# Setting up mail server with Postfix and Dovecot (virtual users/domains)



## Gambler (Dec 15, 2009)

I want to set up a mail service for a server of mine. It needs to handle several domains, couple dozen real users, and send out subscriptions/activations for several websites.

So far I got internal mail working. Dovecot seems to work as well. Messages from the websites go out with no problem. However, I can't make SASL authentication to work, and lately inbound emails stopped coming in. That means I can send emails internally via mutt, and they show up in Thunderbird. However, when I send emails from outside to the same address, they disappear. They aren't even in the postqueue. When I try to send email (using my server) via Thunderbird, it says something about the server not supporting SMTP-AUTH.

I have reverse DNS and my MX records should be fine. Actually, it might be a bit unorthodox. But it worked for delivery a couple of month ago, and I don't get any bounce messages.

Questions.


In its infinite wisdom, my (home) internet provider blocked port 25. I can change it to something else on the server, but unless I'm missing something, this would mean I will not be able to receive uncoming mail from other servers. Is there a way to make Postfix to listen to several ports?
What exactly does login_dir do for Dovecot?
How do you debug postfix? I don't see any relevant messages in /var/log/maillog. There are messages, but they aren't from failed Thunderbird connections. Are there other log files?

---

In case someone interested, here are my configs. If you spot something wrong with them, please tell me about it.

Changes in  /etc/rc.conf:

```
postfix_enable="YES"
dovecot_enable="YES"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
```

Contents of /usr/local/etc/postfix/main.cf:


```
soft_bounce = yes #temporary

queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix

mail_owner = postfix

myorigin = $myhostname #bsd.example.net
mydestination = $myhostname, localhost.$mydomain, localhost

unknown_local_recipient_reject_code = 550

mynetworks_style = host

virtual_mailbox_domains = example.net example.org example.com
virtual_mailbox_base = /var/mail/vhosts
virtual_mailbox_maps = hash:/usr/local/etc/postfix/vmailbox
virtual_minimum_uid = 1000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_alias_maps = hash:/usr/local/etc/postfix/virtual

smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions =
        permit_mynetworks
        permit_sasl_authenticated
        reject_unauth_destination
smtpd_sasl_authenticated_header = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client

debug_peer_level = 2

debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         ddd $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = no
```

/usr/local/etc/postfix/vmailbox:

```
gambler@example.net example.net/gambler/
```

/usr/local/etc/dovecot.conf:

```
protocols = imap pop3 imaps pop3s
disable_plaintext_auth = no
ssl_parameters_regenerate = 0
login_dir = /var/dovecot
login_process_per_connection = no
login_processes_count = 1
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_uid = 5000
mail_gid = 5000
mail_privileged_group = mail
mail_access_groups = mail
verbose_proctitle = yes
first_valid_uid = 1000
first_valid_gid = 1

protocol imap {
  imap_client_workarounds = delay-newmail netscape-eoh tb-extra-mailbox-sep outlook-idle
}

protocol pop3 {
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
  postmaster_address = postmaster@example.com
  sendmail_path = /usr/sbin/sendmail
}
auth_verbose = yes
auth default {
  mechanisms = plain login digest-md5
  passdb passwd-file {
    args = /usr/local/etc/dovecot.passwd
  }
  userdb static {
    args = uid=5000 gid=5000 home=/var/mail-homes/%d/%u
  }
  userdb prefetch {
  }
  user = root
  socket listen {
    client {
      path = /var/run/dovecot/auth-client
      mode = 0660
    }
  }
}
dict {
}
plugin {
}
```

/usr/local/etc/dovecot.passwd:

```
gambler@example.net:{plain}password
```


----------



## ZhangHuangbin (Dec 15, 2009)

You can simplily check out the source code of iRedMail project and then setup mail server with it: http://code.google.com/p/iredmail/

The -current version works on FreeBSD now, include all features you need.


----------



## dennylin93 (Dec 15, 2009)

Gambler said:
			
		

> In its infinite wisdom, my (home) internet provider blocked port 25. I can change it to something else on the server, but unless I'm missing something, this would mean I will not be able to receive uncoming mail from other servers. Is there a way to make Postfix to listen to several ports?
> What exactly does login_dir do for Dovecot?
> How do you debug postfix? I don't see any relevant messages in /var/log/maillog. There are messages, but they aren't from failed Thunderbird connections. Are there other log files?




It's not necessary to change ports. Just redirect them with PF, or use SSH tunneling.



> # Directory where authentication process places authentication UNIX sockets
> # which login needs to be able to connect to. The sockets are created when
> # running as root, so you don't have to worry about permissions. Note that
> # everything in this directory is deleted when Dovecot is started.
> #login_dir = /var/run/dovecot/login



The failed attempts should be there by default.

Look for something like this:

```
Dec 15 10:05:58 mail postfix/smtpd[5760]: warning: unknown[192.168.1.1]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
```



			
				ZhangHuangbin said:
			
		

> You can simplily check out the source code of iRedMail project and then setup mail server with it: http://code.google.com/p/iredmail/
> 
> The -current version works on FreeBSD now, include all features you need.



Perhaps it might useful for some people, but installations like these aren't really flexible in comparison.


----------



## Gambler (Dec 17, 2009)

1. I'm looking into doing redirects with IPFW, since that's what I use. Is SSH tunneling a "standard" way of working with SMTP? I was under the impression that Postfix has built-in facilities for working with SSL/TLS.

2. I've seen that comment, but I still don't understand what does that directive (and directory) do. A socket is needed to connect 2 different processes. What's the second process in this case? If it's the mail server, than why there is a separate directive saying "path = /var/run/dovecot/auth-client"? I was under the impression _that_ was where SASL takes place.

3. "There" meaning /var/log/maillog?

---

I've fixed the mail delivery issue. Apparently, I had a typo in my MX record. It took several days for the bounce-back messages to reach me.

I'm still working on sending mail out via Thunderbird. This takes way more time than I thought it would.


----------



## dennylin93 (Dec 20, 2009)

Gambler said:
			
		

> 1. I'm looking into doing redirects with IPFW, since that's what I use. Is SSH tunneling a "standard" way of working with SMTP? I was under the impression that Postfix has built-in facilities for working with SSL/TLS.



I only use PF, so I don't know how to do it with IPFW. Perhaps the man page might help. SSH tunneling is just a way to get past firewalls by making the traffic go through port 22 instead.



> 2. I've seen that comment, but I still don't understand what does that directive (and directory) do. A socket is needed to connect 2 different processes. What's the second process in this case? If it's the mail server, than why there is a separate directive saying "path = /var/run/dovecot/auth-client"? I was under the impression _that_ was where SASL takes place.



It's not necessary to change login_dir in order to use SASL. See Postfix and Dovecot SASL



> 3. "There" meaning /var/log/maillog?



Yes.


----------

