Postfix, Courier, Sasl2 und MySQL

vanedler

vanedler

Well-Known Member
Hallo Leute,

bin gerade dabei meinen Testserver für virtual Hosting aufzusetzten und mit Hilfe einiger Anleitungen und guten Tipps ist er nun fast fertig. Ich bin sehr zufrieden mit allen Diensten. Ein Problem aber bleibt. Ich möchte einen Maildienst haben, der mit Postfix, Courier-Imap mit POP3 und IMAP arbeitet, die Userdaten aus einer MySQL Datenbank holt. Ich sitze nun seit 3 Monaten an diesem Problem, habe alle möglichen Anleitungen durchgekaut und nach wie vor, wie am ersten Tag die gleichen Fehlermeldungen, die ich hier jetzt poste um euch um Hilfe zu bitten... :rolleyes:

Outlook Express meldet:
Code: 
Ein Problem ist bei der Anmeldung am Mailserver aufgetreten. Das Kennwort wurde zurückgewiesen. Konto: 'mail@domain.tld', Server: '192.168.1.4', Protokoll: POP3, Serverantwort: '-ERR Maildir: No such file or directory', Port: 110, Secure (SSL): Nein, Serverfehler: 0x800CCC90, Fehlernummer: 0x800CCC92

Habe dann mal ein MySQL Debug gemacht, ob die Userdaten abgefragt werden:
Code: 
041224 11:10:29	      3 Connect     ?postfixuser?@localhost on 
		      3 Init DB     ?postfixdb?
		      3 Query       SELECT username, password, "", '125', '125', '/usr/local/virtual', maildir, quota, name, CONCAT("disableimap=",disableimap,",disablepop3=",disablepop3,",disablewebmail=",disablewebmail,",sharedgroup=",sharedgroup) FROM mailbox WHERE username = "mail@domain.tld" AND (active='1')

Folgendes Maildienst-Relevantes ist installiert:

Mysql:
# cd /usr/ports/databases/mysql40-server
# make -DWITH_OPENSSL=yes -DBUILD_OPTIMIZED=yes install clean

Sasl2:
# cd /usr/ports/security/cyrus-sasl2
# make -DWITH_MYSQL -DWITH_AUTHDAEMON -DWITHOUT_PGSQL -DWITHOUT_OTP -DWITHOUT_CRAM -DWITHOUT_DIGEST -DWITHOUT_NTLM

Sasl2 authd:
# cd /usr/ports/security/cyrus-sasl2-saslauthd
# make install clean

Postfix:
# cd /usr/ports/mail/postfix
# make install clean

----> Build with: SASL2, MySQL, IPv6TLS, VDA

----> Added group "postfix"
.
----> Would you like me to add it? [y]? y

----> Would you like to activate Postfix in /etc/mail/mailer.conf [n]? y

Courier-IMAP:
# cd /usr/ports/mail/courier-imap
# make -DWITH_MYSQL install clean

Postfixadmin
# cd /usr/ports/mail/postfixadmin
# make install clean

Folgende Konfiguration habe ich:

Postfix main.cf:
Code: 
virtual_alias_maps = mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:125
virtual_mailbox_base = /usr/local/virtual
virtual_mailbox_domains = mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 1005
virtual_transport = virtual
virtual_uid_maps = static:125
# Additional for quota support
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace, please try again later.
virtual_overquota_bounce = yes
#If you want to use MySQL also to store your Backup MX domains add this as well 
relay_domains = proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf
#
readme_directory = /usr/local/share/doc/postfix
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
html_directory = no
setgid_group = maildrop
command_directory = /usr/local/sbin
manpage_directory = /usr/local/man
daemon_directory = /usr/local/libexec/postfix
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 450
#
#
# Sasl2 inclusive einiger Spamfilter
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = 
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_non_fqdn_hostname,
  reject_non_fqdn_sender,
  reject_non_fqdn_recipient,  
  reject_unauth_destination,
  reject_unauth_pipelining,   
  reject_invalid_hostname,
  reject_rbl_client opm.blitzed.org,
  reject_rbl_client list.dsbl.org,
  reject_rbl_client bl.spamcop.net,
  reject_rbl_client sbl-xbl.spamhaus.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous

Courier, z.B. pop3d:
Code: 
##VERSION: $Id: pop3d.dist.in,v 1.9 2004/04/18 15:54:39 mrsam Exp $
#
# pop3d created from pop3d.dist by sysconftool
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
#  Copyright 1998 - 2002 Double Precision, Inc.  See COPYING for
#  distribution information.
#
#  Courier POP3 daemon configuration
#
##NAME: PIDFILE:0
#

PIDFILE=/var/run/pop3d.pid

##NAME: MAXDAEMONS:0
#
#  Maximum number of POP3 servers started
#

MAXDAEMONS=40

##NAME: MAXPERIP:4
#
#  Maximum number of connections to accept from the same IP address

MAXPERIP=4

##NAME: AUTHMODULES:0
#
#########################################################################
##
## Authentication modules which attempt to validate userid/password
## combinations.  See authpam(8) for more information.  The default set
## is installed at configuration time.  You may have to edit the following
## to remove unnecessary authentication modules.  In particular, if
## authpam is included in the list below, you will have to remove authpwd
## and authshadow, since their functionality is included in the authpam
## module.
##
#########################################################################
#
# If this is currently set to AUTHMODULES="authdaemon", DO NOT CHANGE IT.
# Instead, change the parameter authmodulelist in authdaemonrc.

AUTHMODULES="authdaemon"


##NAME: AUTHMODULES_ORIG:0
#
# This setting is for use with webadmin

AUTHMODULES_ORIG="authdaemon"

##NAME: DEBUG_LOGIN:0
#
# Dump additional login diagnostics to syslog
#
# DEBUG_LOGIN=0   - turn off login debugging
# DEBUG_LOGIN=1   - turn on login debugging
# DEBUG_LOGIN=2   - turn on login debugging + log passwords too
#
# Note that most information is sent to syslog at level 'debug', so
# you may need to modify your /etc/syslog.conf to be able to see it.

DEBUG_LOGIN=0

##NAME: POP3AUTH:1
#
# To advertise the SASL capability, per RFC 2449, uncomment the POP3AUTH
# variable:
#
# POP3AUTH="LOGIN"
#
# If you have configured the CRAM-MD5 or CRAM-SHA1, set POP3AUTH to something
# like this:
#
# POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1"

POP3AUTH=""

##NAME: POP3AUTH_ORIG:0
#
# For use by webadmin

POP3AUTH_ORIG="LOGIN CRAM-MD5 CRAM-SHA1"

##NAME: POP3AUTH_TLS:1
#
# To also advertise SASL PLAIN if SSL is enabled, uncomment the
# POP3AUTH_TLS environment variable:
#
# POP3AUTH_TLS="LOGIN PLAIN"

POP3AUTH_TLS=""

##NAME: POP3AUTH_TLS_ORIG:0
#
# For use by webadmin

POP3AUTH_TLS_ORIG="LOGIN PLAIN"

##NAME: PORT:1
#
# Port to listen on for connections.  The default is port 110.
#
#  Multiple port numbers can be separated by commas.  When multiple port
#  numbers are used it is possibly to select a specific IP address for a
#  given port as "ip.port".  For example, "127.0.0.1.900,192.68.0.1.900"
#  accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1
#  The ADDRESS setting is a default for ports that do not have a specified
#  IP address.

PORT=110

##NAME: ADDRESS:0
#
# IP address to listen on.  0 means all IP addresses.

ADDRESS=0

##NAME: TCPDOPTS:0
#
# Other couriertcpd(1) options.  The following defaults should be fine.
#

TCPDOPTS="-nodnslookup -noidentlookup"

##NAME: POP3DSTART:0
#
# POP3DSTART is not referenced anywhere in the standard Courier programs
# or scripts.  Rather, this is a convenient flag to be read by your system
# startup script in /etc/rc.d, like this:
#
#  . /usr/local/etc/courier-imap/pop3d
#  case x$POP3DSTART in
#  x[yY]*)
#        /usr/local/libexec/courier-imap/pop3d.rc start
#        ;;
#  esac
#
# The default setting is going to be NO, until Courier is shipped by default
# with enough platforms so that people get annoyed with having to flip it to
# YES every time.

POP3DSTART=YES

##NAME: MAILDIRPATH:0
#
# MAILDIRPATH - directory name of the maildir directory.
#
MAILDIRPATH=Maildir

smptd.conf unter /usr/local/lib/sasl2:
Code: 
pwcheck_method: auxprop
auxprop_plugin: sql
mech_list: login crypt
sql_engine: mysql
sql_hostnames: ?postfixmysqlhost?
sql_user: ?postfixuser?
sql_passwd: ?somepass2?
sql_database: ?postfixdb?
sql_select: select password from mailbox where username='%u@%r' and smtpaccess='1';

authdaemonrc:
Code: 
##VERSION: $Id: authdaemonrc.in,v 1.8 2001/10/07 02:16:22 mrsam Exp $
#
# Copyright 2000-2001 Double Precision, Inc.  See COPYING for
# distribution information.
#
# authdaemonrc created from authdaemonrc.dist by sysconftool
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
# This file configures authdaemond, the resident authentication daemon.
#
# Comments in this file are ignored.  Although this file is intended to
# be sourced as a shell script, authdaemond parses it manually, so
# the acceptable syntax is a bit limited.  Multiline variable contents,
# with the \ continuation character, are not allowed.  Everything must
# fit on one line.  Do not use any additional whitespace for indentation,
# or anything else.

##NAME: authmodulelist:0
#
# The authentication modules that are linked into authdaemond.  The
# default list is installed.  You may selectively disable modules simply
# by removing them from the following list.  The available modules you
# can use are: authcustom authuserdb authpam

authmodulelist="authmysql authpam"

##NAME: authmodulelistorig:1
#
# This setting is used by Courier's webadmin module, and should be left
# alone

authmodulelistorig="authcustom authuserdb authpam"

##NAME: daemons:0
#
# The number of daemon processes that are started.  authdaemon is typically
# installed where authentication modules are relatively expensive: such
# as authldap, or authmysql, so it's better to have a number of them running.
# PLEASE NOTE:  Some platforms may experience a problem if there's more than
# one daemon.  Specifically, SystemV derived platforms that use TLI with
# socket emulation.  I'm suspicious of TLI's ability to handle multiple
# processes accepting connections on the same filesystem domain socket.
#
# You may need to increase daemons if as your system load increases.  Symptoms
# include sporadic authentication failures.  If you start getting
# authentication failures, increase daemons.  However, the default of 5
# SHOULD be sufficient.  Bumping up daemon count is only a short-term
# solution.  The permanent solution is to add more resources: RAM, faster
# disks, faster CPUs...

daemons=5

##NAME: version:0
#
# When you have multiple versions of authdaemond.* installed, authdaemond
# just picks the first one it finds.  Set "version" to override that.
# For example:  version=authdaemond.plain

version=""

##NAME: authdaemonvar:0
#
# authdaemonvar is here, but is not used directly by authdaemond.  It's
# used by various configuration and build scripts, so don't touch it!

authdaemonvar=/usr/local/var/authdaemon

authmysqlrc:
Code: 
MYSQL_CRYPT_PWFIELD	password
MYSQL_DATABASE		?postfixdb?
MYSQL_GID_FIELD		'125'
MYSQL_HOME_FIELD	'/usr/local/virtual'
MYSQL_LOGIN_FIELD	username
MYSQL_MAILDIR_FIELD	maildir
MYSQL_NAME_FIELD	name
MYSQL_OPT		0
MYSQL_PASSWORD		?somepass2?
MYSQL_QUOTA_FIELD	quota
MYSQL_SERVER		?postfixmysqlhost?
MYSQL_UID_FIELD		'125'
MYSQL_USERNAME		?postfixuser?
MYSQL_USER_TABLE	mailbox
MYSQL_WHERE_CLAUSE      active='1'
MYSQL_AUXOPTIONS_FIELD 	CONCAT("disableimap=",disableimap,",disablepop3=",disablepop3,",disablewebmail=",disablewebmail,",sharedgroup=",sharedgroup)

mysql_relay_domains_maps.cf
Code: 
user = ?postfixuser?
password = ?somepass2?
hosts = ?postfixmysqlhost?
dbname = ?postfixdb?
table = domain
select_field = domain
where_field = domain
additional_conditions = and backupmx = '1'

mysql_virtual_alias_maps.cf
Code: 
user = ?postfixuser?
password = ?somepass2?
hosts = ?postfixmysqlhost?
dbname = ?postfixdb?
table = alias
select_field = goto
where_field = address

mysql_virtual_domains_maps.cf
Code: 
user = ?postfixuser?
password = ?somepass2?
hosts = ?postfixmysqlhost?
dbname = ?postfixdb?
table = domain
select_field = description
where_field = domain
additional_conditions = and backupmx = '0' and active = '1'

mysql_virtual_mailbox_limit_maps.cf
Code: 
user = ?postfixuser?
password = ?somepass2?
hosts = ?postfixmysqlhost?
dbname = ?postfixdb?
table = mailbox
select_field = quota
where_field = username
additional_conditions = and active = '1'

mysql_virtual_mailbox_maps.cf
Code: 
user = ?postfixuser?
password = ?somepass2?
hosts = ?postfixmysqlhost?
dbname = ?postfixdb?
table = mailbox
select_field = maildir
where_field = username
additional_conditions = and active = '1'

Wenn das noch nicht reichen sollte, bitte posten, dann füge ich noch die andern (imaps usw.) ein...

Bitte helft mir... Ach ja und frohe Weihnachten :D
Vanessa
 
Auch wenn Outlook meist den RandomErrorGenerator benutzt wuerde ich '-ERR Maildir: No such file or directory'
mal nachgehen und sichergehen, dass die Mailbox des entsprechenden Users existiert.
Schau ausserdem nach, ob es in den Logfiles irgendwelche interessanten Eintraege gibt.
 
Hallo unlink,

die Mailbox habe ich manuell erstellt.
Zuerst unter /usr/local/virtual ein Verzeichnis names mail@domain.tld eingerichtet, dann Maildir per makemaildir, dann chown:

Code: 
# mkdir -p /usr/local/virtual/mail@domain.tld
# /usr/local/bin/maildirmake /usr/local/virtual/mail@domain.tld/Maildir
# chown -R postfix:postfix /usr/local/virtual

/usr/local/virtual hat die Rechte 751

Beim Starten von Postfix zeigt die maillog folgendes:

Code: 
 26 12:25:24 hostname authdaemond.mysql: modules="authmysql authpam", daemons=5
 26 12:31:42 hostname postfix/postfix-script: starting the Postfix mail system
 26 12:31:43 hostname postfix/master[734]: daemon started -- version 2.1.5

Beim anmelden per POP3 zeigt die maillog folgendes:

Code: 
Dec 23 20:16:09 hostname pop3d: LOGIN, user=mail@domain.tld, ip=[::ffff:192.168.1.5]
Dec 23 20:16:09 hostname pop3d: scancur opendir("cur"): No such file or directory

Bei IMAP steht das hier dinnen:

Code: 
Dec 26 12:32:12 hostname imapd: LOGIN, user=mail@domain.tld, ip=[::ffff:192.168.1.5], protocol=IMAP
Dec 26 12:32:12 hostname imapd: LOGOUT, user=mail@domain.tld, ip=[::ffff:192.168.1.5], headers=0, body=0, time=0

Zur Vollständigkeit hier auch die Outlook Fehlermeldung, wenn man per IMAP zugreift:

Das "Posteingang"-Verzeichnis wurde nicht auf ungelesene Nachrichten überprüft. Die Zahl der ungelesenen Nachrichten für "Posteingang" auf "192.168.1.4" konnte nicht festgestellt werden Konto: '192.168.1.4', Server: '192.168.1.4', Protokoll: IMAP, Serverantwort: 'IDLE completed', Port: 143, Secure (SSL): Nein, Fehlernummer: 0x800CCCD2

Die Übertragung der Kopfzeilen aus dem Ordner "Posteingang" wurde nicht abgeschlossen. "Posteingang" konnte auf dem IMAP-Server nicht ausgewählt werden. Versuchen Sie die Ordnerliste zu aktualisieren, um sie mit dem IMAP-Server zu synchronisieren. Konto: '192.168.1.4', Server: '192.168.1.4', Protokoll: IMAP, Serverantwort: 'Unable to open this mailbox.', Port: 143, Secure (SSL): Nein, Fehlernummer: 0x800CCCD2

in den anderen logs ist nix auffälliges zu sehen...?
 
Zuletzt bearbeitet:
Nachtrag

ach ja, nochwas zum Maildir.
Eigentlich habe ich ja Postfixadmin zur Maildadministration installiert. Wenn ich dort eine Neue Mailadresse einrichte kommt zwar die Meldung, dass die neue Mailadresse hinzugefügt wurde, in der /usr/local/virtual ist dann aber keine neue Maildir vorhanden. Dachte eigentlich, Postfixadmin würde das machen...

Habe deshalb das Maildir manuell eingerichtet.
 
soweit so gut

Hallo Leute,

durch Zufall habe ich es nun geschafft eine Verbindung zu bekommen. Jetzt klappt der login. Es lag daran, dass postfixadmin in die Spalte maildir 'mail@domain.tld/' reingeschrieben hat. Richtig wäre aber 'mail@domain.tld/Maildir/'.

Also jetzt kann ich mich anmelden und Post abholen. Und ach du schreck, ich kann keine Nachricht senden. Oulook meldet einen timeout fehler.

Die Maillog zeigt folgenden Eintrag:

Code: 
Dec 27 12:33:30 hostname postfix/smtpd[1098]: fatal: open database /etc/aliases.db: No such file or directory
Dec 27 12:33:31 hostname postfix/master[735]: warning: process /usr/local/libexec/postfix/smtpd pid 1098 exit status 1
Dec 27 12:33:31 hostname postfix/master[735]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling

Fällt euch dazu etwas ein? Ich meine klar existiert keine /etc/aliases.db. Soll ja über MySQL laufen. In meiner MySQL log steht nix auffälliges drinnen.

Viele Grüße,
Vanessa
 
Geschafft

:D na also...

Probieren geht über studieren!

Folgendes löste das Problem:

Code: 
# newaliases
# cd /etc
# ln -s mail/aliases.db aliases.db
# postfix reload
 
Bis zu dem Punkt war bei mir alles gleich. Nur jetzt hab ich das:

Code: 
# newaliases
/libexec/ld-elf.so.1: Shared object "libcourierauth.so.0" not found, required by "aliasexp"

Code: 
# locate libcourierauth.so.0
/usr/local/lib/courier-authlib/libcourierauth.so.0

Kann mir da wer helfen? Mit google hab ich leider nichts Hilfreiches gefunden.

edit:
Anscheinend ist vor kurzem eine neue Version rausgekommen. Mit der läufts auf einmal. Hätte nicht gedacht, dass sich das Problem von selbst löst :)
 
Zuletzt bearbeitet:
Du musst dich einloggen oder registrieren, um hier zu antworten.
Zurück
Oben