postfix and squirrelmail

12 posts / 0 new
Last post
#1 Mon, 01/30/2006 - 07:44
jamesrichardson

postfix and squirrelmail

I've gotten things working for the most part, but I'm currently having two problems, and hopefully they are just really simple config issues.

First, although dovecot is working great, I can't do SMTP auth with postfix, and although I've seen several methods for enabling the various auth methods using cyrus server process shows up, the correct entry in main.cf must be missing because none of my outside clients can authenticate with any method on smtp.

Second (and this one is a little strange) the squirrelmail, although working, also seems to need a little configuration tweaking. When a user logs in to www.domain.com/webmail (joe.domain), I get an error:

ERROR : Could not complete request. Query: CREATE "mail/Sent" Reason Given: Invalid mailbox name: mail/Sent

although the rest of the mail can be seen just fine. Then, if the user tries to send mail, it is mangling the return address so that mail is rejected. Joe@domain.com becomes joe.domain@localhost.mydomain.com. The domain mapping that postfix uses is not being picked up. The SMTP auth is my most pressing issue, so any suggestions would be greatly appreciated...

Jim Richardson

Mon, 01/30/2006 - 08:04
jamesrichardson

OK, I saw this bug report filed by Joe:

http://www.virtualmin.com/bug-tracker/bug?bug%5fnumber=147

And this method works for SMTP auth (although it was little hard to find).

I'm still having webmail issues, but hopefully you can point me to an equally easy fix...

Jim

Mon, 01/30/2006 - 08:23
jamesrichardson

OK, not so fast.

http://www.virtualmin.com/bug-tracker/bug?bug%5fnumber=147
turned me into an open relay. I'm pretty sure it has something to do with

"Edit the field labeled "Restrictions on recipient addresses"

Somewhere in the list of options (depending on what other stuff you're using, but before reject_unauth_destination and after permit_mynetwork) insert "permit_sasl_authenticated".

Save it."

When I go to restrictions on recipient addresses, it is set to defualt and there is no way to edit them in webmin, I can click on the description to get a good help file, but I guess I need to know what the defaults are, or how or where to edit a config file. Open relays are bad things, but I can get by for a little while at least...

Also, if it means anything, when I ehlo localhost in telnet, I get:
250-linux.605network.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN GSSAPI
250-AUTH=PLAIN LOGIN GSSAPI
250-XVERP
250 8BITMIME

the difference in your note being AUTH PLAIN LOGIN GSSAPI vs AUTH LOGIN PLAIN listed in your note.

Jim

Mon, 01/30/2006 - 08:30
jamesrichardson

I think the problem is in /usr/lib/sasl2/smtpd.conf, you say in your note:

Finally, run this:

echo "mech_list: PLAIN LOGIN"]> /usr/lib/sasl2/smtpd.conf

This just add a list of available authentication methods to the sasl configuration.

what syntax needs to be added to smtpd.conf? It is empty now.

Mon, 01/30/2006 - 08:40
jamesrichardson

OK, one last thing. It is still an open relay, but it is not /usr/lib/sasl2/smtpd.conf, that file now has one line:

mech_list: PLAIN LOGIN

and everything else seems to fine. It must be the point of editing Restrictions on recipient addresses in SMTP options, and I just don't see how to do that in webmin, but if I can do it in main.cf, can you tell me what needs to be put where to close the relay but still allow auth SMTP...

thanks
Jim

Mon, 01/30/2006 - 16:42
Blueforce

Hi,

I have these settings.

/usr/lib/sasl2/smtpd.conf:
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN

Restrictions on recipient addresses:
permit_mynetworks, permit_sasl_authenticated, check_relay_domains, reject_unauth_destination

This settings works perfect for me.
(The server is FC4 and Virtualmin Pro)

Regards
Leif Blåfors

Mon, 01/30/2006 - 17:17
jamesrichardson

Thanks for the reply Leif,

It would be nice if Joe would confirm it, but I could easily add:
pwcheck_method: saslauthd

to smtp.conf, but I still have a question.

You say you have:

Restrictions on recipient addresses:
permit_mynetworks, permit_sasl_authenticated, check_relay_domains, reject_unauth_destination

My question was where you found that to edit it. Is it in the postfix main.cf?

Thanks,

Jim Richardson
605 Network

Mon, 01/30/2006 - 18:04
Blueforce

Hi again,

I made the changes in Webmin, Servers, Postfix Configuration and SMTP server options. There I changed the "Restrictions on recipient addresses" from "Default" to this: permit_mynetworks, permit_sasl_authenticated, check_relay_domains, reject_unauth_destination.

Regards
Leif Blåfors

Mon, 01/30/2006 - 18:17
jamesrichardson

OK Leif,

I owe you a beer (or even a case), that fixed it! Now I just need to figure out the webmail issue and all will be well with my server....

Jim Richardson
605 Network

Wed, 02/01/2006 - 03:54
Blueforce

Hi again,

It seams like the "check_relay_domains" is deprecated so you should remove it from the config. It's recommended to use the "reject_unauth_destination" instead, and that is allready in there if you used the config I posted.

My logfile told me:
"...: warning: support for restriction "check_relay_domains" will be removed from Postfix; use "reject_unauth_destination" instead"

I have removed the "check_relay_domains" from my config and everyting is still working.

Sorry for the incorrect information erlier.
Maybe I should give you the beer back *smile*

Regards
Leif Blåfors

Wed, 02/08/2006 - 07:08
PaulDuffield

Hey if you ask me it's Beer all round!

Thanks guys for the info. This worked for me and solved a great deal of headache after many hours fighting it and not really getting much from other sources or forums.

I wish it was better documented how to get this going as I am sure (well better documented for Linux newbie's like me at least) there must be others that would require this fix that should (perhaps) be standard as part of the install?.

(Joe? ;-) )

Paul

Wed, 02/08/2006 - 14:02 (Reply to #11)
Joe
Joe's picture

Hey Paul,

Yes, the bug referenced was actually a "note to self" for me to add this to the installer. It's almost all in there now. At least all of the packages are installed--only one piece of the puzzle is missing now, which is editing the master.cf. Webmin's Postfix module got support for this file not too long ago (in anticipation of this requirement), and so it is easy to add it, I just haven't found the half-hour needed to add/test it. Probably today will be the day, however.

--

Check out the forum guidelines!