https://wiki.archlinux.org/api.php?action=feedcontributions&user=Maleckii&feedformat=atomArchWiki - User contributions [en]2024-03-29T12:52:22ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=Talk:Virtual_user_mail_system_with_Postfix,_Dovecot_and_Roundcube&diff=294281Talk:Virtual user mail system with Postfix, Dovecot and Roundcube2014-01-24T23:42:24Z<p>Maleckii: /* relay_domains = * might me a bad idear */</p>
<hr />
<div>== crt file ==<br />
[http://wiki2.dovecot.org/SSL/DovecotConfiguration Dovecot configuration] suggests setting the certs 0444 for the .crt and 0400 for the .key, but the wiki suggests 0644 and 0600, respectively. Personally, I do not see why anyone should have write permissions on the certs, esp. since they're not meant to be modified. Suggestions? --[[User:Gesh|Gesh]] ([[User talk:Gesh|talk]]) 23:30, 9 August 2012 (UTC)<br />
<br />
Hmm... I think you are right Gesh. I can't fathom how making the certs read only could damage the setup.<br />
--[[User:Justforgetme|Justforgetme]] ([[User talk:Justforgetme|talk]]) 00:10, 10 August 2012 (UTC)<br />
<br />
Also, shouldn't the chown nobody:nobody also be executed on the .crt file? I cannot understand the rationale of having it owned by root. At least with system-configuration files, you'd want both that root will be able to edit them and that *only* root be able to edit them. --[[User:Gesh|Gesh]] ([[User talk:Gesh|talk]]) 01:35, 10 August 2012 (UTC)<br />
<br />
Yeah there probably isn't anything wrong with making them read-only. --[[User:Svenstaro|Svenstaro]] ([[User talk:Svenstaro|talk]]) 00:23, 12 August 2012 (UTC)<br />
<br />
== Problem with dovecot and roundcube ==<br />
Hey there! Excellent tutorial, it almost worked like a charm! I had some problems with dovecot and roundcube. I'm not sure if they are sufficiently general to be added on the main tutorial, but I wanted to discuss them here:<br />
# Dovecot Greeting. I had to place a Dovecot greeting in /etc/dovecot/dovecot.conf. I included "login_greeting = Dovecot ready for action."<br />
# Instead of using TLS for IMAP in Roundcube I had to configure SSL. In particular, I had to change this "$rcmail_config['default_host'] = 'ssl://localhost/';" on Roundcube main.inc.php.<br />
# I missed a comment on the 'username_domain' option in the configuration. As it was not mentioned in the tutorial I wrongly assumed that Dovecot allows login with only the username. But then I couldn't login from Roundcube using my username. Adding the "$rcmail_config['username_domain'] = 'mydomain.net';" option in Roundcube main.inc.php.<br />
Thanks for the tutorial, I think it is pretty straightforward for a complex task a setting up the mail server. Best regards! --[[User:Es0x279e|Es0x279e]] ([[User talk:Es0x279e|talk]]) 10:12, 6 October 2012 (UTC)<br />
<br />
Hi! I cannot for the life of me get roundcube to work. It fails when I try to do the login to the IMAP server during installation. I get: <br />
"Connecting to tls://localhost/...<br />
IMAP connect: NOT OK(Login failed for [edited] from [edited]. Empty startup greeting (localhost:993))"<br />
I've tried changing it to ssl:// and without ssl:// or tls:// but for some reason it just does not work and I do not know where to go from here. Help would be greatly greatly appreciated. --[[User:Pei|Pei]] ([[User talk:Pei|talk]]) 04:20, 2 November 2012 (UTC)<br />
<br />
Undid the last contribution of ([[User talk:Mehtab|Mehtab]]) because listening interfaces should beimplementation speciffic for this Postfix installation. If anybody disagrees let me know. [[User:Justforgetme|Justforgetme]] ([[User talk:Justforgetme|talk]]) 06:41, 4 December 2012 (UTC)<br />
<br />
Expanded the Roundcube section and added some info for SpamAssassin and added the tip to remove "Received header". Had to do a bit of digging today to set it up, figured I add it here so it will be helpful. [[User:KingX|KingX]] ([[User talk:KingX|talk]]) 02:55, 21 April 2013 (UTC)<br />
<br />
Thank you!, the best tutorial I found, just want to point out some problems I had during the installation.<br />
<br />
A) If vmail id/gid != 5000, you may have dovecot-sql.conf correct, but postfix still complains for db access. Better listen to Svenstaro from the begining.<br />
<br />
B) Roundcube installer: DO NOT TRUST IT!. <br />
<br />
main.inc.php ,<br />
$rcmail_config['default_host'] = 'ssl://localhost'; <br />
If you use tls for IMAP, it will not work and you will get nightmares with the "STARTTLS command first" error. (roundcube tries to use ssl anyway)<br />
<br />
You can use tls for the SMTP server thoug, but also keep the next lines like this:<br />
$rcmail_config['smtp_server'] = 'tls://localhost';<br />
$rcmail_config['smtp_port'] = 587;<br />
$rcmail_config['smtp_user'] = '%u';<br />
$rcmail_config['smtp_pass'] = '%p'; <br />
If you use ssl, you also have to allow ssl connections. Change 'encrypt' for 'may' in your master.cf file, or you will have those nightmares again:<br />
-o smtpd_tls_security_level=encrypt<br />
C) mysql.so and imap.so must be enabled (/etc/php/php.ini)<br />
<br />
D) php.conf: You can create aliases for roundcube and postfixAdmin folders, so you don't bulk your /srv/http/ directory <br />
<br />
E) Your hostname have to include your domain name:<br />
lupus@ulula:~$ hostname <br />
myHostName.mysite.org <br />
F) Bloking port 25 is a common practice for ISP's. This port is where all incoming mail is delivered, so you will not be able get your mail from the outside world. Don't panic (I did), you need a MX DNS server with port fordwarding (or convice your isp that blocking the smtp port is for loosers). This site offers the service for free, good enough to play around: [http://rollernet.us] <br />
<br />
Edit your master.cf file to something like this<br />
smtp inet n - n - - smtpd<br />
26 inet n - n - - smtpd <br />
submission inet n - n - - smtpd<br />
Last word of advice: DO NOT mix virtual server mail with non virtual server mail configuration!<br />
--[[User:Dcgasca|dcgasca]] ([[User talk:Dcgasca|talk]]) 04:43, 22 June 2013 (UTC)<br />
<br />
== Server refuses connection ==<br />
<br />
Hello!<br />
Whenever I try to login to the mailaccount I created using postfixadmin with roundcube, I get the following error message (from roundcube):<br />
IMAP Error: Login failed for me@my.domain.com from my.ip.adre.ss. Could not connect to ssl://localhost:993: Connection refused in /usr/share/webapps/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 184 (POST /roundcubemail/?_task=login&_action=login)<br />
<br />
Also, when I tried to send an email to my account from another E-Mail adress, I got the following error report:<br />
The recipient server did not accept our requests to connect. Learn more at http://support.google.com/mail/bin/answer.py?answer=7720<br />
[(0) my.domain.com. [81.10.164.94]:25: Connection refused]<br />
<br />
Whats wrong?<br />
<br />
== relay_domains = * might me a bad idear ==<br />
<br />
I included the following warning into the article. I am not 100% sure about this. So maybe someone should check it and let us discuss it here.<br />
{{Warning|{{ic|<nowiki>relay_domains = *</nowiki>}} might me a bad idear (see http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_to). You usually do not want postfix to forward mail from strangers.}} <br />
--[[User:PMay|PMay]] ([[User talk:PMay|talk]]) 14:15, 9 January 2014 (UTC)<br />
<br />
Yes, doing it this way sets up your server as an open relay, which is a Very Bad Idea. Most setups like these specify another mysql proxy that can get the domains allowed to relay -<br />
<br />
main.cf:<br />
relay_domains = $mydestination, proxy:mysql:/etc/postfix/relay_domains_maps.cf<br />
<br />
relay_domains_maps.cf:<br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
query = SELECT domain FROM domain WHERE domain='%s' and transport = 'relay' and active = 1 AND NOT exists (select * from alias_domain where alias_domain = '%s' AND alias_domain.active = '1')<br />
[[User:Maleckii|Maleckii]] ([[User talk:Maleckii|talk]]) 23:42, 24 January 2014 (UTC)</div>Maleckiihttps://wiki.archlinux.org/index.php?title=Talk:Virtual_user_mail_system_with_Postfix,_Dovecot_and_Roundcube&diff=294280Talk:Virtual user mail system with Postfix, Dovecot and Roundcube2014-01-24T23:42:10Z<p>Maleckii: /* relay_domains = * might me a bad idear */</p>
<hr />
<div>== crt file ==<br />
[http://wiki2.dovecot.org/SSL/DovecotConfiguration Dovecot configuration] suggests setting the certs 0444 for the .crt and 0400 for the .key, but the wiki suggests 0644 and 0600, respectively. Personally, I do not see why anyone should have write permissions on the certs, esp. since they're not meant to be modified. Suggestions? --[[User:Gesh|Gesh]] ([[User talk:Gesh|talk]]) 23:30, 9 August 2012 (UTC)<br />
<br />
Hmm... I think you are right Gesh. I can't fathom how making the certs read only could damage the setup.<br />
--[[User:Justforgetme|Justforgetme]] ([[User talk:Justforgetme|talk]]) 00:10, 10 August 2012 (UTC)<br />
<br />
Also, shouldn't the chown nobody:nobody also be executed on the .crt file? I cannot understand the rationale of having it owned by root. At least with system-configuration files, you'd want both that root will be able to edit them and that *only* root be able to edit them. --[[User:Gesh|Gesh]] ([[User talk:Gesh|talk]]) 01:35, 10 August 2012 (UTC)<br />
<br />
Yeah there probably isn't anything wrong with making them read-only. --[[User:Svenstaro|Svenstaro]] ([[User talk:Svenstaro|talk]]) 00:23, 12 August 2012 (UTC)<br />
<br />
== Problem with dovecot and roundcube ==<br />
Hey there! Excellent tutorial, it almost worked like a charm! I had some problems with dovecot and roundcube. I'm not sure if they are sufficiently general to be added on the main tutorial, but I wanted to discuss them here:<br />
# Dovecot Greeting. I had to place a Dovecot greeting in /etc/dovecot/dovecot.conf. I included "login_greeting = Dovecot ready for action."<br />
# Instead of using TLS for IMAP in Roundcube I had to configure SSL. In particular, I had to change this "$rcmail_config['default_host'] = 'ssl://localhost/';" on Roundcube main.inc.php.<br />
# I missed a comment on the 'username_domain' option in the configuration. As it was not mentioned in the tutorial I wrongly assumed that Dovecot allows login with only the username. But then I couldn't login from Roundcube using my username. Adding the "$rcmail_config['username_domain'] = 'mydomain.net';" option in Roundcube main.inc.php.<br />
Thanks for the tutorial, I think it is pretty straightforward for a complex task a setting up the mail server. Best regards! --[[User:Es0x279e|Es0x279e]] ([[User talk:Es0x279e|talk]]) 10:12, 6 October 2012 (UTC)<br />
<br />
Hi! I cannot for the life of me get roundcube to work. It fails when I try to do the login to the IMAP server during installation. I get: <br />
"Connecting to tls://localhost/...<br />
IMAP connect: NOT OK(Login failed for [edited] from [edited]. Empty startup greeting (localhost:993))"<br />
I've tried changing it to ssl:// and without ssl:// or tls:// but for some reason it just does not work and I do not know where to go from here. Help would be greatly greatly appreciated. --[[User:Pei|Pei]] ([[User talk:Pei|talk]]) 04:20, 2 November 2012 (UTC)<br />
<br />
Undid the last contribution of ([[User talk:Mehtab|Mehtab]]) because listening interfaces should beimplementation speciffic for this Postfix installation. If anybody disagrees let me know. [[User:Justforgetme|Justforgetme]] ([[User talk:Justforgetme|talk]]) 06:41, 4 December 2012 (UTC)<br />
<br />
Expanded the Roundcube section and added some info for SpamAssassin and added the tip to remove "Received header". Had to do a bit of digging today to set it up, figured I add it here so it will be helpful. [[User:KingX|KingX]] ([[User talk:KingX|talk]]) 02:55, 21 April 2013 (UTC)<br />
<br />
Thank you!, the best tutorial I found, just want to point out some problems I had during the installation.<br />
<br />
A) If vmail id/gid != 5000, you may have dovecot-sql.conf correct, but postfix still complains for db access. Better listen to Svenstaro from the begining.<br />
<br />
B) Roundcube installer: DO NOT TRUST IT!. <br />
<br />
main.inc.php ,<br />
$rcmail_config['default_host'] = 'ssl://localhost'; <br />
If you use tls for IMAP, it will not work and you will get nightmares with the "STARTTLS command first" error. (roundcube tries to use ssl anyway)<br />
<br />
You can use tls for the SMTP server thoug, but also keep the next lines like this:<br />
$rcmail_config['smtp_server'] = 'tls://localhost';<br />
$rcmail_config['smtp_port'] = 587;<br />
$rcmail_config['smtp_user'] = '%u';<br />
$rcmail_config['smtp_pass'] = '%p'; <br />
If you use ssl, you also have to allow ssl connections. Change 'encrypt' for 'may' in your master.cf file, or you will have those nightmares again:<br />
-o smtpd_tls_security_level=encrypt<br />
C) mysql.so and imap.so must be enabled (/etc/php/php.ini)<br />
<br />
D) php.conf: You can create aliases for roundcube and postfixAdmin folders, so you don't bulk your /srv/http/ directory <br />
<br />
E) Your hostname have to include your domain name:<br />
lupus@ulula:~$ hostname <br />
myHostName.mysite.org <br />
F) Bloking port 25 is a common practice for ISP's. This port is where all incoming mail is delivered, so you will not be able get your mail from the outside world. Don't panic (I did), you need a MX DNS server with port fordwarding (or convice your isp that blocking the smtp port is for loosers). This site offers the service for free, good enough to play around: [http://rollernet.us] <br />
<br />
Edit your master.cf file to something like this<br />
smtp inet n - n - - smtpd<br />
26 inet n - n - - smtpd <br />
submission inet n - n - - smtpd<br />
Last word of advice: DO NOT mix virtual server mail with non virtual server mail configuration!<br />
--[[User:Dcgasca|dcgasca]] ([[User talk:Dcgasca|talk]]) 04:43, 22 June 2013 (UTC)<br />
<br />
== Server refuses connection ==<br />
<br />
Hello!<br />
Whenever I try to login to the mailaccount I created using postfixadmin with roundcube, I get the following error message (from roundcube):<br />
IMAP Error: Login failed for me@my.domain.com from my.ip.adre.ss. Could not connect to ssl://localhost:993: Connection refused in /usr/share/webapps/roundcubemail/program/lib/Roundcube/rcube_imap.php on line 184 (POST /roundcubemail/?_task=login&_action=login)<br />
<br />
Also, when I tried to send an email to my account from another E-Mail adress, I got the following error report:<br />
The recipient server did not accept our requests to connect. Learn more at http://support.google.com/mail/bin/answer.py?answer=7720<br />
[(0) my.domain.com. [81.10.164.94]:25: Connection refused]<br />
<br />
Whats wrong?<br />
<br />
== relay_domains = * might me a bad idear ==<br />
<br />
I included the following warning into the article. I am not 100% sure about this. So maybe someone should check it and let us discuss it here.<br />
{{Warning|{{ic|<nowiki>relay_domains = *</nowiki>}} might me a bad idear (see http://www.postfix.org/BASIC_CONFIGURATION_README.html#relay_to). You usually do not want postfix to forward mail from strangers.}} <br />
--[[User:PMay|PMay]] ([[User talk:PMay|talk]]) 14:15, 9 January 2014 (UTC)<br />
<br />
Yes, doing it this way sets up your server as an open relay, which is a Very Bad Idea. Most setups like these specify another mysql proxy that can get the domains allowed to relay -<br />
<br />
main.cf:<br />
relay_domains = $mydestination, proxy:mysql:/etc/postfix/relay_domains_maps.cf<br />
<br />
relay_domains_maps.cf:<br />
user = postfix_user<br />
password = hunter2<br />
hosts = localhost<br />
dbname = postfix_db<br />
query = SELECT domain FROM domain WHERE domain='%s' and transport = 'relay' and active = 1 AND NOT exists (select * from alias_domain where alias_domain = '%s' AND alias_domain.active = '1')</div>Maleckii