1 Topic by rene.veerman

  • rene.veerman
  • Member
  • Offline
  • Registered: 2020-12-05
  • Posts: 39

Topic: can not receive mail

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):

root@parakeet:/usr/local/libexec# cat /etc/iredmail-release
1.3.2 PGSQL edition.

- Deployed with iRedMail Easy or the downloadable installer?

can't remember, probably the downloadable installer

- Linux/BSD distribution name and version:

root@parakeet:/usr/local/libexec# uname -a
Linux parakeet 5.4.0-88-generic #99-Ubuntu SMP Thu Sep 23 17:29:00 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux


- Store mail accounts in which backend (LDAP/MySQL/PGSQL):

Maildir

- Web server (Apache or Nginx):

both

- Manage mail accounts with iRedAdmin-Pro?

no

- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.

postfix.log:

Oct 18 09:09:47 mail postfix/smtpd[81785]: > mail-pg1-f169.google.com[209.85.215.169]: 250 2.0.0 Ok: 2342 bytes queued as 4C44B3CB22D
Oct 18 09:09:47 mail postfix/local[81795]: 4C44B3CB22D: to=<rene@example.com>, relay=local, delay=0.05, delays=0.04/0/0/0.01, dsn=5.2.0, status=bounced (cannot append message to file /usr/local/libexec/dovecot/dovecot-lda: cannot create file exclusively: Permission denied)

file permissions (including only the relevant entries) :

root@parakeet:/usr/local/libexec# ls -al /
drwxr-xr-x  13 root root       4096 okt 12 12:48 usr

root@parakeet:/usr/local/libexec# ls -al /usr
drwxr-xr-x  12 root root 12288 sep 18 09:38 libexec

root@parakeet:/usr/local/libexec# ls -al /usr/local
drwxr-xr-x  3 mail mail 4096 okt 18 05:51 libexec

root@parakeet:/usr/local/libexec# ls -al /usr/local/libexec/
drwxr-xr-x  2 mail mail 4096 okt 18 05:51 dovecot

root@parakeet:/usr/local/libexec# ls -al /usr/local/libexec/dovecot/
total 8
drwxr-xr-x 2 mail mail 4096 okt 18 05:51 .
drwxr-xr-x 3 mail mail 4096 okt 18 05:51 ..

postfix main.cf :

root@parakeet:/etc/postfix# cat main.cf
maillog_file = /var/log/postfix.log
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
append_dot_mydomain = no
readme_directory = no

# TLS parameters
smtp_use_tls = yes
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_delay_reject = yes
smtpd_helo_required = yes
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.example.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.example.com/privkey.pem
smtpd_tls_loglevel = 1
#smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated,  reject_unauth_destination

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

smtpd_helo_restrictions =
    permit_sasl_authenticated
    permit_mynetworks
    reject_unauth_destination
    reject_non_fqdn_sender
    reject_non_fqdn_recipient
    reject_unknown_recipient_domain
    reject_non_fqdn_hostname
    reject_invalid_hostname
    reject_rbl_client zen.spamhaus.org
    reject_unauth_pipelining
    permit
smtpd_recipient_restrictions =
    permit_sasl_authenticated
    permit_mynetworks
    reject_invalid_hostname
    reject_non_fqdn_hostname
    reject_non_fqdn_recipient
    reject_non_fqdn_sender
    reject_unknown_sender_domain
    reject_unknown_recipient_domain
    reject_sender_login_mismatch
    reject_unauth_pipelining
    reject_unauth_destination
    reject_multi_recipient_bounce
    reject_non_fqdn_helo_hostname
    reject_invalid_helo_hostname
    reject_rbl_client zen.spamhaus.org
    permit
smtpd_sender_restrictions =
    permit_sasl_authenticated
    permit_mynetworks
    reject_unauth_destination
    reject_non_fqdn_sender
    reject_non_fqdn_recipient
    reject_unknown_recipient_domain
    reject_unauth_pipelining
    reject_rbl_client zen.spamhaus.org
    permit
smtpd_client_restrictions = reject_invalid_hostname
smtpd_data_restrictions =
    reject_unauth_pipelining
    reject_multi_recipient_bounce
    permit
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth


smtp_tls_security_level = may

virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_domains = /etc/postfix/virtual_mailbox_domains

myhostname = mail.example.com
myorigin = /etc/mailname
mydestination = nicer.app, localhost.$mydomain, localhost
mynetworks = 192.168.178.0/24 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
mailbox_command = /etc/postfix/dovecot-lda-relay -f "$SENDER" -a "$RECIPIENT"
recipient_delimiter = +
inet_interfaces = all
#inet_protocols = all
inet_protocols = ipv4
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

debug_peer_level = 10
debug_peer_list = nicer.app, 192.168.178.0/24

postfix master.cf :

root@parakeet:/etc/postfix# cat master.cf
#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
smtp      inet  n       -       y       -       -       smtpd -v
#smtp      inet  n       -       y       -       1       postscreen
#smtpd     pass  -       -       y       -       -       smtpd
#dnsblog   unix  -       -       y       -       0       dnsblog
#tlsproxy  unix  -       -       y       -       0       tlsproxy
submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_tls_auth_only=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=$mua_client_restrictions
  -o smtpd_helo_restrictions=$mua_helo_restrictions
  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       y       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=$mua_client_restrictions
  -o smtpd_helo_restrictions=$mua_helo_restrictions
  -o smtpd_sender_restrictions=$mua_sender_restrictions
  -o smtpd_recipient_restrictions=
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
dovecot unix    -       n       n       -       -      pipe
  flags=DRhu user=vmail:vmail argv=/etc/postfix/dovecot-lda-relay -f ${sender} -d ${user}@${nexthop} -m ${extension}
#628       inet  n       -       y       -       -       qmqpd
pickup    unix  n       -       y       60      1       pickup
cleanup   unix  n       -       y       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       y       1000?   1       tlsmgr
rewrite   unix  -       -       y       -       -       trivial-rewrite
bounce    unix  -       -       y       -       0       bounce
defer     unix  -       -       y       -       0       bounce
trace     unix  -       -       y       -       0       bounce
verify    unix  -       -       y       -       1       verify
flush     unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       y       -       -       smtp
relay     unix  -       -       y       -       -       smtp
        -o syslog_name=postfix/$service_name
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       y       -       -       showq
error     unix  -       -       y       -       -       error
retry     unix  -       -       y       -       -       error
discard   unix  -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       y       -       -       lmtp
anvil     unix  -       -       y       -       1       anvil
scache    unix  -       -       y       -       1       scache
postlog   unix-dgram n  -       n       -       1       postlogd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

of course, example.com is not the actual domain name i'm using..
but that's hardly relevant.

i've tried searching for
/usr/local/libexec/dovecot/dovecot-lda
in all of my config (sub-)folders, and while i don't know if i got them all,
i have tried overriding this setting in postfix's config file.

i also spent about 14 hours googling for more information, but that search came up empty too.

i'm hoping someone here can help me out..


====

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by rene.veerman

  • rene.veerman
  • Member
  • Offline
  • Registered: 2020-12-05
  • Posts: 39

Re: can not receive mail

update :

with some help from the libera irc #postfix channel, i was pointed towards the 'man local 8' unix manual page, where i found the priority of mail delivery agent execution.

i chose to put a ~/.forward file in the one account that i'll be using for all the users on my mail domain, and point that to the correct dovecot-lda executable..

~/.forward now reads :

| "/usr/lib/dovecot/dovecot-lda"

and my dovecot delivery log now shows this :

Oct 18 16:58:36 lda(rene)<137292><iqVeKJyLbWFMGAIAOM3lIQ>: Info: msgid=<CACMzB5c4_NSarMZO3uPXdZHb+3ygmXFEB1ycALJMksGs53xdOw@mail.gmail.com>: saved mail to INBOX

considering that /etc/dovecot/conf.d/10-mail.conf has the following entries :

mail_home = /home/%n/Maildir
mail_location = maildir:~/Maildir

i now see new mails show up in ~/Maildir all right :

root@parakeet:/etc/dovecot/conf.d# find /home/rene/Maildir/
/home/rene/Maildir/
/home/rene/Maildir/dovecot-uidvalidity.616bb2bf
/home/rene/Maildir/new
/home/rene/Maildir/new/1634550801.M165528P101841.parakeet,S=2606,W=2659
/home/rene/Maildir/new/1634551647.M510277P103272.parakeet,S=2566,W=2618
/home/rene/Maildir/new/1634569116.M676664P137292.parakeet,S=2560,W=2612
/home/rene/Maildir/dovecot.list.index.log
/home/rene/Maildir/dovecot-uidlist
/home/rene/Maildir/cur
/home/rene/Maildir/tmp
/home/rene/Maildir/dovecot.index.log
/home/rene/Maildir/dovecot.index.cache
/home/rene/Maildir/dovecot-uidvalidity

but these mails do not show up in the unix mail command or in an IMAP session... sad

rene@parakeet:~$ mail
No mail for rene

so i'm stuck again... i'll keep at it myself too, and i'll ask around on IRC again, but if you can help me with this then please drop me a message here..

3 Reply by rene.veerman (edited by rene.veerman 2021-10-18 23:53:16)

  • rene.veerman
  • Member
  • Offline
  • Registered: 2020-12-05
  • Posts: 39

Re: can not receive mail

rene@sparrow:/var/www/example.com$ openssl s_client -crlf -connect imap.example.com:993

does the STARTTLS correctly, but can't login..


---
read R BLOCK
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
. LOGIN rene@example.com valid_password
* PREAUTH [CAPABILITY (null)] Logged in as (null)
closed


i can't find this problem listed anywhere at all on google sad

4 Reply by rene.veerman

  • rene.veerman
  • Member
  • Offline
  • Registered: 2020-12-05
  • Posts: 39

Re: can not receive mail

update : COMPLETELY SOLVED! smile
(a clear case of RTFM in the end)

https://doc.dovecot.org/admin_manual/troubleshooting/

says to use the dovecot-sysreport commandline tool, which i did.
it's log_errors file (after extracting the output with tar xf filename.tar.gz) shows :
Oct 18 17:50:21 Error: imap(rene@example.com): Relative home directory paths not supported: ~/Maildir

so i changed :
userdb {
        driver = static
        args = uid=rene gid=vmail home=/home/%n/Maildir
}
in /etc/dovecot/conf.d/auth-passwdfile.conf.ext

and

mail_location = maildir:/home/%n/Maildir
in /etc/dovecot/conf.d/10-mail.conf

and added
!include_try /etc/dovecot/conf.d/*.conf
to /etc/dovecot/dovecot.conf

result : i can now receive mails from gmail and other locations, and connect directly to imap.example.com:993 to use them in any normal email client app.