[postfix/dovecot] setup a mailserver

Hi.
I followed this little tutorial (quite old, but seems to be still ok) : http://www.howtoforge.com/arch-linux-ma … nd-dovecot
I did all of it, all my daemons start well, but I don't know what to do; I've to say I didn't understand well when and how I created the accounts, I don't even know if I did it…
Thanks for any help or precision, I'm a bit lost here… :-)

Building a mail server could be a delicate task. So, go step by step.
Decide first, if you want to use VIRTUAL or UNIX users.
Make your SMTP installation work. Test it. Then test it again.
If it works, decide, if you need an IMAP/POP server too. Install it, make it work. Test it. Test it again.
I've had some adventures with postfix/courier-imap/cyrus-sasl lately. If you do not work slowly, nothing will work. Really.
And do not be afraid to read other distro's wiki pages too. It could be helpful.

Similar Messages

Ubuntu, postfix, dovecot, spammassassin, memcached, clamav, good enough?

Hello all, I am getting off the ground trying to do small time email hosting and have my first customer. I have setup Postfixadmin/postfix, dovecot, spamassassin, memcached, clamav, and etc as listed below. I use mostly webmin to manage the server and the postfixadmin page. Is there any recommendations anyone can make of applications I can run, or anything to make sure my email server is good enough for hosting customer email? I ran some mxtoolbox tests, and as far as I can tell it seems ok as seen below as well. Does anyone have some best practices, or tips, or anything? I am not too familiar with SPF, and even though I didn't really do much with it I don't think, it seems to show ok. I got an SSL cert and have it setup on the server as well.I see there are some settings I can change in postfixadmin to allow / use mail quote settings...
This topic first appeared in the Spiceworks Community

We have been hearing about Google’s plans to step up the online shopping with its ads since the last month, and now Google has made it official. ‘Purchases on Google’ will be rolled out in The U.S. in the next few weeks and will let the shoppers buy directly from mobile ads shown in the web search results.How Would It Benefit The Consumers?If you are an online shopper, then ‘Purchases on Google’ will make your life easy by letting you shop directly from the search results. This would be made possible by showing the buyers a ‘buy‘ button on the mobile ads shown in the web search results. When clicked the ‘buy’ will take you to a product page with merchant’s branding hosted by Google.The shoppers will then be able to pay for the product using the payment information linked to their Google account...Read More
Read More

Mail.app with a self-signed certificate in postfix/dovecot

I thought I'd post this tidbit about getting Mail.app to work correctly with a self-signed certificate in a postfix/dovecot Linux installation; in my case under Debian Lenny. After setting this up, my Mail.app refused to connect to the outgoing server to deliver mail. In the postfix logs, I would see "SSL_accept error from ...: -1". The problem ended up being that postfix uses the default "snakeoil" self-signed certificate, while dovecot creates its own. If the IMAP and SMTP hosts are the same as they were in my case, when you accept the dovecot certificate upon the first IMAP connection, the SMTP connection with a different certificate will fail. This is because after the accept there is now a known certificate for that host, and the new certificate presented by postfix will not match. To fix this, either use different hosts for IMAP and SMTP, or use the same (perhaps the "snakeoil") certificate in both the postfix and dovecot configuration.

Exactly the same problem, except I'm using FF v6 for Windows, not FF v4 as for the lead post. This is for a self-cert which IS trusted, although the error message says it isn't.

Mail: Linux + Postfix + Dovecot + SASLAuthd

Our corporate Fedora 10 (Linux) server is set up running Postfix and Dovecot, with SASLAuthd authentication and a self-signed certificate. There is only IMAPS service, no POP3 or IMAP.
Typically, a client (i.e. Thunderbird, Outlook, etc.) will be set up like so:
Email Address: [email protected]
User Name: user1
Server: incoming.example.com
IMAPS Port: 993
Using SSL: YES
We have a new high-level (VP) employee with a 3G iPhone. No matter what we try, we cannot get his iPhone to successfully connect to the IMAPS service. We're not concerned with the outgoing mail, as he normally uses AT&T's cwmx.com for that.
The error we receive on the iPhone is:
Could not collect mail: Cannot connect to server incoming.example.com
The error we receive in our /var/log/maillog is:
dovecot: imap-login: Disconnected (no auth attempts): rip=32.173.26.227, lip=MAI.LSE.RVE.RIP, TLS
What do I need to do to the iPhone to get it to send an auth request and collect his mail? He is adamant about using this device for mail.
Thank you in advance.
James

I could accept the possibility of a certificate problem if there had been any issues with the certificate at any point prior to this, but this has been an active server running this setup for over 4 years, and the only user to ever have a problem connecting is our single iPhone user.
To update, I have modified the accepted authentication mechanisms to include these:
Digest-MD5
Cram-MD5
Plaintext (the original)
Changing the settings on the iPhone to what it calls "HTTP MD5 Digest" or MD5 Challenge-Response" produces the same result, highlighted here:
(no auth attempts)
This seems to indicate, at least from the server's perspective and coming as I do from a non-Mac position, that the iPhone did not even try any authentication mechanism. At least that is what it usually means. I have extended logging enabled while we troubleshoot this, but I am getting nothing but that one error.
If I may be so foolish as to offer an analogy, it's kind of like this:
A person approaches a house.
They knock on the door.
From inside, they hear, "Who is it?"
They say nothing.
Again, through the closed door they hear: "Who is it?"
They still say nothing.
Obviously the door never opens, and the person inside loses interest and stops asking who it is, due to the lack of response from the person outside.
So that's my analogy. I just want this iPhone to TRY to authenticate.

Postfix / Dovecot problems-.

Hi I have mail building up and not being delivered here are some of the logs we have...
From the iMap log
Mar 15 12:44:32 server dovecot[731]: imap(pid 798 user jo): Debug: Namespace Public/: /var/spool/imap/dovecot/mail/public doesn't exist yet, using default permissions
Mar 15 12:44:32 server dovecot[731]: imap(pid 798 user jo): Debug: Namespace Public/: Using permissions from /var/spool/imap/dovecot/mail/public: mode=0700 gid=-1
Mar 15 12:44:32 server dovecot[731]: imap(pid 798 user jo): Error: user jo: Initialization failed: Namespace 'Public/': mkdir(/var/spool/imap/dovecot/mail/public) failed: Permission denied (euid=214(_dovecot) egid=6(mail) missing +w perm: /var/spool, dir owned by 0:0 mode=0755)
Mar 15 12:44:32 server dovecot[731]: imap(pid 798 user jo): Error: Invalid user settings. Refer to server log for more information.
From SMTP
we are getting these ...
relay=dovecot, delay=554, delays=554/0.06/0/0.03, dsn=4.3.0, status=deferred (temporary failure)
and these...
status=deferred (temporary failure. Command output: doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:45: namespace private {} has been replaced by namespace { type=private } doveconf: Warning: Obsolete setting in /etc/dovecot/dovecot.conf:50: namespace public {} has been replaced by namespace { type=public } )
I have tried all of these...
serveradmin stop mail
sudo /bin/launchctl unload /System/Library/LaunchDaemons/org.amavis.amavisd.plist
sudo mkdir /var/amavis/tmp
sudo chown _amavisd:_amavisd /var/amavis/tmp
sudo /bin/launchctl load /System/Library/LaunchDaemons/org.amavis.amavisd.plist
sudo rm /var/imap/socket/lmt
postqueue -p
postsuper -r ALL
serveradmin start mail

My postconf output...
access_map_defer_code = 450
access_map_reject_code = 554
address_verify_cache_cleanup_interval = 12h
address_verify_default_transport = $default_transport
address_verify_local_transport = $local_transport
address_verify_map = btree:$data_directory/verify_cache
address_verify_negative_cache = yes
address_verify_negative_expire_time = 3d
address_verify_negative_refresh_time = 3h
address_verify_poll_count = ${stress?1}${stress:3}
address_verify_poll_delay = 3s
address_verify_positive_expire_time = 31d
address_verify_positive_refresh_time = 7d
address_verify_relay_transport = $relay_transport
address_verify_relayhost = $relayhost
address_verify_sender = $double_bounce_sender
address_verify_sender_dependent_default_transport_maps = $sender_dependent_default_transport_maps
address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps
address_verify_service_name = verify
address_verify_transport_maps = $transport_maps
address_verify_virtual_transport = $virtual_transport
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
allow_mail_to_commands = alias, forward
allow_mail_to_files = alias, forward
allow_min_user = no
allow_percent_hack = yes
allow_untrusted_routing = no
alternate_config_directories =
always_add_missing_headers = no
always_bcc =
anvil_rate_time_unit = 60s
anvil_status_update_time = 600s
append_at_myorigin = yes
append_dot_mydomain = yes
application_event_drain_time = 100s
authorized_flush_users = static:anyone
authorized_mailq_users = static:anyone
authorized_submit_users = static:anyone
backwards_bounce_logfile_compatibility = yes
berkeley_db_create_buffer_size = 16777216
berkeley_db_read_buffer_size = 131072
best_mx_transport =
biff = yes
body_checks =
body_checks_size_limit = 51200
bounce_notice_recipient = postmaster
bounce_queue_lifetime = 5d
bounce_service_name = bounce
bounce_size_limit = 50000
bounce_template_file =
broken_sasl_auth_clients = no
canonical_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
canonical_maps =
check_for_od_forward = yes
cleanup_service_name = cleanup
command_directory = /usr/sbin
command_execution_directory =
command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
command_time_limit = 1000s
config_directory = /etc/postfix
connection_cache_protocol_timeout = 5s
connection_cache_service_name = scache
connection_cache_status_update_time = 600s
connection_cache_ttl_limit = 2s
content_filter =
cyrus_sasl_config_path =
daemon_directory = /usr/libexec/postfix
daemon_timeout = 18000s
data_directory = /Library/Server/Mail/Data/mta
debug_peer_level = 2
debug_peer_list =
default_database_type = hash
default_delivery_slot_cost = 5
default_delivery_slot_discount = 50
default_delivery_slot_loan = 3
default_destination_concurrency_failed_cohort_limit = 1
default_destination_concurrency_limit = 20
default_destination_concurrency_negative_feedback = 1
default_destination_concurrency_positive_feedback = 1
default_destination_rate_delay = 0s
default_destination_recipient_limit = 50
default_extra_recipient_limit = 1000
default_filter_nexthop =
default_minimum_delivery_slots = 3
default_privs = nobody
default_process_limit = 100
default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
default_recipient_limit = 20000
default_recipient_refill_delay = 5s
default_recipient_refill_limit = 100
default_transport = smtp
default_verp_delimiters = +=
defer_code = 450
defer_service_name = defer
defer_transports =
delay_logging_resolution_limit = 2
delay_notice_recipient = postmaster
delay_warning_time = 0h
deliver_lock_attempts = 20
deliver_lock_delay = 1s
destination_concurrency_feedback_debug = no
detect_8bit_encoding_header = yes
disable_dns_lookups = no
disable_mime_input_processing = no
disable_mime_output_conversion = no
disable_verp_bounces = no
disable_vrfy_command = no
dnsblog_reply_delay = 0s
dnsblog_service_name = dnsblog
dont_remove = 0
double_bounce_sender = double-bounce
duplicate_filter_limit = 1000
empty_address_default_transport_maps_lookup_key = <>
empty_address_recipient = MAILER-DAEMON
empty_address_relayhost_maps_lookup_key = <>
enable_original_recipient = yes
enable_server_options = no
error_notice_recipient = postmaster
error_service_name = error
execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
expand_owner_alias = no
export_environment = TZ MAIL_CONFIG LANG
fallback_transport =
fallback_transport_maps =
fast_flush_domains = $relay_domains
fast_flush_purge_time = 7d
fast_flush_refresh_time = 12h
fault_injection_code = 0
flush_service_name = flush
fork_attempts = 5
fork_delay = 1s
forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward
frozen_delivered_to = yes
hash_queue_depth = 1
hash_queue_names = deferred, defer
header_address_token_limit = 10240
header_checks =
header_size_limit = 102400
helpful_warnings = yes
home_mailbox =
hopcount_limit = 50
html_directory = no
ignore_mx_lookup_error = no
imap_submit_cred_file =
import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C
in_flow_delay = 1s
inet_interfaces = all
inet_protocols = ipv4
initial_destination_concurrency = 5
internal_mail_filter_classes =
invalid_hostname_reject_code = 501
ipc_idle = 5s
ipc_timeout = 3600s
ipc_ttl = 1000s
line_length_limit = 2048
lmtp_address_preference = ipv6
lmtp_assume_final = no
lmtp_bind_address =
lmtp_bind_address6 =
lmtp_body_checks =
lmtp_cname_overrides_servername = no
lmtp_connect_timeout = 0s
lmtp_connection_cache_destinations =
lmtp_connection_cache_on_demand = yes
lmtp_connection_cache_time_limit = 2s
lmtp_connection_reuse_time_limit = 300s
lmtp_data_done_timeout = 600s
lmtp_data_init_timeout = 120s
lmtp_data_xfer_timeout = 180s
lmtp_defer_if_no_mx_address_found = no
lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
lmtp_destination_concurrency_limit = $default_destination_concurrency_limit
lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
lmtp_destination_rate_delay = $default_destination_rate_delay
lmtp_destination_recipient_limit = $default_destination_recipient_limit
lmtp_discard_lhlo_keyword_address_maps =
lmtp_discard_lhlo_keywords =
lmtp_dns_resolver_options =
lmtp_enforce_tls = no
lmtp_generic_maps =
lmtp_header_checks =
lmtp_host_lookup = dns
lmtp_initial_destination_concurrency = $initial_destination_concurrency
lmtp_lhlo_name = $myhostname
lmtp_lhlo_timeout = 300s
lmtp_line_length_limit = 990
lmtp_mail_timeout = 300s
lmtp_mime_header_checks =
lmtp_mx_address_limit = 5
lmtp_mx_session_limit = 2
lmtp_nested_header_checks =
lmtp_pix_workaround_delay_time = 10s
lmtp_pix_workaround_maps =
lmtp_pix_workaround_threshold_time = 500s
lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf
lmtp_quit_timeout = 300s
lmtp_quote_rfc821_envelope = yes
lmtp_randomize_addresses = yes
lmtp_rcpt_timeout = 300s
lmtp_reply_filter =
lmtp_rset_timeout = 20s
lmtp_sasl_auth_cache_name =
lmtp_sasl_auth_cache_time = 90d
lmtp_sasl_auth_enable = no
lmtp_sasl_auth_soft_bounce = yes
lmtp_sasl_mechanism_filter =
lmtp_sasl_password_maps =
lmtp_sasl_path =
lmtp_sasl_security_options = noplaintext, noanonymous
lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
lmtp_sasl_type = cyrus
lmtp_send_xforward_command = no
lmtp_sender_dependent_authentication = no
lmtp_skip_5xx_greeting = yes
lmtp_skip_quit_response = no
lmtp_starttls_timeout = 300s
lmtp_tcp_port = 24
lmtp_tls_CAfile =
lmtp_tls_CApath =
lmtp_tls_block_early_mail_reply = no
lmtp_tls_cert_file =
lmtp_tls_ciphers = export
lmtp_tls_dcert_file =
lmtp_tls_dkey_file = $lmtp_tls_dcert_file
lmtp_tls_eccert_file =
lmtp_tls_eckey_file = $lmtp_tls_eccert_file
lmtp_tls_enforce_peername = yes
lmtp_tls_exclude_ciphers =
lmtp_tls_fingerprint_cert_match =
lmtp_tls_fingerprint_digest = md5
lmtp_tls_key_file = $lmtp_tls_cert_file
lmtp_tls_loglevel = 0
lmtp_tls_mandatory_ciphers = medium
lmtp_tls_mandatory_exclude_ciphers =
lmtp_tls_mandatory_protocols = SSLv3, TLSv1
lmtp_tls_note_starttls_offer = no
lmtp_tls_per_site =
lmtp_tls_policy_maps =
lmtp_tls_protocols = !SSLv2
lmtp_tls_scert_verifydepth = 9
lmtp_tls_secure_cert_match = nexthop
lmtp_tls_security_level =
lmtp_tls_session_cache_database =
lmtp_tls_session_cache_timeout = 3600s
lmtp_tls_verify_cert_match = hostname
lmtp_use_tls = no
lmtp_xforward_timeout = 300s
local_command_shell =
local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
local_destination_concurrency_limit = 2
local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
local_destination_rate_delay = $default_destination_rate_delay
local_destination_recipient_limit = 1
local_header_rewrite_clients = permit_inet_interfaces
local_initial_destination_concurrency = $initial_destination_concurrency
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
local_transport = local:$myhostname
luser_relay =
mail_name = Postfix
mail_owner = postfix
mail_release_date = 20110706
mail_spool_directory = /var/mail
mail_version = 2.8.4
mailbox_command =
mailbox_command_maps =
mailbox_delivery_lock = flock, dotlock
mailbox_size_limit = 51200000
mailbox_transport =
mailbox_transport_maps =
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
maps_rbl_domains =
maps_rbl_reject_code = 554
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions =
master_service_disable =
max_idle = 100s
max_use = 100
maximal_backoff_time = 4000s
maximal_queue_lifetime = 5d
message_reject_characters =
message_size_limit = 10240000
message_strip_characters =
milter_command_timeout = 30s
milter_connect_macros = j {daemon_name} v
milter_connect_timeout = 30s
milter_content_timeout = 300s
milter_data_macros = i
milter_default_action = tempfail
milter_end_of_data_macros = i
milter_end_of_header_macros = i
milter_header_checks =
milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
milter_macro_daemon_name = $myhostname
milter_macro_v = $mail_name $mail_version
milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}
milter_protocol = 6
milter_rcpt_macros = i {rcpt_addr} {rcpt_host} {rcpt_mailer}
milter_unknown_command_macros =
mime_boundary_length_limit = 2048
mime_header_checks = $header_checks
mime_nesting_limit = 100
minimal_backoff_time = 300s
minimum_valid_uid = 501
multi_instance_directories =
multi_instance_enable = no
multi_instance_group =
multi_instance_name =
multi_instance_wrapper =
multi_recipient_bounce_reject_code = 550
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = mydomainx.com
mydomain_fallback =
myhostname = server.mydomainx.com
mynetworks = 127.0.0.0/8 192.168.0.0/24
mynetworks_style = subnet
myorigin = $myhostname
nested_header_checks = $header_checks
newaliases_path = /usr/bin/newaliases
non_fqdn_reject_code = 504
non_smtpd_milters =
notify_classes = resource, software
owner_request_special = yes
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_a uthorized_clients,relay_domains,smtpd_access_maps
permit_mx_backup_networks =
pickup_service_name = pickup
plaintext_reject_code = 450
postmulti_control_commands = reload flush
postmulti_start_commands = start
postmulti_stop_commands = stop abort drain quick-stop
postscreen_access_list = permit_mynetworks
postscreen_bare_newline_action = ignore
postscreen_bare_newline_enable = no
postscreen_bare_newline_ttl = 30d
postscreen_blacklist_action = ignore
postscreen_cache_cleanup_interval = 12h
postscreen_cache_map = btree:$data_directory/postscreen_cache
postscreen_cache_retention_time = 7d
postscreen_client_connection_count_limit = $smtpd_client_connection_count_limit
postscreen_command_count_limit = 20
postscreen_command_filter =
postscreen_command_time_limit = ${stress?10}${stress:300}s
postscreen_disable_vrfy_command = $disable_vrfy_command
postscreen_discard_ehlo_keyword_address_maps = $smtpd_discard_ehlo_keyword_address_maps
postscreen_discard_ehlo_keywords = $smtpd_discard_ehlo_keywords
postscreen_dnsbl_action = ignore
postscreen_dnsbl_reply_map =
postscreen_dnsbl_sites =
postscreen_dnsbl_threshold = 1
postscreen_dnsbl_ttl = 1h
postscreen_enforce_tls = $smtpd_enforce_tls
postscreen_expansion_filter = $smtpd_expansion_filter
postscreen_forbidden_commands = $smtpd_forbidden_commands
postscreen_greet_action = ignore
postscreen_greet_banner = $smtpd_banner
postscreen_greet_ttl = 1d
postscreen_greet_wait = ${stress?2}${stress:6}s
postscreen_helo_required = $smtpd_helo_required
postscreen_non_smtp_command_action = drop
postscreen_non_smtp_command_enable = no
postscreen_non_smtp_command_ttl = 30d
postscreen_pipelining_action = enforce
postscreen_pipelining_enable = no
postscreen_pipelining_ttl = 30d
postscreen_post_queue_limit = $default_process_limit
postscreen_pre_queue_limit = $default_process_limit
postscreen_reject_footer = $smtpd_reject_footer
postscreen_tls_security_level = $smtpd_tls_security_level
postscreen_use_tls = $smtpd_use_tls
postscreen_watchdog_timeout = 10s
prepend_delivered_header = command, file, forward
process_id_directory = pid
propagate_unmatched_extensions = canonical, virtual
proxy_interfaces =
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps
proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name
proxymap_service_name = proxymap
proxywrite_service_name = proxywrite
qmgr_clog_warn_time = 300s
qmgr_daemon_timeout = 1000s
qmgr_fudge_factor = 100
qmgr_ipc_timeout = 60s
qmgr_message_active_limit = 20000
qmgr_message_recipient_limit = 20000
qmgr_message_recipient_minimum = 10
qmqpd_authorized_clients =
qmqpd_client_port_logging = no
qmqpd_error_delay = 1s
qmqpd_timeout = 300s
queue_directory = /Library/Server/Mail/Data/spool
queue_file_attribute_count_limit = 100
queue_minfree = 0
queue_run_delay = 300s
queue_service_name = qmgr
rbl_reply_maps =
readme_directory = no
receive_override_options =
recipient_bcc_maps =
recipient_canonical_classes = envelope_recipient, header_recipient
recipient_canonical_maps =
recipient_delimiter =
reject_code = 554
reject_tempfail_action = defer_if_permit
relay_clientcerts =
relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
relay_destination_concurrency_limit = $default_destination_concurrency_limit
relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
relay_destination_rate_delay = $default_destination_rate_delay
relay_destination_recipient_limit = $default_destination_recipient_limit
relay_domains = $mydestination
relay_domains_reject_code = 554
relay_initial_destination_concurrency = $initial_destination_concurrency
relay_recipient_maps =
relay_transport = relay
relayhost =
relocated_maps =
remote_header_rewrite_domain =
require_home_directory = no
reset_owner_alias = no
resolve_dequoted_address = yes
resolve_null_domain = no
resolve_numeric_domain = no
rewrite_service_name = rewrite
sacl_cache_disabled_expire_time = 1m
sacl_cache_negative_expire_time = 1d
sacl_cache_positive_expire_time = 7d
sacl_cache_service_name = sacl-cache
sample_directory = /etc/postfix
send_cyrus_sasl_authzid = no
sender_bcc_maps =
sender_canonical_classes = envelope_sender, header_sender
sender_canonical_maps =
sender_dependent_default_transport_maps =
sender_dependent_relayhost_maps =
sendmail_path = /usr/sbin/sendmail
service_throttle_time = 60s
setgid_group = postdrop
show_user_unknown_table_name = yes
showq_service_name = showq
smtp_address_preference = ipv6
smtp_always_send_ehlo = yes
smtp_bind_address =
smtp_bind_address6 =
smtp_body_checks =
smtp_cname_overrides_servername = no
smtp_connect_timeout = 30s
smtp_connection_cache_destinations =
smtp_connection_cache_on_demand = yes
smtp_connection_cache_time_limit = 2s
smtp_connection_reuse_time_limit = 300s
smtp_data_done_timeout = 600s
smtp_data_init_timeout = 120s
smtp_data_xfer_timeout = 180s
smtp_defer_if_no_mx_address_found = no
smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
smtp_destination_concurrency_limit = $default_destination_concurrency_limit
smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
smtp_destination_rate_delay = $default_destination_rate_delay
smtp_destination_recipient_limit = $default_destination_recipient_limit
smtp_discard_ehlo_keyword_address_maps =
smtp_discard_ehlo_keywords =
smtp_dns_resolver_options =
smtp_enforce_tls = no
smtp_fallback_relay = $fallback_relay
smtp_generic_maps =
smtp_header_checks =
smtp_helo_name = $myhostname
smtp_helo_timeout = 300s
smtp_host_lookup = dns
smtp_initial_destination_concurrency = $initial_destination_concurrency
smtp_line_length_limit = 990
smtp_mail_timeout = 300s
smtp_mime_header_checks =
smtp_mx_address_limit = 5
smtp_mx_session_limit = 2
smtp_nested_header_checks =
smtp_never_send_ehlo = no
smtp_pix_workaround_delay_time = 10s
smtp_pix_workaround_maps =
smtp_pix_workaround_threshold_time = 500s
smtp_pix_workarounds = disable_esmtp,delay_dotcrlf
smtp_quit_timeout = 300s
smtp_quote_rfc821_envelope = yes
smtp_randomize_addresses = yes
smtp_rcpt_timeout = 300s
smtp_reply_filter =
smtp_rset_timeout = 20s
smtp_sasl_auth_cache_name =
smtp_sasl_auth_cache_time = 90d
smtp_sasl_auth_enable = no
smtp_sasl_auth_soft_bounce = yes
smtp_sasl_mechanism_filter =
smtp_sasl_password_maps =
smtp_sasl_path =
smtp_sasl_security_options = noplaintext, noanonymous
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
smtp_sasl_type = cyrus
smtp_send_xforward_command = no
smtp_sender_dependent_authentication = no
smtp_skip_5xx_greeting = yes
smtp_skip_quit_response = yes
smtp_starttls_timeout = 300s
smtp_tls_CAfile =
smtp_tls_CApath =
smtp_tls_block_early_mail_reply = no
smtp_tls_cert_file =
smtp_tls_ciphers = export
smtp_tls_dcert_file =
smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_eccert_file =
smtp_tls_eckey_file = $smtp_tls_eccert_file
smtp_tls_enforce_peername = yes
smtp_tls_exclude_ciphers =
smtp_tls_fingerprint_cert_match =
smtp_tls_fingerprint_digest = md5
smtp_tls_key_file = $smtp_tls_cert_file
smtp_tls_loglevel = 0
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_exclude_ciphers =
smtp_tls_mandatory_protocols = SSLv3, TLSv1
smtp_tls_note_starttls_offer = no
smtp_tls_per_site =
smtp_tls_policy_maps =
smtp_tls_protocols = !SSLv2
smtp_tls_scert_verifydepth = 9
smtp_tls_secure_cert_match = nexthop, dot-nexthop
smtp_tls_security_level =
smtp_tls_session_cache_database =
smtp_tls_session_cache_timeout = 3600s
smtp_tls_verify_cert_match = hostname
smtp_use_tls = no
smtp_xforward_timeout = 300s
smtpd_authorized_verp_clients = $authorized_verp_clients
smtpd_authorized_xclient_hosts =
smtpd_authorized_xforward_hosts =
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 50
smtpd_client_connection_rate_limit = 0
smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
smtpd_client_message_rate_limit = 0
smtpd_client_new_tls_session_rate_limit = 0
smtpd_client_port_logging = no
smtpd_client_recipient_rate_limit = 0
smtpd_client_restrictions =
smtpd_command_filter =
smtpd_data_restrictions =
smtpd_delay_open_until_valid_rcpt = yes
smtpd_delay_reject = yes
smtpd_discard_ehlo_keyword_address_maps =
smtpd_discard_ehlo_keywords =
smtpd_end_of_data_restrictions =
smtpd_enforce_tls = no
smtpd_error_sleep_time = 1s
smtpd_etrn_restrictions =
smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghi jklmnopqrstuvwxyz{|}~
smtpd_forbidden_commands = CONNECT GET POST
smtpd_hard_error_limit = ${stress?1}${stress:20}
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_history_flush_threshold = 100
smtpd_junk_command_limit = ${stress?1}${stress:100}
smtpd_milters =
smtpd_noop_commands =
smtpd_null_access_lookup_key = <>
smtpd_peername_lookup = yes
smtpd_policy_service_max_idle = 300s
smtpd_policy_service_max_ttl = 1000s
smtpd_policy_service_timeout = 100s
smtpd_proxy_ehlo = $myhostname
smtpd_proxy_filter =
smtpd_proxy_options =
smtpd_proxy_timeout = 100s
smtpd_pw_server_security_options = none
smtpd_recipient_limit = 1000
smtpd_recipient_overshoot_limit = 1000
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
smtpd_reject_footer =
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = no
smtpd_restriction_classes =
smtpd_sasl_auth_enable = no
smtpd_sasl_authenticated_header = no
smtpd_sasl_exceptions_networks =
smtpd_sasl_local_domain =
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = cyrus
smtpd_sender_login_maps =
smtpd_sender_restrictions =
smtpd_service_name = smtpd
smtpd_soft_error_limit = 10
smtpd_starttls_timeout = ${stress?10}${stress:300}s
smtpd_timeout = ${stress?10}${stress:300}s
smtpd_tls_CAfile =
smtpd_tls_CApath =
smtpd_tls_always_issue_session_ids = yes
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = no
smtpd_tls_ccert_verifydepth = 9
smtpd_tls_cert_file =
smtpd_tls_ciphers = export
smtpd_tls_dcert_file =
smtpd_tls_dh1024_param_file =
smtpd_tls_dh512_param_file =
smtpd_tls_dkey_file = $smtpd_tls_dcert_file
smtpd_tls_eccert_file =
smtpd_tls_eckey_file = $smtpd_tls_eccert_file
smtpd_tls_eecdh_grade = strong
smtpd_tls_exclude_ciphers =
smtpd_tls_fingerprint_digest = md5
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_loglevel = 0
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_exclude_ciphers =
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_protocols =
smtpd_tls_received_header = no
smtpd_tls_req_ccert = no
smtpd_tls_security_level =
smtpd_tls_session_cache_database =
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_wrappermode = no
smtpd_use_pw_server = no
smtpd_use_tls = no
soft_bounce = no
stale_lock_time = 500s
stress =
strict_7bit_headers = no
strict_8bitmime = no
strict_8bitmime_body = no
strict_mailbox_ownership = yes
strict_mime_encoding_domain = no
strict_rfc821_envelopes = no
sun_mailtool_compatibility = no
swap_bangpath = yes
syslog_facility = mail
syslog_name = ${multi_instance_name:postfix}${multi_instance_name?$multi_instance_name}
tcp_windowsize = 0
tls_append_default_CA = no
tls_daemon_random_bytes = 32
tls_disable_workarounds = CVE-2005-2969 CVE-2010-4180
tls_eecdh_strong_curve = prime256v1
tls_eecdh_ultra_curve = secp384r1
tls_export_cipherlist = ALL:+RC4:@STRENGTH
tls_high_cipherlist = ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
tls_low_cipherlist = ALL:!EXPORT:+RC4:@STRENGTH
tls_medium_cipherlist = ALL:!EXPORT:!LOW:+RC4:@STRENGTH
tls_null_cipherlist = eNULL:!aNULL
tls_preempt_cipherlist = no
tls_random_bytes = 32
tls_random_exchange_name = ${data_directory}/prng_exch
tls_random_prng_update_period = 3600s
tls_random_reseed_period = 3600s
tls_random_source =
tlsproxy_enforce_tls = $smtpd_enforce_tls
tlsproxy_service_name = tlsproxy
tlsproxy_tls_CAfile = $smtpd_tls_CAfile
tlsproxy_tls_CApath = $smtpd_tls_CApath
tlsproxy_tls_always_issue_session_ids = $smtpd_tls_always_issue_session_ids
tlsproxy_tls_ask_ccert = $smtpd_tls_ask_ccert
tlsproxy_tls_ccert_verifydepth = $smtpd_tls_ccert_verifydepth
tlsproxy_tls_cert_file = $smtpd_tls_cert_file
tlsproxy_tls_ciphers = $smtpd_tls_ciphers
tlsproxy_tls_dcert_file = $smtpd_tls_dcert_file
tlsproxy_tls_dh1024_param_file = $smtpd_tls_dh1024_param_file
tlsproxy_tls_dh512_param_file = $smtpd_tls_dh512_param_file
tlsproxy_tls_dkey_file = $smtpd_tls_dkey_file
tlsproxy_tls_eccert_file = $smtpd_tls_eccert_file
tlsproxy_tls_eckey_file = $smtpd_tls_eckey_file
tlsproxy_tls_eecdh_grade = $smtpd_tls_eecdh_grade
tlsproxy_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
tlsproxy_tls_fingerprint_digest = $smtpd_tls_fingerprint_digest
tlsproxy_tls_key_file = $smtpd_tls_key_file
tlsproxy_tls_loglevel = $smtpd_tls_loglevel
tlsproxy_tls_mandatory_ciphers = $smtpd_tls_mandatory_ciphers
tlsproxy_tls_mandatory_exclude_ciphers = $smtpd_tls_mandatory_exclude_ciphers
tlsproxy_tls_mandatory_protocols = $smtpd_tls_mandatory_protocols
tlsproxy_tls_protocols = $smtpd_tls_protocols
tlsproxy_tls_req_ccert = $smtpd_tls_req_ccert
tlsproxy_tls_security_level = $smtpd_tls_security_level
tlsproxy_tls_session_cache_timeout = $smtpd_tls_session_cache_timeout
tlsproxy_use_tls = $smtpd_use_tls
tlsproxy_watchdog_timeout = 10s
trace_service_name = trace
transport_maps =
transport_retry_time = 60s
trigger_timeout = 10s
undisclosed_recipients_header =
unknown_address_reject_code = 450
unknown_address_tempfail_action = $reject_tempfail_action
unknown_client_reject_code = 450
unknown_helo_hostname_tempfail_action = $reject_tempfail_action
unknown_hostname_reject_code = 450
unknown_local_recipient_reject_code = 550
unknown_relay_recipient_reject_code = 550
unknown_virtual_alias_reject_code = 550
unknown_virtual_mailbox_reject_code = 550
unverified_recipient_defer_code = 450
unverified_recipient_reject_code = 450
unverified_recipient_reject_reason =
unverified_recipient_tempfail_action = $reject_tempfail_action
unverified_sender_defer_code = 450
unverified_sender_reject_code = 450
unverified_sender_reject_reason =
unverified_sender_tempfail_action = $reject_tempfail_action
use_getpwnam_ext = yes
use_od_delivery_path = no
use_sacl_cache = yes
verp_delimiter_filter = -=+
virtual_alias_domains = $virtual_alias_maps
virtual_alias_expansion_limit = 1000
virtual_alias_maps = $virtual_maps
virtual_alias_recursion_limit = 1000
virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
virtual_destination_concurrency_limit = $default_destination_concurrency_limit
virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
virtual_destination_rate_delay = $default_destination_rate_delay
virtual_destination_recipient_limit = $default_destination_recipient_limit
virtual_gid_maps =
virtual_initial_destination_concurrency = $initial_destination_concurrency
virtual_mailbox_base =
virtual_mailbox_domains = $virtual_mailbox_maps
virtual_mailbox_limit = 51200000
virtual_mailbox_lock = fcntl, dotlock
virtual_mailbox_maps =
virtual_minimum_uid = 100
virtual_transport = virtual
virtual_uid_maps =

Postfix initial setup

This is really a question for pterobyte:
I'm getting my Xserve this coming Friday, should I implement your frontline modifications prior to bringing mail services online intitially?
I'm worried that the defenses will make it more difficult to diagnose initial startup problems.
Anything you can tell me would help.
Thank you in advance.
-Gregg

Just to give my own comments...
There is nothing in Pterobyte's excellent Frontline Defense doc which would prevent your mail services operating as long as everything else is OK.
However I would think you are best at getting the basics working first.
-david

Setup Mailserver

Hi
I try to setup a mailserver with Postfix and Dovecot.
I found some tutorials:
https://wiki.archlinux.org/index.php/Postfix
https://wiki.archlinux.org/index.php/Dovecot
https://www.digitalocean.com/community/ … th-dovecot
https://skrilnetz.net/?page_id=213
http://cnedelcu.blogspot.de/2014/01/how … linux.html
I can't get it working.
At the moment I have it configured like in the Arch Wiki (links above) without SSL. (but I would like to use SSL later...)
But I cannot send/recive any e-mail.
Please tell me if you need more information
I hope someone can help me.
aligator
edit:
here is the log of postfix:
http://pastebin.com/zz7sPpzv
in Dovecot I get only SSL-Errors. (maybe because I tried to send from a SSL-Mail)
and the configuration of postfix:
http://pastebin.com/dBkZUWRy
in Dovecot I only changed it like in the wiki
Last edited by aligator (2014-12-04 21:22:38)

Setting up an email server is *not* easy/trivial and can not be done in "5 easy steps". Any guide that claims so is full of bs. It is far from trivial to *correctly* set up a email server that won't instantly turn into a spam relay or end up blacklisted. Here is a slightly less horrible guide:
http://arstechnica.com/information-tech … in-part-1/

Setup 3.1.2 clean, then move dovecot 10.6.8

Hi All,
Information appears to be sparse but I'm still hunting so any help or references on how to achieve my goals here will be helpful.
History: I have been use OSX Server since 10.3 and have migrated each time up to my current install of 10.6.8 Snow Leopard. Main services are AFP, OpenD, Mail, DNS (local only on this setup, separate DNS on LAN has IRW hostnames), Web (Webmail, User Portal only, and test bed), VPN, Software Update.
As some of you may take note this has not been without issue because my User (OpenDir) & email has always been a migration and not a clean setup. With the exception on my OpenDir having some failed schema issues all is well under 10.6.8.
Goal: Perform a Clean setup of all Users and Email Accounts from scratch. After some testing find a way to match the GUID Dovecot Mailboxes to the new Users and build what else needs to be done as I have done before.
1. How can I do the Users & Groups data entry without deploying the Server onto my local network? (plan to do an Archive of Open Dir) DNS is the Issue here.
Can I just edit the host file and add a static entry to fool it while I setup?
Also when Server is moved to production it will need get a Link Aggregation setup of the 2 Ethernet ports on the Mac Pro, not just the Temp EN0 with the correct IP it has now.
2. Any Ideas on how to move the Dovecot setup after new GUIDs are made would be helpful?
New Hardware is a MacPro6,1
Maverick 10.9.3
Server App 3.1.2

Thank You bobaloo2,
Sounds like a solid way to go. Just curious with the "Export your users and groups from Snow Leopard Server" and import into Mavericks server will I still have the Schema errors I have under 10.6.8?
Since I migrated each server update starting 10.3 to 10.4 then jump to 10.6.8 I noticed some fields give me errors when I try to enter them. I was informed this was a Schema issues but I should not worry to much. (i.e. Under WGM fill user "info" fields in like "Company, JobTitle, Department") These field where added later in the server builds but even when I create brand new users under 10.6.8 I can not add to these fields since to the best of my understanding the migration imported the old Schema as well as other related Open directory data.
I will try the move and CLI perm on the Mail and post back my results.

SOLVED: Mutt & Postfix SMTP

i have setup a mailserver as follows:
getmail - to receive mail from my isp (2 accounts received into seperate maildir directories)
dovecot - to serve the two maildir's over imaps
postfix - to relay my emails to my ISP smtp
On my laptop & desktop I am running Claws-Mail, and everything is working fine (receiving, serving, and sending). However, I decided to setup mutt on the server for checking email quickly via SSH. I have been able to setup mutt to check my mail via imap, but have been unable to get it to send mail. While trying to send an email I have had tail running on the mail.log and found that postfix is not even registering that mutt is trying to send.
How do I go about setting up mutt to send mail using postfix?
I have spent the last week reading different how to's and forum threads, and can't get it to work.
Last edited by carrot (2009-04-02 22:01:36)

I have 2 .muttrc files for my two email accounts, which I then specify when opening mutt. Both are setup the same, other than the account details. Here is my smtp related lines from one of my .muttrc files:
set record = "+SENT"
set postponed = "+.Drafts"
set smtp_url = "smtp://localhost:25"
set sendmail = "/usr/sbin/sendmail -oem -oi"
set reply_to = yes

[Solved] Postfixadmin, can't run setup.php

First time for me to try setting up any server stuff with arch, so forgive if I come across as clueless
The story is I followed this page from the arch wiki: https://wiki.archlinux.org/index.php/SO … #SMTP-AUTH to setup postfix, dovecot and postfixadmin (without smtp-auth as I have to use my isp's server for outgoing mail) and have a few issues but I think the first place I need to start is postfixadmin. Haven't been able to get it to run the setup.php file which as far a I can see will create the mysql tables mapped in postfix's main.cf file
When I try running http://mydomain/postfixadmin/setup.php I get this error:
Please edit config.inc.php - change $CONF['configured'] to true after setting your database settings
In my /srv/http/postfixadmin/config_inc.php file I have already set this like so:
$CONF['configured'] = true;
I'm thinking maybe I did something wrong in the config_inc.php file, I'm able to use phpmyadmin so I don't think it's an issue with my apache/php installation, here's my full /srv/http/postfixadmin/config_inc.php file in case anyone can spot anything:
<?php
* You have to set $CONF['configured'] = true; before the application will run!
$CONF['configured'] = true;
// In order to setup Postfixadmin, you MUST specify a hashed password here.
// To create the hash, visit setup.php in a browser and type a password into the field,
// on submission it will be echoed out to you as a hashed value.
$CONF['setup_password'] = '';
// Postfix Admin Path
$CONF['postfix_admin_url'] = '[url]http://mydomain.com/postfixadmin[/url]';
// shouldn't need changing.
$CONF['postfix_admin_path'] = dirname(__FILE__);
$CONF['default_language'] = 'en';
// Database Config
// mysql = MySQL 3.23 and 4.0, 4.1 or 5
// mysqli = MySQL 4.1+
// pgsql = PostgreSQL
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'my_db_user';
$CONF['database_password'] = 'my_db_password';
$CONF['database_name'] = 'postfix';
// If you need to specify a different port for a MYSQL database connection, use e.g.
// $CONF['database_host'] = '172.30.33.66:3308';
// Here, if you need, you can customize table names.
$CONF['database_prefix'] = '';
$CONF['database_tables'] = array (
'admin' => 'admin',
'alias' => 'alias',
'alias_domain' => 'alias_domain',
'config' => 'config',
'domain' => 'domain',
'domain_admins' => 'domain_admins',
'fetchmail' => 'fetchmail',
'log' => 'log',
'mailbox' => 'mailbox',
'vacation' => 'vacation',
'vacation_notification' => 'vacation_notification',
'quota' => 'quota',
'quota2' => 'quota2',
// Site Admin
// Define the Site Admins email address below.
// This will be used to send emails from to create mailboxes.
$CONF['admin_email'] = '[email protected]';
// Mail Server
// Hostname (FQDN) of your mail server.
// This is used to send email to Postfix in order to create mailboxes.
$CONF['smtp_server'] = 'localhost';
$CONF['smtp_server'] = 'mydomain.com';
$CONF['smtp_port'] = '25';
// Encrypt
// In what way do you want the passwords to be crypted?
// md5crypt = internal postfix admin md5
// md5 = md5 sum of the password
// system = whatever you have set as your PHP system default
// cleartext = clear text passwords (ouch!)
// mysql_encrypt = useful for PAM integration
// authlib = support for courier-authlib style passwords
// dovecot:CRYPT-METHOD = use dovecotpw -s 'CRYPT-METHOD'. Example: dovecot:CRAM-MD5
$CONF['encrypt'] = 'md5crypt';
// In what flavor should courier-authlib style passwords be enrypted?
// md5 = {md5} + base64 encoded md5 hash
// md5raw = {md5raw} + plain encoded md5 hash
// SHA = {SHA} + base64-encoded sha1 hash
// crypt = {crypt} + Standard UNIX DES-enrypted with 2-character salt
$CONF['authlib_default_flavor'] = 'md5raw';
// If you use the dovecot encryption method: where is the dovecotpw binary located?
$CONF['dovecotpw'] = "/usr/sbin/dovecotpw";
// Minimum length required for passwords. Postfixadmin will not
// allow users to set passwords which are shorter than this value.
$CONF['min_password_length'] = 5;
// Generate Password
// Generate a random password for a mailbox or admin and display it.
// If you want to automagically generate paswords set this to 'YES'.
$CONF['generate_password'] = 'NO';
// Show Password
// Always show password after adding a mailbox or admin.
// If you want to always see what password was set set this to 'YES'.
$CONF['show_password'] = 'NO';
// Page Size
// Set the number of entries that you would like to see
// in one page.
$CONF['page_size'] = '10';
// Default Aliases
// The default aliases that need to be created for all domains.
$CONF['default_aliases'] = array (
'abuse' => '[email protected]',
'hostmaster' => '[email protected]',
'postmaster' => '[email protected]',
'webmaster' => '[email protected]'
// Mailboxes
// If you want to store the mailboxes per domain set this to 'YES'.
// Examples:
// YES: /usr/local/virtual/domain.tld/[email protected]
// NO: /usr/local/virtual/[email protected]
$CONF['domain_path'] = 'NO';
// If you don't want to have the domain in your mailbox set this to 'NO'.
// Examples:
// YES: /usr/local/virtual/domain.tld/[email protected]
// NO: /usr/local/virtual/domain.tld/username
// Note: If $CONF['domain_path'] is set to NO, this setting will be forced to YES.
$CONF['domain_in_mailbox'] = 'YES';
// If you want to define your own function to generate a maildir path set this to the name of the function.
// Notes:
// - this configuration directive will override both domain_path and domain_in_mailbox
// - the maildir_name_hook() function example is present below, commented out
// - if the function does not exist the program will default to the above domain_path and domain_in_mailbox settings
$CONF['maildir_name_hook'] = 'NO';
maildir_name_hook example function
Called by create-mailbox.php if $CONF['maildir_name_hook'] == '<name_of_the_function>'
- allows for customized maildir paths determined by a custom function
- the example below will prepend a single-character directory to the
beginning of the maildir, splitting domains more or less evenly over
36 directories for improved filesystem performance with large numbers
of domains.
Returns: maildir path
ie. I/example.com/user/
function maildir_name_hook($domain, $user) {
$chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
$dir_index = hexdec(substr(md5($domain), 28)) % strlen($chars);
$dir = substr($chars, $dir_index, 1);
return sprintf("%s/%s/%s/", $dir, $domain, $user);
// Default Domain Values
// Specify your default values below. Quota in MB.
$CONF['aliases'] = '10';
$CONF['mailboxes'] = '10';
$CONF['maxquota'] = '10';
// Quota
// When you want to enforce quota for your mailbox users set this to 'YES'.
$CONF['quota'] = 'NO';
// You can either use '1024000' or '1048576'
$CONF['quota_multiplier'] = '1024000';
// Transport
// If you want to define additional transport options for a domain set this to 'YES'.
// Read the transport file of the Postfix documentation.
$CONF['transport'] = 'NO';
// Transport options
// If you want to define additional transport options put them in array below.
$CONF['transport_options'] = array (
'virtual', // for virtual accounts
'local', // for system accounts
'relay' // for backup mx
// Transport default
// You should define default transport. It must be in array above.
$CONF['transport_default'] = 'virtual';
// Virtual Vacation
// If you want to use virtual vacation for you mailbox users set this to 'YES'.
// NOTE: Make sure that you install the vacation module. (See VIRTUAL-VACATION/)
$CONF['vacation'] = 'NO';
// This is the autoreply domain that you will need to set in your Postfix
// transport maps to handle virtual vacations. It does not need to be a
// real domain (i.e. you don't need to setup DNS for it).
$CONF['vacation_domain'] = 'autoreply.change-this-to-your.domain.tld';
// Vacation Control
// If you want users to take control of vacation set this to 'YES'.
$CONF['vacation_control'] ='YES';
// Vacation Control for admins
// Set to 'YES' if your domain admins should be able to edit user vacation.
$CONF['vacation_control_admin'] = 'YES';
// Alias Control
// Postfix Admin inserts an alias in the alias table for every mailbox it creates.
// The reason for this is that when you want catch-all and normal mailboxes
// to work you need to have the mailbox replicated in the alias table.
// If you want to take control of these aliases as well set this to 'YES'.
// Alias control for superadmins
$CONF['alias_control'] = 'NO';
// Alias Control for domain admins
$CONF['alias_control_admin'] = 'NO';
// Special Alias Control
// Set to 'NO' if your domain admins shouldn't be able to edit the default aliases
// as defined in $CONF['default_aliases']
$CONF['special_alias_control'] = 'NO';
// Alias Goto Field Limit
// Set the max number of entries that you would like to see
// in one 'goto' field in overview, the rest will be hidden and "[and X more...]" will be added.
// '0' means no limits.
$CONF['alias_goto_limit'] = '0';
// Alias Domains
// Alias domains allow to "mirror" aliases and mailboxes to another domain. This makes
// configuration easier if you need the same set of aliases on multiple domains, but
// also requires postfix to do more database queries.
// Note: If you update from 2.2.x or earlier, you will have to update your postfix configuration.
// Set to 'NO' to disable alias domains.
$CONF['alias_domain'] = 'YES';
// Backup
// If you don't want backup tab set this to 'NO';
$CONF['backup'] = 'YES';
// Send Mail
// If you don't want sendmail tab set this to 'NO';
$CONF['sendmail'] = 'YES';
// Logging
// If you don't want logging set this to 'NO';
$CONF['logging'] = 'YES';
// Fetchmail
// If you don't want fetchmail tab set this to 'NO';
$CONF['fetchmail'] = 'YES';
// fetchmail_extra_options allows users to specify any fetchmail options and any MDA
// (it will even accept 'rm -rf /' as MDA!)
// This should be set to NO, except if you *really* trust *all* your users.
$CONF['fetchmail_extra_options'] = 'NO';
// Header
$CONF['show_header_text'] = 'NO';
$CONF['header_text'] = ':: Postfix Admin ::';
// link to display under 'Main' menu when logged in as a user.
$CONF['user_footer_link'] = "[url]http://change-this-to-your.domain.tld/main[/url]";
// link to display under 'Main' menu when logged in as a user.
$CONF['user_footer_link'] = "[url]http://change-this-to-your.domain.tld/main[/url]";
// Footer
// Below information will be on all pages.
// If you don't want the footer information to appear set this to 'NO'.
$CONF['show_footer_text'] = 'YES';
$CONF['footer_text'] = 'Return to change-this-to-your.domain.tld';
$CONF['footer_link'] = '[url]http://change-this-to-your.domain.tld[/url]';
// Welcome Message
// This message is send to every newly created mailbox.
// Change the text between EOM.
$CONF['welcome_text'] = <<<EOM
Hi,
Welcome to your new account.
EOM;
// When creating mailboxes or aliases, check that the domain-part of the
// address is legal by performing a name server look-up.
$CONF['emailcheck_resolve_domain']='YES';
// Optional:
// color names available on most browsers
//set to YES to enable this feature
$CONF['show_status']='YES';
//display a guide to what these colors mean
$CONF['show_status_key']='YES';
// 'show_status_text' will be displayed with the background colors
// associated with each status, you can customize it here
$CONF['show_status_text']='  ';
// show_undeliverable is useful if most accounts are delivered to this
// postfix system. If many aliases and mailboxes are forwarded
// elsewhere, you will probably want to disable this.
$CONF['show_undeliverable']='NO';
$CONF['show_undeliverable_color']='tomato';
// mails to these domains will never be flagged as undeliverable
$CONF['show_undeliverable_exceptions']=array("unixmail.domain.ext","exchangeserver.domain.ext","gmail.com");
$CONF['show_popimap']='NO';
$CONF['show_popimap_color']='darkgrey';
// you can assign special colors to some domains. To do this,
// - add the domain to show_custom_domains
// - add the corresponding color to show_custom_colors
$CONF['show_custom_domains']=array("subdomain.domain.ext","domain2.ext");
$CONF['show_custom_colors']=array("lightgreen","lightblue");
// If you use a recipient_delimiter in your postfix config, you can also honor it when aliases are checked.
// Example: $CONF['recipient_delimiter'] = "+";
// Set to "" to disable this check.
$CONF['recipient_delimiter'] = "";
// Optional:
// Script to run after creation of mailboxes.
// Note that this may fail if PHP is run in "safe mode", or if
// operating system features (such as SELinux) or limitations
// prevent the web-server from executing external scripts.
// Parameters: (1) username (2) domain (3) maildir (4) quota
// $CONF['mailbox_postcreation_script']='sudo -u courier /usr/local/bin/postfixadmin-mailbox-postcreation.sh';
// Optional:
// Script to run after alteration of mailboxes.
// Note that this may fail if PHP is run in "safe mode", or if
// operating system features (such as SELinux) or limitations
// prevent the web-server from executing external scripts.
// Parameters: (1) username (2) domain (3) maildir (4) quota
// $CONF['mailbox_postedit_script']='sudo -u courier /usr/local/bin/postfixadmin-mailbox-postedit.sh';
// Optional:
// Script to run after deletion of mailboxes.
// Note that this may fail if PHP is run in "safe mode", or if
// operating system features (such as SELinux) or limitations
// prevent the web-server from executing external scripts.
// Parameters: (1) username (2) domain
// $CONF['mailbox_postdeletion_script']='sudo -u courier /usr/local/bin/postfixadmin-mailbox-postdeletion.sh';
// Optional:
// Script to run after creation of domains.
// Note that this may fail if PHP is run in "safe mode", or if
// operating system features (such as SELinux) or limitations
// prevent the web-server from executing external scripts.
// Parameters: (1) domain
//$CONF['domain_postcreation_script']='sudo -u courier /usr/local/bin/postfixadmin-domain-postcreation.sh';
// Optional:
// Script to run after deletion of domains.
// Note that this may fail if PHP is run in "safe mode", or if
// operating system features (such as SELinux) or limitations
// prevent the web-server from executing external scripts.
// Parameters: (1) domain
// $CONF['domain_postdeletion_script']='sudo -u courier /usr/local/bin/postfixadmin-domain-postdeletion.sh';
// Optional:
// Sub-folders which should automatically be created for new users.
// The sub-folders will also be subscribed to automatically.
// Will only work with IMAP server which implement sub-folders.
// Will not work with POP3.
// If you define create_mailbox_subdirs, then the
// create_mailbox_subdirs_host must also be defined.
// $CONF['create_mailbox_subdirs']=array('Spam');
// $CONF['create_mailbox_subdirs_host']='localhost';
// Specify '' for Dovecot and 'INBOX.' for Courier.
$CONF['create_mailbox_subdirs_prefix']='INBOX.';
// Optional:
// Show used quotas from Dovecot dictionary backend in virtual
// mailbox listing.
// See: DOCUMENTATION/DOVECOT.txt
// [url]http://wiki.dovecot.org/Quota/Dict[/url]
$CONF['used_quotas'] = 'NO';
// if you use dovecot >= 1.2, set this to yes.
// Note about dovecot config: table "quota" is for 1.0 & 1.1, table "quota2" is for dovecot 1.2 and newer
$CONF['new_quota_table'] = 'NO';
// Normally, the TCP port number does not have to be specified.
// $CONF['create_mailbox_subdirs_hostport']=143;
// If you have trouble connecting to the IMAP-server, then specify
// a value for $CONF['create_mailbox_subdirs_hostoptions']. These
// are some examples to experiment with:
// $CONF['create_mailbox_subdirs_hostoptions']=array('notls');
// $CONF['create_mailbox_subdirs_hostoptions']=array('novalidate-cert','norsh');
// See also the "Optional flags for names" table at
// [url]http://www.php.net/manual/en/function.imap-open.php[/url]
// Theme Config
// Specify your own logo and CSS file
$CONF['theme_logo'] = 'images/logo-default.png';
$CONF['theme_css'] = 'css/default.css';
// XMLRPC Interface.
// This should be only of use if you wish to use e.g the
// Postfixadmin-Squirrelmail package
// change to boolean true to enable xmlrpc
$CONF['xmlrpc_enabled'] = false;
// If you want to keep most settings at default values and/or want to ensure
// that future updates work without problems, you can use a separate config
// file (config.local.php) instead of editing this file and override some
// settings there.
if (file_exists(dirname(__FILE__) . '/config.local.php')) {
include(dirname(__FILE__) . '/config.local.php');
// END OF CONFIG FILE
/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
Any suggestions on what I can try to get postfixadmin's setup.php to run will be much appreciated
Last edited by Ecky (2012-09-14 23:23:24)

Just worked out I had an errant dns sending me to a postfixadmin on another machine which I'd never used ... god do I feel stupid!
Now that the url is sendng me to the correct machine (and copy of postfixadmin) I'm getting a 403 permissions errors when I try to open setup.php, the config.inc.php I posted btw is the correct one
When following the arch wiki page I put a symlink called postfixadmin in /srv/http which points to /usr/share/webapps/postfixAdmin and then followed this part of the wiki to set permissions:
chown -R nobody:nobody /home/httpd/html/postfixadmin-2.1.0/
cd /home/httpd/html/postfixadmin/
chmod 640 *.php
cd /home/httpd/html/postfixadmin/admin/
chmod 640 *.php
cd /home/httpd/html/postfixadmin/images/
chmod 640 *.png
cd /home/httpd/html/postfixadmin/languages/
chmod 640 *.lang
cd /home/httpd/html/postfixadmin/templates/
chmod 640 *.php
cd /home/httpd/html/postfixadmin/users/
chmod 640 *.php
That's directly from the wiki, obviously in my case I changed the paths from /home/httpd/html to /srv//http so as to reflect my setup. Assuming the permissions on the wiki are correct I don't know why I get the 403 error when I try opening the setup.php file
Access forbidden!
You don't have permission to access the requested object. It is either read-protected or not readable by the server.
If you think this is a server error, please contact the webmaster.
Error 403
Any ideas?
Last edited by Ecky (2012-09-14 11:39:52)

IPad can't connect to Lion mailserver

Hi all,
Yesterday I did a clean install of OS X Lion on my Mac Pro and installed Lion Server with it. Today I had time to setup the mailserver and everything went suprisingly easy.
I have set up the profile manager and mail (no SSL) and the Mail application on the Mac Pro was able to send and receive mail. The MacBook Pro from work was also able to send and receive using Mozilla Thunderbird, which was even easier to configure than Apple Mail. So far so good.
The problems started when connecting my iPad to the mailserver. Setup was a breeze and went without a hiccup (except for complaining about using no SSL). After confirming I really did not want to use SSL, it immediately started receiving mail, so everyting seemed ok. But when I try to send a mail from my iPad, it says sending mail for about 30 seconds and then gives a warning it failed to send the mail. After trying several options for security and all, I went to have a look in the server logs and they give me this:
24-07-11 17:06:32,832 postfix/postscreen: CONNECT from [xx.xx.xx.xx]:47137
24-07-11 17:06:32,832 postfix/postscreen: PASS OLD [xx.xx.xx.xx]:47137
24-07-11 17:06:32,833 postfix/smtpd: connect from xxxxxxx.upc-g.chello.nl[xx.xx.xx.xx]
24-07-11 17:07:03,192 postfix/smtpd: lost connection after UNKNOWN from xxxxxxx.upc-g.chello.nl[xx.xx.xx.xx]
24-07-11 17:07:03,192 postfix/smtpd: disconnect from xxxxxxx.upc-g.chello.nl[xx.xx.xx.xx]
24-07-11 17:07:03,197 postfix/postscreen: CONNECT from [xx.xx.xx.xx]:36506
24-07-11 17:07:03,197 postfix/postscreen: PASS OLD [xx.xx.xx.xx]:36506
24-07-11 17:07:03,199 postfix/smtpd: connect from xxxxxxx.upc-g.chello.nl[xx.xx.xx.xx]
24-07-11 17:07:33,604 postfix/smtpd: lost connection after UNKNOWN from xxxxxxx.upc-g.chello.nl[xx.xx.xx.xx]
24-07-11 17:07:33,604 postfix/smtpd: disconnect from xxxxxxx.upc-g.chello.nl[xx.xx.xx.xx]
Basically the iPad is connecting two times and both times it seems to send an invalid/unknown command (UNKNOWN), after which it drops connection.
How is this possible, why is one Apple product not able to talk to another? Does anyone know what is wrong? I'm just running a complete clean setup, I did not mess around in the postfix config files, so all settings done are done from the Server application downloaded from the AppStore.
Some info about versions:
Mac Pro: OS X 10.7 Lion with server
iPad: iOS 4.3.4
Thanks in advance!
Michael

Ok, nervermind... seems the iPad still tried to connect using SSL, even though in the setup of the mailaccount I clicked No SSL 2 times...

Mailserver

Is there someone who can make me a package - to get an mailserver to work...
I have now for 2month tried to get postfix/courier-imap to work
And also postfix/dovecot to work...
I would like to get it to work along with mysql, so that I easely can put in new persons - with virtual users ???
Hope that someone can help me with this one....
I cant get it to work and tried selveral times i the forums - But not the answers that helps me i a way..
THX

Slightly offtopic, because it doesn't solve the problem directly:
Did you follow the Wiki on the Postfix how to on the Wiki?
http://wiki.archlinux.org/index.php/PostFix_Howto
If it has to be mysql I have no idea except for the above howto...
If you just need a virtual user configuration, then maybe you can go with the hula-project
It's based on the from Novell... I use it and like it so far, the stability has it's up's and down... So if you need something rock-stable then hula is not for you. (pacman -S hula, if community is enabled)
HTH

[Solved] Dovecot imap-login fails

I have been working on this for hours and I have little idea what is wrong. I have dovecot setup to authenticate via PAM. I am sure that the PAM authentication is correct as a wrong password returns a bad auth error. However, when the initial authentication happens it feels like PAM isn't returning my UID.
Config:
protocols = imap
mail_location = maildir:~/.mail
passdb {
driver = pam
#<DEBUG>
args = failure_show_msg=yes dovecot
#</DEBUG>
ssl = required
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:HIGH
#<DEBUG>
auth_verbose=yes
auth_debug=yes
#</DEBUG>
Error:
Apr 30 21:43:39 example.org dovecot[20497]: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Apr 30 21:43:39 example.org dovecot[20497]: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat
Apr 30 21:43:39 example.org dovecot[20497]: auth: Debug: auth client connected (pid=20500)
Apr 30 21:43:40 example.org dovecot[20497]: auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=gbQRcUn41gDH1CFX lip=192.168.1.1 rip=172.16.1.1 lport=993 rport=35286 resp=<hidden>
Apr 30 21:43:40 example.org dovecot[20497]: auth-worker(20503): Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Apr 30 21:43:40 example.org dovecot[20497]: auth-worker(20503): Debug: pam(myusername,172.16.1.1): lookup service=dovecot
Apr 30 21:43:40 example.org dovecot[20497]: auth-worker(20503): Debug: pam(myusername,172.16.1.1): #1/1 style=1 msg=Password:
Apr 30 21:43:40 example.org dovecot[20497]: auth: Debug: client passdb out: OK 1 user=myusername
Apr 30 21:43:40 example.org dovecot[20497]: auth: Debug: master in: REQUEST 158597121 20500 1 8026dcae28bb986805dfea459a9879da session_pid=20504 request_auth_token
Apr 30 21:43:40 example.org dovecot[20497]: auth: Debug: master userdb out: USER 158597121 myusername auth_token=de32f97064bc1c4215b205d41ad36fd9eb8d466a
Apr 30 21:43:40 example.org dovecot[20497]: imap-login: Login: user=<myusername>, method=PLAIN, rip=172.16.1.1, lip=192.168.1.1, mpid=20504, TLS, session=<gbQRcUn41gDH1CFX>
Apr 30 21:43:40 example.org dovecot[20497]: imap(keller): Error: user myusername: Couldn't drop privileges: User is missing UID (see mail_uid setting)
Apr 30 21:43:40 example.org dovecot[20497]: imap(keller): Error: Internal error occurred. Refer to server log for more information.
/ect/pam.d/dovecot
auth required pam_unix.so nullok
account required pam_unix.so
Solution: Authentication is not authorization! I didn't have a userdb setup.
Added to /ect/dovecot/dovecot.conf
userdb {
driver = passwd
Last edited by Nycroth (2014-04-30 22:34:45)

ok, what a pain, login is CASE-SENSITIVE ! So take care what username you take!
hope it helps someone else....
It can also throw strange numbers and letters when trying to login!
best
Hartmut

Does lion server dovecot have the equivalent of the "mail_location = mbox:~/IMAP:INBOX=/var/mail/%u" setting.

I have a lot of legacy users migrating from unix/linux that use the old setting for folders for holding their imap mail. The new way of storing mail doesn't allow containers for folders, and I can't think of an easy way to convert a gigabyte or so of old mail that's on the old Linux server running dovecot.

Update for Mavericks-
I don't know if this is totally accurate, but it worked. After upgrading to Mavericks, the previous setup above disappeared. Something in the Dovecot setup is different now, and these changes brought it back.
edit files have moved to /Library/Server/Mail/Config/dovecot/conf.d/
do the same edits as outlined above except for the last one- 10-mail.conf
The Namespace sections have changed. Using the above reference, I made these changes. **Uncomment means to remove the # from the first of the line.
namespace inbox {
**uncomment type = private
**uncomment separator = ^ (add this character)
**uncomment prefix =
In the next two sections (shared namespaces) change the prefix lines to match the separator ^ (you're replacing the periods with the new delimiter.) Mavericks activates these namespaces by default- I don't know what they do. It won't work unless you make them match.
namespace acl-mailboxes {
prefix = shared^%%u^
namespace list-archives {
prefix = archives^%%u^
Stop and restart mail service and all is back to the way it was.

Postfix/smtp[8437] Operation timed out can't send mail to 1 address

server 10.4.5 running mail, filesharing and website.
The mail server has been up for months working fawlessly. We have one address (domain) where we can't send mail, and users at that address can't send us mail.
All other mail functions on both ends seem to be functioning fine.
They seem to be running exchange as a mail server, but i don't have other details from their side. DNS/MX records all look like you would expect.
This has me stumped.
i turned debug level loging on and got the following smtp message written to the log when i tried to mail to an address at that domain.
Feb 23 20:45:10 fileserver postfix/smtp[8437]: 775401AFD61: to=<[email protected]>, relay=none, delay=31, status=deferred (connect to anhc-mail.anhc.org[24.237.2.213]: Operation timed out)

Yes, good luck to them.
relay=none
doesn't look so good.
Of course, a successful outgoing message should look something more like:
Apr 8 11:41:05 server postfix/smtp[2300]: F1D4D3B8A27: to=<[email protected]>, relay=mail.someobfuscatedserver.com[6x.20x.148.1x6], delay=5, status=sent (250 2.0.0 k38FYfDS023848 Message accepted for delivery)
I take it you can send to any/all other mail addresses (servers) ?
Here's a thought:
Some time ago, I had to edit the helo_checks config of postfix, for a windows mailserver because their AntiVirus was horribly mangling their outgoing mail, helo-ing as <fix-your-dns>.local
Point being that .local anything is not a viable tld for anything in the public realm, and certainly won't work with the rest of the world in terms of DNS.
That might be the work of Norton's break-it-for-you addon for Windows Exchange mailservers, not sure.
Please post the output of:
postconf -n
on your server,
and the mail.log file content when they try to send you an email (confirm via telephone and watch for it).

[postfix/dovecot] setup a mailserver

Similar Messages

Maybe you are looking for