Question
Migrating Exim4/Courier to Postfix/Dovecot; issues receiving mail/security.
Hi Everyone,
I’m trying to migrate an Exim4/Courier install to Postfix/Dovecot and I’m having a lot of trouble. I’ve read all of the DO guides, and plenty of others, but the differences in configuration files, commands, and setups, make it very difficult to migrate settings.
Here’s what I need to accomplish:
- Multiple domains
- Multiple email addresses
- Email forwarding
- User accounts
- Password authentication only through email and webmail over…
- TLS/SSL only
- Maildir format (I need to migrate emails from server A to server B, so I need to retain the directories.)
- SpamAssassin
- ClamAV on attachments
This is what I’ve done so far:
- Created two files: /etc/postfix/domains and /etc/postfix/virtual. The format for /etc/postfix/domains is simply each domain delimited by a new line. The format for /etc/postfix/virtual is each email address attached to a linux user account (hash format.)
- Basic postfix configuration changes (main.cf:)
home_mailbox = Maildir/
mailbox_command = /usr/lib/dovecot/deliver
mydestination = localhost, /etc/postfix/domains
virtual_alias_maps = hash:/etc/postfix/virtual
- Created new certificate to /etc/postfix/mail.key and /etc/postfix/mail.pem.
- Setup TLS:
smtpd_tls_cert_file=/etc/postfix/mail.pem
smtpd_tls_key_file=/etc/postfix/mail.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_auth_only = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = yes
smtp_tls_security_level = may
smtpd_helo_required = yes
- Restrictions:
smtpd_client_restrictions = reject_unknown_client_hostname, permit_sasl_authenticated
smtpd_helo_restrictions = reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_recipient_restrictions =permit_mynetworks, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_sasl_authenticated, reject_unauth_destination
smtpd_data_restrictions = reject_unauth_pipelining
(master.cf:)
Uncommented smtp and submission.
Now, as for dovecot, this is what I’ve setup so far:
/etc/dovecot/conf.d/10-mail.conf
mail_location = maildir:~/Maildir:LAYOUT=fs
/etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = yes
/etc/dovecot/conf.d/10-ssl.conf
ssl = required
ssl_cert = </etc/postfix/mail.pem
ssl_key = </etc/postfix/mail.key
Some helpful notes:
- There is no firewall installed yet, but I would like SMTP to send over 587 and IMAP over 993/143.
- The following commands output OK, and that there is a certificate:
openssl s_client -starttls smtp -crlf -connect localhost:587
openssl s_client -starttls -connect localhost:993
- Local mail relay works fine:
Jul 19 17:43:58 hostname postfix/pickup[2666]: BE5E440DAB: uid=0 from=<root>
Jul 19 17:43:58 hostname postfix/cleanup[2717]: BE5E440DAB: message-id=<20150719214358.BE5E440DAB@domain.com>
Jul 19 17:43:58 hostname postfix/qmgr[2667]: BE5E440DAB: from=<root@domain.com>, size=406, nrcpt=1 (queue active)
Jul 19 17:43:58 hostname dovecot: lda(user): msgid=<20150719214358.BE5E440DAB@domain.com>: saved mail to INBOX
Jul 19 17:43:58 hostname postfix/local[2719]: BE5E440DAB: to=<user@domain.com>, relay=local, delay=0.07, delays=0.03/0.01/0/0.03, dsn=2.0.0, status=sent (delivered to command: /usr/lib/dovecot/deliver)
- External mail does not:
Jul 19 17:45:53 hostname postfix/smtpd[2721]: connect from mail-ig0-f177.google.com[209.85.213.177]
Jul 19 17:45:53 hostname postfix/smtpd[2721]: warning: SASL: Connect to private/auth failed: No such file or directory
Jul 19 17:45:53 hostname postfix/smtpd[2721]: fatal: no SASL authentication mechanisms
==> /var/log/mail.err <==
Jul 19 17:45:53 hostname postfix/smtpd[2721]: fatal: no SASL authentication mechanisms
So I’m a bit confused:
- Why can’t I receive mail from outside sources?
- Why does Google attempt SMTP? Is that what is happening?
- Where do I set SASL authentication mechanisms?
- Does anyone have an idea, or a way that I could accomplish what I need to? I’m not new to linux, but I’m not well versed in mail server creation.
Any help would be appreciated. Thank you.
EDIT:
I have an update:
I followed this setup:
/etc/dovecot/conf.d/10-master.conf
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
Which now results in this error message from an email sent via gmail:
Jul 19 18:15:59 hostname postfix/postscreen[3881]: CONNECT from [209.85.213.171]:34912 to [localhost]:25
Jul 19 18:16:05 hostname postfix/postscreen[3881]: PASS NEW [209.85.213.171]:34912
Jul 19 18:16:05 hostname postfix/postscreen[3881]: warning: cannot connect to service private/smtpd: No such file or directory
Jul 19 18:16:06 hostname postfix/postscreen[3881]: PASS NEW [209.85.213.171]:34912
Jul 19 18:16:06 hostname postfix/postscreen[3881]: DISCONNECT [209.85.213.171]:3491
Jul 19 18:17:46 hostname postfix/postscreen[3881]: close database /var/lib/postfix/postscreen_cache.db: No such file or directory (possible Berkeley DB bug)
Even more confused, now. Sigh.
EDIT2:
Uncommenting smtpd in master.cf solved that problem. It appears to work, but I’ll now have to try imap and see about sending and receiving mail remotely.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×