Help - Search - Members - Calendar
Full Version: Centos 4 Postfix Guide
Linuxhelp > In The Community > General Discussion
Robert83
Hello everyone,

I just managed to get it running , under CentOS 4

Postfix + Dovecot + Cyrus-SASL + OpenLDAP + MailScanner (ClamAV+MailScanner)(this one not needing two postfix) + Squirrelmail + Tomcat + Jamm ... Virtual Domain , Virtual Users .

I'm currently documenting my steps (and installing it via those steps, so it is going to be accurate for CentOS 4.0) , the question is, I've tried wiki (really smile.gif ) , but I kinda found it hard to do this right (to make it look good, and the OpenLDAP part gotta have those tabs and spaces in it just like in my config) , ...so cutting it short.

Once I'm done with this guide (skeleton) thingie, anyone interested in posting it to the wiki ? it will need some aditional comment if needed(explanation) , but it will also work if you follow it step-by-step


Sincerely
Robert B

ps.: based upon Peter Lacey (http://wanderingbarque.com/howtos/mailserver/mailserver.html), and Johnny Hughes postfix guide (the MailScanner part) + added some aditional settings.
TechXP
Is this documentation already online?

I have some problems with dovecot and postfix.
I can email and receive, but then when I want to get it with a imap client it gives errors.
I got it first working, but then I only got empty messages. The errors were about:
Failed with index file /home/mail/mydomain.nl/info/.INBOX/.imap.index: Operation not permitted

And I also got errors now with: Failed to create storage with data: /home/mail/mydomain.nl/alex/

Can you help me? How can I set the permissions right? It looks like it doesn't set it right?

I am using centos 3.4

thank you,

Alex
Robert83
Hi,

I think you might have forgotten to set the premissions fot the /home/vmail/mydomain/user

if you used vmail user

then you must make /home/vmail/
and /mydomain
and /user

owned by vmail vmail
and be rwxrwx ---

Sincerely
Robert B.
TechXP
I created the vmail user and I now get the following messages:

Apr 2 20:13:06 APOLLO imap(alex@mydomain.nl): open() failed with file /home/mail/mydomain.nl/alex//.INBOX/.imap.index: Permission denied
Apr 2 20:13:06 APOLLO imap(alex@mydomain.nl): open() failed with file /home/mail/mydomain.nl/alex//dovecot-uidlist: Permission denied
Apr 2 20:13:11 APOLLO imap-login: Login: alex@mydomain.nl [62.251.91.191]
Apr 2 20:13:11 APOLLO imap(alex@mydomain.nl): lstat(/home/mail/mydomain.nl/alex//.Trash/cur) failed: Permission denied

If I look at the files: /home/mail/mydomain.nl/alex/

drwx------ 7 vmail vmail 4096 Apr 2 20:13 .
drwx------ 3 vmail vmail 4096 Apr 2 20:10 ..
drwx------ 2 vmail vmail 4096 Apr 2 20:10 cur
---------- 1 vmail vmail 5 Apr 2 20:10 .customflags
---------- 1 vmail vmail 53 Apr 2 20:13 dovecot-uidlist
d--------- 2 vmail vmail 4096 Apr 2 20:10 .INBOX
drwx------ 2 vmail vmail 4096 Apr 2 20:10 new
drwx------ 2 vmail vmail 4096 Apr 2 20:10 tmp
d--------- 2 vmail vmail 4096 Apr 2 20:10 .Trash

The file dovecot-uidlist has no rights? I get these errors when I want to get my mail.
I can get my mail now, also I can read it, and also I can send mail, etc.
Only I get these errors in my log. Also I cannot create subdirs. Then it gets also permission errors. Also when I send a mail it cannot write tot the send directory.

My /home/mail directory:
drwxrwxrwx 4 vmail vmail 4096 Apr 2 20:10 mail
I also tries it with the
drwxrwx--- 4 vmail vmail 4096 Apr 2 20:10 mail


It is something with the permissions, but I can't figure it out what to do?

thank you,

Alex
Robert83
Hi,

for me it is

rwxrwx /home/vmail/ vmail user vmail group
and everything under it has the same premission

also check that the uid gid if vmail uid gid is 500 ( it can be any other number, this is just a example, for me it was 501 on a clean system)

check postfix main.cf
dovecot.conf
and any other conf you have specified the uid gid

to check the uid and gid of vmail just look at /etc/passwd file

Sincerely
Robert B
TechXP
Thank you I did a chmod -R 770 on the map and it looks like it is working now.

Thank you again! smile.gif

greetings,

Alex
baerrs
Robert83,
Not to push... are you able to give a date of when the doc might be ready for review ??
Robert83
Hi,

baerrs, I think I will start it tomorrow or moday (since noone was interested in doing it smile.gif ), it will take a few days to make it , mostly because ldap stuff....


Sincerely
Robert B
Robert83
done
its under the guides section of this forum
ethan
After following your guide, i got the
ldap_bind: Invalid Credential(49) error when i try to put in
ldapadd -x -D "cn=Manager,dc=mycompany,dc=hosting" -W -f base.ldif

Any ideaS?Urgent help is needed
Robert83
Hi,

will recheck my guide, since It was originaly written using my companies names everywhere, and I did a search & replace on it...

but till then if you changed mycompany.hosting to let's say abmass.biz then you would use

ldapadd -x -D "cn=Manager,dc=abmass,dc=biz" -W -f base.ldif

Sincerely
Robert B
Robert83
Hi,

also run this command
replace dc=mycompany,dc=hosting with your own domain name, like dc=bigcompany,dc=com

ldapsearch -x -b "dc=mycompany,dc=hosting" "(ObjectClass=*)" | grep Manager

and should give something like

# Manager, mycompany.hosting
dn: cn=Manager,dc=mycompany,dc=hosting
cn: Manager

hope this helps, I wrote the guide while I was installing the system, and then i reinstalled the system via that guide, I don't say I'm perfect and never make mistakes, but I checked at the guide and it looks good.

Sincerely
Robert B
therion
Where is the guide? i donf find it sad.gif
ethan
Here it is..
http://www.linuxhelp.ca/forums/index.php?a...t=ST&f=3&t=6056
therion
QUOTE (ethan @ Apr 22 2005, 07:12 AM)

A lot of thanks, ldap is my nightmare dry.gif
variable
whenever i get to this part:

/etc/init.d/ldap start

i get this :

[root@mymail ~]# /etc/init.d/ldap start [FAILED]
Checking configuration files for : /etc/openldap/schema/jamm.schema: line 95: AttributeType not found: "mail"
slaptest: bad configuration file!

i cant figure out, as i have no real clue as to what is happening? when it comes to linux
ethan
Thanks Robert coz help me in the ldap stuff. I follow ur guide and found that there are some unclear part on the guide, such as the part in main.cf for postfix. Is it follow exactly there or do some modification on the original main.cf. Between, would you mind to post up all ur configuration file for the setup, like what hughesjr did, as this would be a great start for the beginner like me. Between, anyone is interested on the guide for centos4+snort+BASE+syslog-ng+mysql and so on to setup the NIDS system?let me know coz i just finish set it up for my company.Thanks
ethan
Hi, its me again. This time i wish to ask how is the configuration part of the squirrel mail?
is it follow the same config from hughesjr site for the postfix.
second, what is the password and user name refer to when we start using jamm for the first time?
third, how can we enter the new password for the user , for example after creating the /home/vmail/domains/example.com/robert, is it from jamm there?

Urgent clarification is appreciated, and thanks in advance for any help.
Robert83
Hi,

the password is what you entered for manager , the part where you configure openldap you generate this password.

so to login to jamm use username : Manager
password : whatyouusedformanager (see config openldap part)

1. use jamm to create the e-mail account
2. create manually the directories for that e-mail account

Sincerely
Robert B
Robert83
Hi,

I used parts from his guide... but you can configure squirrelmail using my guide as well, I don't go into to much detail, but once you run
CODE
cd /home/webpage/webmail/config
perl ./conf.pl


you'll see that its pretty easy to configure it, since you only need to change your logo , company name... I didn't touch anything else...it works , it's good software smile.gif

Sincerely
Robert B
ethan
i am sorry to say that i still not able to login to the jamm even i provide the username and password correctly.
i got the message
An unknown error has occured!

Please contact the system administrator
We're sorry for the inconvience. Please try again later.

in jamm login page.

Beside tat, also to mention is the
PART IX. Securing the webmail, autmaticaly rewriting url for webmail access to https
doesnot work.
if i put as what stated in the guide, apache would compalin something like ssloption problem, either mispell or blah blah blah.



Robert, could you verify again the guide, like do a new installtion based on ur guide? As it could be some typo that leads to the problem.

Any help is appreciated, and thanks for all that concerns
Robert83
Hi,

sorry , the username for jamm is

username : root
password : the_one_you_used_for_rootpw (in /etc/openldap/slapd.conf)


+ I found some errors in the https part of my guide, please check it, and I'm currently comparing these config files with the ones my live e-mail server is using.
and there was a error in my /etc/openldap/slapd.conf file, also please correct that as well.

+ found another problem, I forgot the installation of mod_ssl in the last part HTTPS config.

I'm really-really sorry for the inconvinience, currently I'm only able to compare the configs with my real server, since right now I don't have a spare computer (nor hard drive) to try this out, but I will once I get my hands on a free machine.

Sincerely
Robert B
Robert83
Hi,

till then this might help a bit in case I forgot to mention something to be installed

yum.log

Mar 22 10:45:01 Updated: centos-yumconf.noarch 4-4.1
Mar 22 10:45:03 Updated: up2date.i386 4.4.5-1.centos4.5
Mar 22 10:47:38 Installed: openldap-clients.i386 2.2.13-2
Mar 22 10:47:40 Installed: openldap-servers.i386 2.2.13-2
Mar 22 10:48:45 Installed: mc.i386 1:4.6.1-0.8.1
Mar 22 10:55:47 Installed: cyrus-sasl-devel.i386 2.1.19-5.EL4
Mar 22 10:55:48 Installed: openldap-devel.i386 2.2.13-2
Mar 22 11:15:17 Installed: postfix.i386 2:2.1.5-4.2.RHEL4
Mar 22 11:15:29 Erased: sendmail
Mar 22 12:12:25 Installed: perl-DBI.i386 1.40-8
Mar 22 12:12:25 Installed: postgresql-libs.i386 7.4.7-2.RHEL4.1
Mar 22 12:12:26 Installed: mysql.i386 4.1.7-4.RHEL4.1
Mar 22 12:12:26 Installed: perl-DBD-MySQL.i386 2.9004-3.1
Mar 22 12:26:39 Installed: perl-Digest-SHA1.i386 2.07-5
Mar 22 12:26:39 Installed: libidn.i386 0.5.6-1
Mar 22 12:26:39 Installed: curl.i386 7.12.1-3
Mar 22 12:26:39 Installed: perl-Digest-HMAC.noarch 1.01-13
Mar 22 12:26:39 Installed: perl-Net-DNS.i386 0.48-1
Mar 22 12:26:40 Installed: glibc-kernheaders.i386 2.4-9.1.87
Mar 22 12:26:40 Installed: glibc-headers.i386 2.3.4-2
Mar 22 12:26:40 Installed: glibc-devel.i386 2.3.4-2
Mar 22 12:26:40 Installed: perl-Time-HiRes.i386 1.55-3
Mar 22 12:26:40 Installed: pkgconfig.i386 1:0.15.0-3
Mar 22 12:26:41 Installed: libidn-devel.i386 0.5.6-1
Mar 22 12:26:41 Installed: cpp.i386 3.4.3-9.EL4
Mar 22 12:26:41 Installed: zlib-devel.i386 1.2.1.2-1
Mar 22 12:26:41 Installed: e2fsprogs-devel.i386 1.35-11.6.EL4
Mar 22 12:26:41 Installed: krb5-devel.i386 1.3.4-10
Mar 22 12:26:42 Installed: openssl-devel.i386 0.9.7a-43.1
Mar 22 12:26:42 Installed: autoconf.noarch 2.59-5
Mar 22 12:26:42 Installed: perl-HTML-Tagset.noarch 3.03-30
Mar 22 12:26:42 Installed: perl-HTML-Parser.i386 3.35-6
Mar 22 12:26:42 Installed: rpm-build.i386 4.3.3-7_nonptl
Mar 22 12:26:42 Installed: spamassassin.i386 3.0.1-0.EL4
Mar 22 12:26:44 Installed: gcc.i386 3.4.3-9.EL4
Mar 22 12:26:44 Installed: sendmail-devel.i386 8.13.1-2
Mar 22 12:26:45 Installed: automake.noarch 1.9.2-3
Mar 22 12:26:45 Installed: bzip2-devel.i386 1.0.2-13
Mar 22 12:26:45 Installed: gmp-devel.i386 4.1.4-3
Mar 22 12:26:46 Installed: rpm-devel.i386 4.3.3-7_nonptl
Mar 22 12:26:46 Installed: curl-devel.i386 7.12.1-3
Mar 22 13:07:12 Installed: apr.i386 0.9.4-24.1
Mar 22 13:07:12 Installed: apr-util.i386 0.9.4-17
Mar 22 13:07:14 Installed: httpd.i386 2.0.52-9.ent.centos4.1
Mar 22 13:07:14 Installed: httpd-suexec.i386 2.0.52-9.ent.centos4.1
Mar 22 13:07:14 Installed: php.i386 4.3.9-3.2
Mar 22 13:07:15 Installed: squirrelmail.noarch 1.4.3a-9.EL4
Mar 22 13:07:15 Installed: php-pear.i386 4.3.9-3.2
Mar 22 15:18:51 Installed: php-devel.i386 4.3.9-3.2
Mar 22 15:23:46 Installed: php-mysql.i386 4.3.9-3.2
Mar 22 15:23:46 Installed: mod_auth_mysql.i386 1:2.6.1-2.1
Mar 22 15:23:47 Installed: mysql-server.i386 4.1.7-4.RHEL4.1
Mar 22 15:50:57 Installed: distcache.i386 1.4.5-6
Mar 22 15:50:57 Installed: mod_ssl.i386 1:2.0.52-9.ent.centos4.1
Mar 24 10:33:25 Updated: ipsec-tools.i386 0.3.3-6
Mar 26 15:38:25 Erased: redhat-lsb
Mar 26 15:38:26 Erased: cups
Mar 26 16:55:05 Installed: lynx.i386 2.8.5-18
Apr 25 09:31:46 Updated: krb5-libs.i386 1.3.4-12
Apr 25 09:31:48 Updated: mysql.i386 4.1.10a-1.RHEL4.1
Apr 25 09:31:48 Updated: curl.i386 7.12.1-5.rhel4
Apr 25 09:31:48 Updated: telnet.i386 1:0.17-31.EL4.2
Apr 25 09:31:50 Updated: up2date.i386 4.4.5.6-2.centos4
Apr 25 09:31:51 Updated: krb5-workstation.i386 1.3.4-12
Apr 25 09:31:51 Updated: krb5-devel.i386 1.3.4-12
Apr 25 09:31:52 Updated: curl-devel.i386 7.12.1-5.rhel4
Apr 25 09:31:52 Updated: mysql-server.i386 4.1.10a-1.RHEL4.1
Apr 25 09:31:56 Installed: kernel.i686 2.6.9-5.0.5.EL

Sincerely
Robert B
ethan
Anythings wrong with this line in main.cf for postfix?

smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks, reject_unauth_destionation, permit

thanks
ethan
Apr 26 00:39:12 mail postfix/trivial-rewrite[3730]: warning: do not list domain ethansoft.com in BOTH mydestination and virtual_mailbox_domains
Apr 26 00:39:12 mail postfix/local[3762]: 01E0A74187: to=<ethan@ethansoft.com>, relay=local, delay=6, status=bounced (unknown user: "ethan")
Apr 26 00:39:12 mail postfix/cleanup[3756]: 46D9174182: message-id=<20050425163912.46D9174182@mail.ethansoft.com>
Apr 26 00:39:12 mail postfix/qmgr[3703]: 46D9174182: from=<>, size=3395, nrcpt=1 (queue active)
Apr 26 00:39:12 mail postfix/qmgr[3703]: 01E0A74187: removed
Apr 26 00:39:22 mail postfix/smtp[3765]: 46D9174182: to=<voonchong@gmail.com>, relay=gsmtp185.google.com[64.233.185.27], delay=10, status=sent (250 2.0.0 OK 1114444961)

i got this log, then the mail bounce back..any clue??
Robert83
Hi,

errr...sorry the problem is

Apr 26 00:39:12 mail postfix/trivial-rewrite[3730]: warning: do not list domain ethansoft.com in BOTH mydestination and virtual_mailbox_domains

which means I did a fatal mistake when I said to use your domain name for the postfix / openldap config.

will correct this one.

I don't know how , but I forgot to tell :

1. buy a domain name which you will use as the name of the e-mail server and in the configs, use the same name for that ssl self sign part (for testing purposes, this is not a must do, all you have to do is use a different name...even mail.whocares.whatever will work ...just make sure it's not used as a virtual domain later on)
2. buy other domain names and use them as virtual domains

so a correction would be
to use somedomain.org as your hostname , and use that as the domain name in all conf files
and then buy somedomain.com and use that as the virtual domain

this one is a real BIG ERROR , the reason postfix was not able to find the user, is cause it tried to look it up in the local database... and you probably don't have ethan (added via passwd)

a quick solution would be to rename everything to some other name

like if you had gmail.com
rename it to gmail.org (or something like this)
and use this in the config files

and add gmail.com via jamm

(basicaly all you have to do, is stop everything , then delete the ldap files (/var/lib/ldap)
resetup ldap, change everything in postfix config files , dovecot, ldap...) - this is the problem
why you get that error, I totaly overlooked this one, will change it right away

Added a warning to the begining of the guide, so that everyone shall know that once they use a domain name for that machine they wont be able to use it as a virtual domain name...

Also added a few basic steps to correct the problem , which shouldn't take to long, I hope you'll
be able to correct the problem in a few minutes...

Sincerely
Robert B
ethan
Hi, its me again...


these line

access to dn.regex=".*,jvd=([^,]+),o=hosting,dc=mycompany,dc=hosting"
attr=userPassword
by self write


the attr=userPassword whould be write tab or move a bit behind, like this, else ldap will complaining blah blah blah..

again , these two line in /usr/local/tomcat/webapps/jamm/WEB-INF/jamm.properties

jamm.ldap.search.base = o=hosting,dc=mycompany,dc=hosting
jamm.ldap.root.dn = cn=Manager,dc=mycompany,dc=hosting

should be

jamm.ldap.search_base = o=hosting,dc=mycompany,dc=hosting
jamm.ldap.root_dn = cn=Manager,dc=mycompany,dc=hosting


observe the jamm.ldap.search_base and jamm.ldap.root_dn .

for the mailscanner part, we also need to change the ownership of folder.

chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine

else, spam assasin will complaning

Between, have you try to delete the domain after you adding it in in the jamm?i found that even i delete it from the jamm, i still have the domain in the jamm. but then i cannot login to web mail already, wierd like?


Finally, in you guide you advice other people just rename everything from xxx.com to xxx.biz, but will the dns still point to this machine? since the most important things for the email system would be the dns. As what i know, the dns will not point to the xxx.biz as this is not stated in the mx record. Can any one just clarify on this
ethan
oops, miss the first part

for the first part , should like this
CODE
access to dn.regex=".*,jvd=([^,]+),o=hosting,dc=mycompany,dc=hosting"
      attr=userPassword
  by self write
Robert83
Hi,

you can have multiple dns entries for one IP address, so

xxx.xxx.xxx.xxx can be abmass.com
pop3.ambass.biz can point to xxx.xxx.xxx.xxx
smtp.abmass.biz can point to xxx.xxx.xxx.xxx

even if you use a whatever.mylocalnet.notreal hostname for the postfix server it will still handle
the abmass.biz domain , if the dns entrie points to the ip address of the mail server (or firewall which forwards pop3 , smtp...)

thanx for the feedback you are right, wonder how those turned into . instead of _ ? hmmm...

you probably forgot to set the cronjob jammcleanerhelper , that deletes the stuff from jamm, once you selected it for removal ...

extract jamm cleaner from jamm directory to /home/jammCleaner ( jamm directory = where you first downloaded jamm and extracted, there is more stuff in there...)
CODE
touch /home/jammcleanerhelper


/home/jammcleanerhelper

CODE
/home/jammCleaner/bin/jammCleaner –b “o=hosting,dc=mycompany,dc=hosting” –D  “cd=Manager,dc=mycompany,dc=hosting” –w xxxxxxxxxxxxxxxxxxx -y


/home/job
10 * * * * /home/jammcleanerhelper

CODE
crontab /home/job



Sincerely
Robert B
ethan
hi, robert

Since i am using adsl line, and subscribe to the ddns service provider.Even i have the domain of ethansoft.com, but from the web interface there, i do not have the chances to edit it to become ethansoft.biz.Perharps, the alternative would e i get another domain for the virtual hosting purpose.

Beside, for the postfix email guide there, do you got any info for the service like setting quota, forwarding mail from a@abc.com to b@bcd.com?

anyway , i got link to point to the different way of setting up postfix +ldap.

http://genco.gen.tc/postfix_virtual.php#changelog

Beside that, in your dhcp guide, what will happen if the master crash, then the slave that up the dhcp, after that when we put back the master node, which one that the client will take up?

Do you have any knowledge on setting up mysql replication+clustering with master+slave solution where
when slave crash, master continue and once slave is up, master will replicate to slave, the other way round would be when master crash , slave take over and once master is up, it will replicate back to the master. Current dificultty would be the replication part when master crash, and slave take over as it wound not replicate itself to master.

thanks, robert, cheer to all your works, biggrin.gif

Ethan
Get from community, give to community.
Robert83
Hi,

you can do that, buy another domain name, or if you can live with the fact that outlook will complains about security certificate not valid...

you could use a non fqdn hostname for the server...
hostname mail.virtualserver

and in dns it can still point to your mail server sorta like this

xxx.xxx.xxx.xxx ethansoft.com
mailer in A xxx.xxx.xxx.xxx
www in CNAME mailer
pop3 in CNAME mailer
smtp in CNAME mailer

so this way you'll get webmail, e-mail... but the security certificate won't be valid since your hostname is not mailer.ethansoft.com , if you can live with this... or if you can use a different
method to deny relaying... only allow clients from your local subnet ? (or something like that)...
you can spare yourself from buying another domain name...
(which might be inconvinient in case you only host 1 domain...)



check this out it's jamm's alternative phamm

http://phamm.rhx.it/

there is even a small guide on howto convert from jamm to phamm ,... and that thing has quotas...

(I haven't tried it yet)

dhcp

if the master failes, the slave takes over everything, if the masters comes back...they syncroinze data (this I checked in the /var/log/messages) , and they do some sorta load balancing ... because sometimes clients recieve ip from the slave (even if the master is up). But I've been running this scenario for 2 months now, and I have restarted the dhcp master... and slave a few times ... and it is still working great.

no sorry , I don't... I still have a lot to learn about MySQL , so with that I cannot help you, sorry.

Sincerely
Robert B
sainigaurav_gs
Hi

I am a newbie to linux. I installed the Postfix mail server as per guide on RHEL3. Packages openldap, postfix and cyrus-sasl were already installed. my questions are

1: How do i know that they were compiled with ldap support.

2. What is the default userid with which i should login in Jamm on the first screen. as i am constantly getting "Username and password do not match." I have tried Manager and as well as root.

3. Any other method to see whether the user has been added to ldap or not.

everything seems to be running fine as there were no errors. but i cannot login in jamm. Please guide me.


Thanks in advance
ethan
hi, robert,
is it any way to set the quota and create the mail box with the web interface?
thanks
ethan
any one got any idea on this?please, i need it urgently.Appreciate for any help
Robert83
Hi,

for that you can use phamm www.google.com phamm (there is a small guide howto convert from jamm to phamm)

Sincerely
Robert B
Robert83
Hi

just found a alternate way

download webmin and use virtual minplugin for it

check here

http://www.swelltech.com/support/virtual-s...leconfiguration

http://mirrors.redwoodvirtual.com/mirrors/...com/index8.html

Hope this one helps

Sincerely
Robert B
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.