claaskaehler at yfx
Mar 23, 2012, 12:18 PM
Post #21 of 21
(584 views)
Permalink
|
|
Re: A very simple working installation of DBMail 3.0
[In reply to]
|
|
Okay... thats computersience, i found my misstake! It was a simple blank
space behind the password!!!
I would use Dovecot the next time, it's a bit more up to date than cyrus
and not that (stupid) sensitive! ;)
I will add an advice into the wiki to prevent this misstake for other users.
Am 23.03.2012 17:49, schrieb Reindl Harald:
> alternative solution for sasl is dovecot-auth
> "smtpd_sasl_type = dovecot"
> in main.cf is the only postfix-relevant chamge
>
> we are using dovecot at all as imap/pop3 proxy in
> front of dbmail which listens only on 127.0.0.1
> but should be useable only for SASL-auth too somehow
>
> the proxy solution is because we have one unified
> configuration for SASL-methods (smtp, pop3, imap)
> can do replacements in usernames for legacy compatibility
> to the old mailsystems (% instead @ on many clients
> configured) and in dbmail-2.x was no SSL/CRAM-MD5-support
>
> IMHO a benefit that POP3/IMAP/SMTP are supporting the
> same auth-methods and software - less points of mistakes
> ________________________________________________________
>
> the relevant sections in dovecot.conf (= 2.0)
> eblow also a complete configuration
> maybe someone packs it in the wiki, i hate them to edit :-)
>
> # configure proxy-database
> passdb {
> driver = sql
> args = /etc/dovecot/sql.conf
> }
>
> # we are not using local users
> userdb {
> driver = static
> args = static uid=15000 gid=15000 home=/dev/null
> }
>
> # configure backend for postfix sasl-auth
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> mode = 0660
> user = postfix
> group = postfix
> }
> }
> ________________________________________________________
>
> "proxy" is here a own mysql-user with only access to the userdb
>
> cat /etc/dovecot/sql.conf
> driver = mysql
> connect = host=/var/lib/mysql/mysql.sock dbname=dbmail user=proxy password=*****
> password_query = SELECT passwd as password, '127.0.0.1' as host, userid as destuser, passwd AS pass, 'Y' AS
> nologin, 'Y' AS nodelay, 'Y' AS proxy FROM dbmail_users WHERE userid='%u'
> default_pass_scheme = plain
> ________________________________________________________
>
> however, this is a complete "dovecot.conf" for proxy AND auth
> you have in the best case only to change path to ssl-cert and
> the ip-address because you can not use * in this configuration
> since dbmail is listening on 127.0.0.1:110/143
>
> corrently running dovecot 2.1.1, 2.1.3 is crashing randomly
> the whole 2.0 serious was rock solid over the last time
> this config is used since 2009 for some hundret domains
>
> # provided services
> protocols = imap pop3
>
> # configure ssl
> ssl = yes
> ssl_cert =</etc/postfix/certs/mailserver.pem
> ssl_key =</etc/postfix/certs/mailserver.pem
> ssl_cipher_list = ALL:!aNULL:!eNULL:!ADH!LOW:!MEDIUM:!EXP:!SSLv2:HIGH
>
> # configure imap-proxy
> service imap-login {
> inet_listener imap {
> address =<MAIL-SERVER-IP>
> port = 143
> }
> inet_listener imaps {
> address =<MAIL-SERVER-IP>
> port = 993
> }
> vsz_limit = 512M
> service_count = 5000
> process_min_avail = 1
> process_limit = 15
> client_limit = 300
> }
>
> # configure pop3-proxy
> service pop3-login {
> inet_listener pop3 {
> address =<MAIL-SERVER-IP>
> port = 110
> }
> inet_listener pop3s {
> address =<MAIL-SERVER-IP>
> port = 995
> }
> vsz_limit = 512M
> service_count = 5000
> process_min_avail = 1
> process_limit = 15
> client_limit = 100
> }
>
> # default settings
> imap_capability = IMAP4 IMAP4rev1 ACL RIGHTS=texk NAMESPACE CHILDREN SORT QUOTA
> THREAD=ORDEREDSUBJECT UNSELECT IDLE
> login_greeting =
> pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
> mail_max_userip_connections = 100
> auth_mechanisms = CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN
> disable_plaintext_auth = no
> shutdown_clients = no
>
> # Logging
> syslog_facility = mail
>
> # authentication process
> auth_worker_max_count = 100
> auth_cache_size = 32768
> auth_cache_ttl = 1800
> auth_cache_negative_ttl = 1800
> auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@%
> auth_username_translation = %@AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz
>
> # debug options
> auth_debug = no
> auth_debug_passwords = no
> auth_verbose = no
> mail_debug = no
> verbose_ssl = no
>
> # configure proxy-database
> passdb {
> driver = sql
> args = /etc/dovecot/sql.conf
> }
>
> # we are not using local users
> userdb {
> driver = static
> args = static uid=5000 gid=5000 home=/dev/null
> }
>
> # configure backend for postfix sasl-auth
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> mode = 0660
> user = postfix
> group = postfix
> }
> }
>
> Am 23.03.2012 17:33, schrieb Claas Kähler:
>> Okay that solved a problem... thanks!!! But at least not the SASL one! ;)
>>
>> Am 23.03.2012 17:00, schrieb Reindl Harald:
>>> we are using "mydestination", "local_recipient_maps" and dbmail-lmtpd for
>>> years and my webinterface is simply maintaining a domain/transport
>>> list in a table based on dbmail_aliases triggered in a php-function
>>> after changes
>>>
>>> in other words: i see no reason for virtual_* at all the transport
>>> table is much flexibler because you can define external transports
>>> and with some lines of code prefer them even if dbmail is pre-configured
>>> for a domain while you relay messages to the old server until all users
>>> are configured for the new one (domain-transfers and so)
>>>
>>> mydestination = proxy:mysql:/etc/postfix/mysql-mydestination.cf
>>> [root [at] srv-rhsof:~]$ cat /etc/postfix/mysql-mydestination.cf
>>> user = dbmail
>>> password = ****************
>>> dbname = dbmail
>>> hosts = unix:/var/lib/mysql/mysql.sock inet:127.0.0.1:3307
>>> query = select transport from dbma_mta where mydestination='%s';
>>>
>>> mysql> select * from dbma_mta where mydestination like '%rhsoft%';
>>> +-----------------------+--------------------------+
>>> | mydestination | transport |
>>> +-----------------------+--------------------------+
>>> | arrakisvm.rhsoft.net | dbmail-lmtp:127.0.0.1:24 |
>>> | local.rhsoft.net | dbmail-lmtp:127.0.0.1:24 |
>>> | notebook.rhsoft.net | dbmail-lmtp:127.0.0.1:24 |
>>> | rhsoft.net | dbmail-lmtp:127.0.0.1:24 |
>>> | srv-rhsoft.rhsoft.net | dbmail-lmtp:127.0.0.1:24 |
>>> | testserver.rhsoft.net | dbmail-lmtp:127.0.0.1:24 |
>>> +-----------------------+--------------------------+
>>> 6 rows in set (0.00 sec)
>>>
>>>
>>> Am 23.03.2012 16:49, schrieb Claas Kähler:
>>>> Your are right! But that isn't the problem. Postfix only checks if there is a result or not. Take a look at:
>>>>
>>>> http://dbmail.org/dokuwiki/doku.php/setup_postfix
>>>>
>>>> They used the same query.
>>>>
>>>> Am 23.03.2012 16:45, schrieb Reindl Harald:
>>>>> what the hell should "SELECT DISTINCT 1" do?
>>>>> this will result in "1" and never in any list
>>>>>
>>>>> mysql> SELECT DISTINCT 1 FROM dbmail_aliases;
>>>>> +---+
>>>>> | 1 |
>>>>> +---+
>>>>> | 1 |
>>>>> +---+
>>>>> 1 row in set (0.00 sec)
>>>>>
>>>>>
>>>>> Am 23.03.2012 16:39, schrieb Claas Kähler:
>>>>>> root@(none):/etc/postfix# grep virtual /etc/postfix/main.cf
>>>>>> virtual_mailbox_domains = mysql:/etc/postfix/sql-virtual_mailbox_domains.cf
>>>>>>
>>>>>> root@(none):/etc/postfix# cat /etc/postfix/sql-virtual_mailbox_domains.cf
>>>>>> user = dbmail
>>>>>> password = changeMe
>>>>>> hosts = 127.0.0.1
>>>>>> dbname = dbmail
>>>>>> query = SELECT DISTINCT 1 FROM dbmail_aliases WHERE SUBSTRING_INDEX(alias, '@', -1) = '%s';
>>>>>>
>>>>>> Am 23.03.2012 16:29, schrieb Paul J Stevens:
>>>>>>> On 03/23/2012 04:22 PM, Claas Kähler wrote:
>>>>>>>> Okay i've got the following in my mail.log when my trying to sent a
>>>>>>>> Email to an account:
>>>>>>>>
>>>>>>>> Mar 23 16:19:34 (none) postfix/virtual[8591]: fatal: bad string length 0
>>>>>>>> < 1: virtual_mailbox_base
>>>>>>>> Mar 23 16:19:35 (none) postfix/master[2737]: warning: process
>>>>>>>> /usr/lib/postfix/virtual pid 8591 exi status 1
>>>>>>>> Mar 23 16:19:35 (none) postfix/master[2737]: warning:
>>>>>>>> /usr/lib/postfix/virtual: bad command startup-- throttling
>>>>>>> That's not SASL related at all!
>>>>>>>
>>>>>>> what does
>>>>>>>
>>>>>>> grep virtual /etc/postfix/main.cf
>>>>>>>
>>>>>>> have to say?
> --
>
> Reindl Harald
> the lounge interactive design GmbH
> A-1060 Vienna, Hofmühlgasse 17
> CTO / software-development / cms-solutions
> p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40
> icq: 154546673, http://www.thelounge.net/
>
> http://www.thelounge.net/signature.asc.what.htm
>
>
>
> _______________________________________________
> DBmail mailing list
> DBmail [at] dbmail
> http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
|
signature.asc
