Richard
Note: These instructions are identical for Leopard and Snow Leopard.
In a normal setup of the basic mailserver all communication between your server and the end user email client is unencrypted and there is the possibility that usernames and passwords can be sniffed while in transit on the internet. This can be prevented by using TLS/SSL encrypted connections which will encrypt the traffic between the client and the server which in turn means that snooping of password information is history. This is in our setup the default configuration.
First you need to buy yourself a SSL certificate at Thawte or Verisign, but as we are building a server on the cheap we are going to create our own certificate. The only problem you will encounter when creating your own certificates is that users explicitly have to accept and verify your root certificate in contrast with certificates you buy which are already accepted in most email clients by default. If they for instance try to send their email for the first time via your secure server they need to accept your certificate. When using Mail.app in OS X they will get the following warning:
They need to press continue and from then on your certificate will be accepted and they won’t be asked again.
Just open a Terminal and execute the following command in the directory ‘/etc/postfix‘:
-newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM \
-days 365 -x509
This will create a 2048 bit encryption key that, for now, is secure enough for you mailserver to use. If you are paranoid and want a bigger key just increase the number after rsa:. The key will be valid for a year, if you want a longer period just increase the number after the -days option. When the key is finished you will be asked a couple of questions you need to answer. The information will be shown to people who want to see your certificate when their mail client complains. The most important one is the ‘Common Name’, make sure that that one is the same as the mail server name.
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:your.mailserver.tld
Email Address []:you@yourdomain.tld
Configuring Postfix means editing files, I’ll only note the settings that differ from the default settings. We will start by editing the ‘main.cf‘ configuration file located in the directory ‘/etc/postfix/‘ (before you start changing make a copy of the original file for safe keeping, which you should do always). Please note that only the difference from the default settings is documented:
main.cf
# Don’t take one from your virtual domains
myhostname = server.isp-domain.tld
# you can reduce the debug level to level 0 when every is working.
debug_peer_level = 2
#
# my additions for the virtual domain administration
# to use the MySQL database.
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:102
virtual_mailbox_base = /usr/local/virtual/
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 102
virtual_transport = dovecot
virtual_uid_maps = static:102
#
# The settings for the SASL authentication using the autdaemon.
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unauth_destination,
reject_unauth_pipelining,
reject_invalid_hostname,
reject_rbl_client zen.spamhaus.org,
permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_application_name = smtpd
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes
smtpd_pw_server_security_options = noanonymous
smtpd_enforce_tls = no
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
dovecot_destination_recipient_limit = 1
# OPTIONAL PART
smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_etrn_restrictions = reject
As a last step there are the new files that are to be created to accommodate the MySQL access for the user administration. The are to be created in the directory ‘/etc/postfix‘.
mysql_virtual_alias_maps.cf
password = postfixpassword
hosts = 127.0.0.1
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = 1
mysql_virtual_domains_maps.cf
password = postfixpassword
hosts = 127.0.0.1
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s'
mysql_virtual_mailbox_maps.cf
password = postfixpassword
hosts = 127.0.0.1
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1
The last file we need to edit for postfix configuration is ‘/etc/postfix/master.cf‘. There are two things we need to do in this file.
Open up a second port (587) for authenticated users. Most ISP’s might block port 25 and this will help get past that. All mail clients are able to use it.
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
The next we need to do is to create an extra transport by adding the following lines at the end:
flags=DRhu user=_vmail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${recipient}
This enables delivering the mail to dovecot.
Please make sure that the last line starting with ‘flags’ is all on one line in the config file.
Comments
10:09 pm
Hallo Richard,
the last line with the pipe to Dovecot LDA is not needed to be on one line. You could easy split it up in multiple lines. For example:
# Dovecot LDA
dovecot unix – n n – – pipe
flags=DRhu user=_vmail:_vmail argv=/usr/local/libexec/dovecot/deliver
-f ${sender}
-d ${user}@${nexthop}
-a ${recipient}
-m ${extension}
Regarding the submission port you should mention that one needs to allow delayed reject else things will not work the right way. If for example one is using in main.cf:
smtpd_delay_reject = no
Then to get the submission port to work you must add to the submission service in master.cf the following options:
-o smtpd_delay_reject=yes
Another option to consider adding to the submission port is to disable ETRN:
-o smtpd_etrn_restrictions=reject
It is also a good practice to enforce TLS on the submission port, since users are sending their login informations over that port:
-o smtp_tls_security_level=none
-o smtpd_enforce_tls=yes
In main.cf you use the obsolete “smtpd_enforce_tls” setting. You should consider switching to “smtp_tls_security_level”.
If you have a busy server then consider using proxy maps for the MySQL lookups. They speed up lookups and use less resources then when only using the mysql lookup map only.
–
Kind Regards from Switzerland,
Stevan Bajić
6:07 am
@Stevan, thanks for this. REally helpfull. I will update the settings in the document.
9:29 pm
I’m getting the following errors in /var/log/mail.log unless I comment out the “smtpd_sasl” specified above for main.cf:
postfix/smtpd[76455]: warning: SASL: Connect to private/auth failed: No such file or directory
postfix/smtpd[76455]: fatal: no SASL authentication mechanisms
postfix/master[17062]: warning: process /usr/libexec/postfix/smtpd pid 76455 exit status 1
postfix/master[17062]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
I also see this even w/ those lines commented out:
postfix/smtpd[64952]: warning: when SASL type is “dovecot”, SASL path “smtpd” should be a socket pathname
Any idea where I’ve gone wrong? Would my attempt to install cyrus-sasl on a Leopard system (didn’t realize the instructions had “jumped” to Tiger on me) have screwed something up?
I notice that the path specified here (from the Dovecot config page) on my my system does not exist:
auth_socket_path = /var/run/dovecot-auth-master
Thx,
Fred
5:26 am
@Fred, you need to look at your Dovecot config which should create this path. Did you startup dovecot?
5:28 am
[Haha...I just typed and was about to post this when I got email notification that you'd responded.
]
Okay, I think I have this part sorted now. On the next page, for the auth_executable parameter in the dovecot.conf file, I overlooked the insertion of “local” into the directory path. I had:
auth_executable = /usr/libexec/dovecot/dovecot-auth
but needed:
auth_executable = /usr/local/libexec/dovecot/dovecot-auth
Next thing to iron out (from mail.log) is this error:
May 10 23:23:38 Dill-Server-mini dovecot[47704]: auth-worker(default): mysql: Connect failed to localhost (postfix): Access denied for user ‘postfix’@'localhost’ (using password: YES) – waiting for 1 seconds before retry
I’ll see what I can figure out, but if it is obvious to anyone, a tip might save me some time…and hair!
Thx,
Fred
5:48 am
The obvious question would be it the user and password are correct. Try it from the command line.
5:59 am
I’m sorry…my brain is so scrambled at this point from trying to keep all this straight that I’m not sure which password needs to be correct, and where that password is. How should I be connecting at command line? Simply typing ‘mysql’ at the prompt for my “tech” account yields:
ERROR 1045 (28000): Access denied for user ‘tech’@'localhost’ (using password: NO)
Thanks for being so attentive and helpful, Richard!
7:30 am
The command line to try on the server is “mysql -p -upostfix postfix” or “mysql -p -uusername databasename”
If that does not work you need to assess if it is a technical or access rights problem.
7:41 am
Okay, yep, I can log in and have that “Connect failed” error straightened out. I needed to changeout “postfixpassword” for my actual password on the “connect =” line. I can run the OpenSSL command, but when I attempt to login, I get an immediate:
* BYE Internal login failure. Refer to server log for more information.
The log shows (I think the first line isn’t relevant):
dovecot[5806]: auth-worker(default): pam(tech@domain.com,216.xxx.xxx.xxx): pam_authenticate() failed: Authentication failure (/etc/pam.d/dovecot missing?)
dovecot[5806]: auth-worker(default): sql(tech@domain.com, 216.xxx.xxx.xxx): User query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘@domain.com’ AND active = ’1” at line 1
dovecot[5806]: imap-login: Internal login failure (auth failed, 1 attempts): user=, method=PLAIN, rip=216.xxx.xxx.xxx, lip=192.168.6.10, TLS
7:52 am
Looks like an error in the sql statement in your dovecot-sql.conf
8:16 am
Whew. Yep, indeed, there was a typo, or maybe a “paste-o” error. There was no ‘ after:
user_query = SELECT ‘/usr/local/virtual/%d/%n’ as home, \
‘maildir:/usr/local/virtual/%d/%n
Now I’m able to log successfully w/ OpenSSL. Will try to figure out what gives w/ the ‘createmaildir’ script now.
Thanks again for the help and patience.
10:33 am
Dear Richard,
When I add a new mailbox (using postfixAdmin), and leave the ‘Send Welcome mail’ checkbox ticked, I get the following messages, which repeat periodically until I restart the postfix process. Any idea where I went wrong?
Rob
… postfix/trivial-rewrite[1942]: warning: connect to mysql server 127.0.0.1: Can’t connect to MySQL server on ’127.0.0.1′ (61)
… postfix/trivial-rewrite[1942]: fatal: mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): table lookup problem
… postfix/master[1925]: warning: process /usr/libexec/postfix/trivial-rewrite pid 1942 exit status 1
… postfix/trivial-rewrite[1943]: warning: connect to mysql server 127.0.0.1: Can’t connect to MySQL server on ’127.0.0.1′ (61)
… postfix/trivial-rewrite[1943]: fatal: mysql:/etc/postfix/mysql_virtual_alias_maps.cf(0,lock|fold_fix): table lookup problem
… postfix/smtpd[1938]: warning: problem talking to service rewrite: Unknown error: 0
… postfix/master[1925]: warning: process /usr/libexec/postfix/trivial-rewrite pid 1943 exit status 1
… postfix/master[1925]: warning: /usr/libexec/postfix/trivial-rewrite: bad command startup — throttling
10:37 am
Rob, something is wrong with your postfix setup in the virtual config files. It can’t connect to the database, therefore things go wrong. Please check the mysql_virtual_* files for correctness.
11:31 am
Hi. Have checked them – they’re identical to those above, apart from the actual password being substituted for ‘postfixpassword’. However, interestingly, I just tried using ‘postfixpassword’ as the password, and got exactly the same messages. Also, (using the mysql command-line interface) I’ve confirmed that the password is correct, that the new mailbox entry is present in the database, and that this is returned by the SQL command in the implicated .cf file (‘select goto from alias where address=’…’ and active=1;’). Thanks for the (quick!) response, btw.
1:26 pm
Could you post the output of “postconf -n”?
1:59 pm
Stevan, Here you are (slightly expurgated):
(Sorry Richard, you’ll probably want to delete this.)
$ postconf -n
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
disable_vrfy_command = yes
html_directory = no
inet_interfaces = localhost
mail_owner = _postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 10485760
mydestination = $myhostname, localhost.$mydomain, $mydomain, …
myhostname = mail. … .com
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
proxy_interfaces = …
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_enforce_tls = no
smtpd_etrn_restrictions = reject
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_rbl_client zen.spamhaus.org, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_loglevel = 1
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:102
virtual_mailbox_base = /usr/local/virtual/
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_minimum_uid = 102
virtual_transport = dovecot
virtual_uid_maps = static:102
2:40 pm
I assume “mydomain” is the default (localdomain) or have you removed that entry from your output?
Can you post the output of “postconf -d|grep -i ^local_recipient_maps” too?
Could you run the following commands and post what Postfix is returning?
for foo in virtual_alias virtual_domains virtual_mailbox;
do
echo “Result from ${foo}:” $(postmap -q your_user@domain.tld mysql:/etc/postfix/mysql_${foo}_maps.cf);
done
And can you please post the output you get from (run this inside your Postfix.Admin directory):
grep “\$CONF\[‘smtp_” config.inc.php
The stuff from below is just a recommendation. Has nothing to do with your current issue.
Are you running Postfix in a chroot environment? If not then have you considered using the MySQL socket instead of the TCP/IP address:
mysql_virtual_alias_maps.cf:
user = postfix
password = postfixpassword
hosts = unix:/path/to/your/mysqld.sock
dbname = postfix
query = SELECT goto FROM alias WHERE address=_latin1′%s’ AND active=’1′
mysql_virtual_domains_maps.cf:
user = postfix
password = postfixpassword
hosts = unix:/path/to/your/mysqld.sock
dbname = postfix
query = SELECT domain FROM domain WHERE domain=_latin1′%s’
mysql_virtual_mailbox_maps.cf:
user = postfix
password = postfixpassword
hosts = unix:/path/to/your/mysqld.sock
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username=_latin1′%s’ AND active=’1′
If you run in a chroot then you could still use the socket but then you would need to bring the MySQL socket into a directory that Postfix can read in the chroot.
Have you considered using proxy map support to speedup Postfix MySQL lookups and minimize the amount of connections Postfix is making to MySQL?
virtual_alias_maps = proxy:mysql:${config_directory}/mysql_virtual_alias_maps.cf
virtual_mailbox_domains = proxy:mysql:${config_directory}/mysql_virtual_domains_maps.cf
virtual_mailbox_maps = proxy:mysql:${config_directory}/mysql_virtual_mailbox_maps.cf
proxy_read_maps = ${virtual_alias_maps}
${virtual_mailbox_domains}
${virtual_mailbox_maps}
3:24 pm
Stevan,
Yes, $mydomain is the default (derived by removing the leftmost bit of $myhostname), and doesn’t appear in the output.
“postconf -d|grep -i ^local_recipient_maps” returns the following:
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
for … returns the following:
postmap: warning: connect to mysql server 192.168.1.4: Can’t connect to MySQL server on ’192.168.1.4′ (61)
Result from virtual_alias:
postmap: warning: connect to mysql server 127.0.0.1: Can’t connect to MySQL server on ’127.0.0.1′ (61)
Result from virtual_domains:
postmap: warning: connect to mysql server 127.0.0.1: Can’t connect to MySQL server on ’127.0.0.1′ (61)
Result from virtual_mailbox:
grep … returns the following:
$CONF['smtp_server'] = ‘localhost’;
$CONF['smtp_port'] = ’25′;
Thanks very much for the assistance. I hope the above gives more clues.
Rob
5:28 pm
None of the postmap commands worked? Really? Is the MySQL server running? One connect tried to connect to 192.168.1.4 while the others tried to connect to 127.0.0.1?
Can you again run the commands but this time with verbose output?
postmap -v -q your_user@domain.tld mysql:/etc/postfix/mysql_virtual_alias_maps.cf
postmap -v -q your_user@domain.tld mysql:/etc/postfix/mysql_virtual_domains_maps.cf
postmap -v -q your_user@domain.tld mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
The output is going to be long. If you don’t want to post it here into the blog then send it to me by mail (stevan at bajic dot ch).
8:08 pm
Stevan,
Nope, and yes it definitely is. You are right – I discovered I’d changed one of the .cf files to ‘hosts = 192.168.1.4′ as an experiment, and forgot to change it back to 127.0.0.1. Sorry for that!
Anyway, have just made some progress, using ‘hosts = unix:/tmp/mysql.sock’, as suggested oob by Richard. And looks like I should have checked out the forum first, where this problem has been encountered before. Sorry for that too!
Thank you both very much for your help – this is very much appreciated.
Rob
8:17 pm
Rob, is the problem now solved?
8:37 pm
Stevan,
Well, adding new mailboxes now works even when I leave the ‘Send Welcome mail’ checkbox ticked. However, I do get the following warning:
… postfix/trivial-rewrite[7756]: warning: do not list domain … in BOTH mydestination and virtual_mailbox_domains
This I’ll look into tomorrow. But it does now work, so, yes – problem now solved.
Rob
9:02 pm
… postfix/trivial-rewrite[7756]: warning: do not list domain … in BOTH mydestination and virtual_mailbox_domains
This is because you have added your domain (lets call the domain rob.com) in mydestination AND you have added the domain rob.com into Postfix.Admin.
Just remove “rob.com” from “mydestination” in main.cf and restart Postfix.
8:53 am
Aug 23 09:50:08 Mac-Mini-Server postfix/master[61438]: fatal: /etc/postfix/master.cf: line 36: field “unprivileged”: bad value: “???”
That is the error I get in the mail.log file when I try to start postfix. The line it is refering to, “line 36″ is the one you added to master.cnf.
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
Could someone point me in the right direction of where I went wrong?
9:03 am
Hallo David, it’s probably not the line with ‘-o’ but the whole ‘submission’ service line. I guess it is a wrong character that you have added to master.cf (maybe a cut & paste issue). Could you replace all ‘-’ characters and set a normal dash there? I guess the blog software of Richard is transforming normal dashes to a character that looks like a dash but is not a real dash (this happens often). Just replace them by hand with a normal dash and then restart again Postfix. Let me know if that fixed your issue.
3:29 pm
Ah, yes. Thank you Stevan. That will teach me not to copy and paste without thought. “-” was “–” in the submission line.
4:10 pm
@David: well… you are not the first one and probably not the last one to run into such issues. btw: I have made those errors too. Not with the DIYMacServer page (I don’t own nor do I run a Mac) but with other pages and with PDF documents. Welcome to the club
6:41 pm
@David, sorry about this. It is now corrected. Some time ago an upgrade of WordPress went haywire. Still finding spots I missed….
12:20 pm
I also get the message:
postfix/trivial-rewrite[34140]: warning: do not list domain mydomain.com in BOTH mydestination and virtual_mailbox_domains
but there is no mydestination entry at all in the main.cf file in /etc/postfix
12:59 pm
Not having a mydestination entry does not mean that there is no one that is active. To see what the default is just run: “postconf -d mydestination”.
Usually the default has $myhostname in it and if you have specified $myhostname and the value of it is in virtual_mailbox_domains then you will get the above message.
To get the currently active value of mydestination just run: “postconf -n mydestination”.
1:07 pm
But then I don’t get how to handle the configuration when I don’t need the virtual domain feature, i.e. my domain is for example aaa.com and $myhostname will then be aaa.com. To add a mail account using the postfix admin web tool I have to add the domain aaa.com and then add a mail account for example info@aaa.com
Shouldn’t $myhostname be aaa.com? Shouldn’t I add a domain in the Postfix admin tool?
1:20 pm
@Micke, make your hostname the one you got from your ISP or hosting provider. Not the domain name you are hosting and you’ll be fine
1:46 pm
@Mike: You are confused!
virtual domain feature means: Your users are VIRTUAL and do not exist on the local system (aka: no shell, no nothing. From your OS X viewpoint they do not exist).
myhostname should not be aaa.com (domain dot top-level domain). It should be a real HOSTname (aka: host dot domain dot top-level domain. aka: myhost.aaa.com).
Off course aaa.com is valid too but in your case it is better to use another value then aaa.com.
You could even go that far to add myhost.invalid as myhostname. The value you have in myhostname is there so that Postfix knows if someone is addressing “someuser@(your myhostname)” that it should be delivered to the LOCAL account “someuser”. But since all you want is to use VIRTUAL domains you don’t need/want anything in myhostname that can be addressed from external. So adding something there that is invalid works too. The only problem when you add something that is not valid there is that Postfix will respond with that name you specify in myhostname when someone is doing a EHLO/HELO and this is maybe not something you like. So adding there a correct hostname might be beneficial in your case.
2:40 pm
Ok, the domain name mess has been sorted out. I was confused
But I still have no luck sending mails. I get this in the logs:
postfix/smtp[35345]: connect to mail-gw01.fsdata.se[195.35.82.79]:25: Operation timed out
postfix/smtp[35345]: BF968F250A: to=, relay=none, delay=2192, delays=2162/0.02/30/0, dsn=4.4.1, status=deferred (connect to mail-gw01.fsdata.se[195.35.82.79]:25: Operation timed out)
I cannot telnet to 195.35.82.79 : 25.
If that port is blocked how shall this be handled? I guess that postfix gets the address (mail-gw01.fsdata.se) using DNS looking for an MX record for the recipient of the mail.
2:56 pm
@Mike: Okay. That is another issue. I tried to connect to that host and it works from my leased line:
=-=-=-=-=-=-=-=-=-=-=-=-=-=
theia ~ # telnet 195.35.82.79 25
Trying 195.35.82.79…
Connected to 195.35.82.79.
Escape character is ‘^]’.
220 mail-gw01.fsdata.se Microsoft ESMTP MAIL Service ready at Sun, 29 Aug 2010 15:44:39 +0200
RSET
250 2.0.0 Resetting
QUIT
221 2.0.0 Service closing transmission channel
Connection closed by foreign host.
theia ~ # cd
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Do you have in general an issue sending mails or is it just that Swedish server? Can you try to connect to one of the Yahoo servers?
a.mx.mail.yahoo.com
b.mx.mail.yahoo.com
c.mx.mail.yahoo.com
d.mx.mail.yahoo.com
e.mx.mail.yahoo.com
f.mx.mail.yahoo.com
g.mx.mail.yahoo.com
h.mx.mail.yahoo.com
i.mx.mail.yahoo.com
j.mx.mail.yahoo.com
k.mx.mail.yahoo.com
Or could you try to connect to one of the Google servers?
google.com.s9a1.psmtp.com
google.com.s9a2.psmtp.com
google.com.s9b1.psmtp.com
google.com.s9b2.psmtp.com
If you have a problem to connect to them then it is most likely that your ISP is blocking you from connecting to any host on port 25. You usually can read on the ISP homepage if they are doing that. If they do that then it is most likely that you must use them (your ISP) as a smart host or a relay. What is your ISP? What is their homepage?
3:03 pm
Yes, appearently the ISP is blocking port 25. Except for their own smtp-server of course. (The ISP is bredbandsbolaget.se)
Do you have any instructions on how to use them as a relay?
3:11 pm
@Micke, for incoming mail you can use these instructions from my old blog: http://switch.richard5.net/2006/02/28/what-to-do-about-an-isp-blocking-port-25/
For outgoing mail I know there are many instructions available on the net. I guess I need to write some instructions for this as well. Google on “postfix relay isp”
edit: found these instructions that will help: http://www.riverturn.com/blog/?p=239
3:21 pm
In this case it was easy. My ISP has port 25 open and no authentication is necessary so all I had to do was to add this line in /etc/postfix/main.cf
relayhost = smtp.bredband.net
3:49 pm
Tjena, tjena Micke
BBB is blocking outbound port 25. You need to use their server (aka: smtp.bredband.net) for relaying. But I see you have already discovered that.
7:08 pm
Bump: A change acknowledged in 2008 by @Richard and mentioned above by @Rob is (maybe?) still pending as of the re-write of 2011:
Because the document installing-everything-on-snow-leopard/securing-your-mySQL-install continues to recommend “skip-networking” in /etc/my.cnf as it has in the past, then the mysql_virtual_*_maps.cf codeblocks above still need to be changed to “hosts = unix:/tmp/mysql.sock”
(As an aside, I was mildly surprised that there was no chmod 600 suggested for these files, which contain plaintext mySQL passwords. But might that in turn require a chown on them so the process itself can read ‘em? Not sure who’s running which process…)
7:15 pm
@NoNo, again you are correct. I forgot to put this on a todo list and will change it. Thanks for the remark on the chmod, I will look into it if we can do this without too much problems.
Again thanks for all the comments
4:49 am
(Finally, I have a non-picayune suggestion!:-)
The promise of *domain* aliases in postfixadmin (and its SQL schema) is not realized by your mysql_…_maps.cf files above. (In other words, mailboxes and aliases in a virtual domain are not also recognized for a domain aliased to it, and they should be.) You need two additional mysql_…_maps.cf files that cross the alias_domain table with the mailbox and alias tables, to generate a translated target address. I believe that you can copy verbatim the code presented in http://gfdsa.gfdsa.org/2009/03/16/alias_domain-postfixadmin-postfix-configuration/