# questions about postfix and dovecot in jailed system



## maudib (Feb 9, 2012)

Hi

I'm using FreeBSD-8.2-RELEASE-p6.I created a jail on this host for my mail daemons (postfix+dovecot) to live in. I followed the jail(8) page and i also installed mail/postfix and mail/dovecot from the ports tree via
`# mount_nullfs /usr/ports $D/usr/ports`

I can do:

`$ openssl s_client -quiet -connect myhost.mydomain.com:993`

and get a response from dovecot (although when connecting from mutt on my client the jailed mailbox is always empty, due to the fact that not even the bsd mail command, when run on this freeBSD jailed system, results in mail appearing in /var/mail/user in the jail).

Also when i try to connect to the jailed postfix by doing:
`$ telnet myhost.mydomain 25`

on the client box i get no response from postfix. I have the address of the IP alias as the address to listen on in postfix's main.cf. Also both the /etc/hosts (client and server) files list the IP and hostname of the jailed virtual system and the client's hostname, as well as the loopback interface.

Can anyone make any suggestions of what might be wrong? Postfix starts without any error in this jail. Also i would rather do it without ezjail if at all possible.
thank you very much for any replies


----------



## gkontos (Feb 9, 2012)

Could you please post your rc.conf of the host and the jail?

The output of /var/log/mailog would also be useful.


----------



## fbsd1 (Feb 10, 2012)

You have to turn off sendmail on the host system. No host system application and jail application can use the same port number on the same ip address.

I recommond qjail for your 8.X host. Jails just work with out any treaking like you have to do with ezjail


----------



## gkontos (Feb 10, 2012)

fbsd1 said:
			
		

> You have to turn off sendmail on the host system. No host system application and jail application can use the same port number on the same ip address.



Not necessarily, sendmail can bind to the host's IP address and postfix on the jail's IP.


----------



## maudib (Feb 10, 2012)

Sendmail is disabled in both the rc.conf of the host and the jail with:

```
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
```
the output of

```
#sockstat | grep "\*:[0-9]"
```
on the host system, shows no daemons behind listening ports. Also *I* didn't enable inetd, on the host system, when *I* installed it. The only daemons that are started up when the jail is booted are sshd and postfix. I'll run a tcpdump session, on the client system to see what's going on and post back when *I*'ve looked at it. Should postfix, in the jail, listen to all interfaces or just the IP address of the alias that was defined?

Thank you very much for your replies.


----------



## maudib (Feb 10, 2012)

Oh and the output of sockstat on the jail system shows that postfix is indeed listening no port 25.


----------



## divdev (Feb 11, 2012)

Hi, *I*'m a jails newbie but have learned much playing with it, so far what *I* can recommend to you is:

 Try telnet commands inside your jail first to see if internally it's ok: postfix or dovecot answer your telnet commands
 Then try from the outside client
 I don't know if sending commands to host port xx will automatically be picked by your jail port xx so what *I*'m doing is redirecting (with pf) host port xx to jail port xx
 gkontos asked you to post your rc.conf, *I* think he can help you more if you post the complete rc.conf of your host and jail


----------



## maudib (Feb 15, 2012)

I built a new jail. The old one, it turned out, had too many exclusions in the hosts system's /etc/make.conf. The new one, which has far fewer exclusions,  has no problem building ports so far. Although when *I* tried to fetch the openLDAP port, as part of the postfix port install, fetch said it couldn't find it at the mirror that my system was using!

Thank you very much for all your replies and any future replies,
regards


----------



## ecazamir (Feb 15, 2012)

Using postfix and dovecot in different jails will make difficult the SASL authentication mechanism for SMTP. On a SASL-enabled configuration, both processes need to share a socket.



			
				maudib said:
			
		

> Can anyone make any suggestions of what might be wrong? Postfix starts without any error in this jail.



Try increasing debug levels for postfix, take a look at /var/log/messages and/or /var/log/maillog. It is possible to start postfix without any error and a subsequent SMTP connection to fail if there are errors in some lookup tables configuration.



			
				maudib said:
			
		

> The only daemons that are started up when the jail is booted are sshd and postfix.



Unless I need to pass administration of my postfix/dovecot server to someone from the outside, I prefer using a single SSH daemon on the host and then run [CMD="jexec"]1 /bin/tcsh[/CMD]
Of course, with a firewall enabled, restricting ingress and egress IP traffic to/from jail(s).


----------



## gkontos (Feb 15, 2012)

@maudib

There is a high probability of something being declared wrong in the host and/or the jail rc.conf file.

You can always obscure IP addresses before posting them.

George


----------

