Postfix, Dovecot, MySQL :: Name does not exist
I have followed these two guides to (install and troubleshoot) Email with Postfix, Dovecot, and MySQL but……
The result
local mail seems to work
interaction with remote mail - sending and receiving - does not work consistently
I can connect using pop3 over a secure connection but with the same result
Examples
name@local.com will send to, and receive from, itself
alias1@local.com (an alias for name@local.com) will send properly
name@local.com will send to name@remote1.com but will not receive from it
name@local.com will NOT send to name@remote2.com nor will it receive from it.
Again, the results are the same locally and with pop3.
It is worth noting that both the remote domains are in this case forwarders
Note. I have used local.com and remote.com (here and below) to clarify source and destination. I have not actually used those names. Please read them as example.com.
Errors and messages
In the case of the remote example that will NOT send, the error message is 550 the name does not exist.
As per the troubleshooting guide…
doveadm user name@local.com
… gives good results, but running it on a system user does not….
doveadm user user1
field value
uid 1000
gid 1000
home /home/user1
mail maildir:/var/mail/vhosts//user1/
system_groups_user user1
My understanding is it should say user does not exist. I have been unable to figure out how to correct this.
MySQL is basic
virtual_domains = local.com
virtual_users = name@local.com and passwd
virtual_aliases has two…
-- alias1@local.com -> name@local.com (works)
-- alias2@local.com -> name@remote.com (does not work)
Something on the "Email with Postfix, Dovecot, and MySQL" page is not clear to me. Namely…
re: 9. Update the /dovecot-sql.conf.ext file with your MySQL connection information
Near the end of that section is a part that says…
- To use an alias as the username: Add the alias as the source and destination email address to the virtual_aliases table, and adjust the password_query.
This is the part that is not clear.
If the source and destination addresses are the same in the virtual_aliases table, does this mean… an alias has two source entries in the virtual_aliases table? One that functions as an alias and one that functions as a logging credential? If not, how would the server know where to send the alias. If yes, how does it know which to authenticate and which to send?
If I use the alias password_query, will ordinary virtual users still be able to use mail? If so, why not use the alias query and be done?
I would like to see an example of a virtual_alias table and a virtual_users table configured to use a virtual and an alias as usernames.
While we're here…
There is an inconsistency between the main guide and the troubleshooting guide. The mail_location is given two different ways.
Install guide has…
mail_location = maildir:/var/mail/vhosts/%d/%n/
Troubleshooter has…
mail_location = mbox:~/mail:INBOX=/var/mail/%u
Which is correct?
To this point, I "surmise" postfix is verifying destinatin/remote email names locally rather than remotely/internetly. At least the core components seem to be working as expected. But something is amiss. Hopefully nothing catastrophic. I am tempted to say a whitelist would fix this but then I wouldn't be able to receive from addresses not already in the list. Lastly, I do not require system users to have access to email. In fact, I'd rather not have system user email at all.
I have spent a couple days reading about this problem - seems it's a common one - but I can find no consistent, predictable solutions that have solved it for me.
I welcome the benefit of your insights and experience. Thanks for reading this far.
4 Replies
[ UPDATE 1 ]
A postfix Log entry describing a rejected 'send' mail
to=name@gmx.com, relay=mx01.gmx.net[212.227.17.4]:25, delay=127473, delays=127472/0.02/0.89/0, dsn=4.0.0, status=deferred (host mx01.gmx.net[212.227.17.4] refused to talk to me: 554-gmx.net (mxgmx117) Nemesis ESMTP Service not available 554-No SMTP service 554-Bad DNS PTR resource record. 554 For explanation visit http://postmaster.gmx.com/en/error-messages?ip=173.000.000.000&c=rdns)
The webmail service's explanation
5xy Bad DNS PTR resource record
Emails from your email server were rejected because the PTR Resource Record (PTR-RR) of your IP address does not follow our guidelines. Possible reasons for this can be:
o The PTR-RR states that the IP address was dynamically allocated.
o The PTR-RR is a generic standard entry of your provider. Please allocate an independent and fully qualified domain name (Fully Qualified Domain Name - FQDN) to your email server and enter the corresponding valid PTR-RR.
o Individual rejection of the PTR-RR for system protection reasonsNote. A Reverse DNS entry or FQDN (Fully Qualified Domain Name or PTR-RR) is the unique name of an internet host. The FQDN can be used to discover the host's IP address. The Reverse DNS entry should be used as the HELO when sending emails.
[ UPDATE 2 ]
A dovecot Log entry describing a failure
Aug 06 02:10:57 auth-worker(30553): Info: pam(name@example.com,49.195.98.165,<ehedvwmpfduxw2kl>): pam_authenticate() failed: Authentication failure (password mismatch?)</ehedvwmpfduxw2kl>
I think pam has made a mistake.
Regardless…
Aug 06 02:10:57 auth-worker(30553): Debug: passwd(name@example.com,49.000.000.000,<ehedvwmpfduxw2kl>): lookup</ehedvwmpfduxw2kl>
Aug 06 02:10:57 auth-worker(30553): Info: passwd(name@example.com,49.000.000.000,<ehedvwmpfduxw2kl>): unknown user</ehedvwmpfduxw2kl>
I should probably have noted log entries immediately after every test but by this point in time it was becoming tedious. How many times can a person read 'unknown user' for a valid user before it grows wearying. And there was no password mismatch - everything has been copy and paste, or in the case of pop3 it's saved for sending and receiving.
I guess these are a start but they sure don't account for everything that is (or is not) happening.
I'll be back ;-)
I thought I would come back here to report on my progress. I have managed to get email working in the sense it appears to be sending and receiving but I'm not at all confident with it because quite frankly I still don't know what was causing the errors I've noted, and the mail and server logs tend to be unhelpful - both postfix and dovecot spew unknown user and pass-word errors for nearly every problem they encounter (I might guess because login fails if either program does not immediately terminate following an error). Any progress I've made has been based strictly on program logic. The only real things I've learned have been that PTR matters and despite running on a secure connection I had to keep port 25 open even though my desktop client isn't configured to use it. But all's well that ends well, I suppose.