DoveCot Virtual Mailboxes With MySql

2021-12-02 Thread postfix 
PLEASE HELP - Dovecot Virtual Mailboxes Using MySql

I have a thread detailing my problem with config here:
https://ubuntuforums.org/showthread.php?t=2469564

 

VPS Ubuntu 20.04 postfix 3.4.13 and dovecot 2.3.7.2

I've got multiple domains each having multiple emails.

I'm using Virtual Mailboxes and MySql.

My first domain: softlinksys.com has an MX pointing at mail.softlinksys.com.
You can easily verify it. The IP address shown on https://mxtoolbox.com/ is:
194.163.45.150
<https://mxtoolbox.com/SuperTool.aspx?action=mx%3asoftlinksys.com&run=toolpa
ge>  which is my VPS IP address.

 

I have a virtual_domains record in mysql with softlinksys.com as the domain.

I have an email address mail...@softlinksys.com
<mailto:mail...@softlinksys.com>  in virtual_users in mysql.

In the client app: Thunderbird the imap server is set as
mail.softlinksys.com

I can't connect that user to the mailbox from Thunderbird.

If I change the imap server in Thunderbird to softlinksys.com the mailbox
will connect

I can't send an email to mail...@softlinksys.com
<mailto:mail...@softlinksys.com> . It bounces whether MySql
virtual_domains.name = softlinksys.com or mail.softlinksys.com.

 

I've tried both softlinksys.com and mail.softlinksys.com in the database
record and in Thunderbird.

I just can't make it work.

PLEASE HELP! How can I resolve this problem?

 

Kristy Atkins

ViviData SaaS

Mailbox connection fails: Connection closed (No commands sent) Help please

2021-12-07 Thread postfix 
I would greatly appreciate help with this.

 

VPS ubuntu 20.04 postfix  3.4.13 dovecot 2.3.7.2

I'm trying to set up postfix with dovecot for virtual mailboxes using mysql

I have a database mailserver with tables virtual_domains, virtual_users &
virtual_aliases

Using postmap I've tested all connections and gotten correct responses (1,
1, smok...@sizzelicks.com <mailto:smok...@sizzelicks.com> )

 

I have a domain: sizzelicks.com and an email address smok...@sizzelicks.com
<mailto:smok...@sizzelicks.com> 

The password for the user is encrypted with sha512-CRYPT

My VPS IP is: 194.163.45.150

MX test from:
https://mxtoolbox.com/SuperTool.aspx?action=mx%3asizzelicks.com&run=toolpage

 

I set up a mailbox for smok...@sizzelicks.com
<mailto:smok...@sizzelicks.com>  in Thunderbird:

IMAP and SMTP server: mail.sizzelicks.com

IMAP port: 993 SMTP port: 587

IMAP connection security: SSL/TLS

SMTP connection security: STARTTLS

 

When I try to connect to the mailbox Thunderbird returns this:
server mail.sizzelicks.com has disconnected.

The server may have gone down or there may be a network problem.

 

mail.log

Dec 7 21:16:02 softlinksys dovecot: imap-login: Login: user=, method=PLAIN,
rip=67.8.3.170, lip=194.163.45.150, mpid=63115, TLS, session=
Dec 7 21:16:02 softlinksys dovecot: imap(smok...@sizzelicks.com)<63115>:
Connection closed (No commands sent) in=0 out=388 deleted=0 expunged=0
trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
Dec 7 21:16:04 softlinksys dovecot: imap-login: Login: user=, method=PLAIN,
rip=67.8.3.170, lip=194.163.45.150, mpid=63117, TLS, session=
Dec 7 21:16:04 softlinksys dovecot: imap(smok...@sizzelicks.com)<63117>:
Connection closed (No commands sent) in=0 out=388 deleted=0 expunged=0
trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0

 

 

Dovecot -n

# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf

# Pigeonhole version 0.5.7.2 ()

# OS: Linux 5.4.0 x86_64 Ubuntu 20.04.3 LTS ext4

# Hostname: softlinksys.com

auth_mechanisms = plain login

mail_location = maildir:/var/mail/vhosts/%d/%n

mail_privileged_group = mail

namespace inbox {

  inbox = yes

  location =

  mailbox Drafts {

special_use = \Drafts

  }

  mailbox Junk {

special_use = \Junk

  }

  mailbox Sent {

special_use = \Sent

  }

 mailbox "Sent Messages" {

special_use = \Sent

  }

  mailbox Trash {

special_use = \Trash

  }

  prefix =

}

passdb {

  driver = pam

}

passdb {

  args = /etc/dovecot/dovecot-sql.conf.ext

  driver = sql

}

postmaster_address = postmaster at aecperformance.com

protocols = imap pop3 lmtp

service auth-worker {

  user = vmail

}

service auth {

  unix_listener /var/spool/postfix/private/auth {

group = postfix

mode = 0666

user = postfix

  }

  unix_listener auth-userdb {

mode = 0600

user = vmail

  }

  user = dovecot

}

service imap-login {

  inet_listener imap {

port = 0

  }

  inet_listener imaps {

port = 993

ssl = yes

  }

}

service lmtp {

  unix_listener /var/spool/postfix/private/dovecot-lmtp {

group = postfix

mode = 0600

user = postfix

  }

}

service pop3-login {

  inet_listener pop3 {

port = 0

  }

  inet_listener pop3s {

port = 995

ssl = yes

  }

}

ssl = required

ssl_cert =

RE: Mailbox connection fails: Connection closed (No commands sent) Help please

2021-12-08 Thread postfix 
Thanks for your help.

I was able to 'confirm' the certificate in Thunderbird.

 

I looked at the certificate in Thunderbird. As I knew, it is a chain of 
multiple domains, all set up on our VPS.

Under Issuer Name it says: Common NameR3

It appears that I'm able to connect to the mailbox now but I can’t receive or 
send email.

Thunderbird says:
Wrong Site The certificate belongs to a different site, which could mean that 
someone is trying to impersonate this site.

In Thunderbird I can  Confirm Security Exception  but I’d much rather fix the 
problem.

 

The certificate is for a 'chain' of domains, 5 as of now, with the primary 
domain being aecperformance.com (not sizzelicks.com).

The certificate as shown in Thunderbird says: Common Nameaecperformance.com

The certificate does show a list of all the domains in the chain.

 

Our VPS hosts multiple domains (5 right now) all of which receive and send 
email.

The websites on the VPS all work fine under ssl using the same certificate 
chain set up in postfix/dovecot config.

 

When I install postfix and dovecot the configuration includes paths for 1 
certificate.

The certificate files I have set in postfix & dovecot config are the 
letsencrypt files for the websites.

 

How should I set up the certificates for the domains that postfix/dovecot 
handles?

How can I fix the problem Thunderbird is having with the certificate chain of 
multiple domains?

 

 

-Original Message-
From: dovecot  On Behalf Of Robert L Mathews
Sent: Tuesday, December 7, 2021 7:46 PM
To: dovecot@dovecot.org
Subject: Re: Mailbox connection fails: Connection closed (No commands sent) 
Help please

 

On 12/7/21 2:49 PM, Alexander Dalloz wrote:

 

> Use a not expired certificate.

> 

> $ openssl s_client -connect 194.163.45.150:993

> CONNECTED(0003)

> depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3 verify 

> error:num=10:certificate has expired notAfter=Sep 30 14:01:15 2021 GMT

 

That error's happening because you (Alexander) are using an old openssl version 
that has the problem described on:

 

   <https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/> 
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/

 

That's not the problem that the original poster is having unless Thunderbird 
also has the same problem, which it may; see:

 

 
<https://community.letsencrypt.org/t/note-regarding-transition-to-r3-intermediate-with-firefox-or-thunderbird/140049>
 
https://community.letsencrypt.org/t/note-regarding-transition-to-r3-intermediate-with-firefox-or-thunderbird/140049

 

 
<https://www.arcanoae.com/adding-lets-encrypts-new-root-and-intermediate-certificates-to-mozilla-applications/>
 
https://www.arcanoae.com/adding-lets-encrypts-new-root-and-intermediate-certificates-to-mozilla-applications/

 

In any case, this works fine with OpenSSL 1.1 or later:

 

  $ openssl s_client -connect mail.sizzelicks.com:993

  ...

  * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE 

LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready.

 

--

Robert L Mathews, Tiger Technologies,  <http://www.tigertech.net/> 
http://www.tigertech.net/

RE: Mailbox connection fails: Connection closed (No commands sent) Help please

2021-12-08 Thread postfix 
I could really use some help here please.

VPS Ubuntu 20.04 postfix 3.4.13 and dovecot 2.3.7.2

I have an email address: smok...@sizzelicks.com <mailto:smok...@sizzelicks.com> 
 on the VPS.

 

When I try to log into the smok...@sizzelicks.com 
<mailto:smok...@sizzelicks.com>  mailbox from Thunderbird I see that it's 
connected but then get a message saying the server disconnected saying:

"The server may have gone down or there may have been an network problem"

 

When I look at syslog on the VPS I see this:

Dec  8 23:03:34 softlinksys dovecot: imap-login: Login: 
user=,

Dec  8 23:03:34 softlinksys dovecot: 
imap(smok...@sizzelicks.com)<4981>: Connection closed (No 
commands sent)

 

When a spammer tried to log in (s.peters...@softlinksys.com 
<mailto:s.peters...@softlinksys.com>  not our email address) the log shows this:

Dec  8 23:16:51 softlinksys dovecot: imap-login: Disconnected (auth failed, 1 
attempts in 4 secs): user=mailto:s.peters...@softlinksys.com> >

 

So I see the difference: imap-login: Login: user=mailto:smok...@sizzelicks.com> > and : imap-login: Disconnected (auth failed 
...

 

Clearly, I'm successfully logging into the mailbox - yes?

BUT - immediately afterward the server disconnects with 'No commands sent'. 

It looks to me like dovecot expects 'commands' that Thunderbird isn't sending. 
Is this correct?

Thunderbird queries for messages (or it's supposed to). The response & log is 
the same if I click ‘Get Messages’.

 

Also, I’ve sent numerous messages to smok...@sizzelicks.com 
<mailto:smok...@sizzelicks.com> . They do not bounce and I don’t get an email 
saying it couldn’t be delivered.

However, nothing is added to the logs from postfix about it.

 

Why is dovecot disconnecting?
How can I fix this problem?

 

-Original Message-
From: dovecot  On Behalf Of Alexander Dalloz
Sent: Wednesday, December 8, 2021 5:53 PM
To: dovecot@dovecot.org
Subject: Re: Mailbox connection fails: Connection closed (No commands sent) 
Help please

 

Am 08.12.2021 um 01:46 schrieb Robert L Mathews:

> On 12/7/21 2:49 PM, Alexander Dalloz wrote:

> 

>> Use a not expired certificate.

>> 

>> $ openssl s_client -connect 194.163.45.150:993

>> CONNECTED(0003)

>> depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3 verify 

>> error:num=10:certificate has expired notAfter=Sep 30 14:01:15 2021 

>> GMT

> 

> That error's happening because you (Alexander) are using an old 

> openssl version that has the problem described on:

> 

>   

>  <https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire> 
> https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire

> /

> 

> That's not the problem that the original poster is having unless 

> Thunderbird also has the same problem, which it may; see:

> 

> 

>  <https://community.letsencrypt.org/t/note-regarding-transition-to-r3-in> 
> https://community.letsencrypt.org/t/note-regarding-transition-to-r3-in

> termediate-with-firefox-or-thunderbird/140049

> 

> 

> 

>  <https://www.arcanoae.com/adding-lets-encrypts-new-root-and-intermediat> 
> https://www.arcanoae.com/adding-lets-encrypts-new-root-and-intermediat

> e-certificates-to-mozilla-applications/

> 

> 

> In any case, this works fine with OpenSSL 1.1 or later:

> 

>   $ openssl s_client -connect mail.sizzelicks.com:993

>   ...

>   * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE

> LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready.

> 

 

Confirmed, my fault.

 

# openssl s_client -connect 194.163.45.150:993

CONNECTED(0003)

Can't use SSL_get_servername

depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify 
return:1

depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1

depth=0 CN = aecperformance.com

verify return:1

---

Certificate chain

  0 s:CN = aecperformance.com

i:C = US, O = Let's Encrypt, CN = R3

  1 s:C = US, O = Let's Encrypt, CN = R3

i:C = US, O = Internet Security Research Group, CN = ISRG Root X1

  2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1

i:O = Digital Signature Trust Co., CN = DST Root CA X3

 

Alexander

RE: Mailbox connection fails: Connection closed (No commands sent) Help please

2021-12-08 Thread postfix 
OK I'm confused. It looks like I'm connected to the mailbox but when I try to 
'Get Messages' now it says that the server has disconnected.

In the mail.log file I see this (again):

Dec 8 12:55:43 softlinksys dovecot: imap-login: Login: user=, method=PLAIN, 
rip=67.8.3.170, lip=194.163.45.150, mpid=67110, TLS, session=

Dec 8 12:55:43 softlinksys dovecot: imap-login: Login: user=, method=PLAIN, 
rip=67.8.3.170, lip=194.163.45.150, mpid=67111, TLS, session=

Dec 8 12:55:43 softlinksys dovecot: imap(smok...@sizzelicks.com)<67110>: 
Connection closed (No commands sent) in=0 out=387 deleted=0 expunged=0 
trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0

Dec 8 12:55:43 softlinksys dovecot: imap(smok...@sizzelicks.com)<67111>: 
Connection closed (No commands sent) in=0 out=388 deleted=0 expunged=0 
trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0

 

Please help me.

How can I fix this problem?

 

-Original Message-
From: dovecot  On Behalf Of Robert L Mathews
Sent: Tuesday, December 7, 2021 7:46 PM
To: dovecot@dovecot.org
Subject: Re: Mailbox connection fails: Connection closed (No commands sent) 
Help please

 

On 12/7/21 2:49 PM, Alexander Dalloz wrote:

 

> Use a not expired certificate.

> 

> $ openssl s_client -connect 194.163.45.150:993

> CONNECTED(0003)

> depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3 verify 

> error:num=10:certificate has expired notAfter=Sep 30 14:01:15 2021 GMT

 

That error's happening because you (Alexander) are using an old openssl version 
that has the problem described on:

 

    
https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/

 

That's not the problem that the original poster is having unless Thunderbird 
also has the same problem, which it may; see:

 

 

 
https://community.letsencrypt.org/t/note-regarding-transition-to-r3-intermediate-with-firefox-or-thunderbird/140049

 

 

 
https://www.arcanoae.com/adding-lets-encrypts-new-root-and-intermediate-certificates-to-mozilla-applications/

 

In any case, this works fine with OpenSSL 1.1 or later:

 

  $ openssl s_client -connect mail.sizzelicks.com:993

  ...

  * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE 

LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot (Ubuntu) ready.

 

--

Robert L Mathews, Tiger Technologies,   
http://www.tigertech.net/

RE: virtual mailbox domains??

2021-12-09 Thread postfix 
Thanks *so much* for all your help.

Another complete rebuild and I think I’ve finally got it.

I was able to log into mail.sizzelicks.com for smok...@sizzelicks.com 
<mailto:smok...@sizzelicks.com>  this time with no trouble.

I sent an email to smok...@sizzelicks.com <mailto:smok...@sizzelicks.com>  from 
a gmail account and was able to retrieve it in Thunderbird.

I replied to the gmail email and in gmail.com I got the response.

 

Now I can add email accounts to the database for any of our domains and they 
work!

I've added responses below.

 

-Original Message-
From: owner-postfix-us...@postfix.org  On 
Behalf Of raf
Sent: Thursday, December 9, 2021 1:07 AM
To: postfix-us...@postfix.org
Subject: Re: virtual mailbox domains??

 

On Tue, Dec 07, 2021 at 10:25:44AM -0500,  <mailto:post...@aecperformance.com> 
post...@aecperformance.com wrote:

 

> Sorry I sent this from the wrong email address.

> 

> VPS Ubuntu 20.04 postfix 3.4.13 and dovecot 2.3.7.2

> 

> I'm making progress but still not there.

> 

> Any help would be greatly appreciated.

> 

> I'm getting the errors:

> 

> warning: SASL: Connect to private/auth failed: Connection refused

> 

> fatal: no SASL authentication mechanisms

> 

>  

> 

> I have a param in main.cf: smtpd_sasl_path = private/auth

> 

> I do not have a folder /etc/postfix/private/auth

> 

> I do have a folder /etc/postfix/auth but nothing is in it.

> 

> How can I fix this error?

 

The reference to private/auth is referring to dovecot's authentication socket 
under postfix's chroot directory.

It's in /var/spool/postfix/private/auth, not /etc/postfix.

 

You have set that up in dovecot's config:

 

  service auth {

unix_listener /var/spool/postfix/private/auth {

  group = postfix

  mode = 0666

  user = postfix

}

unix_listener auth-userdb {

  mode = 0600

  user = vmail

    }

user = dovecot

  }

 

My version of that looks like:

 

  service auth {

unix_listener /var/spool/postfix/private/auth {

  mode = 0666

}

  }

 

So it looks like that should be OK.

Does /var/spool/postfix/private/auth exist?

Mine has root as owner/group. Yours should have postfix as owner/group. But 
that shouldn't matter as long as the mode is 0666.

I must of changed the mode to 0660 but per your suggestion I changed it to 
0666. Thanks.

Yes it does exist.

ls -l /var/spool/postfix/private/auth

srw-rw 1 postfix postfix 0 Dec  8 21:50 /var/spool/postfix/private/auth

 

 

If not, check dovecot's log messages for problems with it.

But I don't know what to look for. The dovecot mailing list folks might be more 
useful for that.

 

It should exist and be used by dovecot. If you have lsof installed, you can 
check that:

 

  > sudo lsof /var/spool/postfix/private/auth

  COMMAND PIDUSER   FD   TYPE DEVICE SIZE/OFF NODE NAME

  dovecot   17341root   53u  unix 0x8e43c69f7400  0t0 16873340 
/var/spool/postfix/private/auth type=STREAM

  auth1521507 dovecot   13u  unix 0x8e43c69f7400  0t0 16873340 
/var/spool/postfix/private/auth type=STREAM

  auth1521507 dovecot   21u  unix 0x8e43c417c800  0t0 69451443 
/var/spool/postfix/private/auth type=STREAM

  auth1521507 dovecot   22u  unix 0x8e43c9fc2400  0t0 69453124 
/var/spool/postfix/private/auth type=STREAM

 

sudo lsof /var/spool/postfix/private/auth

COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF   NODE NAME

dovecot 4550 root   58u  unix 0x  0t0 1305802532 
/var/spool/postfix/private/auth type=STREAM

 

Something else that might or might not be a (different) problem is that the TLS 
certificate at mail.sizzlelicks.com doesn't certify the domain 
mail.sizzlelicks.com. Its list of domains contains sizzelicks.com and  
<http://www.sizzelicks.com> www.sizzelicks.com but not mail.sizzelicks.com. 
That might cause problems with Thunderbird trying to connect for IMAPS. I think 
you reported such an error message earlier. So you might want to add the 
mail.sizzelicks.com domain to that certificate. But that's not related to the 
failure to connect to the dovecot auth socket.

 

You are correct and I sure wish I saw *this*  a week ago😊. 

I did a rebuild due to lots of trouble trying to add the certs.

Now I’ve got it all back up with the certificates for all of the 
mail.mydomain.com  MX records.

THANK YOU

 

 

cheers,

raf

 

> -Original Message-----

> From:  <mailto:owner-postfix-us...@postfix.org> 
> owner-postfix-us...@postfix.org

> < <mailto:owner-postfix-us...@postfix.org> 
> mailto:owner-postfix-us...@postfix.org>  

>  < <mailto:owner-postfix-us...@postfix.org> 
> mailto:owner-postfix-us...@postfix.org> > On Behalf Of Wietse Venema

Send to mailbox + alias??

2021-12-12 Thread postfix 
Is there any way to set postfix/dovecot to:
1. Deliver email to the mailbox -> ie. b...@test.com <mailto:b...@test.com>
AND

2. Set the email as an alias and send it to the forwarded address ->
bobs.b...@bosses.com <mailto:bobs.b...@bosses.com> 

 

This would be given that both email accounts are set up as virtual_users in
MySql.

 

Right now if I set up an alias and mailbox for the same email the alias
overrides the mailbox and the email is delivered to the forwarded account
and not to the email's mailbox.

If the mailbox exists I need the email sent to both the mailbox and the
forwarded mailbox.

Can I do that? If so, how?