Monday, May 6, 2013

A journey into the intricate mysteries of a postfix mailserver


Well, this journey into the intricate mysteries that is mail server configuration began with the simple announcement that Ubuntu 10.04 will not be supported within this year. Nothing specifically to worry about, but then while logging into mongo, I was greeted with the following warning message similar to this

** NOTE: when using MongoDB 32 bit, you are
limited to about 2 gigabytes of data
Sat Aug 11 22:57:50 [initandlisten] **       see http://blog.mongodb.org/post/13
7788967/32-bit-limitations

So I checked the attached link (http://blog.mongodb.org/post/137788967/32-bit-limitations) and there it was. My 2 GB problem.

Bottomline, it was time do do something about it.

Step 1: Upgrade server to Ubunto 12.10. Keyed in the do-release upgrade. Linode came back up (lovely).

But then this. My hopes of an easy upgrade were darkened by the following problem.

Suddenly mail was not working anymore. What was going on?

Checking with mail.log:

Mar 23 18:18:43 THQEUWB001 postfix/smtpd[7334]: warning: [host]: SASL PLAIN authentication failed: authentication failure
Mar 23 18:18:44 THQEUWB001 postfix/smtpd[7334]: disconnect from [host]

Aha, sasl does not work…Question no 1 : What is SASL?

After frantically googling for solutions, I learned that the configuration in this new release has changed.

Therefore, I needed to update the config file in /etc/postfix/sasl/smtpd.conf like this.

pwcheck_method: saslauthd
mech_list: plain login
allow_plaintext: true
auxprop_plugin: sql
sql_engine: mysql
sql_hostnames: 127.0.0.1
sql_user: [username]
sql_passwd: [password]
sql_database: mail
sql_select: select password from users where email = '%u@%r'

Then restart the daemon.

Unfortunately, the problem was still not fixed.

After digging through all the relevant files :

/etc/pam.d/smtp
/etc/default/saslauthd
/var/spool/postfix/var/run/saslauthd
/etc/postfix/main.cf
/etc/dovecot/dovecot.conf

And adding this to the SASL config.

PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"

OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd "


I again tested the results with the official tool. But again. No luck.

# testsaslauthd -u mail -p pwd  -f /var/spool/postfix/var/run/saslauthd/mux
0: NO "authentication failed"
   
So, what does the wonderful auth.log has to say.

Mar 23 18:30:23 THQEUWB001 saslauthd[7319]: pam_unix(imap:auth): check pass; user unknown
Mar 23 18:30:23 THQEUWB001 saslauthd[7319]: pam_unix(imap:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
Mar 23 18:30:25 THQEUWB001 saslauthd[7319]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
Mar 23 18:30:25 THQEUWB001 saslauthd[7319]: do_auth         : auth failure: [ [service=imap] [realm=] [mech=pam] [reason=PAM auth error]

Interesting this should have worked. Further, I still can not authenticate. What is going on?

Mar 23 18:53:10 THQEUWB001 postfix/smtpd[8035]: fatal: no SASL authentication mechanisms
Mar 23 18:53:11 THQEUWB001 postfix/master[8015]: warning: process /usr/lib/postfix/smtpd pid 8035 exit status 1
Mar 23 18:53:13 THQEUWB001 postfix/smtpd[8036]: connect [client]
Mar 23 18:53:14 THQEUWB001 postfix/smtpd[8036]: warning: SASL: Connect to private/auth failed: Connection refused
Mar 23 18:53:14 THQEUWB001 postfix/smtpd[8036]: fatal: no SASL authentication mechanisms
Mar 23 18:53:15 THQEUWB001 postfix/master[8015]: warning: process /usr/lib/postfix/smtpd pid 8036 exit status 1
Mar 23 18:53:15 THQEUWB001 postfix/master[8015]: warning: /usr/lib/postfix/smtpd: bad command startup – throttling

Then I read this log entry. Finally this conjures magically some differences between 10.04 and 12.10 the dovecot config file is missing something!!


F9F546FC2: to=< relay=dovecot, delay=42444, delays=42444/0.03/0/0.02, dsn=4.3.0, status=deferred (temporary failure. Command output: doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:1: 'imaps' protocol is no longer necessary, remove it doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:1: 'pop3s' protocol is no longer necessary, remove it doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:5: ssl_cert_file has been replaced by ssl_cert = <file doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:6: ssl_key_file has been replaced by ssl_key = <file doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:8: namespace private {} has been replaced by namespace { type=private } doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 19: Unknown setting: global_script_path )

doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 19: Unknown setting: global_script_path 

Of course! Some new packages are necessary!

apt-get install dovecot-sieve
tail /home/vmail/dovecot-deliver.log
apt-get install dovecot-managesieved 

Great news everyone!  I can receive mail!! Oh, the sending part still does not work.

 9DDF147019: to=<some@address.com>, relay=none, delay=0.7, delays=0.69/0.01/0/0, dsn=4.3.5, status=deferred (Host or domain name not found. Name service error for name=smtp.tenqyu.com type=A: Host not found)

 Interesting, why is the relayhost not found? …configuration error. Relayhost needs to be empty for local mail … That should have been easy.

Bottomline. That took way longer than it should have.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.