[Dovecot] Postfix : lda problem
Hi,
I come back with my problem:
On debian lenny, using dovecot 1.1.13-2~bpo50+1 I try to configure my setup (with Postfix virtual domains) to use dovecot as lda but nothing happens, as if postfix not delegate to dovecot
I am using the contreol panel alternc (http://www.alternc.org).
All the maildir are in the format /var/alternc/mail/i/info_domainepublic.net for info@domainepublic.net
The "virtual_mailbox_maps" will retrieve the correct maildir to deliver the message.
For Alternc, an address is considered as an alias of the primary domain name. Thus info@domainepublic.net is assimilated to info_domainepublic.net@altern.domainepublic.net
Here is a sequence of arrival of mail, the result of postconf -n, dovecot -n and the master.cf from postfix
I looked in the documentation and google, but I do not understand the problem.
Thanks Denis
# Mail.log
Aug 15 14:49:17 altern amavis[17243]: (17243-09) Passed CLEAN, [85.27.20.149] [85.27.20.149] <denis@collectifs.net> -> <info_domainepublic.net@altern.domainepublic.net>, Message-ID: <4A86AE18.7020706@collectifs.net>, mail_id: ozn7XWRcaHem, Hits: -9.27, size: 665, queued_as: 0A0054604A, 727 ms Aug 15 14:49:17 altern postfix/smtp[18138]: 345954610C: to=<info_domainepublic.net@altern.domainepublic.net>, orig_to=<info@domainepublic.net>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.9, delays=0.17/0/0/0.73, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=17243-09, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 0A0054604A) Aug 15 14:49:17 altern postfix/local[18256]: 0A0054604A: to=<info_domainepublic.net@altern.domainepublic.net>, relay=local, delay=0.23, delays=0.19/0/0/0.05, dsn=2.0.0, status=sent (delivered to maildir)
# DOVECOT
# 1.1.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.26-1-amd64 x86_64 Debian 5.0.2 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3 pop3s managesieve ssl_cert_file: /etc/ssl/domainepublic.net/domainepublic.net.crt ssl_key_file: /etc/ssl/domainepublic.net/domainepublic.net.key disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login first_valid_uid: 33 mail_privileged_group: mail mail_location: maildir:~/Maildir mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve sieve_storage(default): sieve_storage(imap): sieve_storage(pop3): sieve_storage(managesieve): ~/sieve sieve(default): sieve(imap): sieve(pop3): sieve(managesieve): ~/.dovecot.sieve auth default: passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix socket: type: listen master: path: /var/run/dovecot/auth-master mode: 432 user: postfix
# POSTFIX
alias_database = hash:/etc/aliases
alias_maps = proxy:mysql:/etc/postfix/myalias.cf, hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
default_privs = www-data
disable_vrfy_command = yes
inet_interfaces = all
mailbox_size_limit = 0
message_size_limit = 20480000
mydestination = altern.domainepublic.net vacarme.domainepublic.net
mail.domainepublic.net, altern, localhost.localdomain, localhost
myhostname = altern.domainepublic.net
mynetworks = 127.0.0.0/8 91.121.107.196 62.58.108.143 62.58.108.140
10.0.112.2 10.0.112.1
myorigin = altern.domainepublic.net
owner_request_special = no
readme_directory = no
recipient_delimiter = +
smtp_tls_CAfile = /etc/ssl/certs/cacert.org.pem
smtp_tls_cert_file = /etc/ssl/domainepublic.net/domainepublic.net.crt
smtp_tls_key_file = /etc/ssl/domainepublic.net/domainepublic.net.key
smtp_tls_note_starttls_offer = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = permit_mynetworks,
check_client_access hash:/etc/postfix/access,
permit_sasl_authenticated,
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated, check_helo_access
hash:/etc/postfix/helo_access,
reject_invalid_hostname, reject_non_fqdn_hostname
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_hostname,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_pipelining,
reject_unauth_destination,
reject_multi_recipient_bounce,
check_client_access
hash:/etc/postfix/access,
reject_rbl_client zombie.dnsbl.sorbs.net,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
check_policy_service inet:127.0.0.1:60000,
permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender, reject_invalid_hostname,
smtpd_tls_CAfile = /etc/ssl/certs/root.pem
smtpd_tls_cert_file = /etc/ssl/domainepublic.net/domainepublic.net.crt
smtpd_tls_key_file = /etc/ssl/domainepublic.net/domainepublic.net.key
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
strict_rfc821_envelopes = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_gid_maps = proxy:mysql:/etc/postfix/mygid.cf
virtual_mailbox_base = /
virtual_mailbox_maps = proxy:mysql:/etc/postfix/myvirtual.cf
virtual_minimum_uid = 1000
virtual_transport = dovecot
virtual_uid_maps = static:33
# POSTFIX master.cnf
# # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - - - - smtpd #submission inet n - - - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - - - - qmqpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - - 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - - - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - - - - smtp -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error retry unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - - - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
# added for amavisd-new smtp-amavis unix - - - - 4 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20
127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions=
dovecot unix - n n - - pipe flags=DRhu user=www-data:www-data argv=/usr/lib/dovecot/deliver -d $(recipient)
Am 15.08.2009 um 15:22 schrieb denis:
mydestination = altern.domainepublic.net vacarme.domainepublic.net mail.domainepublic.net, altern, localhost.localdomain, localhost
This is a pure Postfix configuration issue by first look. See: http://www.postfix.org/VIRTUAL_README.html
There it says: NEVER list a virtual alias domain name as a
mydestination domain!
virtual_gid_maps = proxy:mysql:/etc/postfix/mygid.cf virtual_mailbox_base = / virtual_mailbox_maps = proxy:mysql:/etc/postfix/myvirtual.cf virtual_minimum_uid = 1000 virtual_transport = dovecot virtual_uid_maps = static:33
mydestination = $myhostname, localhost.$mydomain
virtual_mailbox_domains = altern.domainepublic.net,
vacarme.domainepublic.net, mail.domainepublic.net
Mailbox base does not look right too: virtual_mailbox_base = /var/mail/vmail (or whatever path you prefer)
Regards Thomas
Thomas Leuxner a écrit :
Am 15.08.2009 um 15:22 schrieb denis:
mydestination = altern.domainepublic.net vacarme.domainepublic.net mail.domainepublic.net, altern, localhost.localdomain, localhost
This is a pure Postfix configuration issue by first look. See: http://www.postfix.org/VIRTUAL_README.html
There it says: NEVER list a virtual alias domain name as a mydestination domain!
virtual_gid_maps = proxy:mysql:/etc/postfix/mygid.cf virtual_mailbox_base = / virtual_mailbox_maps = proxy:mysql:/etc/postfix/myvirtual.cf virtual_minimum_uid = 1000 virtual_transport = dovecot virtual_uid_maps = static:33
mydestination = $myhostname, localhost.$mydomain virtual_mailbox_domains = altern.domainepublic.net, vacarme.domainepublic.net, mail.domainepublic.net
Mailbox base does not look right too: virtual_mailbox_base = /var/mail/vmail (or whatever path you prefer)
I made the following changes but it does not solve my problem.
mydestination = $myhostname, localhost.$mydomain virtual_mailbox_base = /var/alternc/mail
Thanks Denis
Thomas Leuxner a écrit :
Am 15.08.2009 um 16:51 schrieb denis:
I made the following changes but it does not solve my problem.
mydestination = $myhostname, localhost.$mydomain virtual_mailbox_base = /var/alternc/mail
Did you also list your domains under: virtual_mailbox_domains ?
Ok, by replacing virtual_maps = proxy:mysql:/etc/postfix/mydomain.cf to virtual_mailbox_domains = mysql:/etc/postfix/mydomain.cf, it works !!!
But now, the problem is to set the good uid and gid which were defined like this in postfix
virtual_gid_maps = proxy:mysql:/etc/postfix/mygid.cf virtual_uid_maps = static:33
With this configuration:
dovecot unix - n n - - pipe flags=DRhu user=mail:mail argv=/usr/lib/dovecot/deliver -d $(recipient)
socket listen { master { path = /var/run/dovecot/auth-master mode = 0660 user = mail group = mail }
I get the following error message
Fatal: setgid(33(www-data)) failed with euid=8(mail), gid=8(mail), egid=8(mail): Operation not permitted
Any ideas ?
Thanks Denis
Am 15.08.2009 um 18:52 schrieb denis:
virtual_gid_maps = proxy:mysql:/etc/postfix/mygid.cf virtual_uid_maps = static:33 You need to match the groups used by deliver in the "master.cf" (mail/ mail) or change them there. Try
virtual_gid_maps = static:8 virtual_uid_maps = static:8
dovecot unix - n n - - pipe flags=DRhu user=mail:mail argv=/usr/lib/dovecot/deliver -d $ (recipient)
Fatal: setgid(33(www-data)) failed with euid=8(mail), gid=8(mail), egid=8(mail): Operation not permitted
Thomas Leuxner a écrit :
Am 15.08.2009 um 18:52 schrieb denis:
virtual_gid_maps = proxy:mysql:/etc/postfix/mygid.cf virtual_uid_maps = static:33 You need to match the groups used by deliver in the "master.cf" (mail/mail) or change them there. Try
virtual_gid_maps = static:8 virtual_uid_maps = static:8
Ok, here is a configuration that works fine but without success to retrieve the correct gid in the database.
The mails are stored under www-data:www-data in place of www-data:gid. The parameter virtual_gid_maps = proxy:mysql:/etc/postfix/mygid.cf has no effect.
But it's working, thanks !!
Denis
# Main.cf
alias_maps = proxy:mysql:/etc/postfix/myalias.cf,
hash:/etc/aliases
virtual_mailbox_base = /var/alternc/mail
virtual_mailbox_maps = proxy:mysql:/etc/postfix/myvirtual.cf
virtual_mailbox_domains = mysql:/etc/postfix/mydomain.cf
default_privs = www-data
virtual_uid_maps = static:33
virtual_gid_maps = static:33
virtual_transport = dovecot dovecot_destination_recipient_limit = 1
# Master.cf
dovecot unix - n n - - pipe flags=DRhu user=www-data:www-data argv=/usr/lib/dovecot/deliver -d $(recipient)
# dovecot.conf
socket listen { master { path = /var/run/dovecot/auth-master mode = 0660 user = www-data }
On Sun, August 16, 2009 16:31, denis wrote:
The mails are stored under www-data:www-data
if that is apache user then you have open file system for remote web users to all you mails even if thay dont login !
dont save your mails with apache user
in place of www-data:gid. The parameter virtual_gid_maps = proxy:mysql:/etc/postfix/mygid.cf has no effect.
But it's working, thanks !!
no i does not
Denis
# Main.cf
alias_maps = proxy:mysql:/etc/postfix/myalias.cf, hash:/etc/aliases virtual_mailbox_base = /var/alternc/mail virtual_mailbox_maps = proxy:mysql:/etc/postfix/myvirtual.cf virtual_mailbox_domains = mysql:/etc/postfix/mydomain.cf default_privs = www-data virtual_uid_maps = static:33 virtual_gid_maps = static:33
virtual_transport = dovecot dovecot_destination_recipient_limit = 1
# Master.cf
dovecot unix - n n - - pipe flags=DRhu user=www-data:www-data argv=/usr/lib/dovecot/deliver -d $(recipient)
# dovecot.conf
socket listen { master { path = /var/run/dovecot/auth-master mode = 0660 user = www-data }
dont use www-data in dovecot
-- xpoint
denis a écrit :
Ok, here is a configuration that works fine but without success to retrieve the correct gid in the database.
In fact, aliases no longer work In trying with alias_maps or virtual_alias_maps and in both cases the following error: User unknown in virtual mailbox table
Any Ideas ? Thanks Denis
## /etc/postfix/main.cf
alias_maps = proxy:mysql:/etc/postfix/myalias.cf,
hash:/etc/aliases
virtual_mailbox_base = /var/alternc/mail
virtual_mailbox_maps = proxy:mysql:/etc/postfix/myvirtual.cf
virtual_mailbox_domains = mysql:/etc/postfix/mydomain.cf
default_privs = www-data
virtual_uid_maps = static:33
virtual_gid_maps = static:33
virtual_transport = dovecot dovecot_destination_recipient_limit = 1
## /etc/postfix/myalias.cf
user = xyz password = xyz hosts = 10.0.112.1 dbname = alternc table = mail_alias select_field = alias where_field = mail
On Mon 17 Aug 2009 10:21:47 PM CEST, denis wrote
denis a écrit :
Ok, here is a configuration that works fine but without success to retrieve the correct gid in the database.
In fact, aliases no longer work In trying with alias_maps or virtual_alias_maps and in both cases the following error: User unknown in virtual mailbox table
Any Ideas ? Thanks Denis
## /etc/postfix/main.cf
alias_maps = proxy:mysql:/etc/postfix/myalias.cf, hash:/etc/aliases virtual_mailbox_base = /var/alternc/mail virtual_mailbox_maps = proxy:mysql:/etc/postfix/myvirtual.cf virtual_mailbox_domains = mysql:/etc/postfix/mydomain.cf default_privs = www-data
dont give web server full email read access outside dovecot auth
virtual_uid_maps = static:33 virtual_gid_maps = static:33
virtual_transport = dovecot dovecot_destination_recipient_limit = 1
## /etc/postfix/myalias.cf
user = xyz password = xyz hosts = 10.0.112.1 dbname = alternc table = mail_alias select_field = alias where_field = mail
now sync dovecot to use same db backend as postfix
so virtual_mailbox in postfix is equal to dovecot mailbox, make sure
any alias in postfix is delivered to a mailbox not just another alias
that is delivered to a alias in dovecot, else you get mailbox does not
exists
-- xpoint
On Sat, August 15, 2009 18:52, denis wrote:
Fatal: setgid(33(www-data)) failed with euid=8(mail), gid=8(mail), egid=8(mail): Operation not permitted
postfix virtual and dovecot must be friends on the uid and gid, else permission denied
this one is not that hard to solve :)
id mail
set this uid/gid all places
-- xpoint
On Sat, August 15, 2009 15:48, Thomas Leuxner wrote:
mydestination = $myhostname, localhost.$mydomain virtual_mailbox_domains = altern.domainepublic.net, vacarme.domainepublic.net, mail.domainepublic.net
i would not include $myhostname in mydestination, move this also to virtual if mail i still wanted there
mydestination should not have domains that can be sent to from outside if postfixadmin need to be in control
Mailbox base does not look right too: virtual_mailbox_base = /var/mail/vmail (or whatever path you prefer)
only important if virtual_transport=virtual
eg dovecot does not use virtual_mailbox_base in postfix
-- xpoint
On Sat, 15 Aug 2009, denis wrote:
I come back with my problem:
Some notes are below, but because this is a purely Postfix problem, you should NOT follow-up on this list. If you continue to have problems, ask for help on the Postfix mailing list.
On debian lenny, using dovecot 1.1.13-2~bpo50+1 I try to configure my setup (with Postfix virtual domains) to use dovecot as lda but nothing happens, as if postfix not delegate to dovecot
This is because you never configured Postfix to delegate to Dovecot's LDA.
I looked in the documentation and google, but I do not understand the problem.
It appears you did not look at the Postfix documentation. According to postconf(5), $virtual_transport specifies the default mail delivery transport and next-hop destination for final delivery to domains listed with $virtual_mailbox_domains. I see you did not define this latter parameter based on your 'postconf -n'.
-- Sahil Tandon <sahil@tandon.net>
On 8/15/2009 9:22 AM, denis wrote:
# ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - - - - smtpd
<snip>
dovecot unix - n n - - pipe flags=DRhu user=www-data:www-data argv=/usr/lib/dovecot/deliver -d $(recipient)
Postfix is chrooted, dovecot LDA is not...
I think you have other problems, but this is definitely a major one.
--
Best regards,
Charles
Charles Marcus a écrit :
dovecot unix - n n - - pipe flags=DRhu user=www-data:www-data argv=/usr/lib/dovecot/deliver -d $(recipient)
Postfix is chrooted, dovecot LDA is not...
I think you have other problems, but this is definitely a major one.
If i chroot dovecot, I have the following error:
fatal: service dovecot requires privileged operation
Denis
participants (5)
-
Benny Pedersen
-
Charles Marcus
-
denis
-
Sahil Tandon
-
Thomas Leuxner