Nov 11 23:06:38 mail-whiterose-org postfix/smtpd[2196]: mysql plugin couldnt connect to any host\n
Nov 11 23:06:38 mail-whiterose-org postfix/smtpd[2196]: mysql plugin couldnt connect to any host\n
Nov 11 23:07:10 mail-whiterose-org postfix/smtpd[2198]: mysql plugin couldnt connect to any host\n
Nov 11 23:07:10 mail-whiterose-org postfix/smtpd[2198]: mysql plugin couldnt connect to any host\n
This doesn't seem right, but it could just be me not knowing what an auth failure looks like.
The smtpd.conf has a lot of commented out config items.
So, the primary use of my mailserver is a single domain, although I may eventually add another domain. I added the line to my Imap and pop3 configs to add the default domain "@whiterose.org" if a user leaves it off. It looks like SASL2 also needs that. I'm going to investigate smtpd_sasl_local_domain and see if that fixes my problem.
Michael 12 Nov 2006
Well, my simple test of setting
smtpd_sasl_local_domain = $mydomain didn't work.
Next up, I'll look at smtpd_sender_login_maps and see if that's what I want.
At least the error isn't connected to sasl or courier auth. Which would result is something being wrong with postfix.
Could you post the error you see in /var/log/mail.log around the time you had the problem.
By the way, what are you trying to do, I guess send an email ?
For a check of postfix configuration please post the output of the command 'postconf -n'
Michael 13 Nov 2006
richard5 Escribió:
At least the error isn't connected to sasl or courier auth. Which would result is something being wrong with postfix.
Could you post the error you see in /var/log/mail.log around the time you had the problem.
Nov 11 23:05:53 mail-whiterose-org postfix/smtpd[2197]: connect from airport.whiterose.org[70.106.123.197]
Nov 11 23:05:54 mail-whiterose-org authdaemond: received auth request, service=smtp, authtype=login
Nov 11 23:05:54 mail-whiterose-org authdaemond: authmysql: trying this module
Nov 11 23:05:54 mail-whiterose-org authdaemond: SQL query: SELECT username, password, "", '27', '27', '/usr/local/virtual', maildir, "", name, "" FROM mailbox WHERE username = "username@mail.whiterose.org"
Nov 11 23:05:54 mail-whiterose-org authdaemond: zero rows returned
Nov 11 23:05:54 mail-whiterose-org authdaemond: no password available to compare
Nov 11 23:05:54 mail-whiterose-org postfix/smtpd[2197]: warning: airport.whiterose.org[70.106.123.197]: SASL LOGIN authentication failed: authentication failure
Nov 11 23:05:54 mail-whiterose-org authdaemond: authmysql: REJECT - try next module
Nov 11 23:05:54 mail-whiterose-org authdaemond: FAIL, all modules rejected
Nov 11 23:05:55 mail-whiterose-org postfix/smtpd[2197]: lost connection after AUTH from airport.whiterose.org[70.106.123.197]
Nov 11 23:05:55 mail-whiterose-org postfix/smtpd[2197]: disconnect from airport.whiterose.org[70.106.123.197]
richard5 Escribió:
By the way, what are you trying to do, I guess send an email ?
Yes, in this case from a background process called chatalog which emails ichat logs. It was trying every 30 seconds and not reporting errors, so the log had quite a few entries before we noticed it.
Our old mailserver (SIMS on Mac OS9) did Auth, so every app that offered auth we set up for it. Had a similar problem with a user last night who is remote (actually in the UAE these days) who isn't on a trusted network.
richard5 Escribió:
For a check of postfix configuration please post the output of the command 'postconf -n'
Just a quick question, it looks like the user ginger@mail.whiterose.org is not configured in your database ? Is it available in the table mailbox in the database postfix. If not create it using the postfixadmin site that would solve this issue. I'll check your config at a later time.
Michael 13 Nov 2006
richard5 Escribió:
Just a quick question, it looks like the user username@mail.whiterose.org is not configured in your database ? Is it available in the table mailbox in the database postfix. If not create it using the postfixadmin site that would solve this issue. I'll check your config at a later time.
- do you have an entry in your postfix database, table alias where the address is @whiterose.org ? Not *@whiterose.org !
- the domain name whiterose.org should not be used in your main.cf, because it also used as a virtual domain you get conflicts. Use the hostname you get from the ISP or you local machine name for myhostname and mydomain and you won't have a conflict and still have a working mailserver.
Michael 14 Nov 2006
richard5 Escribió:
Two remarks:
- do you have an entry in your postfix database, table alias where the address is @whiterose.org ? Not *@whiterose.org !
select address, goto, domain, active from alias where address like '@%'
[Executed: 11/13/06 7:33:57 PM EST ] [Execution: 46/ms]
richard5 Escribió:
- the domain name whiterose.org should not be used in your main.cf, because it also used as a virtual domain you get conflicts. Use the hostname you get from the ISP or you local machine name for myhostname and mydomain and you won't have a conflict and still have a working mailserver.
I do have a working mailserver. [aside: thanks! Your help has been invaluable.] I had trouble for quite a while because of that, and finally a light dawned regarding this mail.log error:
Nov 7 08:07:19 mail-whiterose-org postfix/trivial-rewrite[1549]: warning: do not list domain mail.whiterose.org in BOTH mydestination and virtual_mailbox_domains
I do have a few things to do to improve my setup, like figure out how to handle spamassassin or dspam when most of my users are used to POP3 instead of IMAP and figure out this auth mapping thing (my users are currently doing auth with 'user@whiterose.org', but the old server was single-domain, so they're used to 'user').
I also need to switch back to SSL, which I turned off for testing and now think I want, but otherwise, I'm functional.
I think there is still an issue with virtual domains and static ones. You use whiterose.org as a static domain with users defined in a virtual setup. That doesn't mix well.
Please make whiterose.org a virtual domain and try again. Change the myhostname and mydomain into something different instead of the other way around as you solved it.
Michael 14 Nov 2006
richard5 Escribió:
I think there is still an issue with virtual domains and static ones. You use whiterose.org as a static domain with users defined in a virtual setup. That doesn't mix well.
What doesn't work well about it? The only real login on the machine is an admin one that doesn't have a mailbox. I don't want to run into problems down the line, but it's working fine now.
richard5 Escribió:
Please make whiterose.org a virtual domain and try again. Change the myhostname and mydomain into something different instead of the other way around as you solved it.
I'll have to wait 'til this weekend to experiment with this. I need to be careful with the setup now because it's up and running.
Michael 14 Nov 2006
I'm going to see if I can modify this 'guidelet' to do what I'm looking for wrt default domain auth.
12 Nov 2006
Nov 11 23:06:38 mail-whiterose-org postfix/smtpd[2196]: mysql plugin couldnt connect to any host\nNov 11 23:06:38 mail-whiterose-org postfix/smtpd[2196]: mysql plugin couldnt connect to any host\n
Nov 11 23:07:10 mail-whiterose-org postfix/smtpd[2198]: mysql plugin couldnt connect to any host\n
Nov 11 23:07:10 mail-whiterose-org postfix/smtpd[2198]: mysql plugin couldnt connect to any host\n
This doesn't seem right, but it could just be me not knowing what an auth failure looks like.
The smtpd.conf has a lot of commented out config items.
How can I test that this is properly configured?
12 Nov 2006
For testing you can use:
/usr/local/sbin/authtest user12 Nov 2006
mail:/usr/local/sbin elrond$ ./authtest postmaster; ./authtest postmaster@whiterose.org
Authentication FAILED: Operation not permitted
Authentication succeeded.
Authenticated: postmaster@whiterose.org (uid 27, gid 27)
Home Directory: /usr/local/virtual
Maildir: whiterose.org/postmaster/
Quota: (none)
Encrypted Password: [i]an encrypted password[/i].
Cleartext Password: (none)
Options: (none)
So, the primary use of my mailserver is a single domain, although I may eventually add another domain. I added the line to my Imap and pop3 configs to add the default domain "@whiterose.org" if a user leaves it off. It looks like SASL2 also needs that. I'm going to investigate smtpd_sasl_local_domain and see if that fixes my problem.
12 Nov 2006
smtpd_sasl_local_domain = $mydomain didn't work.
Next up, I'll look at smtpd_sender_login_maps and see if that's what I want.
12 Nov 2006
Could you post the error you see in /var/log/mail.log around the time you had the problem.
By the way, what are you trying to do, I guess send an email ?
For a check of postfix configuration please post the output of the command 'postconf -n'
13 Nov 2006
richard5 Escribió:
Nov 11 23:05:53 mail-whiterose-org postfix/smtpd[2197]: connect from airport.whiterose.org[70.106.123.197]
Nov 11 23:05:54 mail-whiterose-org authdaemond: received auth request, service=smtp, authtype=login
Nov 11 23:05:54 mail-whiterose-org authdaemond: authmysql: trying this module
Nov 11 23:05:54 mail-whiterose-org authdaemond: SQL query: SELECT username, password, "", '27', '27', '/usr/local/virtual', maildir, "", name, "" FROM mailbox WHERE username = "username@mail.whiterose.org"
Nov 11 23:05:54 mail-whiterose-org authdaemond: zero rows returned
Nov 11 23:05:54 mail-whiterose-org authdaemond: no password available to compare
Nov 11 23:05:54 mail-whiterose-org postfix/smtpd[2197]: warning: airport.whiterose.org[70.106.123.197]: SASL LOGIN authentication failed: authentication failure
Nov 11 23:05:54 mail-whiterose-org authdaemond: authmysql: REJECT - try next module
Nov 11 23:05:54 mail-whiterose-org authdaemond: FAIL, all modules rejected
Nov 11 23:05:55 mail-whiterose-org postfix/smtpd[2197]: lost connection after AUTH from airport.whiterose.org[70.106.123.197]
Nov 11 23:05:55 mail-whiterose-org postfix/smtpd[2197]: disconnect from airport.whiterose.org[70.106.123.197]
richard5 Escribió:
Yes, in this case from a background process called chatalog which emails ichat logs. It was trying every 30 seconds and not reporting errors, so the log had quite a few entries before we noticed it.
Our old mailserver (SIMS on Mac OS9) did Auth, so every app that offered auth we set up for it. Had a similar problem with a user last night who is remote (actually in the UAE these days) who isn't on a trusted network.
richard5 Escribió:
mail:/usr/local/sbin elrond$ postconf -nbroken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = /Library/WebServer/Documents/PostfixDocs
mail_owner = postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydomain = whiterose.org
myhostname = mail.whiterose.org
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /private/var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_delay_reject = yes
smtpd_enforce_tls = no
smtpd_etrn_restrictions = reject
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject, reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, warn_if_reject, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_invalid_hostname, reject_rbl_client opm.blitzed.org, reject_rbl_client list.dsbl.org, reject_rbl_client zen.spamhaus.org, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_security_options = noanonymous
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:27
virtual_mailbox_base = /usr/local/virtual/
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 27
virtual_transport = virtual
virtual_uid_maps = static:27
13 Nov 2006
13 Nov 2006
richard5 Escribió:
*@mail.whiterose.org is aliased to whiterose.org so username@mail.whiterose.org = username@whiterose.org. There were reasons to do this in the old MTA and I put the alias back in for the new setup. So username@mail.whiterose.org can receive mail, but doesn't authenticate.
ETA: changed username to username so it won't get harvested and annoy my wife...
13 Nov 2006
- do you have an entry in your postfix database, table alias where the address is @whiterose.org ? Not *@whiterose.org !
- the domain name whiterose.org should not be used in your main.cf, because it also used as a virtual domain you get conflicts. Use the hostname you get from the ISP or you local machine name for myhostname and mydomain and you won't have a conflict and still have a working mailserver.
14 Nov 2006
richard5 Escribió:
select address, goto, domain, active from alias where address like '@%'
address goto domain active
------------------- -------------- ------------------ ---------
@mail.whiterose.org @whiterose.org mail.whiterose.org 1
1 record(s) selected [Fetch MetaData: 0/ms] [Fetch Data: 1/ms]
[Executed: 11/13/06 7:33:57 PM EST ] [Execution: 46/ms]
richard5 Escribió:
I do have a working mailserver. [aside: thanks! Your help has been invaluable.] I had trouble for quite a while because of that, and finally a light dawned regarding this mail.log error:
Nov 7 08:07:19 mail-whiterose-org postfix/trivial-rewrite[1549]: warning: do not list domain mail.whiterose.org in BOTH mydestination and virtual_mailbox_domainsI removed it from the virtual domain and it all started working. Mail to user@whiterose.org and user@mail.whiterose.org both work.
I do have a few things to do to improve my setup, like figure out how to handle spamassassin or dspam when most of my users are used to POP3 instead of IMAP and figure out this auth mapping thing (my users are currently doing auth with 'user@whiterose.org', but the old server was single-domain, so they're used to 'user').
I also need to switch back to SSL, which I turned off for testing and now think I want, but otherwise, I'm functional.
14 Nov 2006
Please make whiterose.org a virtual domain and try again. Change the myhostname and mydomain into something different instead of the other way around as you solved it.
14 Nov 2006
richard5 Escribió:
What doesn't work well about it? The only real login on the machine is an admin one that doesn't have a mailbox. I don't want to run into problems down the line, but it's working fine now.
richard5 Escribió:
I'll have to wait 'til this weekend to experiment with this. I need to be careful with the setup now because it's up and running.
14 Nov 2006
http://www.howtoforge.com/forums/archive/index.php/t-5863.html
14 Nov 2006