View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Postfix Dovecot on Ubuntu 16.04
Log in to Ask a Question

Postfix Dovecot on Ubuntu 16.04

email

Using Flurdy setup http://flurdy.com/docs/postfix/ with Dovecot here: http://xec.net/dovecot-migration/

Problem with accessing server, logins.

“Icedove failed to find the settings for your email account.” Does not detect secure settings.

Have not enabled SASL authentication yet.

Telnet localhost 25. Have sent emails, creating /var/mail/virtual/USERFOLDER/new/NEWEMAILS.

sudo ufw status

Status: active

To Action From

– ------ ----

22 ALLOW Anywhere

25/tcp ALLOW Anywhere

443 ALLOW Anywhere

993/tcp ALLOW Anywhere

587/tcp ALLOW Anywhere

22 (v6) ALLOW Anywhere (v6)

25/tcp (v6) ALLOW Anywhere (v6)

443 (v6) ALLOW Anywhere (v6)

993/tcp (v6) ALLOW Anywhere (v6)

587/tcp (v6) ALLOW Anywhere (v6)

One mysql change from directions after receiving a warning.

From:

INSERT INTO users (id,name,maildir,crypt) VALUES

('email@address','short description','foldername/',encrypt('password', CONCAT('$5/r>, MD5(RAND()))) );

to:

INSERT INTO users (id,name,maildir,crypt) VALUES

('email@address','short description','foldername/',aes_encrypt('password', CONCAT('$5/r>, MD5(RAND()))) );

13 Replies

To further explain, I started with Linode docs.

https://www.linode.com/docs/getting-started

https://www.linode.com/docs/security/se … our-server">https://www.linode.com/docs/security/securing-your-server

https://www.linode.com/docs/security/us … r-security">https://www.linode.com/docs/security/using-fail2ban-for-security

https://www.linode.com/docs/security/fi … l-with-ufw">https://www.linode.com/docs/security/firewalls/configure-firewall-with-ufw

https://www.linode.com/docs/security/ss … rtificates">https://www.linode.com/docs/security/ssl/install-lets-encrypt-to-create-ssl-certificates

http://flurdy.com/docs/postfix/#config-simple-mta

sudo netstat -tap

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 *:smtp *:* LISTEN 11244/master

tcp 0 0 *:imaps *:* LISTEN 11556/dovecot

tcp 0 0 *:pop3s *:* LISTEN 11556/dovecot

tcp 0 0 localhost:10023 : LISTEN 10308/postgrey.pid

tcp 0 0 localhost:10024 : LISTEN 5837/amavisd-new (m

tcp 0 0 localhost:10025 : LISTEN 11244/master

tcp 0 0 localhost:mysql : LISTEN 11508/mysqld

tcp 0 0 *:pop3 *:* LISTEN 11556/dovecot

tcp 0 0 *:imap2 *:* LISTEN 11556/dovecot

tcp 0 0 *:ssh *:* LISTEN 3620/sshd

tcp 51 0 localhost:39440 localhost:10025 CLOSE_WAIT 5841/amavisd-new (c

tcp 0 264 zori.pds2k.com:ssh c-50-187-22-173.h:51991 ESTABLISHED 4097/sshd: davida [

tcp 0 0 zori.pds2k.com:ssh c-50-187-22-173.h:52570 ESTABLISHED 11631/sshd: davida

tcp 0 260 zori.pds2k.com:ssh c-50-187-22-173.h:51944 ESTABLISHED 3931/sshd: davida [

tcp 0 0 zori.pds2k.com:ssh c-50-187-22-173.h:52569 ESTABLISHED 11590/sshd: davida

tcp6 0 0 [::]:smtp [::]:* LISTEN 11244/master

tcp6 0 0 [::]:imaps [::]:* LISTEN 11556/dovecot

tcp6 0 0 [::]:pop3s [::]:* LISTEN 11556/dovecot

tcp6 0 0 localhost:10023 [::]:* LISTEN 10308/postgrey.pid

tcp6 0 0 localhost:10024 [::]:* LISTEN 5837/amavisd-new (m

tcp6 0 0 [::]:pop3 [::]:* LISTEN 11556/dovecot

tcp6 0 0 [::]:imap2 [::]:* LISTEN 11556/dovecot

tcp6 0 0 [::]:ssh [::]:* LISTEN 3620/sshd

telnet to 993 is close immediately.

openssl s_client -connect zori.pds2k.com:993 -crlf

140591764973200:error:140790E5:SSL routines:SSL23WRITE:ssl handshake failure:s23lib.c:177:

Verify return code: 21 (unable to verify the first certificate)

fullchain.pem has two certs.

Performed advanced server set up. Enabled submission. Allowed ports/configuration to be detected.

Back to same “Is the username or password wrong?” No, but not working.

MySQL users table problem?

doveadm user davida@pds2k.com

field valuedoveadm(davida@pds2k.com): Error: userdb lookup(davida@pds2k.com): Disconnected unexpectedly

Restarting services/reboot not helping.

Edited messages in mail.log while trying to setup Ice Dove.

Nov 26 23:26:31 zori postfix/smtpd[13981]: connect from comcast.net

Nov 26 23:26:31 zori postfix/smtpd[13981]: improper command pipelining after EHLO from comcast.net: QUIT\r\n

Nov 26 23:26:31 zori postfix/smtpd[13981]: disconnect from comcast.net ehlo=1 quit=1 commands=2

Edited result from openssl s_client -connect zori.pds2k.com:993 -crlf

CONNECTED(00000003)

depth=0 CN = zori.pds2k.com

verify error:num=20:unable to get local issuer certificate

verify return:1

depth=0 CN = zori.pds2k.com

verify error:num=27:certificate not trusted

verify return:1

depth=0 CN = zori.pds2k.com

verify error:num=21:unable to verify the first certificate

verify return:1

140352971523728:error:140790E5:SSL routines:SSL23WRITE:ssl handshake failure:s23lib.c:177:

–-

Certificate chain

0 s:/CN=zori.pds2k.com

i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3

Server certificate

-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

subject=/CN=zori.pds2k.com

issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3

No client certificate CA names sent

SSL handshake has read 1797 bytes and written 206 bytes

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

SSL-Session:

Protocol : TLSv1.2

Cipher : ECDHE-RSA-AES256-GCM-SHA384

Start Time: 1480220969

Timeout : 300 (sec)

Verify return code: 21 (unable to verify the first certificate)

Ice Dove Activity Manager still saying Zori is not an IMAP4 server.

It looks like your certificates are failing to validate. Verify that you have included the certificate chain in your fullchain. Let's Encrypt should put it together automatically using files similar to below. You cannot just use cert.pem in most cases because it lacks the "chain of trust." See: https://support.dnsimple.com/articles/w … ate-chain/">https://support.dnsimple.com/articles/what-is-ssl-certificate-chain/

path to the certificate file, should be root:root and 0444

smtpdtlscert_file=/etc/letsencrypt/live/domain/fullchain.pem

path to the private key file, should be root:root and 0400

smtpdtlskey_file=/etc/letsencrypt/live/domain/privkey.pem

Hello jeremye77. Permission were wide open. Thanks.

Postfix configuration was correct. Found /etc/dovecot/conf.d/10-ssl.conf was set to cert.pem. Corrected to fullchain.pem. Openssl test no longer has an error, thanks.

Watched mail.log while setting up IceDove email client. Still “Failed to find settings for your email account.” Still “Configuration could not be verified – is the username or password wrong?”

Nov 27 23:17:46 zori postfix/smtpd[4225]: connect from unknown[2601:193:c300:7607::a3f2]

Nov 27 23:17:46 zori postfix/smtpd[4225]: improper command pipelining after EHLO from unknown[2601:193:c300:7607::a3f2]: QUIT\r\n

Nov 27 23:17:46 zori postfix/smtpd[4225]: disconnect from unknown[2601:193:c300:7607::a3f2] ehlo=1 quit=1 commands=2

Looked at:

/etc/dovecot/conf.d/auth-sql.conf.ext

/etc/dovecot/dovecot-sql.conf.ext

/etc/dovecot/conf.d/20-imap.conf

/etc/dovecot/conf.d/10-master.conf

/etc/postfix/master.cf

Where is the problem(s)?

Looked at and edited when needed:

/etc/dovecot/conf.d/10-master.conf

/etc/postfix/main.cf

/etc/default/saslauthd

/etc/postfix/master.cf

/etc/postfix/sasl/smtpd.conf

/etc/pam.d/smtp

/etc/dovecot/dovecot.conf

/etc/dovecot/conf.d/10-master.conf

/etc/dovecot/conf.d/10-auth.conf

/etc/dovecot/conf.d/10-mail.conf

/etc/dovecot/conf.d/10-ssl.conf

/etc/dovecot/conf.d/20-imap.conf

/etc/dovecot/conf.d/auth-sql.conf.ext

/etc/dovecot/conf.d/auth-system.conf.ext

/etc/pam.d/dovecot

/etc/postfix/mysql_alias.cf

Stuck at these two problems:

postfix/master[12031]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup – throttling

postfix/smtpd[12078]: fatal: no SASL authentication mechanisms

postfix/master[12031]: warning: process /usr/lib/postfix/sbin/smtpd pid 12078 exit status 1

Could not solve email server setup. Remove Linode from account.

I just use postfix, dovecot and mysql that come with Ubuntu. It works for me. It took some configuration tuning. Not sure what the flurdy or other stuff is you tried. I recommend using the standard ones installable with apt.

I next tried the open source version of iRedMail. After two days webpages for different services stopped loading and email stopped . Rebooting VM did not fix. PING from outside worked. TOP shows low resource use. The different logs had no smoking gun.

Trying iRedMail. Was not Apache or Postfix issue. Saw log that meant MariaDB was not starting automatically. Works after reboot.

New one for me, /var/log/httpd/error_log

[Tue Dec 06 10:26:56.627229 2016] [dbd:error] pid 4219Internal error: AH00629: Can't connect to mysql: Can't connect to MySQL server on '127.0.0.1' (111)

[Tue Dec 06 10:26:56.627263 2016] [dbd:error] pid 4219Internal error: AH00633: failed to initialise

[Tue Dec 06 10:26:56.627266 2016] [dbd:crit] pid 4219Internal error: AH00636: child init failed!

[Tue Dec 06 15:27:50.474599 2016] [:error] [pid 6859] [client 199.15.233.162:56834] script '/var/www/html/wp-login.php' not found or unable to stat

If you would prefer a pre-made server. Zimbra Open Source is pretty stable. I rarely even have to look at the server that runs it.

https://www.zimbra.com/open-source-email-overview/

Combine that with open source Z-Push (once you have a stable setup) and you can use Activesync methods from your phone, etc.

http://zimbrabackend.sourceforge.net/

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct