Home | Scripts | How To's | About


Postifx w/ SASL + Courier IMAP w/ SSL + Maildrop + MySQL + SpamAssassin

View Comments

Updated as of October 1, 2011.

In this document I am going to share my experience with setting up a viable virtual mail server solution for a Linux system. I have made countless attempts at trying to setup mail servers in the past, but have never been able to achieve the results that I desired. Whether it was the incomplete HOWTOs that I was reading or my own lack of knowledge on the subject, I don't know; but after eventually reading through enough document I was able to conceive a solution that works great (so far on two boxes). Most importantly, however, I will attempt to cover and help you resolve the common problems that myself and others have ran into.

Before asking a question, check this article for some fixes.

By the end of this document you will hopefully achieve what I have:

  • A MySQL database which mail users will be primarily authenticated against.
  • Postfix MTA will allow SMTP AUTH SASL connections instead of using relay-domains. Authentication will be done against MySQL and PAM.
  • Maildrop will deliver mail to the users' home directories using Maildir style mail boxes. Any missing Maildir folders will be created.
  • Invoked within Maildrop, SpamAssassin will do its best to flag spam. Then maildrop will deliver it into a separate Maildir.
  • Users will retrieve their mail using IMAP. Authentication will be done against MySQL and PAM.
  • You will NOT need to use PAM-MySQL.

To start off, you will use the following applications:

Installing Sources

First and foremost, you need to compile the sources of the top applications. I will not go through installing MySQL since it is outside of the scope of this document.

OpenSSL

Compile and install OpenSSL.

$ tar zxvf openssl-yourversion.tar.gz
$ ./config
$ make
$ make test
$ make install (as root)

Cyrus SASL v2

The following assumes that you have MySQL setup in: /usr/local/mysql. We will be using the built in MySQL authentication module, instead of having to redirect the authentication to PAM-MySQL. Prior to installing these modules, attempt to remove any pre-installed ones (look in: /usr/lib, /usr/local/lib, /usr/local/lib/sasl2).

$ tar zxvf cyrus-sasl-2.1.22.tar.gz
$ ./configure
--enable-anon
--enable-plain
--enable-login
--enable-sql
--disable-krb4
--disable-otp
--disable-cram
--disable-digest
--with-mysql=/usr/local/mysql/lib
--without-pam
--with-saslauthd
--without-pwcheck
--with-dblib=berkeley
--with-openssl=/usr/local/ssl
--with-plugindir=/usr/local/lib/sasl2
$ make
$ make install (as root)

Check to make sure that the path /usr/local/lib is in /etc/ld.so.conf. If it is not, append that path to the file and run ldconfig (as root):

$ echo "/usr/local/lib" >> /etc/ld.so.conf
$ ldconfig

Double check to make sure libsql.so is in /usr/local/lib/sasl2.

Postfix

Compiling Postfix is pretty straight forward. Be sure to add the postfix user and group. During the install it will ask for the user and group, use postfix and postdrop. For the configuration directory, specify /etc/postfix.

$ groupadd postdrop -g 1001 (as root)
$ useradd postfix -u 1001 -g 1001 (as root)
$ tar zxvf postfix-2.5.5.tar.gz
$ make -f Makefile.init makefiles
$ make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/local/mysql/include -I/usr/local/mysql/include/mysql -DUSE_CYRUS_SASL -DUSE_SASL_AUTH -I/usr/local/include/sasl -I/usr/local/bdb/include' 'AUXLIBS=-L/usr/local/mysql/lib -lmysqlclient -lz -lm -L/usr/local/lib -lsasl2'
$ make install (as root)

After you finish with the interactive installation, you will need to check and see if Postfix is linked against SASL. To do this run the following from within the root of Postfix's source:

$ ldd ./bin/postconf

If everything worked well (and I hope it did), one of the lines should read:

libsasl2.so.2 => /usr/local/lib/libsasl2.so.2

Courier Authlib

Authlib is now responsible for all MySQL authentication. Maildrop and imapd are not longer responsible of it (which actually makes it easier to compile). Maildrop and imapd need to be aware of authlib! Be sure to specify the user and group when compiling authlib, otherwise maildrop will have no access to authlib. DO NOT put the uid and gid, it must be the name, authdaemond will work but courierauthconfig will fail (hence the rest of the apps).

$ export CPPFLAGS="-I/usr/local/mysql/include/mysql"
$ export LDFLAGS="-L/usr/local/mysql/lib"
$ ./configure --prefix=/usr/local/courier --with-mysql-libs=/usr/local/mysql/lib/mysql --with-mysql-includes=/usr/local/mysql/include/mysql/ --with-authmysql --with-authmysql=yes --with-authchangepwdir --with-mailuser=vmail --with-mailgroup=vmail
$ make
$ make install

Once compiled there are only a few files to modify. In /usr/local/courier/etc/authlib copy the files by removing the ".dist" at the end.

Courier IMAP

As with Postfix, Courier IMAP should be simple to install. We will use /usr/local/courier as the base directory for the IMAPd and for Maildrop. This also allows you to use Courier MTA in the future without having to re-do a lot of things.

$ bzip2 -dc courier-imap-4.4.1.tar.bz2 | tar xvf -
$ ./configure --prefix=/usr/local/courier COURIERAUTHCONFIG=/usr/local/courier/bin/courierauthconfig
$ make
$ make install
$ make install-config

Courier Maildrop

Now we go to installing Maildrop, our local delivery agent. First you create the user and group that Maildrop will deliver as. For our application, we will use vmail for both.

$ bzip2 -dc maildrop-2.0.4.20080726.tar.bz2 | tar xvf -
$ groupadd vmail -g 1004 (as root)
$ useradd vmail -u 1004 -g 1004 (as root)
$ tar zxvf maildrop-1.6.3.tar.gz
$ ./configure --prefix=/usr/local/courier --enable-maildrop-uid=1004 --enable-maildrop-gid=1004 --with-authpwd=yes COURIERAUTHCONFIG=/usr/local/courier/bin/courierauthconfig
$ make
$ make install

SpamAssassin

We're almost done installing our sources, just one more to go. Prior to installing SpamAssassin, get all the required Perl modules (check the INSTALL file).

$ tar zxvf Mail-SpamAssassin-2.63.tar.gz
$ perl MakeFile.PL
$ make
$ make install (as root)

Database and Virtual Mail Directory Setup

Database

The database side of this was used from Martin List-Petersen's excellent document, ISP Mailserver Solution Howto that helped me most of the way. I will just copy the CREATE TABLE syntax that is provided in his HOWTO and explain the use of two main tables (things such as the default uid and gid have been modified to fit this document).

I expect that you have created the database (in this document we will use "mail" as our database) and have secured it with a user and password.

CRITICAL NOTE: When creating the user for our database, create TWO: one that authenticates from "localhost" and one from "127.0.0.1"
I don't know why it doesn't see it as the same, but on two different boxes (RedHat 9 and Slackware 9) it needed two seperate entries.

CREATE TABLE postfix_alias (
  id int(11) unsigned NOT NULL auto_increment,
  alias varchar(128) NOT NULL default '',
  destination varchar(128) NOT NULL default '',
  PRIMARY KEY (id)
) TYPE=MyISAM;

CREATE TABLE postfix_relocated (
  id int(11) unsigned NOT NULL auto_increment,
  email varchar(128) NOT NULL default '',
  destination varchar(128) NOT NULL default '',
  PRIMARY KEY (id)
) TYPE=MyISAM;

CREATE TABLE postfix_transport (
  id int(11) unsigned NOT NULL auto_increment,
  domain varchar(128) NOT NULL default '',
  destination varchar(128) NOT NULL default '',
  PRIMARY KEY (id),
  UNIQUE KEY domain (domain)
) TYPE=MyISAM;

CREATE TABLE postfix_users (
  id int(11) unsigned NOT NULL auto_increment,
  email varchar(128) NOT NULL default '',
  clear varchar(128) NOT NULL default '',
  crypt varchar(128) NOT NULL default '',
  name tinytext NOT NULL,
  uid int(11) unsigned NOT NULL default '1004',
  gid int(11) unsigned NOT NULL default '1004',
  homedir tinytext NOT NULL,
  maildir tinytext NOT NULL,
  quota tinytext NOT NULL,
  access enum('Y','N') NOT NULL default 'Y',
  postfix enum('Y','N') NOT NULL default 'Y',
  PRIMARY KEY (id),
  UNIQUE KEY email (email)
) TYPE=MyISAM;

CREATE TABLE postfix_virtual (
  id int(11) unsigned NOT NULL auto_increment,
  email varchar(128) NOT NULL default '',
  destination varchar(128) NOT NULL default '',
  PRIMARY KEY (id)
) TYPE=MyISAM;

CREATE TABLE postfix_access (
  id int(10) unsigned NOT NULL auto_increment,
  source varchar(128) NOT NULL default '',
  access varchar(128) NOT NULL default '',
  type enum('recipient','sender','client') NOT NULL default 'recipient',
  PRIMARY KEY (id)
) TYPE=MyISAM

In this document I will only go over the postfix_users and postfix_virtual tables, as Martin List-Petersen does a great job at describing the rest. When we get to testing, I will go into detail on what goes into those tables, for now just leave them empty.

Virtual Mail Directory

All mail for our virtual users will be stored in the following format:

/home/vmail
- domain.tld
-- user1
-- user2
--- Maildir
- domain2.tld

Seems simple enough, right? Go ahead and create only the top-most directory (/home/vmail) and set it's owner and group to vmail. For security reasons, chmod it 700.

$ mkdir /home/vmail
$ chown vmail.vmail /home/vmail
$ chmod 700 /home/vmail

Next we move onto configuration.

Configuring Installed Packages

The majority of this was found in Martin List-Petersen's document.

Postfix

Most configuration will be done to Postfix. Open up /etc/postfix/master.cf and change the following:

flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}

To:

flags=R user=vmail argv=/usr/local/courier/bin/maildrop -d ${recipient}

CRITICAL NOTE: Be sure that the two leading spaces on those lines remain present.

Now open up /etc/postfix/main.cf and configure the following:

myhostname = mail.example.com
mydomain = example.com
myorigin = $mydomain
mydestination = example.com, $transport_maps
local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname
home_mailbox = Maildir/

# Add the following to the bottom

smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_maps_rbl
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes

smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_sasl_authenticated, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client bl.spamcop.net, #reject_rbl_client ips.backscatterer.org, check_recipient_access mysql:/etc/postfix/mysql-recipient.cf, reject_unauth_destination

smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/mysql-sender.cf
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/mysql-client.cf
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = smtpd

alias_maps = mysql:/etc/postfix/mysql-aliases.cf
relocated_maps = mysql:/etc/postfix/mysql-relocated.cf
transport_maps = mysql:/etc/postfix/mysql-transport.cf
virtual_maps = mysql:/etc/postfix/mysql-virtual.cf
virtual_mailbox_base = /home/vmail
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf
virtual_uid_maps = mysql:/etc/postfix/mysql-virtual-uid.cf
virtual_gid_maps = mysql:/etc/postfix/mysql-virtual-gid.cf

maps_rbl_domains = dev.null.dk, opm.blitzed.org, sbl.spamhaus.org

smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_hostname, permit

Once again, the following is borrowed from Martin List-Petersen's document. To conserve time writing this document, I will paste the contents of the required files that allow Postfix to communicate with MySQL.

# mysql-aliases.cf
user = mysql-postfix-user
password = mysql-postfix-pass
dbname = mail
table = postfix_alias
select_field = destination
where_field = alias
hosts = 127.0.0.1

# mysql-relocated.cf
user = mysql-postfix-user
password = mysql-postfix-pass
dbname = mail
table = postfix_relocated
select_field = destination
where_field = email
hosts = 127.0.0.1

# mysql-transport.cf
user = mysql-postfix-user
password = mysql-postfix-pass
dbname = mail
table = postfix_transport
select_field = destination
where_field = domain
hosts = 127.0.0.1

# mysql-virtual.cf
user = mysql-postfix-user
password = mysql-postfix-pass
dbname = mail
table = postfix_virtual
select_field = destination
where_field = email
hosts = 127.0.0.1

# mysql-recipient.cf
user = mysql-postfix-user
password = mysql-postfix-pass
dbname = mail
table = postfix_access
select_field = access
where_field = source
additional_conditions = and type = 'recipient'
hosts = 127.0.0.1

# mysql-sender.cf
user = mysql-postfix-user
password = mysql-postfix-pass
dbname = mail
table = postfix_access
select_field = access
where_field = source
additional_conditions = and type = 'sender'
hosts = 127.0.0.1

# mysql-client.cf
user = mysql-postfix-user
password = mysql-postfix-pass
dbname = mail
table = postfix_access
select_field = access
where_field = source
additional_conditions = and type = 'client'
hosts = 127.0.0.1

# mysql-virtual-maps.cf
user = mysql-postfix-user
password = mysql-postfix-pass
dbname = mail
table = postfix_users
select_field = maildir
where_field = email
additional_conditions = and postfix = 'y'
hosts = 127.0.0.1

# mysql-virtual-uid.cf
user = mysql-postfix-user
password = mysql-postfix-pass
dbname = mail
table = postfix_users
select_field = uid
where_field = email
additional_conditions = and postfix = 'y'
hosts = 127.0.0.1

# mysql-virtual-gid.cf
user = mysql-postfix-user
password = mysql-postfix-pass
dbname = mail
table = postfix_users
select_field = gid
where_field = email
additional_conditions = and postfix = 'y'
hosts = 127.0.0.1

Of course you will have to substitue the username and password for the one you created earlier.

Courier IMAP

Open /usr/local/courier/etc/authlib/authdaemonrc (if it doesn't exist, make a copy from authdaemonrc.dist located in the same directory). Change the line that starts with "authmodulelist" to read:

"authmysql authshadow"

Next create a file called authmysqlrc (in the same directory) and put the following in:

MYSQL_USERNAME          USRENAME
MYSQL_PASSWORD          PASSWORD
MYSQL_PORT              0
MYSQL_OPT               0
MYSQL_DATABASE          mail
MYSQL_USER_TABLE        postfix_users
MYSQL_LOGIN_FIELD       email
MYSQL_CRYPT_PWFIELD     crypt
MYSQL_CLEAR_PWFIELD     clear
MYSQL_UID_FIELD         uid
MYSQL_GID_FIELD         gid
MYSQL_HOME_FIELD        homedir
MYSQL_MAILDIR_FIELD     maildir
MYSQL_WHERE_CLAUSE      access='y'

Open /usr/local/courier/etc/imapd and make sure the following lines looks like this:

# This is all on one line
IMAP_CAPABILITY="IMAP4rev1 CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE"

# Seperate line
IMAPDSTART=YES

Open /usr/local/courier/etc/imapd-ssl and make sure the following line looks like this:

IMAPDSSLSTART=YES

Courier Maildrop

While we're still in /usr/local/courier/etc edit or create a file called maildropmysql.config and put in the following:

hostname             localhost
port                 3306
database             mail
dbuser               USERNAME
dbpw                 PASSWORD
dbtable              postfix_users
default_uidnumber    1004
default_gidnumber    1004
uid_field            email
uidnumber_field      uid
gidnumber_field      gid
maildir_field        maildir
homedirectory_field  homedir
quota_field          quota
# unused for now, but needs to be a valid field.
mailstatus_field     postfix
where_clause         AND postfix = 'y'

Now we need to setup Maildrop to deliver our mail. Create (or edit) /etc/maildroprc and put in the following:

NOTE: Take care in bracket placement, Maildrop is very picky in this sense.

if ( $SIZE < 26144 )
{
    exception {
       xfilter "/usr/bin/spamassassin"
    }
}

# if the user in the domain does not exist, create it
# create the domain with parents, then remove Maildir/
# finally create a new maildir

`test -d $HOME/$DEFAULT`
if ( $RETURNCODE == 1 )
    {
    `mkdir -p $HOME/$DEFAULT`
    `rm -rf $HOME/$DEFAULT`
    `/usr/local/courier/bin/maildirmake $HOME/$DEFAULT`
    `/usr/local/courier/bin/maildirmake $HOME/$MAILDIR/.Spam/`
    `/usr/local/courier/bin/maildirmake $HOME/$MAILDIR/.Spam/.New`
}

if (/^X-Spam-Flag: *YES/)
{
    exception {
        to "$HOME/$DEFAULT.Spam"
    }
}

exception {
    to "$HOME/$DEFAULT"
}

Cyrus SASL

Since Cyrus will be doing some authenticating, we need to configure it as well. Create the file smtpd.conf in /usr/local/lib/sasl2 and put in the following:

sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: mysql login plain crammd6 digestmd5
mysql_user: USERNAME
mysql_passwd: PASSWORD
mysql_hostnames: localhost
mysql_database: mail
mysql_statement: SELECT clear FROM postfix_users WHERE email = '%u@%r'
mysql_verbose: yes

Finalizing

Adding a user

You are now ready to add a test user to the database, start the mailserver and test the whole system out.

Populate the postfix_transport table with the following:

domain: "test.com"
destination: "maildrop:"

The domain field needs no explination, however, the destination field does. In the destination field Postfix is told what program the message should be carried to.

For instance, if you wanted delivery to be handled by Postfix's internal system, you would put "virtual:" In our example however, we are using maildrop, so we put "maildrop:"

Next add a test user by populating the postfix_users table.

email: "test@test.com"
clear: "mypassword"
homedir: "/home/vmail"
maildir: "test.com/test/Maildir/"

That's all there is to adding a new user. The "email" field stores just that, the user's email (it must include the TLD). The "clear" field stores the user's password in clear text. "Homedir" contains the root directory for all virtual mail, if we were using "local:" delivery, this would be set to the user's home directory. Finally, "maildir" is the Maildir location relative to the homedir.

Starting the Daemons

Open up your system log (/var/log/messages or /var/log/maillog) and monitor it as you start your daemons:

$ /usr/local/sbin/saslauthd -a shadow
$ /usr/local/courier/sbin/authdaemond start
$ /usr/local/courier/libexec/imapd.rc start
$ /usr/sbin/postfix start

If everything went right, the daemons should start without any failures. nmap yourself and see what ports are open, there should be three (smtp, imap and imap-ssl)

Testing the SMTP and IMAP Servers

Everything not starting with a ">" or "$" is a response from the server.

$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.test.com ESMTP Postfix
> EHLO test.com
250-mail.test.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-XVERP
250 8BITMIME

If you see something like that, congratulations, you're still in good shape!
Create all directories all the way up to "/home/vmail/test.com/test" after which create a Maildir in that directory.
Maildrop will NOT create Maildir's by default (source has to be patched to do so). Continue the telnet session and type in the following:

> MAIL FROM: test@test.com
250 Ok
> RCPT TO: test@test.com
250 Ok
> DATA
354 End data with <CR><LF>.<CR><LF>
> .
250 Ok: queued as 6CE4223727

Now, if everything is setup right, the mailserver should queue your message. Check inside of /home/vmail/test.com/test/Maildir/new for anything, if you see a file, congratulations, the message was delivered!

When using a mail client (such as Outlook or Mozilla), be sure to use the full email address for the username (ie: "user@domain.com", not just "user").

 


Comments (Last 10): [Show All]


January 09th, 2014 @ 09:50AM


January 08th, 2014 @ 04:46PM


January 07th, 2014 @ 10:41PM


January 07th, 2014 @ 05:15AM


January 06th, 2014 @ 11:34AM


January 05th, 2014 @ 05:57PM


January 05th, 2014 @ 02:47AM


January 05th, 2014 @ 12:46AM


January 04th, 2014 @ 09:03PM


January 04th, 2014 @ 07:30AM


January 03rd, 2014 @ 09:11PM


January 03rd, 2014 @ 02:43PM


January 02nd, 2014 @ 09:51PM


January 02nd, 2014 @ 04:37PM


January 02nd, 2014 @ 05:32AM


January 01st, 2014 @ 01:42PM


December 31st, 2013 @ 11:04AM


December 30th, 2013 @ 08:33AM


December 27th, 2013 @ 07:11AM


December 27th, 2013 @ 12:22AM


December 26th, 2013 @ 04:01PM


December 25th, 2013 @ 12:04PM


December 24th, 2013 @ 08:37AM


December 23rd, 2013 @ 04:03AM


December 22nd, 2013 @ 01:27AM


December 20th, 2013 @ 10:42PM


December 18th, 2013 @ 04:13PM


December 17th, 2013 @ 01:14PM


December 16th, 2013 @ 09:01AM


December 15th, 2013 @ 01:31AM


December 13th, 2013 @ 05:28PM


December 12th, 2013 @ 08:24AM


December 11th, 2013 @ 11:25AM


December 11th, 2013 @ 01:02AM


December 08th, 2013 @ 08:39PM


December 07th, 2013 @ 03:12PM


December 03rd, 2013 @ 02:18AM


November 25th, 2013 @ 05:42PM


November 02nd, 2013 @ 12:29AM


October 18th, 2013 @ 03:52PM


October 07th, 2013 @ 04:43AM


October 07th, 2013 @ 04:43AM


September 01st, 2013 @ 09:13AM


September 01st, 2013 @ 05:22AM


September 01st, 2013 @ 02:53AM


August 31st, 2013 @ 05:31AM


August 26th, 2013 @ 04:45AM


August 22nd, 2013 @ 01:25PM


August 18th, 2013 @ 04:10PM


http://newexception.comAugust 17th, 2013 @ 04:52PM

great combination

August 17th, 2013 @ 04:52PM


July 16th, 2013 @ 07:45AM


July 16th, 2013 @ 07:45AM


July 16th, 2013 @ 07:45AM


July 16th, 2013 @ 07:45AM


base64decode.netJuly 03rd, 2013 @ 03:04PM

awesome tutorial, thanks

MarkFebruary 01st, 2013 @ 05:13PM

Thanks alot for sharing this solution. I wonder why you configured the postfix main.cf having smtpd_recipient_restrictions two times. The second definition of this parameter contains values separated by commas as well as blanks. Why this mixup and why the double defininition of this param?

Pharmk219February 01st, 2013 @ 11:53AM

Very nice site!

Pharmc741February 01st, 2013 @ 11:53AM

Very nice site! cheap cialis http://aixopey.com/qqvtxt/4.html

Pharmd285February 01st, 2013 @ 11:53AM

Very nice site! <a href="http://aixopey.com/qqvtxt/1.html">cheap viagra</a>

Pharme962February 01st, 2013 @ 11:53AM

Very nice site! [url=http://aixopey.com/qqvtxt/2.html]cheap cialis[/url]

Pharmg30February 01st, 2013 @ 11:53AM

Hello! bddfacd interesting bddfacd site! I'm really like it! Very, very bddfacd good!

September 05th, 2012 @ 07:59AM


Converse Star April 14th, 2012 @ 01:59AM

<a href="http://www.conversedk.com/">converse</a> Converse has worked with Nintendo art before with the Super <a href="http://www.conversedk.com/">Converse SKO</a> Mario Bros. Chuck Taylor Hi sneakers, and the two companies will be <a href="http://www.conversedk.com/">Converse Star</a> working together again in Japan. Coming in both black and white, the new Super Mario Bros. OX shoes will be available in the spring of this year.
Converse Star : http://www.conversedk.com/

TryingToBuildFebruary 18th, 2012 @ 06:44AM

I would like to add POP into the mix. Any suggestions?

LothruinJanuary 25th, 2012 @ 05:06AM

=====
CRITICAL NOTE: When creating the user for our database, create TWO: one that authenticates from "localhost" and one from "127.0.0.1"
I don't know why it doesn't see it as the same, but on two different boxes (RedHat 9 and Slackware 9) it needed two seperate entries.
=====

You are using MySQL; "localhost" connections use local socket file by default (say as: mysql --host=localhost --protocol=SOCKET), instead 127.0.0.1 uses normal TCP stack (like: mysql --host=127.0.0.1 --protocol=TCP). Don't ask why MySQL chose that misleading behaviour.

SergeOctober 01st, 2011 @ 06:21PM

Updated as of October 1st, 2011.

ImranApril 21st, 2011 @ 10:48AM

This worked for me on centos:

make -f Makefile.init makefiles \
CCARGS='-DUSE_SASL_AUTH -I/usr/include/sasl \
-DUSE_CYRUS_SASL -DHAS_MYSQL -I//usr/include/mysql' \
AUXLIBS='-L/usr/lib/sasl2 -lsasl2 \
-L/usr/lib/mysql -lmysqlclient -lz -lm'

make install

NOTICE:
See how i used -DUSE_SASL_AUTH and -DUSE_CYRUS_SASL together.

I found it here:
https://bugzilla.redhat.com/show_bug.cgi?id=200175

AntonApril 30th, 2010 @ 01:35AM

If you have same problem: (user unknown. Command output: Invalid user specified. ) You have solve it in following howto:
http://howtobsd.com/?p=100

Maybe you need maildrop built with courier-auth.

KidDevilzJanuary 26th, 2010 @ 04:44AM

Nice Post,,, ^_^

I like it,,,, ^_^

nilsonfoxJune 02nd, 2009 @ 03:24AM

i need to add this to my site

PigsyApril 03rd, 2008 @ 12:01AM

On Ubuntu Gutsy maildrop doesn't have mysql built in, so you need to follow these comments (in general) to make a customized build: http://ubuntuforums.org/showthread.php?t=48806

usafMarch 25th, 2008 @ 09:11AM

undefined reference to `tls_transfer'
undefined reference to `tls_dump_connection_info'

usafMarch 25th, 2008 @ 08:45AM

checking for courierauthconfig... no
configure: WARNING: === Courier authentication library not found.
configure: WARNING: === You need to download and install
configure: WARNING: === http://www.courier-mta.org/download.php#authlib first.
configure: WARNING: === If courier-authlib is installed in a non-default
configure: WARNING: === directory, set the COURIERAUTHCONFIG environment
configure: WARNING: === variable to the full path to the courierauthconfig
configure: WARNING: === binary and rerun this configure script.
configure: WARNING:
configure: error: courierauthconfig not found

usafMarch 25th, 2008 @ 08:44AM

checking for courierauthconfig... no
configure: WARNING: === Courier authentication library not found.
configure: WARNING: === You need to download and install
configure: WARNING: === http://www.courier-mta.org/download.php#authlib first.
configure: WARNING: === If courier-authlib is installed in a non-default
configure: WARNING: === directory, set the COURIERAUTHCONFIG environment
configure: WARNING: === variable to the full path to the courierauthconfig
configure: WARNING: === binary and rerun this configure script.
configure: WARNING:
configure: error: courierauthconfig not found

saFebruary 28th, 2008 @ 01:55AM

Is there a way to make it possible to login without full email address (just username) from clients?

meinhardDecember 12th, 2007 @ 01:58AM

maybe you want to fix this line above?
"MYSQL_USERNAME USRENAME"

blank200December 07th, 2007 @ 02:23PM

Serge, I\'m using Suse10.1, most packages you mentioned above come with the system except maildrop, which I downloaded and installed with the instructions you provided.
But the problem is that some files don\'t exits or have different location, for instance, the file authdaemonrc.dist doesn\'t exist, dir /usr/local/courier/etc/ doesn\'t exist(has /etc/courier probably because I installed imap using package came with system).
I also had the same error like:
# /usr/local/courier/bin/imapd start
chdir start: No such file or directory

Any more details about how to check those difference if I use the preinstalled packages. thanks.

SergeSeptember 30th, 2007 @ 10:29PM

Roy: I will eventually create a new version of these instructions that work with the latest releases of the packages used.

Roy UnderwoodJuly 26th, 2007 @ 01:22AM

These directions dont work:

[root@miweb etc]# /usr/local/courier/bin/imapd start
chdir start: No such file or directory

SHAFMay 10th, 2007 @ 04:23AM

Use the FLAg \"-DUSE_CYRUS_SASL -I/usr/include/sasl\" with postfix installation to remove following error:

warning: unsupported SASL server implementation: cyrus
fatal: SASL per-process initialization failed
warning: process /usr/libexec/postfix/smtpd pid 2662 exit status 1
warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling

PierreNovember 19th, 2006 @ 02:17PM

Hello,

How do you create a "catch all" address for a doamin in the database (a virtual domain)?

MatthewOctober 24th, 2006 @ 12:30PM

I followed all your instructions (exactly), but I am getting this error (in my /var/log/mail file) when I try to Telnet to port 25:

warning: unsupported SASL server implementation: cyrus
fatal: SASL per-process initialization failed
warning: process /usr/libexec/postfix/smtpd pid 2662 exit status 1
warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling

How do I make sure Cyrus is set up ok? I installed all the software I was supposed to...

SergeOctober 19th, 2006 @ 10:16PM

Matthew: Yep, I meant smtpd.conf. Sorry for the typo.

MatthewOctober 17th, 2006 @ 10:57AM

When you said "smptd.conf" did you really mean "smtpd.conf"?
What does smptd stand for?

JohnSeptember 22nd, 2006 @ 08:55AM

I am using Fedora core3 version.

Will it support?

Please guide me

Thanks

John

zpSeptember 13th, 2006 @ 05:05AM

I have built a mail server very similar to the one described here but it looks my email tagging
only works for one of virtual users.
Where is the best place to check logs for where tagging may be failing?

CarlosJuly 30th, 2006 @ 01:53PM

"How does one configure multiple SSL certificates for virtual hosting"

You can't unless you got separate IP address per your vhost.

TCatJuly 27th, 2006 @ 04:59PM

Thanks for this great howto, it REALLY HELPS :)

BradJuly 19th, 2006 @ 02:02PM

I was getting a similar error to Boo, Mehdi, and Angelo's. I installed g++, and it solved my compilation problems. I am running Debian sarge. apt-get install g++

patrickJuly 13th, 2006 @ 02:38AM

"How does one configure multiple SSL certificates for virtual hosting"

anyone any idea how to handle this?


Wenton ChanJune 30th, 2006 @ 01:51AM

Correction, anything enwer than 1.6.3

Wenton ChanJune 30th, 2006 @ 01:50AM

Upon revision I think this guide is out of date. If anyone is having maildrop problems it's because any version of maildrop older than 1.6.3 does NOT include support for mysql. You must dl and configure the courier-authlib. Not fun :(

Wenton ChanJune 27th, 2006 @ 03:44AM

Install the appropriate db*-devel package first.

If you get this error when trying to make postfix, it's looking for db.h. The makedefs file is referencing it @ some includes folder. All you have to do is create a symlink to the db.h in /usr/local/bdb/include/db.h.

kalaiJune 23rd, 2006 @ 02:57AM

[root@crystal ~]# openssl version
OpenSSL 0.9.8a 11 Oct 2005
[root@crystal ~]# ls -l /usr/lib/libssl.so.*
ls: /usr/lib/libssl.so.*: No such file or directory
[root@crystal ~]# /usr/lib/libssl.so.VERSION
-bash: /usr/lib/libssl.so.VERSION: No such file or directory

SSL_accept errorJune 23rd, 2006 @ 02:21AM

I have installed postpix with courier and every thing went well .
when I connect via tellnet it just hangs

telnet localhost 25
Trying 127.0.0.1...
Connected to crystal.jaap.nl (127.0.0.1).
Escape character is '^]'.

mail log .

Jun 23 08:55:28 crystal postfix/smtpd[2519]: setting up TLS connection from localhost.localdomain[127.0.0.1]
Jun 23 08:55:41 crystal postfix/smtpd[2519]: SSL_accept error from localhost.localdomain[127.0.0.1]: -1

Thanks in advance
Kind Regards
kalai

JacekJune 04th, 2006 @ 04:24AM

If somebody has a problem with compiling couriertls, reinstall or force install all openssl packages. Make sure, you have only one version installed! Do not install both 0.9.7 and 0.9.8!

Also check version of openssl:
openssl version
and verify that you have file: /usr/lib/libssl.so.VERSION

Eg:
root ~ # openssl version
OpenSSL 0.9.8b 04 May 2006
root ~ # ls -l /usr/lib/libssl.so.*
lrwxrwxrwx 1 root root 15 2006-06-04 13:17 /usr/lib/libssl.so.0 -> libssl.so.0.9.8*
-r-xr-xr-x 1 root root 251740 2006-05-14 00:31 /usr/lib/libssl.so.0.9.8*

MatthewMay 31st, 2006 @ 06:09AM

How does one configure multiple SSL certificates for virtual hosting? We are using 1 installation of the above to handle about 10 domains. Many domain owners want their own SSL for email. How?

Michael RackMay 16th, 2006 @ 04:40AM

Hello! I'm using courier-maildrop-2.0.2 ...

how to configure maildrop to use MySQL Tables?
courier-maildrop-2.0.2 isn't supporting SQL Authentifications
by it self. The module does optionally require authlib to
game with MySQL.

maildrop still using my /etc/passwd file... HELP!

Weird problem and hacked fix!May 08th, 2006 @ 08:09AM

Having struggled for days with a configuration using postfix, sasl2, courier-imap, mysql I relized the problem was that for some reason authdaemon.pgsql was being started instead of authdaemon.mysql, even though the mysql option was set in authdaemonrc. The fact that POP /IMAP dialog started ok via telnet but always failed was confusing. A ps -ax as root to check all the running processes revealed the problem.

Quick and dirty fix was to fiddle the code in /usr/lib/courier/authlib/authdaemond and replace pgsql with mysql so when that script tries to start the pgsql daemon it actually starts the mysql daemon. et voila! I may never get around to working out whether there is some error in the authdaemonrc file or a code logic error in the authdaemond script I modified above, to make it work properly. (These paths foe Debian by the way).

Anyway if you are having problems, check that the correct aithdaemond process is running for your database.

Good luck :)

Peter

AndreyApril 08th, 2006 @ 07:12PM

RE:
>checking whether stripping libraries is possible... yes
>checking for env... /bin/env
>configure: WARNING: === I think you are trying to run this configure script
>configure: WARNING: === on Red Hat/Fedora. You're doing too much work!

add " --with-redhat " to the end of your ./configure command you should be good to go

arudaMarch 16th, 2006 @ 07:01AM

[root@Qmiti postfix-2.1.6]# make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -I/usr/include/sasl -I/usr/local/BerkeleyDB/include' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib -lsasl2 -L /usr/local/BerkeleyDB/lib'

(set -e; echo "# DO NOT EDIT"; /bin/sh ../../makedefs && cat Makefile.in) >Makefile
rm -f Makefile; (set -e; /bin/sh makedefs && cat Makefile.in) >Makefile
(echo "# Do not edit -- this file documents how Postfix was built for your machine."; /bin/sh makedefs) >makede
fs.tmp
set +e; if cmp makedefs.tmp conf/makedefs.out; then rm makedefs.tmp; \
else mv makedefs.tmp conf/makedefs.out; fi >/dev/null 2>/dev/null
[root@Qmiti postfix-2.1.6]#

Charles OliveiraMarch 15th, 2006 @ 09:37AM

Hi Kirk,

++++++++
status=deferred (temporary failure. Command output: ERR: authdaemon: s_connect() failed: Permission denied /usr/local/courier/bin/maildrop: Temporary authentication failure. )
I didn't find the solution. Can anybody help me ?
++++++++

I hade de same problem. You need to set the "--with-mailuser=" " and --with-mailgrou="" " parameter in the configure file of courier-authlib package. Set the username of the account that are running maildrop program.


That's all.

Allan BoghFebruary 27th, 2006 @ 04:34PM

In the Courier IMAP installation (hardest one to deal with by the way), if you have Redhat and want to install you may want to use this command.

./configure --prefix=/usr/local/courier --with-mysql-libs=/usr/local/mysql/lib/mysql --with-mysql-includes=/usr/local/mysql/include/mysql/ --with-authmysql --with-authmysql=yes --with-authchangepwdir --disable-root-check --with-redhat

Also, Courier IMAP complains about installing as root, this command disables that check.

Allan BoghFebruary 27th, 2006 @ 04:10PM

Some systems might have problems finding the correct files for Postfix with the options provided in this tutorial. Another option is to run this command instead during the Postfix installation.

make makefiles 'CCARGS=-DHAS_MYSQL -I/usr/include/mysql -DUSE_SASL_AUTH -I/usr/include/sasl -I/usr/local/BerkeleyDB/include' 'AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm -L/usr/lib -lsasl2 -L/usr/local/BerkeleyDB/lib'

Check to make sure these directories are available.

Allan BoghFebruary 27th, 2006 @ 03:54PM

In the Cyrus Sasl (2.1.20 version) install you must change ./lib/client.c to remove a static variable entry because some systems do not support this method of variable declaration.

vi ./lib/client.c +64

change to...

/* static sasl_global_callbacks_t global_callbacks; */
sasl_global_callbacks_t global_callbacks;

Run the method listed in this website to install properly.

SergioFebruary 26th, 2006 @ 12:17PM

Hola. Look, I like this tutorial but I didnt perform all actions:) Anyway, this "angry clown" actually right. I did not agree with his communication methods, but he has a point. Can you fix all errors (pathes for ex.) in this tutorial and maybe you should consider to write another - more simple and fast. All I need endeed is just a couple of POP3 and SMTP servers for 3 of mine Virtual Hosts that I'm running on my RH - NOTHING MORE. I'm sure that big corporative nets and guys who wants all these all-in-one packages have enough money to contract a couple of profs who don't need to read these tutorials to setup such systems. Thank you!!!

BooFebruary 07th, 2006 @ 12:33AM

Hello everyone, i am trying to configure everything, but i have one problem with installing the couriertls:
ip@extreme:~/courier-imap-4.0.6.20051004/tcpd$ make couriertls
Compiling starttls.c
gcc: --rpath=/usr/local/ssl/lib: linker input file unused because linking not done
Compiling argparse.c
gcc: --rpath=/usr/local/ssl/lib: linker input file unused because linking not done
Compiling libcouriertls.c
gcc: --rpath=/usr/local/ssl/lib: linker input file unused because linking not done
Compiling tlsinfo.c
gcc: --rpath=/usr/local/ssl/lib: linker input file unused because linking not done
Compiling tlscache.c
gcc: --rpath=/usr/local/ssl/lib: linker input file unused because linking not done
Linking libcouriertls.la
Compiling spipe.c
gcc: --rpath=/usr/local/ssl/lib: linker input file unused because linking not done
Linking libspipe.la
Linking couriertls
/usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0x37): In function `dlfcn_load':
: undefined reference to `dlopen'
/usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0xa4): In function `dlfcn_load':
: undefined reference to `dlclose'
/usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0xcb): In function `dlfcn_load':
: undefined reference to `dlerror'
/usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0x158): In function `dlfcn_bind_var':
: undefined reference to `dlsym'
/usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0x183): In function `dlfcn_bind_var':
: undefined reference to `dlerror'
/usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0x258): In function `dlfcn_bind_func':
: undefined reference to `dlsym'
/usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0x283): In function `dlfcn_bind_func':
: undefined reference to `dlerror'
/usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o)(.text+0x58c): In function `dlfcn_unload':
: undefined reference to `dlclose'
./.libs/libcouriertls.a(libcouriertls.o)(.text+0x3f4): In function `rsa_callback':
/home/ip/courier-imap-4.0.6.20051004/tcpd/libcouriertls.c:216: undefined reference to `RSA_generate_key'
./.libs/libcouriertls.a(libcouriertls.o)(.text+0x5db): In function `process_rsacertfile':
/home/ip/courier-imap-4.0.6.20051004/tcpd/libcouriertls.c:274: undefined reference to `SSL_CTX_use_certificate_chain_file'
./.libs/libcouriertls.a(libcouriertls.o)(.text+0x5ec):/home/ip/courier-imap-4.0.6.20051004/tcpd/libcouriertls.c:280: undefined reference to `SSL_CTX_use_RSAPrivateKey_file'
./.libs/libcouriertls.a(libcouriertls.o)(.text+0x649): In function `process_dhcertfile':
/home/ip/courier-imap-4.0.6.20051004/tcpd/libcouriertls.c:299: undefined reference to `SSL_CTX_use_certificate_chain_file'
./.libs/libcouriertls.a(libcouriertls.o)(.text+0x6e9):/home/ip/courier-imap-4.0.6.20051004/tcpd/libcouriertls.c:328: undefined reference to `SSL_CTX_use_PrivateKey_file'
./.libs/libcouriertls.a(libcouriertls.o)(.text+0x951): In function `tls_create':
/home/ip/courier-imap-4.0.6.20051004/tcpd/libcouriertls.c:405: undefined reference to `SSL_load_error_strings'
./.libs/libcouriertls.a(libcouriertls.o)(.text+0x956):/home/ip/courier-imap-4.0.6.20051004/tcpd/libcouriertls.c:406: undefined reference to `SSL_library_init'
./.libs/libcouriertls.a(libcouriertls.o)(.text+0x9b7):/home/ip/courier-imap-4.0.6.20051004/tcpd/libcouriertls.c:421: undefined reference to `TLSv1_method'
./.libs/libcouriertls.a(libcouriertls.o)(.text+0xd67):/home/ip/courier-imap-4.0.6.20051004/tcpd/libcouriertls.c:413: undefined reference to `SSLv23_method'
./.libs/libcouriertls.a(libcouriertls.o)(.text+0xd71):/home/ip/courier-imap-4.0.6.20051004/tcpd/libcouriertls.c:413: undefined reference to `SSLv2_method'
./.libs/libcouriertls.a(libcouriertls.o)(.text+0xf36): In function `cache_add':
/home/ip/courier-imap-4.0.6.20051004/tcpd/libcouriertls.c:604: undefined reference to `i2d_SSL_SESSION'
./.libs/libcouriertls.a(libcouriertls.o)(.text+0xfac):/home/ip/courier-imap-4.0.6.20051004/tcpd/libcouriertls.c:621: undefined reference to `i2d_SSL_SESSION'
./.libs/libcouriertls.a(libcouriertls.o)(.text+0x10df): In function `get_func':
/home/ip/courier-imap-4.0.6.20051004/tcpd/libcouriertls.c:694: undefined reference to `d2i_SSL_SESSION'
collect2: ld returned 1 exit status
make: *** [couriertls] Error 1

Does anyone know what to do? :)

PawelJanuary 28th, 2006 @ 03:50AM

I don't see any email to author. Could you give your full contact info? I want to ask you something.

PawelJanuary 28th, 2006 @ 03:37AM

I don't see any email to author. Could you give your full contact info? I want to ask you something.

DmitriyOctober 31st, 2005 @ 09:15AM

In my configuration not work when use:
alias_maps = mysql:/etc/postfix/mysql-aliases.cf
but if change it to:
virtual_alias_maps = mysql:/etc/postfix/mysql-aliases.cf

Robert Samuel WhiteOctober 29th, 2005 @ 09:03PM

Brian: Don't take your frustrations out on others! The individual who wrote this article put a lot of time and energy into it, based on their own personal experiences, and it is absolutely asinine that you would have the tenacity to rant and rave like you did. I hope you're not married, because I pity any person who has to spend time with you!

BillOctober 28th, 2005 @ 11:48AM

Brian's indeed an angry clown, and a stupid one apparently. The biggest advantage I find with using IMAP is being able to pull the mail from all the other accounts of mine all into one place. Let the IMAP server pull 'em from POP, hotmail, imap and all manner of other services. Then I can use several clients to read my mail without worrying about whether one of them POP'd off messages that the others didn't see. Yeesh Brian, just because you're too eff'ing stupid to grasp all this doesn't mean it's not worthwhile. Some of us find it quite useful thanks.

SimonOctober 01st, 2005 @ 11:18AM

[Said quietly and to one self..] That Brian fellow is one angry clown..

SergeSeptember 17th, 2005 @ 02:05AM

Arnout: Thanks for the info on maildrop. I actually recently had a similar issue when I was trying to to install to, it seems that they changed how mysql is supported. I ended up using an older version of maildrop (1.6.3). I will do my best to find some time to revise this article to reflect changes in it's various components.

Arnout VosSeptember 14th, 2005 @ 11:17PM

Thanks for this howto, it works well!
I've also integrated Amavisd, so I configured Postfix to forward messages to Amavisd, for scanning by ClamAV and Spamassassin, and after that maildrop will sort out the spam to a seperate folder.
But i've a question, I want to create aliases so Postfix will accept mail for that alias and dump it in my mailbox.
I've tried to put the alias domain in the transport table, with "destination" filled with "maildrop:" and "virtual:", and filled the alias table, but it doesn't work... error postfix: "Unknown user."
What's wrong? Thanks!

Arnout VosSeptember 08th, 2005 @ 04:41AM

maildrop version 1.7.0 and up don't have mysql support anymore. This is now handled by the Courier Authentication Library. I have no clue how to configure this so i took the old (1.6.3) version of maildrop.

SergeAugust 20th, 2005 @ 06:25PM

Brian: Please do not blame others for your own mistakes. If you were not able to set something up that others were countless times, that does not mean the problem is with the information.

BrianAugust 10th, 2005 @ 08:21PM

A real pain-in-the-ass fixing and unfucking the problems with your tutorial as well as all the rest that I've had to dig through and wade through on the internet. The biggest point of anger for me is in realizing that I don't need fucking Courier IMAP or any fucking IMAP, I simply want a fucking POP server to get my fucking email, and this is the LEAST covered topic on email. Go figure. I will never need fucking IMAP, my servers are all over the eastern seaboard of the US, hosted at ISPs, so I will NEVER use IMAP, I don't get why it's even discussed, except for intranet or corporate environments. FIX YOUR FUCKING TUTORIAL and thanks for the tips that DO actually work, there was some value--but skip the IMAP. Somebody for chrisshakes please stop emphasising fucking IMAP, it's no good if you're mobile or setting up a hosted email server--in fact you're fucking nuts to do it that way. Besides the Courier website and docs are horrible, geezuz, and Cyrus has its share of useless information and low-confidence links as well. God, have people forgotten how to write instructions and tutorials and software that shouldn't take WEEKS to get set up!!!!

June 23rd, 2005 @ 08:23AM

Jun 23 17:21:35 bsd postfix/cleanup[73054]: warning: DE87939DF3A: virtual_alias_maps map lookup problem for xxxxxxx@xxxxx.net
Jun 23 17:21:35 bsd postfix/pickup[73052]: warning: maildrop/5B7DC39E002: Error writing message file

it appears not to be working for some reason..

NyomanJune 06th, 2005 @ 10:13PM

How to integrated with Postfix Admin ?

TomApril 18th, 2005 @ 09:03PM

I have installed PostFix/Courier/SQWebmail by the workaround example. I can suer Webmail no problem, and I can receive through pop3, but can't send....
I have tried KMail on the host itself and Outlook Express remotely, receiving is fine but no sending:

Apr 18 11:58:28 sarge postfix/smtpd[2204]: connect from sarge.ifss.com.au[10.0.0.205]
Apr 18 11:58:28 sarge postfix/smtpd[2204]: warning: SASL authentication problem: unknown password verifier
Apr 18 11:58:28 sarge postfix/smtpd[2204]: warning: SASL authentication failure: Password verification failed
Apr 18 11:58:28 sarge postfix/smtpd[2204]: warning: sarge.ifss.com.au[10.0.0.205]: SASL PLAIN authentication failed

Does the above message gives any clues?

TIA,

Tom

vladApril 12th, 2005 @ 12:18AM

I try to send mail with postfix over smtp+mysql authentification
My smtpd.conf is this:
pwcheck_method: auxprop
auxprop_plugin: sql
sql_engine: mysql
mech_list: plain login
sql_hostnames: localhost
sql_user: USER
sql_passwd: PASS
sql_database: DATABASE
sql_select: SELECT clear FROM users WHERE address = '%u'
sql_verbose: yes
When i send mail receive in maillog:
warning: SASL authentication failure: Password verification failed
when i try to use sasldb2 all works fain
my users table contain:
address: test@mydomain.com
clear: my_pass
I try to send mail with The Bat! client, when user and pass are set like from users table
Where is the problem?

exicemrnApril 07th, 2005 @ 02:52PM

the quota is not set, should i set it? i dont need it.
all i get as error is "message size X exceeds size limit 3072000" even if in my main.cf the message_size_limit = 0 or larger the the messegei'm sending.

gnaApril 07th, 2005 @ 01:43PM

exicemrn:
Try to look in the postfix_users quota field. That is the only thing i can think of.

exicemrnApril 07th, 2005 @ 08:35AM

ok, installed all, got it working, but who wants to send me emails with a larger attachement gets the error:
552
Requested mail action aborted: exceeded storage allocation (in reply to
MAIL FROM command)

Any solution

gnaApril 06th, 2005 @ 06:27AM

SOLUTION found:

I have declared :
LDFLAGS="-L/usr/local/bdb/lib -L/usr/local/courier/lib -L/usr/local/ssl/lib"
CPPFLAGS="-I/usr/local/bdb/include -I/usr/local/courier/include -I/usr/local/ssl/include"

BUT my libssl.so files were not there DUH (openssl097e put them in /usr/lib/)
So after i copyed the so files to /usr/lib/ssl/lib the make run fine

MORE TO COME :)

JosephApril 05th, 2005 @ 12:58PM

I have installed everything according to HOW TO's similar to this one. At one time I had everything working perfect. I could send and recieve mail with no problem. Now 2 weeks later I have come back to double check everything and cacn't figure out why sasl and authdaemond are using the wrong query. The query they are using now is as follows:

SELECT username, crypt, clear, 'XXXX', 'XXXX', 'xxxxxxx' CONCAT(xxxxxx)

With authdaemond using this query I get an error saying no password for username : blah@blah.net

When the machine was working great 2 weeks ago the sql query that authdaemond was using was this:
SELECT password FROM mailbox WHERE username = '%u@%r'

Can someone please tell me what is going on????

My smtpd.conf locate in /usr/local/lib/sasl2 is as follows
# smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sql
sql_engine: mysql
srp_mda: md5
sql_hostnames: localhost
sql_user: XXXXX
sql_passwd: XXXXX
sql_database: XXXXX
sql_select: SELECT password FROM mailbox WHERE username = '%u@%r'
sql_verbose: yes

Please help.

GnaApril 05th, 2005 @ 08:03AM

Followed these instrucions, and followed some dependencies, now the CourierIMAP4.0.2 and OpenSSL 0.9.7e won't compile couriertls:
with many "undefined reference to" -s in some fuctions.

DUH

To compile CourierAuthlib i used:
./configure --prefix=/usr/local/courier \
--without-authpgsql --without-authpwd --without-authvchkpw --without-authldap \
--with-mysql-libs=/usr/local/mysql/current/lib/mysql \
--with-mysql-includes=/usr/local/mysql/current/include/mysql/ \
--with-mailuser=root --with-mailgroup=root \
--srcdir=/home/gna/packages/courier-authlib-0.55.20050320 \
LDFLAGS="-L/usr/local/bdb/lib" \
CPPFLAGS="-I/usr/local/bdb/include"

make
make install

And courier-imap:
/configure \
--prefix=/usr/local/courier \
LDFLAGS="-L/usr/local/bdb/lib -L/usr/local/courier/lib -L/usr/local/ssl/lib" \
CPPFLAGS="-I/usr/local/bdb/include -I/usr/local/courier/include -I/usr/local/ssl/include" \
COURIERAUTHCONFIG=/usr/local/courier/bin/courierauthconfig

DavidMarch 07th, 2005 @ 02:54AM

Good luck with Qmail, we're in the process of migrating everything away from it on multiple machines. It's broken in some annoying ways that break spec, but comply with what djb thinks "should" be proper behaviour.

Unless you find a patch for it it also barfs on large dns records (domains with large number of mx records) if you're not using dnscache (we have one legacy dnscache installation just for our qmail dns resolution.. talk about annoying)

AdamMarch 01st, 2005 @ 04:11PM

Please disregard my msg from February 23rd..

Due to extreme frustration I decided to change to a different mail system - qmail. It took me few hours to completely install it.

Anyway, just wanted to show my appreciation for this article. Learned a lot from it. Thanks for your work, Serge Stepanov. May the internet be filled with contributors like yourself.. :)

maDaMarch 01st, 2005 @ 12:56PM

Mar 1 19:52:52 mailtest postfix[14921]: fatal: file /etc/postfix/main.cf: parameters mail_owner and setgid_group: user postfix and group postdrop have the same group ID: 1001

And it doesn't help to change the ID's in passwd

sammyfaiFebruary 22nd, 2005 @ 06:33AM

It seems I solve the user unknown problem eventually. It need to execute all the command in a time

$ /usr/local/courier/libexec/authlib/authdaemond start
$ /usr/local/courier/sbin/imapd start
$ /usr/local/courier/sbin/imapd-ssl start
$ /usr/sbin/postfix start
$/etc/rc.d/init.d/spamassassin start

jackFebruary 20th, 2005 @ 06:03AM

Please disregard the previous message. The one from the 18th provided the right solution. I had missed it.

jackFebruary 20th, 2005 @ 05:20AM

I have setup postfix/courier-imap/maildrop/mysql for virtual users.

postfix/virual deliver the messages fine. If I set maildrop as the LDA, I run into problems. I think that the problem is a permissions issue with sasl.

If I run this command "maildrop -V -5 -d user@domain.tld" as root, authenticatio works fine and mail is delivered.

If I run the same command as any other user, vmail for instance, it fails with the following message: "ERR: authdaemon: s_connect() failed: permission denied invalid user specified.

My users/permissions seem to be setup according to the installation instructions. Any help will be greatly appreciated.

Thank you.

bezvezeFebruary 16th, 2005 @ 02:32AM

Problem "bind: Address already in use" is caused when you try to use port that some other application is using. So run 'nmap -p localhost' to see whether port is in use or not.
If it's, then run 'lsof -i tcp:143' (143 = imap, replace it with application port you are having problem with) to see which application is using it. When you find out, stop application, and try to run your one.

Hope this helps.

MehdiFebruary 14th, 2005 @ 01:46AM

Hi

I have the same error as Angelo
--
/usr/local/bdb/lib/libdb.so: undefined reference to `pthread_condattr_setpshared'
/usr/local/bdb/lib/libdb.so: undefined reference to `pthread_mutexattr_destroy'
/usr/local/bdb/lib/libdb.so: undefined reference to `pthread_mutexattr_setpshared'
/usr/local/bdb/lib/libdb.so: undefined reference to `pthread_mutexattr_init'
/usr/local/bdb/lib/libdb.so: undefined reference to `pthread_mutex_trylock'
collect2: ld returned 1 exit status
make: *** [master] Error 1
make: *** [update] Error 1
--
My MySQL do not have authentication its password is blank and I dont know how should I start MySQL with with query debugging enabled ....
Can any one plz help ??

Thanks

DaveDFebruary 11th, 2005 @ 03:23PM

Can't start IMAP, I only get this error (like EVERYONE else who hasn't gotten an answer to this):

Starting Courier IMAP server:bind: Address already in use
ll_daemon_start: Resource temporarily unavailable

nimbusFebruary 08th, 2005 @ 12:52AM

I've been tearing hairs out for the last couple of days but got it working with the help of a guru. :-)
I'm using Suse 9.2 btw.

Here are my hints for successful living:

+ Make sure that the mysql-library arguments (as well as the CPPFLAGS) for SASL and Maildrop configure are correct!
+ Check if those mysql-libs really get linked to the binary!
+ Add a --enable-sql to SASL-configure!
+ Do not chroot SMTPD for the time installing/configuring/testing!
+ A correct and working SMTPD.CONF für SASL2.x is here (ignore all the crap you find somewhere else):

pwcheck_method: auxprop
auxprop_plugin: sql
sql_engine: mysql
sql_hostnames: localhost
sql_database: postfix
sql_user: postfix
sql_passwd: ******
sql_select: SELECT clear FROM postfix_users WHERE email = '%u@%r'
sql_usessl: no
mech_list: PLAIN LOGIN CRAM-MD5

+ Mailbox directory creation goes like this:
create "/home/vmail/domain.com" by hand
run "/usr/local/courier/bin/maildirmake /home/vmail/domain.com/info"
change owner: "chown vmail:vmail -R /home/vmail"
change permissions: "chmod 700 -R /home/vmail"
That's it. Database entries for this mailbox would be "/home/vmail" for homedir and "domain.com/info/" for maildir - watch the slashes!
+ Fix those 'Y' in all mysql-cf-files! Upper case! Serge: please, please fix your HowTo in that matter, even when you think it's outdated.
+ In case of problems, use mysql query log to see if SASL and Maildrop really drop sql-statements! Use SASL sample client/server to check if SASL is working. Keep an eye on mail.warn and mail.err logfiles!
+ Drink lots of coffee, eat chocolate (it has koffein as well), have sex (better than koffein). Even if things don't work right.

Narcis RaduFebruary 07th, 2005 @ 02:46AM

Hi,
I have a big problem. I don't know how to make my mail server NOT TO BE an open-relay? How do I make smtp auth?

Adolfo dot anderung.com.brJanuary 17th, 2005 @ 11:08AM

If you have MX problem see /etc/resolv.conf permissions. It *MUST* have read for all.
If you have user unknow probably see maildropmysql.conf[ig] and see if the spaces has ANY, I wrote !ANY! space. If has any space, erase.
It must be:
hostname address
socket pathofsocket
Like this.

If you have any question,
send me email

IsharraJanuary 16th, 2005 @ 11:33AM

install courier-authlib to use mysql support with the latest release of maildrop. authentication was moved out of courier-imap, maildrop and sqwebmail and moved into a common package (and saves a world of headaches if you are using more than one of these).

MikeJanuary 14th, 2005 @ 03:57AM

======
CRITICAL NOTE: When creating the user for our database, create TWO: one that authenticates from "localhost" and one from "127.0.0.1"
I don't know why it doesn't see it as the same, but on two different boxes (RedHat 9 and Slackware 9) it needed two seperate entries.
===

It seems I know why :)

bash# man mysqld
...
--skip-name-resolve
Hostnames are not resolved. All Host column values in the grant
tables must be IP numbers or localhost.

SergeJanuary 06th, 2005 @ 08:14PM

It appears that my howto is outdated. I tried making an install using the latest software packages (including a new MySQL) and absolutely everything fails to connect to the database. I was able to copy back my original postfix install over to my machine to get my server working atleast partially.

When I get some time I will fix this document up and try to solve lots of the problems many are having.

SeNJanuary 02nd, 2005 @ 10:48AM

Following from Shirow, it seems that during build time maildrop couldn't find the authlib client libraries and decided to silently not put in mysql support.

My packages are all under a management policy so you might get out of this a lot eaiser than I did (you might not even have to install authlib) - but the following is what I had to do to get things working:

I separately installed courier-authlib (with the --with-authdaemonvar set to the regular courier-0.X var/authdaemon dir). I believe this means any client applications which are built on this library will then speak with the pipe in there. There could be permissions problems with the authdaemon dir since it is probably owned by courier without global read - I simply gave the vmail group permissions to the authdaemon dir as a quick fix to get things running (this might be bad - I really haven't thought about it).

I then rebuilt maildrop, and upon running ldd on the binary, libcourierauth was seen as a dependency (good!)

After doing this, things appear to be working as expected.

AdrianDecember 28th, 2004 @ 09:37PM

Populate the postfix_transport table with the following:
I have no clue, what that means, please help me out.
Thank You

ShirowDecember 28th, 2004 @ 07:21AM

I fixed the 'unknown user' problem by downgrading Maildrop. It appears the latest versions don't have integrated Mysql support so even though it was accepting the Mysql commands in ./configure it wasn't actually using them.

Try downgrading to a Maildrop version w/ built in Mysql support.. worked for me.

MartinnDecember 20th, 2004 @ 03:03PM

My Solution for "user unknown. Command output: Invalid user specified.":
i installed postfix+mysql+maildrop and got the same problem. I had to edit /etc/maildrop/maildropmysql.cf file to set up right mysql configuration for maildrop and problem was resolved.

MihaDecember 17th, 2004 @ 05:09AM

I see now, but I am very new to mysql, and Ioverwrited all fields with ''' by mistake. Sorry for this!

MarkbbDecember 16th, 2004 @ 02:02PM

Miha-
If you look at the database schema from the HOWTO, you'll notice that both the "postfix" and "access" fields have a default of 'Y'

access enum('Y','N') NOT NULL default 'Y',
postfix enum('Y','N') NOT NULL default 'Y',

MihaDecember 16th, 2004 @ 01:15PM

Solution for "user unknown. Command output: Invalid user specified.":

Set field "postfix" to "y" for every user in table postfix_users. If "y" isn't there, the user is disabled... A almost got crazy because of that )=!

I don't know why this is not in HOWTO...

Have a nice day (=!

MidDecember 14th, 2004 @ 01:22PM

I have a question, in the SASL configuration, there is an attempt to link to a berkley database library, but no reference to the Bdb on the tutorial. Has anyone experienced any problems with the configure with out having Berkley DB installed?

Everything looks like it is running off of mysql and no calls to BDB are made.

AIMDecember 14th, 2004 @ 12:38AM

Hello!

I get the same error as Jack does.
ll_daemon_start: Resource temporarily unavailable

when I try to start the pop3d.rc

Greez AIM

BullFrogDecember 10th, 2004 @ 11:23PM

Not sure if this helps but after making multiple configurations using ldap a while back I forgot to document all steps. When I recently installed again I ran into the "user known" issue. I checked my ldap logs and it wasn't even quering LDAP. After a smack in the head I realized that I forgot to use the --enable-maildropldap and --with-ldapconfig=/path/to/file. This may be the issues that you are experiencing. Double check to make sure you compiled maildrop with --enable-maildropmysql and --with-mysqlconfig=/path/to/file. If you left off the --with-mysqlconfig=... then it lookgs for the file in /etc. Since I haven't tried this against mysql this next one might not help. For me I could use ldd /path/to/maildrop and see if libldap... was in there. You might have luck checking this to see if libmysql... is compiled in.

Good Luck

ShirowDecember 09th, 2004 @ 11:45AM

Think we might be screwed Zelf :) I'm still working on it, let me know if you figure it out (shirow@digitalgunfire.com)

What's your email address?

ZelfDecember 09th, 2004 @ 10:51AM

Does anyone monitor this list or am I up the creek?

ne0December 09th, 2004 @ 07:56AM

Problem:
relay=virtual, delay=0, status=deferred (recipient test@mydoamin.com: uid not found in virtual_uid_maps)

ZelfDecember 06th, 2004 @ 11:14PM

I am plagued with the relay=maildrop, delay=0, status=bounced (user unknown. Command output: Invalid user specified. ) error. On this list I see others have had the same question, but I have not seen a solution. I have followed the tutorial exactly, but cannot get email delivered into a users maildir/new directory. Please help. I am going insane with Google searches. Thanks.

John DoeDecember 05th, 2004 @ 05:00PM

I'm getting the following error when starting postfix:

postfix: fatal: chdir(/usr/libexec/postfix myhostname = mail.e-f-o.nl mydomain = e-f-o.nl myorigin = AutraX): No such file or directory

anybody have a clue?

SergeDecember 01st, 2004 @ 05:12PM

Steve: Redhat probably put the base for MySQL into /usr/local, so check to see if you have databases in /usr/local/var. If that turns out to be the case, then just substitute "/usr/local" for whereever you see "/usr/local/mysql"

SteveDecember 01st, 2004 @ 01:40PM

I know this is probably a stupid question... I am sort of a rookie (grin)... but I got openssl installed (actually just updated as I had an older ver)...but before I do the SASL2 install I was curious of one thing. I have Redhat9 and Mysql installed from OS installation (RPM).....I don't see /usr/local/mysql but MySQL is running currently. How can I determine what this path should be. Thanks in advance for this great how to! I see I have /var/lib/mysql ....but no include dir under it?

flzNovember 26th, 2004 @ 05:33AM

For people who have problem with unknown users, make sure you have granted access to mail.* for user@'localhost' *and* user@'localhost.domain.tld'.

I spent my night searching what was wrong and finally i got the answer in mysqld.log.

WashingtonNovember 25th, 2004 @ 07:22AM

Bom dia a todos da lista, estou com a seguinte
messagem no meu postfix; erro: postfix/postfix-script:
warning: damaged message: corrupt / 2647859565bb, nao
consigo nem enviar e nem receber e-mails. Se alguem
pode me ajudar desde ja agradeço.

DexterNovember 22nd, 2004 @ 07:53PM

Hi,
I am having a problem reading my new mail from SquirrelMail. I have Courier IMAP, Postfix & MySql working fine, I can read the users new mail via Webmin, but not from SquirrelMail. I found that the permission's for the new mail files down inherent the parents.. why is this? When I change the file permission I can see it via SquirrelMail. I dont know if anyone can help me here. Cheers Dex
dexter_adams@hotmail.com

JackNovember 09th, 2004 @ 02:25PM

I got everything installed finally, but whenever I start courier using
/usr/local/courier/libexec/imapd.rc start
I get this error
ll_daemon_start: Resource temorarily unavailable.

I am using debian.
Authdaemond is starting without errors.

(Please Help Newbie)

dmanNovember 05th, 2004 @ 10:51PM

The point is to compile the sasl lib with sql support with the parm './configure --enable-sql' which will add the 'mysql support'.

and put the following lines in file /usr/local/lib/sasl2/smtpd.conf

sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sql
sasl_mech_list: PLAIN LOGIN

sql_engine: mysql
sql_user: x
sql_passwd: x
sql_hostnames: localhost
sql_database: postfix
sql_select: SELECT clear FROM users WHERE email = '%u@%r'
---

and in main.cf:
----
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_application_name = smtpd

NONsergeOctober 28th, 2004 @ 06:54AM

heh, daaaaaaaaamn man ... you can't simplify this? SIMPLIFY IT!

PedroOctober 22nd, 2004 @ 06:46AM

Hi, i would like to know how to put maildrop making homedir+maildir like virtual: does :-)

Derk GortemakerOctober 19th, 2004 @ 03:00AM

Paul, I had almost the same problem. I've placed this in /usr/lib/sasl2/smtpd.conf: (not smptd.conf, that took me a few weeks....)

---
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sql
sasl_mech_list: PLAIN LOGIN

sql_engine: mysql
sql_user: x
sql_passwd: x
sql_hostnames: localhost
sql_database: postfix
sql_select: SELECT clear FROM users WHERE email = '%u@%r'
---

and in main.cf:
----
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_application_name = smtpd
----

that's it.

JDOctober 18th, 2004 @ 04:56PM

This is very helpful, but the maildrop permissions are killing me.

I either get 'home directory is world writable' or 'unable to change to home directory'.

I made maildrop setuid root and I initially setup /home/vmail as 700 but that keeps giving the error 'unable to change to home directory'. If I change to 775, 777, 774, I get the world writable error.

What am I missing?

Thanks!

SergeOctober 17th, 2004 @ 02:30AM

Angelo: That is apparently a problem with the Berkeley DB library. You don't really even need it (I just chose to throw it in), so when you compile postfix you can omit: -L/usr/local/bdb/lib all together and it should compile fine after that.

AngeloOctober 16th, 2004 @ 10:48PM

Hello,Serge. :) I have a question while I was following your tutorial's procedure.
When I "make install" as root for postfix,it generates the error below:

/usr/local/bdb/lib/libdb.so: undefined reference to `pthread_condattr_setpshared'
/usr/local/bdb/lib/libdb.so: undefined reference to `pthread_mutexattr_destroy'
/usr/local/bdb/lib/libdb.so: undefined reference to `pthread_mutexattr_setpshared'
/usr/local/bdb/lib/libdb.so: undefined reference to `pthread_mutexattr_init'
/usr/local/bdb/lib/libdb.so: undefined reference to `pthread_mutex_trylock'
collect2: ld returned 1 exit status
make: *** [master] Error 1
make: *** [update] Error 1

I've googled and found no cure to this problem.Would you mind helping me out?Thanks.

SergeOctober 16th, 2004 @ 12:51PM

Make sure that MySQL is authenticating correctly. Restart MySQL with query debugging enabled and watch the log file to see what queries and connection attempts are being passed to MySQL.

PaulOctober 16th, 2004 @ 11:10AM

Thanks - all works fine... *except* SMTP authentication by MySQL. I just cannot get it to work. I've populated the postfix_access table (with an entry for client & sender as I wasn't sure which was which). I just get SASL LOGIN authentication failed in /var/log/maillog.

Looking at other howto's - I created an smtpd.conf (in /etc/postfix and a copy to /usr/lib/sasl for good measure):

mysql_user: courier
mysql_passwd: x
mysql_hostnames: localhost
mysql_database: mail
mysql_statement: SELECT clear FROM postfix_users WHERE email = '%u@%r'
mysql_verbose: yes

Still no joy - tearing my hair out and on the point of giving up. Which would be a shame considering everything else is working.

SergeOctober 15th, 2004 @ 10:47PM

Paulo: You are correct, the right path should indeed be "/usr/local/courier/share/mkimapdcert".

PauloOctober 15th, 2004 @ 08:33PM

In the Courier IMAP installation, the last line of the workaround is not /usr/lib/courier/share/mkimapdcert, but /usr/local/courier/share/mkimapdcert. (mkimapdcert is in the path where you installed courier imap, not some other place - at least in courier-imap-3.0.8). As by the time i have posted this message i will be still installing all the packages and configuring them, but this project seems to be a nice one!! :)

SergeOctober 15th, 2004 @ 01:36PM

Post comments, questions and suggestions here. This way I don't have to answer the same questions multiple times over email :)

 
Post Comment:

Use the following verification number: 0ayps86w05a

Name 
Comment 
Verification 



eBay Sniper