108
--------------
      report  reply  
Hi uwil

If you passed "SASL - Test it works" test 3.3.3 "235 2.7.0 Authentication successful", then SASL should actually work and likely something else is prohibiting you from sending mail.

You should look in the log files : /var/log/mail.log & /var/log/mail.err. Just after trying out SASL test 3, you should do the following :
  • shell> tail -50 /var/log/mail.log : print the last 50 records of mail.log  to screen.
  • shell> tail -50 /var/log/mail.err
  • shell> mailq : see if something is pending in the mail queue.

Hopefully you will be able to get a hint from the above.

web fiddler by nature

Rasmus
User type : Admin
Register : 2012-Dec-21
Topics : 0
Replies : 108
--------------
      report  reply  
Hi uwil, I received a test email from you on rasmus@webmodelling.com from uwil@domain.com - I take it you have made SASL work ? In that case : congratulation 

web fiddler by nature



click to top