# Setting up Squirrel Mail



## jackocurly0074 (Nov 9, 2009)

Right well I am in the process of setting up a mail server using freebsd and am discovering it is harder then I thought it would be!  The setup I am using makes use of Posfix, Squirrel mail and dovecot.  As I am new to this I am not sure what config files you guys will need to see to help me out, but let me know and I'll get them up ASAP!  The guide I used is here as it is the best guide I have been able to find for a mail server up to now.  If anyone can suggest a more concise tutorial that would be great as I feel things seem ambigious in places!

http://www.purplehat.org/?page_id=4

Hoping you guys can help me figure this out as I haven't a good idea of why it is happening!  Well I have some ideas but because I'm new I don't really understand it well enough to fix it!

The error below is what I get when I try to run


```
http://mymachine/squirrelmail/src/configtest.php
```


```
Warning: fsockopen() [function.fsockopen]: unable to connect to tls://localhost:993 (Connection refused) in 
/usr/local/www/apache22/data/squirrelmail/src/configtest.php on line 405
ERROR: Error connecting to IMAP server "localhost:993".Server error: (61) Connection refused
```

Thanks again for any help you guys can give!


----------



## DutchDaemon (Nov 9, 2009)

Do you need TLS over localhost, really? Try regular IMAP, port 143, and make sure Dovecot is actually running on localhost ([cmd=]sockstat -l4p 993[/cmd] and/or [cmd=]sockstat -l4p 143[/cmd]).


----------



## jackocurly0074 (Nov 10, 2009)

Hmm, well it would appear that nothing is running on those ports :S!  I'll go check the config files to see what's going on!


----------



## jackocurly0074 (Nov 10, 2009)

Hi, found the reason it wouldn't start, one of the lines I needed to comment out was still live.  Also when editing this file I have to open it in terminal as even when logged in as root on Gnome it won't let me edit the file in Gedit which makes it easier to make errors.

Here is the error I get when I start dovecot now -

```
RinicomTestServer# dovecot
Warning: Last died with error (see error log for more information): Auth process died too early - shutting down
Info: If you have trouble with authentication failures,
enable auth_debug setting. See http://wiki.dovecot.org/WhyDoesItNotWork
```

I enabled the auth_debug setting and will attempt to find the log and post it here if i can't figure it out!


----------



## jackocurly0074 (Nov 10, 2009)

Cool I can edit posts now!  Good to know , well I'm unsure which log I should be checking for this error so if anyone knows ....!


----------



## jackocurly0074 (Nov 10, 2009)

As for using TLS I was just following the guide, I can turn it off as I'm sure it will help debugging but I'm certain that it will not fix the problem as seemingly nothing is ever quite that simple while trying to set up this mail server!


----------



## wonslung (Nov 10, 2009)

I followed the same guide...it took some modification because i was doing my stuff in jails.

Anyways, i found that i like roundcube better than squirrelmail.


----------



## jackocurly0074 (Nov 10, 2009)

Hmm, well I want to try to get squirrel mail to work before switching to something else!  Although at the moment the problem is something to do with dovecot as it simply won't start and I'm not sure why!


----------



## wonslung (Nov 10, 2009)

yah, it took me a few times to get it all working but that's one of the advantages of using a jail...when things didn't work and i couldn't figure it out i could just stop the jail and make a new one.  After awhile i finally got it all working....

The BIGGEST help for me was the log files in /var/log/

most of it goes to /var/log/maillog but i think dovecot has to be set to it's own log....be sure to set it so you can see what's happening.


----------



## jackocurly0074 (Nov 10, 2009)

Right ok, I'll try getting to that log file and see if it says anything of use!  What is a jail in this context as it is not a term I've heard before?  Is it some kind of sandbox?


----------



## jackocurly0074 (Nov 10, 2009)

Right after checking the following log -

/var/log/maillog I got the following output from the end of the file.  Note this error seems to be repeating itself throughout the rest of the log so I only copied this part!  Becasue I used the tutorial to setup the SASL I'll be honest and say I don't know what it is for, but what should I do to fix this? Either removing the SASL stuff or a fix I don't mind as all I want at this time is a working mail server.


```
Nov 10 10:55:15 RinicomTestServer postfix/smtpd[1912]: connect from RinicomTestServer.com[192.168.1.233]
Nov 10 10:55:15 RinicomTestServer postfix/smtpd[1912]: warning: SASL: Connect to private/auth failed: No such file or directory
Nov 10 10:55:15 RinicomTestServer postfix/smtpd[1912]: fatal: no SASL authentication mechanisms
Nov 10 10:55:16 RinicomTestServer postfix/master[830]: warning: process /usr/local/libexec/postfix/smtpd pid 1912 exit status 1
Nov 10 10:55:16 RinicomTestServer postfix/master[830]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling
Nov 10 10:56:16 RinicomTestServer postfix/smtpd[1918]: connect from RinicomTestServer.com[192.168.1.233]
Nov 10 10:56:16 RinicomTestServer postfix/smtpd[1918]: warning: SASL: Connect to private/auth failed: No such file or directory
Nov 10 10:56:16 RinicomTestServer postfix/smtpd[1918]: fatal: no SASL authentication mechanisms
Nov 10 10:56:17 RinicomTestServer postfix/master[830]: warning: process /usr/local/libexec/postfix/smtpd pid 1918 exit status 1
Nov 10 10:56:17 RinicomTestServer postfix/master[830]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling
Nov 10 11:24:06 RinicomTestServer postfix/smtpd[2004]: connect from localhost[127.0.0.1]
Nov 10 11:24:06 RinicomTestServer postfix/smtpd[2004]: warning: SASL: Connect to private/auth failed: No such file or directory
Nov 10 11:24:06 RinicomTestServer postfix/smtpd[2004]: fatal: no SASL authentication mechanisms
Nov 10 11:24:07 RinicomTestServer postfix/master[830]: warning: process /usr/local/libexec/postfix/smtpd pid 2004 exit status 1
Nov 10 11:24:07 RinicomTestServer postfix/master[830]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling
Nov 10 13:55:04 RinicomTestServer postfix/smtpd[2311]: connect from localhost[127.0.0.1]
Nov 10 13:55:04 RinicomTestServer postfix/smtpd[2311]: warning: SASL: Connect to private/auth failed: No such file or directory
Nov 10 13:55:04 RinicomTestServer postfix/smtpd[2311]: fatal: no SASL authentication mechanisms
Nov 10 13:55:05 RinicomTestServer postfix/master[830]: warning: process /usr/local/libexec/postfix/smtpd pid 2311 exit status 1
Nov 10 13:55:05 RinicomTestServer postfix/master[830]: warning: /usr/local/libexec/postfix/smtpd: bad command startup -- throttling
```


----------



## jackocurly0074 (Nov 10, 2009)

Ok well I removed the SASL section from the main.cf file (usr/local/etc/postfix), and now it seems that the error is something else entirely, here is what was printed on the log.  Anyone got an idea of why this might be?


```
Nov 10 14:41:33 RinicomTestServer postfix/smtpd[3921]: connect from localhost[127.0.0.1]
Nov 10 14:41:33 RinicomTestServer postfix/smtpd[3921]: lost connection after CONNECT from localhost[127.0.0.1]
Nov 10 14:41:33 RinicomTestServer postfix/smtpd[3921]: disconnect from localhost[127.0.0.1]
Nov 10 14:41:33 RinicomTestServer postfix/smtpd[3921]: connect from localhost[127.0.0.1]
Nov 10 14:41:33 RinicomTestServer postfix/smtpd[3921]: lost connection after CONNECT from localhost[127.0.0.1]
Nov 10 14:41:33 RinicomTestServer postfix/smtpd[3921]: disconnect from localhost[127.0.0.1]
Nov 10 14:41:33 RinicomTestServer postfix/smtpd[3921]: connect from localhost[127.0.0.1]
Nov 10 14:41:33 RinicomTestServer postfix/smtpd[3921]: lost connection after CONNECT from localhost[127.0.0.1]
Nov 10 14:41:33 RinicomTestServer postfix/smtpd[3921]: disconnect from localhost[127.0.0.1]
Nov 10 14:41:33 RinicomTestServer postfix/smtpd[3921]: connect from localhost[127.0.0.1]
Nov 10 14:41:33 RinicomTestServer postfix/smtpd[3921]: lost connection after CONNECT from localhost[127.0.0.1]
Nov 10 14:41:33 RinicomTestServer postfix/smtpd[3921]: disconnect from localhost[127.0.0.1]
Nov 10 14:41:33 RinicomTestServer postfix/smtpd[3921]: connect from localhost[127.0.0.1]
Nov 10 14:41:33 RinicomTestServer postfix/smtpd[3921]: lost connection after CONNECT from localhost[127.0.0.1]
Nov 10 14:41:33 RinicomTestServer postfix/smtpd[3921]: disconnect from localhost[127.0.0.1]
```


----------



## wonslung (Nov 10, 2009)

well, jails are one of the most wonderful things freebsd has to offer.  They are basically very light weight virtual freebsd installs.

You have a dir like /usr/jails and in this dir you have, say, /usr/jails/mailjail and /usr/jails/wwwjail and maybe /usr/jails/mysqljail

Each jail has all the files needed to run a normal freebsd install (with ezjails these take up almost no space because of nullfs, also ZFS systems can use zfs cloned base jails)  Each jail has it's own ip.  It's really great, they add a huge layer of security...but the reason I like them so much is, for newbs like me, i can experiment with installing different setups without having to reinstall over and over.

A perfect example is exactly what you're going through now.  I had trouble with the mail server setup so I did everything in a single jail.  When i'd get one part working, i'd take notes...back up config files, whatever.  Then i'd move on to doing more...if it got to be where i couldnt' fix it, it's no big deal, i can just delete the jail and make a new one.  Or, let's say i have everything working but i want to try something else and i'm not sure it will break the system or not...no problem, clone or backup the working install, do what you want..if it doesnt' work, go back to the original.
Another great use i've found for jails is...you can take a really fast machine which isnt' being used for production and make a jail for building ports for a slower/loaded machine.  Just set this jails /etc/make.conf with the processor type/whatever for the target machine build it, then use pkg_create to make a package of the port.  Works great.

ANNNYWAYS, back to your problem...let me post my postfix config
This is with my hostname and domain changed....this is directly from the same guide you used.

```
soft_bounce = no

# SASL CONFIG
#
broken_sasl_auth_clients = yes
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_recipient_restrictions =
  permit_mynetworks,
  permit_sasl_authenticated,
  reject_non_fqdn_hostname,
  reject_non_fqdn_sender,
  reject_non_fqdn_recipient,
  reject_unauth_destination,
  reject_unauth_pipelining,
  reject_invalid_hostname,
  reject_rbl_client list.dsbl.org,
  reject_rbl_client bl.spamcop.net,
  reject_rbl_client sbl-xbl.spamhaus.org
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

# TLS CONFIG
#
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom    

# MySQL Configuration
#
virtual_alias_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:125
virtual_mailbox_base = /usr/local/virtual
virtual_mailbox_domains = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 125
virtual_transport = virtual
virtual_uid_maps = static:125    

# Additional for quota support
#
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps
  $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains
  $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps
  $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
  $virtual_mailbox_limit_maps
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, this user has overdrawn their diskspace quota. Please try again later.
virtual_overquota_bounce = yes


# LOCAL PATHNAME INFORMATION

#
queue_directory = /var/spool/postfix

# The command_directory parameter specifies the location of all
# postXXX commands.
#
command_directory = /usr/local/sbin

# The daemon_directory parameter specifies the location of all Postfix
# daemon programs (i.e. programs listed in the master.cf file). This
# directory must be owned by root.
#
daemon_directory = /usr/local/libexec/postfix

# The data_directory parameter specifies the location of Postfix-writable
# data files (caches, random numbers). This directory must be owned
# by the mail_owner account (see below).
#
data_directory = /var/db/postfix

# QUEUE AND PROCESS OWNERSHIP
mail_owner = postfix

#
myhostname = xxx.xxx.xxx
#myhostname = virtual.domain.tld

#
mydomain = xxxx.xxxx.xxxx
mydestination = localhost.$mydomain, $myhostname, localhost
unknown_local_recipient_reject_code = 550
mynetworks_style = host

relay_domains = proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf


# TRANSPORT MAP
#
transport_maps = hash:/usr/local/etc/postfix/transport
vacation_destination_recipient_limit = 1

debug_peer_level = 2

debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 ddd $daemon_directory/$process_name $process_id & sleep 5


sendmail_path = /usr/local/sbin/sendmail

# newaliases_path: The full pathname of the Postfix newaliases command.
# This is the Sendmail-compatible command to build alias databases.
#
newaliases_path = /usr/local/bin/newaliases

# mailq_path: The full pathname of the Postfix mailq command.  This
# is the Sendmail-compatible mail queue listing command.
# 
mailq_path = /usr/local/bin/mailq

# setgid_group: The group for mail submission and queue management
# commands.  This must be a group name with a numerical group ID that
# is not shared with other accounts, not even with the Postfix account.
#
setgid_group = maildrop

# html_directory: The location of the Postfix HTML documentation.
#
html_directory = /usr/local/share/doc/postfix

# manpage_directory: The location of the Postfix on-line manual pages.
#
manpage_directory = /usr/local/man

# sample_directory: The location of the Postfix sample configuration files.
# This parameter is obsolete as of Postfix 2.1.
#
sample_directory = /usr/local/etc/postfix

# readme_directory: The location of the Postfix README files.
#
readme_directory = /usr/local/share/doc/postfix
```

hope this helps.


----------



## jackocurly0074 (Nov 11, 2009)

Thanks for that, I'm just checking it against mine.  There is one thing I am unsure of,  where you get $myhostname this is where you put in your machine name right?  Or is this a system variable?

I am also a little unsure on what the hostname/domain name are at times.  As far as I'm aware the Host name given under network settings is TestServer, an the domain name simply "com".  This is basic stuff I realise but often the examples of such things use sudo names such as myhostname which can be confusing when I've never done this type of thing before!


----------



## jackocurly0074 (Nov 11, 2009)

Right,  I think most of my config file for postfix was exactly the same but there was one or two slight differences.  I went into the dovecot config file and instead of following the guide to the letter I changed what I needed to to get it to run (the cert and key files were already set up).  Upon going back and trying to run squirrel mail config test it appears to work so going to try to login now (more problems to be expected lol!)


----------



## jackocurly0074 (Nov 11, 2009)

After logging in and attempting to send an email it doesn't work, though I am not sure whether this could be a multitude of reasons.  For one the machine is not configured properly for virtual hosts so to connect to it I either edit the hosts file to go to it's IP or I simply type the IP in!  On the local machine I can access it by using the TestServer.com in the web browser.  This is the same for the email address e.g. user@TestServer.com.  However after trying to send an email to myself it simply prints after some time


```
ERROR:
Message not sent. Server replied:
```

Not quite sure why the error is basically empty but it may be a tell tale sign to someone else!


----------



## jackocurly0074 (Nov 11, 2009)

How hard is it to setup jails?  As it sounds like a good idea!  As currently I do think I could do to start the mail setup from scratch just to ensure nothing else is causing the issues!


----------



## wonslung (Nov 11, 2009)

the easiest guide out there for jails is this:
http://www.scottro.net/qnd/qnd-ezjail.html

one thing to remember though....if this is a remote system with only a single remote ip you're going to have to learn the ins and outs of NAT and redirect rules before jails will be much user.  If this is on a remote machine with multiple public ip's it's going to be a lot easier, you can just set alias ip's as the new public ip's for your jails.


It's really not that hard either way.  

Providing this is a local network machine you can just set up more 192.168.x.x ips or one of the other ranges that your router uses....

did you try setting the dovecot setting to the letter?

Believe me man, this is one of the hardest things i've had to get working.  It took me 3-4 fresh starts before i got what i needed.....

When i DID i skipped all the virus/spam stuff at first, just tried to get dovecot/postifx working


----------



## jackocurly0074 (Nov 11, 2009)

Hmm well I really am getting stressed with this lol!  I'm trying to install Freebsd on another machine through VMware so that I can try the guide with all the settings to the letter!  At the moment I think it is a dovecot issue so I'm going to go back through and double check everything in there!  There is one thing which I know will be stopping some things work properly and this is that the machine in question does not have any virtual hosts.  So I expect this may mean that mail can't be sent from the outside but should work internally if you can log on to the webmail (which I can).  Anyway I will try to ensure dovecot config files are correct as I did delete them and use the defaults just to get a basic setup working!


----------



## DutchDaemon (Nov 11, 2009)

Are you only going to use Dovecot as the backend IMAP server for webmail, or are you going to allow access to IMAP from the Internet? If only the former, please save yourself a heap of trouble and just run a plain vanilla Dovecot, bind it to localhost:143, and forget all that TLS/SSL/IMAPs stuff.


----------



## wonslung (Nov 11, 2009)

DutchDaemon said:
			
		

> Are you only going to use Dovecot as the backend IMAP server for webmail, or are you going to allow access to IMAP from the Internet? If only the former, please save yourself a heap of trouble and just run a plain vanilla Dovecot, bind it to localhost:143, and forget all that TLS/SSL/IMAPs stuff.




I had the same problem when i was trying to get email working.  It's just much more complicated than...say a web server.  What would be nice is a newer guide for newbs.  The only one i can find is the purple hat guide. It worked for me finally but it's pretty daunting for a newbie.


----------



## jackocurly0074 (Nov 12, 2009)

Yeah I'm all for a newer guide !  But daunting indeed it's one steep climb!  I will try just a vanilla setup for now but on my virtual machine as I don't want to break what I do have working!  Seems the best way to learn this however is to break it fix it break it until you get somewhere close to what you actually want lol!


----------



## jackocurly0074 (Nov 12, 2009)

Oh and with regards to the security stuff I would like to have that if I can as I am experimenting with it at the moment and if I can get something working that is secure this might mean it can be properly implemented at the company I'm on placement at!  So for this reason I am trying to get as much as I can working.


----------



## dennylin93 (Nov 12, 2009)

wonslung said:
			
		

> I had the same problem when i was trying to get email working.  It's just much more complicated than...say a web server.  What would be nice is a newer guide for newbs.  The only one i can find is the purple hat guide. It worked for me finally but it's pretty daunting for a newbie.



I recently setup a new mail server (Postfix, Dovecot, MySQL, Apache, PHP, Roundcube, SpamAssassin, and ClamAV). I'll try to write a howto when I have time.


----------



## wonslung (Nov 12, 2009)

I've gotten postfix dovecot roundcube and postfixadmin working in a jail.  I'd liek to be able to get maia-mailguard working in the jail with it but i keep getting deferred errors.  I think it's due to amasvid's settings.  

I'm fairly sure spamassassin and clamav aren't working in my setup because i couldn't get maia working.  I think the purplehat guide depends on maia working to get all 3 working...if someone who knows more than i do gets time to look at the guide....

All i need is tips on how to make it work in a jail.

I'm also considering using spamd (the openbsd pf spamd, not the one from spamassassin) 

so far though we've gotten no spam...i'm sure it will change though.


----------



## jackocurly0074 (Nov 17, 2009)

Thanks for your help on this, I have had to put the mail server to one side for now as other things are more important!  But at some point I will hopefully come back to this and get it working using some of the help given here.  Thanks all!


----------



## wonslung (Nov 18, 2009)

cool,, sorry you couldn't get it working.  Do yourself a favor though and learn about jails, it will help you a ton in the long run (at least it has for me)


----------

