# need postfix help, virtual domain



## Kevin22 (Aug 22, 2009)

I setup postfix + postfix admin + spamassassin via the purplehat guide and have added virtual hosts and mailboxes with postfix admin and i can successfully login with these accounts but cant send/receive mail
when i send a test email to these accounts it comes back with the error of 'unknown user'
it seems as though postfix isnt reading the sql database and is searching locally for the user and of course not finding it.
any help would be appreciated.


----------



## vivek (Aug 22, 2009)

Unknown user error is reported by your own Postfix or remote smtp server? Look at /var/log/maillog for more error log.


----------



## Kevin22 (Aug 22, 2009)

here is what shows in the log file


```
Aug 22 15:07:24 **** postfix/local[85256]: 9E3813FF83A: to=<****@****>, relay=local, delay=21, delays=20/0.02/0/0.02, dsn=5.1.1, 
status=bounced (unknown user: "******")
```
i starred out the names


----------



## Kevin22 (Aug 22, 2009)

i know this is a user error somewhere in the configuration but im not familiar with postfix at all i just got sick of qmail...
heres a copy of mysql_virtual_mailbox_limit_maps.cf which is called upon from main.cf

```
user = postfix
password = (PASSWORD)
hosts = localhost
dbname = postfix
query = SELECT quota FROM mailbox WHERE username='%s'
```


----------



## vivek (Aug 22, 2009)

You should have posted more log, the single line does not tell me anything. Does it say - The email account that you tried to reach does not exist or something like that? Do you get this message when sending or receiving a test e-mail?


----------



## Kevin22 (Aug 23, 2009)

i get it when sending it from my gmail account to the bsd box



```
Aug 22 19:42:19 ****** postfix/smtpd[1097]: E3C1E3FF83A: client=mail-bw0-f207.google.com[209.85.218.207]
Aug 22 19:42:20 ****** postfix/cleanup[2301]: E3C1E3FF83A: message-id=<79d937dd0908221746p43b34966oc0e198d004ba5d96@mail.gmail.com>
Aug 22 19:42:20 ****** postfix/qmgr[84274]: E3C1E3FF83A: from=<*****@gmail.com>, size=1826, nrcpt=1 (queue active)
Aug 22 19:42:20 ****** postfix/trivial-rewrite[1642]: warning: do not list domain *****.com in BOTH mydestination and virtual_mailbox_domains
Aug 22 19:42:20 ****** postfix/local[2302]: E3C1E3FF83A: to=<*****>, relay=local, delay=21, delays=21/0.02/0/0.02, dsn=5.1.1, status=bounced 
(unknown user: "*****")
Aug 22 19:42:20 ****** postfix/cleanup[2301]: 406DE3FF83C: message-id=<20090823004220.406DE3FF83C@*****.com>
Aug 22 19:42:20 ****** postfix/bounce[2303]: E3C1E3FF83A: sender non-delivery notification: 406DE3FF83C
Aug 22 19:42:20 ****** postfix/qmgr[84274]: 406DE3FF83C: from=<>, size=3587, nrcpt=1 (queue active)
Aug 22 19:42:20 ****** postfix/qmgr[84274]: E3C1E3FF83A: removed
Aug 22 19:42:22 ****** postfix/smtp[2304]: 406DE3FF83C: to=<*****@gmail.com>, relay=gmail-smtp-in.l.google.com[209.85.218.39]:25, delay=2.1, 
delays=0.01/0.03/1.1/1, dsn=2.0.0, status=sent (250 2.0.0 OK 1250988442 19si7253775bwz.84)
Aug 22 19:42:22 ****** postfix/qmgr[84274]: 406DE3FF83C: removed
```


----------



## dennylin93 (Aug 23, 2009)

> ```
> Aug 22 19:42:20 ****** postfix/trivial-rewrite[1642]: warning: do not list domain *****.com in BOTH mydestination and virtual_mailbox_domains
> ```



If you're using virtual domains, don't list the same domains in mydestination. This will confuse Postfix, so it won't know which map to look up.


----------



## Kevin22 (Aug 24, 2009)

/usr/local/etc/postfix/mydestination has my domains listed in it when 'mydestination' is this in main.cf


```
mydestination = $myhostname, localhost.$mydomain, /usr/local/etc/postfix/mydestination
```
i've tried commenting out the mydestination line as well as the virtual_mailbox_domains line but it still gives me the error of 'unknown user'
Where am i going wrong here? i followed that howto step by step for virtual domains setup


----------



## Kevin22 (Aug 24, 2009)

ok now when i try to send email from my home pc i get these errors

```
Aug 24 01:27:42 localhost dovecot: auth-worker(default): pam(****@******.com,***.***.***.1**): pam_authenticate() failed: authentication error
Aug 24 01:27:42 localhost dovecot: pop3-login: Login: user=<***@*****.com>, method=PLAIN, rip=***.***.***.1**, lip=***.***.**.**
Aug 24 01:27:42 localhost dovecot: POP3(****@******.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Aug 23 20:27:42 localhost postfix/smtpd[93319]: connect from ******.**.*****.net[***.***.***.1**]
Aug 23 20:27:43 localhost postfix/smtpd[93319]: NOQUEUE: reject: RCPT from ******.**.*****.net[***.***.***.1**]: 504 5.5.2 <LocalHost>: Helo 
command rejected: need fully-qualified hostname; from=<*****@*****.com> to=<*****@******.com> proto=ESMTP helo=<LocalHost>
Aug 23 20:27:43 localhost postfix/smtpd[93319]: lost connection after RCPT from ******.**.*****.net[***.***.***.1**]
Aug 23 20:27:43 localhost postfix/smtpd[93319]: disconnect from ******.**.*****.net[***.***.***.1**]
```


----------



## dennylin93 (Aug 24, 2009)

My advice is to read the logs yourself before you ask what they mean since the problems are quite obvious.



> ```
> Aug 24 01:27:42 localhost dovecot: auth-worker(default): pam(****@******.com,***.***.***.1**): pam_authenticate() failed: authentication
> error
> ```



The authentication failed. It might be a mistyped password, or you haven't correctly set your method of authentication (PAM, LDAP, SQL, etc).



> ```
> Aug 23 20:27:43 localhost postfix/smtpd[93319]: NOQUEUE: reject: RCPT from ******.**.*****.net[***.***.***.1**]: 504 5.5.2 <LocalHost>: Helo
> command rejected: need fully-qualified hostname; from=<*****@*****.com> to=<*****@******.com> proto=ESMTP helo=<LocalHost>
> ```



I'm guessing that you have reject_non_fqdn_helo_hostname in /usr/local/etc/postfix/main.cf. The connection used "Localhost" when it declared its hostname. Since it's not a FQDN, it is rejected. Note that some clients do not use FQDNs when they send their hostname, so this restriction might turn away some valid mail. It might be safer to use

```
reject_non_fqdn_helo_hostname
reject_invalid_helo_hostname
```

instead.


----------



## Kevin22 (Aug 24, 2009)

Look if i were an expert i wouldnt be posting a thread for help on a HELP FORUM. Thanks for your input, but please be courteous as this is a HELP FORUM not an EXPERT ONLY forum


----------



## dennylin93 (Aug 24, 2009)

Sorry, I didn't mean to offend anyone, but I thought that the problem was quite obvious from the logs. My apologies.


----------



## Kevin22 (Aug 24, 2009)

ok i found one error that helped me a bit, i didnt uncommment pam in the dovecot file. now i can send mail to a few users but im still having issues sending to the main domain of the box. i still get the error about not putting both domains in mydestination and virtual mailbox... i know i did something wrong here its just taking me forever to find it. thanks for the help so far.


----------



## francisco (Aug 25, 2009)

Hi Kevin
I used the same tutorial from purplehat on my FreeBSD 7.2 and all gone just well 
These are my files, maybe they can help you.
Best regards 
Francisco

[root@mail /usr/local/etc]# cat dovecot.conf

```
protocols = imap imaps pop3 pop3s
disable_plaintext_auth = no
shutdown_clients = yes
ssl_cert_file = /etc/ssl/dovecot/cert.pem
ssl_key_file = /etc/ssl/dovecot/key.pem
login_greeting = Mail Server Ready.
mail_location = maildir:/usr/local/virtual/%d/%n
mail_privileged_group = mail
verbose_proctitle = yes
first_valid_uid = 125
last_valid_uid = 125
first_valid_gid = 125
last_valid_gid = 125
protocol imap {
	mail_plugins = quota imap_quota
	imap_client_workarounds = delay-newmail netscape-eoh tb-extra-mailbox-sep
}
protocol pop3 {
	mail_plugins = quota
	pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
	postmaster_address = postmaster@(MYDOMAIN.COM)
	sendmail_path = /usr/sbin/sendmail
}
auth default {
	mechanisms = plain login
	passdb sql {
		args = /usr/local/etc/dovecot-sql.conf
	}
	userdb sql {
		args = /usr/local/etc/dovecot-sql.conf
	}
	user = root
	socket listen {
		client {
			path = /var/spool/postfix/private/auth
			mode = 0660
			user = postfix
			group = postfix
		}
	}
}
dict {}
plugin {}
```

[root@mail /usr/local/etc]# cat dovecot-sql.conf

```
driver = mysql
connect = host=localhost dbname=postfix user=postfix password=
default_pass_scheme = MD5
password_query = SELECT password FROM mailbox WHERE username = '%u'
user_query = SELECT maildir, 125 AS uid, 125 AS gid, CONCAT('maildir:storage=', FLOOR( quota / 1024 ) ) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
```

[root@mail /usr/local/etc/postfix]# cat master.cf

```
smtp	inet n	-	n	-	-	smtpd
smtps	inet n	-	n	-	-	smtpd
	-o smtpd_tls_wrappermode=yes
	-o smtpd_sasl_auth_enable=yes
	-o smtpd_client_restrictions=permit_sasl_authenticated,reject
vacation	unix	-	n	n	-	-	pipe
	flags=DRhu user=vacation argv=/var/spool/vacation/vacation.pl
pickup		fifo	n	-	n	60	1	pickup
cleanup	unix	n	-	n	-	0	cleanup
qmgr	fifo	n	-	n	300	1	qmgr
tlsmgr		unix	-	-	n	1000?	1	tlsmgr
rewrite	unix	-	-	n	-	-	trivial-rewrite
bounce		unix	-	-	n	-	0	bounce
defer	unix	-	-	n	-	0	bounce
trace	unix	-	-	n	-	0	bounce
verify		unix	-	-	n	-	1	verify
flush	unix	n	-	n	1000?	0	flush
proxymap	unix	-	-	n	-	-	proxymap
proxywrite unix -	-	n	-	1	proxymap
smtp	unix	-	-	n	-	-	smtp

# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay	unix	-	-	n	-	-	smtp
	-o smtp_fallback_relay=
#	-o smtp_helo_timeout=5 -o smtp_connect_timeout=5

showq	unix	n	-	n	-	-	showq
error	unix	-	-	n	-	-	error
retry	unix	-	-	n	-	-	error
discard	unix	-	-	n	-	-	discard
local	unix	-	n	n	-	-	local
virtual	unix	-	n	n	-	-	virtual
lmtp	unix	-	-	n	-	-	lmtp
anvil	unix	-	-	n	-	1	anvil
scache		unix	-	-	n	-	1	scache
```

[root@mail /usr/local/etc/postfix]# cat main.cf

```
soft_bounce = no
broken_sasl_auth_clients = yes
biff = no
bounce_queue_lifetime=0
command_time_limit=180
default_process_limit=180
default_destination_concurrency_limit = 50
default_destination_recipient_limit = 50
disable_vrfy_command = yes
empty_address_recipient = MAILER-DAEMON
maximal_backoff_time=1440
maximal_queue_lifetime=2
#mailbox_size_limit = 100000000
message_size_limit = 20400000
minimal_backoff_time=180
parent_domain_matches_subdomains = debug_peer_list smtpd_access_maps
queue_minfree = 40000000
queue_run_delay=300
spf_explanation = "%{h} [%{i}] is not allowed to send mail for %{s} - SPF"
unknown_local_recipient_reject_code = 550

smtp_destination_concurrency_limit = 20
smtp_connection_cache_on_demand = yes
smtp_connection_cache_time_limit = 4s
smtp_cache_connection_destinations = terra.com.br, bol.com.br, uol.com.br, ig.com.br, hotmail.com, gmail.com

strict_rfc821_envelopes = yes

smtpd_banner = $myhostname ESMTP	MailServer HighCompany.
smtpd_helo_required = yes
smtpd_delay_reject = yes
smtpd_error_sleep_time = 1s
smtpd_soft_error_limit = 10
smtpd_hard_error_limit = 20

smtpd_client_restrictions =
	permit_mynetworks,
	permit_sasl_authenticated,
	sleep 5,
	check_sender_access regexp:/usr/local/etc/postfix/sender_blocked,
	check_recipient_access regexp:/usr/local/etc/postfix/recipient_blocked,
	check_client_access regexp:/usr/local/etc/postfix/ip-access-ok,
	check_client_access regexp:/usr/local/etc/postfix/ip-access-reject,
	reject_unauth_destination,
	reject_rbl_client sbl-xbl.spamhaus.org,
	reject_rbl_client bl.spamcop.net,
	reject_rbl_client blackholes.easynet.nl,
	reject_rbl_client cbl.abuseat.org,
	reject_rbl_client proxies.blackholes.wirehub.net,
	reject_rbl_client dnsbl.njabl.org,
	reject_rbl_client dialups.mail-abuse.org,
	reject_rbl_client black.uribl.com
##	reject_rbl_client sbl.spamhaus.org,
##	reject_rbl_client dun.dnsrbl.net,
##	reject_rbl_client list.dsbl.org,
##	reject_rbl_client opm.blitzed.org,
##	reject_rbl_client multihop.dsbl.org,

smtpd_helo_restrictions =
	permit_mynetworks,
	##reject_non_fqdn_hostname,
	##reject_invalid_hostname,
	permit


smtpd_sender_restrictions =
	permit_mynetworks,
	permit_sasl_authenticated,
	reject_unknown_sender_domain,
	check_sender_access regexp:/usr/local/etc/postfix/sender_blocked,
	check_recipient_access regexp:/usr/local/etc/postfix/recipient_blocked,
	reject_non_fqdn_sender,
	reject_unauth_destination,
	reject_unauth_pipelining

# Se o email chegou ate aqui eh pq passou nas restricoes acima
smtpd_recipient_restrictions =
	permit_mynetworks,
	permit_sasl_authenticated,
	reject_unauth_destination
##	reject_non_fqdn_hostname,
	reject_invalid_hostname,
	reject_unauth_pipelining,
##	reject_non_fqdn_sender,
	reject_unknown_sender_domain,
##	reject_non_fqdn_recipient,
	reject_unknown_recipient_domain,

### postgrey
###	check_policy_service inet:127.0.0.1:10023,

### abaixo a do fsp check:
###	check_policy_service unix:private/policy,

	check_sender_access regexp:/usr/local/etc/postfix/sender_blocked,
	check_recipient_access regexp:/usr/local/etc/postfix/recipient_blocked
	permit

header_checks = regexp:/usr/local/etc/postfix/header_checks
body_checks = regexp:/usr/local/etc/postfix/body_checks
body_checks_size_limit=30000

smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

virtual_alias_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:125
virtual_mailbox_base = /usr/local/virtual
virtual_mailbox_domains = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 125
virtual_transport = virtual
virtual_uid_maps = static:125

virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps
	$virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains
	$relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps
	$recipient_canonical_maps $relocated_maps $transport_maps $mynetworks
	$virtual_mailbox_limit_maps
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Caixa Postal Lotada! Tente mais tarde. (Sorry, mailbox full - try again later)
virtual_overquota_bounce = yes

queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
mail_owner = postfix
myhostname = mail.(MYDOMAIN.COM)
mydomain = (MYDOMAIN.COM)
mydestination = localhost.$mydomain, localhost, mail.$mydomain
mynetworks = 127.0.0.0/8 192.168.0.0/24 101.102.103.0/24 
transport_maps = hash:/usr/local/etc/postfix/transport
vacation_destination_recipient_limit = 1

debug_peer_level = 2
debugger_command =
	PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = /usr/local/share/doc/postfix
manpage_directory = /usr/local/man
sample_directory = /usr/local/share/examples/postfix
readme_directory = /usr/local/share/doc/postfix
```


----------



## francisco (Aug 25, 2009)

[root@mail /usr/local/etc/postfix]# cat mysql_virtual_alias_maps.cf

```
user = postfix
password = (PASSWORD)
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'
```

[root@mail /usr/local/etc/postfix]# cat mysql_virtual_domains_maps.cf

```
user = postfix
password = (PASSWORD)
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '0' and active = '1'
```

[root@mail /usr/local/etc/postfix]# cat mysql_virtual_mailbox_limit_maps.cf

```
user = postfix
password = (PASSWORD)
hosts = localhost
dbname = postfix
query = SELECT quota FROM mailbox WHERE username='%s'
```

[root@mail /usr/local/etc/postfix]# cat mysql_virtual_mailbox_maps.cf

```
user = postfix
password = (PASSWORD)
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
```

[root@mail /etc]# cat hosts

```
::1		localhost localhost.(MYDOMAIN.COM)
127.0.0.1	localhost localhost.(MYDOMAIN.COM)
192.168.0.250	mail.(MYDOMAIN.COM) mail
192.168.0.250	mail.(MYDOMAIN.COM).
101.102.103.104	mail.(MYDOMAIN.COM) mail
101.102.103.104	mail.(MYDOMAIN.COM).
```


----------



## dennylin93 (Aug 28, 2009)

I'm also working on a mail server with virtual domains and SQL users for my school right now. I'll post the configuration if you want to have a look. I'm still working on it, but it should be complete in a week or two.


----------

