Richard
Note: These instructions are identical for Leopard and Snow Leopard.
Now that everything is configured and started you want to make sure that everything works. You could fire up a mail client and make it connect to the server, but here are some alternatives listed that will make it easier to test the seperate components and make it easier to debug as you see what is going on.
Postfix SMTP/TLS
To test the TLS capabilities of Postfix we will telnet to the server and try to activate the SSL session:
The server will answer with:
Connected to your.mailserver.tld.
Escape character is ^]
220 your.mailserver.tld ESMTP Postfix
Then type in:
And again your server will answer it’s capabilities:
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250 8BITMIME
Now it’s time to test TLS and enter in capitals:
and the server should respond with:
Then you know this part will work.
Dovecot IMAPS
Because the configuration of Dovecot won’t allow plain password login over plain connection we have to use the IMAPS (IMAP over SSL) capabilities to test this. We’ll use the openssl client mode for testing:
The server will return a lot of output on the SSL session but should ultimatly return with:
Now we can try to login. If you haven’t created any users please use postfixadmin to create some users and mailboxes. To logon issue the following commands (with the a) and replace emailaddress and password to one existing in your setup.
Where if everything went allright the server will answer with:
Next as an extra test you could see if the INBOX folder is there:
From which the server should answer:
* OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted.
* 1 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1246736982] UIDs valid
* OK [UIDNEXT 2] Predicted next UID
* OK [HIGHESTMODSEQ 1]
b OK [READ-WRITE] Select completed.
As a last test you could ask the server to list all your users mailfolders:
If something might fail turn on as much debug information as you can. Both Postfix and Dovecot give excellent message information in the logfile. I always keep a second terminal window open where I put the command:
And I see everything that is happening in the server. If everything is working as it should turn of all the debug information as it will slow your server down.
Comments
4:34 pm
As far as I can tell I’ve done everything exactly as you’ve stated, but its not working.
When I first restarted the system port 25 was closed, then I came back to it a day later and it was open, now it’s closed again (the machine was left running the whole time).
When it was open STARTTLS failed saying Error 502 (and something about not implemented [I can't remember the exact wording]). I’ve done postfix check and status and both come back OK. Log files says “dovecot[68]: imap-login: Disconnected (no auth attempts): ….. TLS handshaking: Disconnected” when I ping port 993.
3:50 pm
I connected to the server successfully, but the server did not return a `220 your.mailserver.tld ESMTP Postfix` line.
Then I tried `EHLO your.mailserver.tld`while logged in via telnet. Nothing Happens.
When I “escape” crallion.com:25, but am still running telnet, I tried typing “EHLO your.mailserver.tld”, and telnet returned a “?Invalid command”.
At what point do I use “EHLO your.mailserver.tld” and why doesn’t my server return the “220 your.mailserver.tld ESMTP Postfix” line? What does it mean and how can I fix it?
4:01 pm
Also, sometimes and just says
“Connection closed by foreign host.”
Right after the connection is made and before I can do anything. I am guessing that telnet is supposed to connect to postfix, at which point you can use EHLO and STARTTLS, but I am not sure. But, in essence, all I am asking is why I don’t get any feedback from postfix when I connect to port 25, and how can I fix it. Postfix is running, according to “sudo postfix start”.
So anyway, to be perfectly clear, about half the time, the dialog is this
Trying x.x.x.x…
Connected to domain.com
Escape character is ‘^]’.
Connection closed by foreign host.
Otherwise it is this:
Trying x.x.x.x…
Connected to domain.com
Escape character is ‘^]’.
At which point I try “EHLO domain.com” and/or “STARTTLS”, which do nothing, and the Terminal sits there until apparent telnet timeout, when it closes the connection.
5:35 pm
@Jack, please replace your.mail server.tld with the actual hostname of your mail server. Its just there as a example.
8:38 pm
I did. I was just emulating the tutorial. But that still wouldn’t explain what occurs when I try to login via telnet.
8:42 pm
@Jack, I understand. First check if postfix is actually running (there should be a process called master running).Then you need to check the logfiles /var/log/mail.log and /var/log/system.log for any error that might occur when connecting.
9:52 pm
Thanks a lot. I knew to check mail.log, but didn’t think to check system.log. It turned out that there was an error with Dovecot.
There was another error, which you explain how to fix here:
http://switch.richard5.net/2006/08/19/fatal-open-lock-file-pidmasterpid/
However, it appears this fix did not fix the problem, beacause I had the error earlier, I fixed it per your instructions, and now it appears that on reboot, it started up again. Can I just unload the file from launchctl and then delete it (or rename)? Or is that an insufficient fix?
10:17 pm
I checked the log file when I tried:
a login jack@mydomain.com password
and recieved:
a NO [UNAVAILABLE] Temporary authentication failure.
This was in system.log when I try to login with openssl
Aug 23 23:11:02 Mac-Server postfix/trivial-rewrite[20327]: warning: connect to mysql server 127.0.0.1: Can’t connect to MySQL server on ’127.0.0.1′ (61)
Aug 23 23:11:02 Mac-Server postfix/trivial-rewrite[20327]: fatal: mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): table lookup problem
Aug 23 23:11:03 Mac-Server postfix/smtpd[20211]: warning: problem talking to service rewrite: Unknown error: 0
Aug 23 23:11:03 Mac-Server postfix/master[10373]: warning: process /usr/libexec/postfix/trivial-rewrite pid 20327 exit status 1
Aug 23 23:11:03 Mac-Server postfix/master[10373]: warning: /usr/libexec/postfix/trivial-rewrite: bad command startup — throttling
The mysql_virtual_alias_maps.cf file appears fine, with a copy/paste of your code, and the real postfix db passwd filled in (of course).
Any help??
5:08 pm
My server works, but when I try to send email to a gmail account (haven’t tested anything else yet), the email is returned because it says that gmail wont directly accept email from my ISP, or something along those lines.
When you said this:
250-your.mailserver.tld
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250 8BITMIME
You meant
250-”your.ISP-HOSTNAME.tld”, right?
Because when editing the postfix conf, I had these, which I obviously followed:
# The hostname is the hostname you get from your ISP.
# Don’t take one from your virtual domains
myhostname = server.isp-domain.tld
# you can reduce the debug level to level 0 when every is working.
debug_peer_level = 2
Was I not supposed to use my ISP’s domain?? Why won’t Google accept mail from my server?
8:40 pm
@Conner, “your.mailserver.tld”=”your full isp hostname”.
Could be many things, what is the actual error message that Google returns. It could be that your ISP has blocked port 25 (you need to open up the submission port). Your firewall is blocking incoming traffic. etc.
8:41 pm
@Jack, Can you try changing the line with “host = 127.0.0.1″ into “hosts = unix:/tmp/mysqld.sock” in all the mysql_virtual_* files just to see that there aren’t any network issues.
8:19 am
@Richard
I was able to fix it. By trying to log in via the Terminal, I noticed that for some reason, I was able to login over localhost but not over 127.0.0.1. It probably has something to do with the DB config, or the router setup, maybe even virtual hosts.
All I ended up doing to fix the problem was change “127.0.0.1″ in the mysql_virtual_* files to “localhost”, which worked well.
Also, upon further research into dovecot configuration, I figured that in “dovecot-sql.conf”, the user query and password query lines have better syntax like this:
user_query = SELECT ‘/usr/local/virtual/%d/%n’ as home, \
concat(“*:storage=”, quota) AS quota_rule FROM mailbox \
WHERE username = “%u” AND active = “1″
password_query = SELECT username as user, password, \
‘/usr/local/virtual/%d/%n’ as userdb_home, \
concat(“*:storage=”, quota) AS userdb_quota_rule \
FROM mailbox WHERE username = ‘%u’ AND active = ’1′
In the storage line, I changed it from your’s to “*:storage=” because “dirsize:storage=” is old and less efficient.
Also, with this configuration, you need to have these lines on your dovecot.conf file
mail_location =maildir:~/Maildir
mail_uid = 102
mail_gid = 102
and the userdb should be changed to (adding the prefetch, for one query):
userdb prefetch {
}
userdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
If you have other reasons or suggestions for using your original syntax, please tell, as the more info I have, the better.
This puts the userdb and passdb into one mysql query.
12:20 pm
Error Message:
This is the mail system at host 141-146.5-85.cust.bluewin.ch.
I’m sorry to have to inform you that your message could not
be delivered to one or more recipients. It’s attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The mail system
: host gmail-smtp-in.l.google.com[74.125.77.27] said:
550-5.7.1 [85.5.146.141] The IP you’re using to send mail is not authorized
to 550-5.7.1 send email directly to our servers. Please use the SMTP relay
at your 550-5.7.1 service provider instead. Learn more at
550 5.7.1 http://mail.google.com/support/bin/answer.py?answer=10336
v8si3224831eeh.26 (in reply to end of DATA command)
Reporting-MTA: dns; 141-146.5-85.cust.bluewin.ch
X-Postfix-Queue-ID: 2E76610EC30
X-Postfix-Sender: rfc822; crallion@crallion.com
Arrival-Date: Wed, 25 Aug 2010 13:09:35 +0200 (CEST)
Final-Recipient: rfc822; connor.cn@gmail.com
Original-Recipient: rfc822;connor.cn@gmail.com
Action: failed
Status: 5.7.1
Remote-MTA: dns; gmail-smtp-in.l.google.com
Diagnostic-Code: smtp; 550-5.7.1 [85.5.146.141] The IP you’re using to send
mail is not authorized to 550-5.7.1 send email directly to our servers.
Please use the SMTP relay at your 550-5.7.1 service provider instead. Learn
more at 550 5.7.1
http://mail.google.com/support/bin/answer.py?answer=10336 v8si3224831eeh.26
(Original Message was Here)
So anyway, it looks like it doesn’t have much to do with your server setup, but I was just wondering if anyone else has received this error message, since gmail is pretty popular. I haven’t tried it with hotmail, or other big ones yet, but I have tested with another private mail server, which it successfully sent the mail to. I really need the ability to send it to a gmail account, so I was wondering if anyone had a fix.
5:30 pm
@Connor, did you check the blacklist info? This looks like the IP’s from your ISP are blacklisted.
10:11 pm
How do I check blacklisted IPs and how do I fix it?
5:46 am
http://www.mxtoolbox.com/blacklists.aspx, if you are you can’t fix it. You could try to use any of the forms used by some of the blacklisters to get whitelisted.