Email Server using Postfix, Dovecot, Squirrelmail, Spamassassin, ClamAV and Amavisd

[snurckle]

Quote:

Originally Posted by basketkase999

Another problem: I try to restart postfix, and it says its starts ok. But when i run "service postfix status", I get "master is stopped". Any ideas?

Yup. This is what happens when there is an error in the main.cf or master.cf file.

I suggest checking /var/log/maillog and seeing why it stops. If it's not there, it's in /var/log/messages. One of the two will give you your answer. This is also why I suggest running

tail -f /var/log/messages

when you restart postfix. It will give you the end of the messages, in real time- meaning as the error is written. Of course this must be done in a different window.

[basketkase999]

So i figured out what the problem was with the lines added in master.cf in step 13. I get the following from maillogs: postfix/master[8829]: fatal: /etc/postfix/master.cf: line 136: field "chroot": bad value: "y/n"
I copied and pasted the code directly to the file. What to do?
Thanks

[snurckle]

Look in the /etc/postfix/master.cf file.....go to line 136

You should see something like this:

Code:

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================

Code:

127.0.0.1:10025 inet n  -       n       -       -  smtpd

Where you see the chroot column....seperated by spaces...not tabs (but tabs may work as well), change this value from y or - to n

the line should look like mine above.

[dmode]

Quote:

Originally Posted by nephila

I do have an email server running on Fedora Core 2 that serves about 30 users and its working quite well so here's what I have learnt in setting up and maintaining that server.

2 Stupid questions... I'm a real newbie... ;-)

(1) This config is for a normal email server right? i.e. accessing/getting emails from everywhere (internet/local).
(2) My server is quite a weak one (latest P4), no dual processors etc., tried to configure spamassassin alone once but my cpu load peaked, have you got this kind of problem?

Quote:

Originally Posted by nephila

You may use apt / yum to install software. I do not use these programs so these instructions do not include the use of them, feel free to adjust these
instructions as you see fit.

I have used yum configured to only freshrpms and dag as repos (I erased all the other repos?) and everything worked fine... the configs are easily quicksearched on fedoraforum.org

For a fresh FC3 installation, I had some probs about gpgkeys, by chance I did:

Code:

up2date udev

and got the necessary infos about what do to...

Quote:

Originally Posted by nephila

12. Test amavisd-new
Run:

Code:

/etc/rc.d/init.d/amavisd start

Run:

Code:

telnet localhost 10024

you should be greeted by amavisd-new.

Worked great up to now...

Quote:

Originally Posted by nephila

13. Configure postfix
add the following to /etc/postfix/master.cf at the bottom

Code:

smtp-amavis unix -	-	y/n	-	2  smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes

127.0.0.1:10025 inet n	-	y/n	-	-  smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

test it by doing the following:
Run:

Code:

telnet localhost 10025

you should be greeted by postfix

Done the necessary modifications to /etc/postfix/master.cf... restarted postfix... got the 'y/n' problem, changed both to 'n'... restarted postfix again... telnet localhost 10025... NOTHING!!! No Greetings? In fact telnet does not even exit on demand... I have to stop postfix's service thru another console... iptables? stopped the service, just in case... restarted postfix... NOTHING!!!

Help please I'm desperate here... and I don't have a single clue about what to do...

/var/log/maillog gives:

Code:

postfix/smtpd[9315]: fatal: parameter "smtpd_recipient_restrictions": specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit

postfix/smtpd[9289]: warning: process /usr/libexec/postfix/smtpd pid 9315 exit status 1

postfix/smtpd[9289]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling

Removed all whitespaces in your master.cf file, still can't do a proper telnet:

telnet localhost 10025 gives nothing, wait... Connection closed by foreign host??? (after 30 secs)

cat /var/log/messages gives:

Code:

postfix/smtpd[7930]: sql_select option missing
postfix/smtpd[7930]: auxpropfunc error no mechanism available

Starting MySQL, same thing... help!

Quote:

Originally Posted by nephila

8. Enable SMTP Authentication
8.1 Check that Cyrus SASL is installed
Run as root:

Code:

rpm -qa | grep sasl

You should get:

Code:

            cyrus-sasl-2.1.19-3
            cyrus-sasl-devel-2.1.19-3
            cyrus-sasl-plain-2.1.19-3
            cyrus-sasl-md5-2.1.19-3

there may be a few others, that's ok.
If these are not installed, find the rpms on your distro cdroms and
install them.
8.2 Edit /etc/postfix/main.cf and add the following to the bottom of the file:

Code:

smtpd_sasl_auth_enable = yes
        smtpd_sasl_security_options = noanonymous
        smtpd_sasl_local_domain = $myhostname
        broken_sasl_auth_clients = yes
        smtpd_recipient_restrictions =
           permit_sasl_authenticated,
           check_relay_domains

8.3 Start the saslauthd by running

Code:

/etc/rc.d/init.d/saslauthd start

8.4 Reload postfix by running

Code:

/etc/rc.d/init.d/postfix restart

8.5 Try sending mail to yourself using a pop3 client. You must have
the right settings in your mail client, be sure to use SMTP auth!

Check http://postfix.state-of-mind.de/patr...etter/smtpauth
for more information on this.

Will the entire configuration work normally without smtp authentication if step 8 is omitted?

Thanks in advance.

[snurckle]

Code:

postfix/smtpd[9315]: fatal: parameter "smtpd_recipient_restrictions": specify at least one working instance of: check_relay_domains, reject_unauth_destination, reject, defer or defer_if_permit

See the line that says "at least one working instance of: blah blah blah"

Would be a safe bet that you need to specify one working instance of <blah><blah><blah>

I would bet that if you had typed:
service postfix status

it would have told you it was locked, or dead. And would have been locked because of the error in the main.cf. You showed the error. Would suggest you look at that file, and keep checking /var/log/messages and /var/log/maillog for addtional errors.

As far as your first question:

Quote:

(2) My server is quite a weak one (latest P4), no dual processors etc., tried to configure spamassassin alone once but my cpu load peaked, have you got this kind of problem?

With this configuration, spamassassin is actually idol until it is called for by amivsd. It appears that amivisd doesn't send stuff through spamassassin if it wouldn't have a spam flag on it. This reduces you CPU load, and you shouldn't see 'peak' cpu load if you go this route. That said- your P4 shouldn't be effected by running spamassassin under amavisd-new, since it seems to only direct to spamassassin if the score would be above 4.0. This of course depends on what you set it to. I of course could be wrong, this theory is taken from reviewing headers on emails and noticing that not all email is sent through spamassassin, and on those emails which receive a score above 3.9 are flagged X-SPAM in the header.

Good luck.

[nice_squid]

i have problem....everytime i put this script

smtp-amavis unix - - y/n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes

127.0.0.1:10025 inet n - y/n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,rej ect
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_ unknown_recipient_checks



my Postfix cannot run become like this :
[root@primary postfix]# service amavisd restart;service spamassassin restart;service postfix restart
Shutting down Mail Virus Scanner (amavisd): [ OK ]
Starting Mail Virus Scanner (amavisd): [ OK ]
Shutting down spamd: [ OK ]
Starting spamd: [ OK ]
Shutting down postfix: [FAILED]
Starting postfix: [ OK ]
[root@primary postfix]#

need sugges...

[nephila]

I notice a number of people are having some problems so here are my main.cf and master.cf files (exclusing the comments of course!) Hopefully this will help some of you.

main.cf:

Code:

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
myhostname = 192.168.10.28
myorigin = $mydomain
inet_interfaces = $myhostname, localhost
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
debug_peer_level = 2
debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.1.5/samples
readme_directory = /usr/share/doc/postfix-2.1.5/README_FILES
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
   permit_sasl_authenticated,
   check_relay_domains
content_filter = smtp-amavis:[127.0.0.1]:10024

master.cf:

Code:

smtp      inet  n       -       n       -       -       smtpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       n       -       -       smtp
relay     unix  -       -       n       -       -       smtp
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
old-cyrus unix  -       n       n       -       -       pipe
  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
cyrus     unix  -       n       n       -       -       pipe
  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
smtp-amavis unix -	-	n	-	2  smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
127.0.0.1:10025 inet n	-	n	-	-  smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_client_restrictions=
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

[nice_squid]

Hooaah....IT work...thx....
but i have 1 question....in this tutor...you not tell bout ClamAV, so it read like this
when i give chown command

Quote:

[root@primary root]# chown amavis /var/run/amavis
[root@primary root]# chown amavis /var/run/clamav
chown: cannot access `/var/run/clamav': No such file or directory

no clamav.....

[nice_squid]

now problem resolved....but got more problem..LoL..
when i open my webmail

ERROR:
Connection refused
Server replied: 111

so any sugges...? plz...

[glittermage]

This how-to helped me. After wrestling with Sendmail, Procmail, Dovecot, and Cyrus configurations on my own for two days straight and combing through the Internet I found your post. Started over and everything is working well now, thanks!

I'll tweak the settings and investigate more options after I get some rest. Thanks again! Huge help!

[Jasper22]

Thanks !!! Great article !! Just what I was looking for !!! Thank you

[edgareem]

I have a problem with squirrelmail, when I attach a document, I can’t do it and when I look into System Register, I get this:

May 4 13:35:57 mail kernel: audit(1115235357.922:0): avc: denied {
getattr } for pid=3149 exe=/usr/sbin/httpd path=/var/spool dev=hda5
ino=2736165 scontext=root:system_r:httpd_t
tcontext=system_u:object_r:var_spool_t tclass=dir
May 4 13:35:57 mail kernel: audit(1115235357.922:0): avc: denied {
search } for pid=3149 exe=/usr/sbin/httpd name=spool dev=hda5 ino=2736165
scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_spool_t
tclass=dir
May 4 13:45:07 mail kernel: audit(1115235907.454:0): avc: denied {
search } for pid=3153 exe=/usr/sbin/httpd name=spool dev=hda5 ino=2736165
scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_spool_t
tclass=dir
May 4 13:45:07 mail kernel: audit(1115235907.454:0): avc: denied {
search } for pid=3153 exe=/usr/sbin/httpd name=spool dev=hda5 ino=2736165
scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_spool_t
tclass=dir
May 4 13:45:07 mail kernel: audit(1115235907.455:0): avc: denied {
search } for pid=3153 exe=/usr/sbin/httpd name=spool dev=hda5 ino=2736165
scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_spool_t
tclass=dir
May 4 13:45:07 mail kernel: audit(1115235907.455:0): avc: denied {
search } for pid=3153 exe=/usr/sbin/httpd name=spool dev=hda5 ino=2736165
scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_spool_t
tclass=dir
May 4 13:45:07 mail kernel: audit(1115235907.455:0): avc: denied {
getattr } for pid=3153 exe=/usr/sbin/httpd path=/var/spool dev=hda5
ino=2736165 scontext=root:system_r:httpd_t
tcontext=system_u:object_r:var_spool_t tclass=dir
May 4 13:45:07 mail kernel: audit(1115235907.456:0): avc: denied {
search } for pid=3153 exe=/usr/sbin/httpd name=spool dev=hda5 ino=2736165
scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_spool_t
tclass=dir

Please help me

[sssssm]

Thanks for posting your cf files nephila and of course the how to. I have been struggling with this for the past two days and I finally got it working after looking at your cf files. Again, thank you.

[StickyC]

Quote:

Originally Posted by nephila

9. Install ClamAv from RPM
Run:

Code:

rpm -Uvh clamav-0.83-1.i386.rpm

Alas, it's not quite that easy - at least on FC3, there's some dependancies:

Code:

# rpm -Uvh clamav-0.83-1.i386.rpm 
warning: clamav-0.83-1.i386.rpm: V3 DSA signature: NOKEY, key ID 1ac70ce6
error: Failed dependencies:
        clamav-lib = 0:0.83-1 is needed by clamav-0.83-1.i386
        data(clamav) is needed by clamav-0.83-1.i386
        libclamav.so.1 is needed by clamav-0.83-1.i386

I tried the first time on a CentOS box and spent a good hour chasing down dependancies based on that OS. I'm trying it again with a real FC3 setup and getting the same error. Is there an easier way to get ClamAV installed? Is there a specific place I should be pulling the RPM from?

This info is awesome - the last mail server I build I followed a howto that was done in a Wiki (for an OpenBSD box - http://flakshack.com/anti-spam/wiki/...reAntiSpamWiki), this kind of ever-changing info is perfect for that.

[edgareem]

I have a problem with the user authentication, in my main.cf file I put:

relay_domains = $mydestination

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions =
permit_sasl_authenticated,
check_relay_domains

In my client I enabled the smtp authentication.

Daemon saslauthd is runing (pid 2176 2175 2174 2173 2172).....

in my /usr/lib/sasl/smtpd.conf I have:

pwchech_method: saslauthd
saslauthd_version: 2

My postfix works well with out the smtp authentication