DRAFT Email with Postfix, Dovecot and MySQL on Ubuntu 12.04

Thanks very much for this. I was stuck on the installation of dovecot and this helped immensely. Most appreciated.

@inteja:

I'm new to Linode and also new to setting up Linux mail servers. I created a Ubuntu 12.04 linode then tried to follow the most recent Ubuntu 10.04 (lucid) guide (http://library.linode.com/email/postfix … 0.04-lucid">http://library.linode.com/email/postfix/dovecot-mysql-ubuntu-10.04-lucid) to setup my mail server. I finally managed to get it working after much messing about. I can't guarantee it's 100% correct or secure, but I've documented the changes I had to make (see link below, changes highlighted in red) to get it working on Ubuntu 12.04 (precise). It would be great if someone with more knowledge and experience could review this and correct if necessary before submitting for inclusion to the Linode library.

~~[http://virtualrealms.com.au/temp/dovecot-mysql-ubuntu-12.04-precise.zip" target="_blank">](http://virtualrealms.com.au/temp/doveco … recise.zip">http://virtualrealms.com.au/temp/dovecot-mysql-ubuntu-12.04-precise.zip](

I hit a snag while using this guide. In the very beginning when it tells you what packages to install:

apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server dovecot-common dovecot-imapd dovecot-pop3d postfix libsasl2-2 libsasl2-modules libsasl2-modules-sql sasl2-bin libpam-mysql openssl telnet mailutils

The newer version also requires you to install dovecot-mysql, which used to be included in dovecot-common, but is no longer.

For reference, my thread.

Thank you very much for posting this guide!

My $0.02:

1. If you plan to use SSL/TLS on port 465 you need to uncomment these lines in /etc/postfix/master.cf:

smtps     inet  n       -       -       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING

2. To avoid this warning in mail.log:
> warning: do not list domain … in BOTH mydestination and virtualmailboxdomains
I removed all but "localhost, localhost.localdomain" for "mydestination =" in /etc/postfix/main.cf.

You can get the same result by changing

postconf -e 'mydestination = server.example.com, localhost, localhost.localdomain'

to

postconf -e 'mydestination = localhost, localhost.localdomain'

when following inteja's guide.

3. And, of course, don't forget to add firewall rules for smtp, ssmtp, pop, imap, pops, imaps

-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 465 -j ACCEPT
-A INPUT -p tcp --dport 110 -j ACCEPT
-A INPUT -p tcp --dport 143 -j ACCEPT
-A INPUT -p tcp --dport 995 -j ACCEPT
-A INPUT -p tcp --dport 993 -j ACCEPT

to /etc/iptables.firewall.rules and then

iptables-restore < /etc/iptables.firewall.rules

to update them.

I've followed this guide (including dovecot-mysql installation) and everything works perfectly. So I think this manual could be added to Linode Library. This would help a lot of people to avoid problems with Dovecot on modern Ubuntu.

Why not use Dovecot for SASL authentication instead of running another daemon….

@:-|:

Thank you very much for posting this guide!

My $0.02:

Thanks for your additions! I'm glad someone else is getting something out of and improving on my newbie fumblings. I'll update my config with your changes.

I a following the updated Linode document by inteja http://forum.linode.com/viewtopic.php?f=11&t=9047 on a freshly installed Ubuntu 12.04 LTS. Taking into account the comments from Slaquor and :-|.

I got as far as "Configure saslauthd to use MySQL". I completed this part, added the users postfix and sasl, and restarted postfix and saslauthd.

These are the warnings I got when I restarted postfix, these 3 warnings were repeated dozens of times:

postconf: warning: /etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
postconf: warning: /etc/postfix/main.cf: unused parameter: virtual_maildir_extended=yes
postconf: warning: /etc/postfix/main.cf: unused parameter: dovecot_destination_recipient_limit=1

I could of course just remove the parameters, or should I replace them?

PS: I started a new thread http://forum.linode.com/viewtopic.php?f=11&t=9650, but as I was referred to this thread I thought it best to ask my questions here.

Wondering how many geeks are online on Xmas :wink:

I decided to continue with inteja;s manual and ignoring the warnings in Postfix for now.

I configured Devocot as described. Restarted the service and in the mail.log I found

Dec 25 19:34:02 li488-42 dovecot: master: Dovecot v2.0.19 starting up (core dumps disabled)

instead of

Jan 21 16:19:17 plato dovecot: Dovecot v1.2.9 starting up (core dumps disabled)
Jan 21 16:19:17 plato dovecot: auth-worker(default): mysql: Connected to 127.0.0.1 (mail)

The telnet test had the some outcome as described:

telnet localhost pop3
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready.
quit
+OK Logging out
Connection closed by foreign host.

What am I doing wrong or have I overlooked?

Continued by testing postfix as described, but didn't get the outcome as advertised:

telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
ehlo localhost
Connection closed by foreign host.

I found the following lines in the mail.log:

Dec 25 19:46:15 li488-42 postfix/smtpd[20196]: connect from localhost[127.0.0.1]
Dec 25 19:46:23 li488-42 postfix/smtpd[20196]: SSL_accept error from localhost[127.0.0.1]: -1
Dec 25 19:46:23 li488-42 postfix/smtpd[20196]: warning: TLS library problem: 20196:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:628:
Dec 25 19:46:23 li488-42 postfix/smtpd[20196]: lost connection after CONNECT from localhost[127.0.0.1]
Dec 25 19:46:23 li488-42 postfix/smtpd[20196]: disconnect from localhost[127.0.0.1]

Firewall settings using ufw:

ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere
80                         ALLOW       Anywhere
443                        ALLOW       Anywhere
110                        ALLOW       Anywhere
143                        ALLOW       Anywhere
993                        ALLOW       Anywhere
25/tcp                     ALLOW       Anywhere
995                        ALLOW       Anywhere
22                         ALLOW       Anywhere (v6)
80                         ALLOW       Anywhere (v6)
443                        ALLOW       Anywhere (v6)
110                        ALLOW       Anywhere (v6)
143                        ALLOW       Anywhere (v6)
993                        ALLOW       Anywhere (v6)
25/tcp                     ALLOW       Anywhere (v6)
995                        ALLOW       Anywhere (v6)

Just for the record. I started questioning my ability to read a tutorial/manual so I tried something else. I set up unison cloud storage between client (Mac OS X) and server (ubuntu 12.04 linode) in less than 30 minutes.

I followed this guide (thanks for the work!), and I'm getting the same results as pannix. In particular, the dead end is:

@pannix:

Continued by testing postfix as described, but didn't get the outcome as advertised:

telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
ehlo localhost
Connection closed by foreign host.

I found the following lines in the mail.log:

Dec 25 19:46:15 li488-42 postfix/smtpd[20196]: connect from localhost[127.0.0.1]
Dec 25 19:46:23 li488-42 postfix/smtpd[20196]: SSL_accept error from localhost[127.0.0.1]: -1
Dec 25 19:46:23 li488-42 postfix/smtpd[20196]: warning: TLS library problem: 20196:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:628:
Dec 25 19:46:23 li488-42 postfix/smtpd[20196]: lost connection after CONNECT from localhost[127.0.0.1]
Dec 25 19:46:23 li488-42 postfix/smtpd[20196]: disconnect from localhost[127.0.0.1]

The weird thing is that I first tried following the 10.04 guide, and actually got to the point where this telnet was working. I paid attention to the differences and don't see what could have broken this. Anyone have any ideas?

Just curious whether any further progress has been made on this guide yet - I'm really keen to get this working and appreciate those more knowledgeable than me putting it together!

@hampel:

Just curious whether any further progress has been made on this guide yet

Well I tried it anyway and it seems to be working for me. Haven't done much additional configuration yet, so more testing to be done.

Thanks for the instructions! I would like to add that the logs dont appear in mail.log till you change ownership to mail.log. I executed the below in order for the logs to appear.

sudo chown syslog.adm /var/log/mail.log

sudo chmod 640 /var/log/mail.log

Great work inteja!

Thanks for posting the guide.

Along with the helpful amendments mentioned by :-| I'm successfully up and running. It's frankly a quite shocking that there is no up-to-date defacto guide for Ubuntu 12.04 to get a postfix/dovecot mailserver working anywhere on the net. For that matter having explored various options it's also surprising that creating a mailserver of any sort is still quite a fragmented and drawn-out process.

This is certainly the closest to it I've found (after having followed the original guide in the Linode Library and having become quite stuck , various other guides too and eventually having to purge a lot of packages and configs after ugly attempts at trying to resolve the issues myself!)

Following the guide I can send and receive on numerous domains with multiple addresses but cannot at the moment figure out what exactly the outgoing SMTP setting should be? What seems to work on one device/client doesn't on another! How could one change the ports and security protocols ?

Even though I have uncommented the lines as suggested by :-| and have port 465 open in my firewall I am not allowed a connection to port 465 either with or without SSL/TLS on an Android tablet but then with Thunderbird that seems to work (albeit after a security exception warning due to my unsigned SSL cert). If I leave the port at 25 the tablet eventually seems satisfied, is able to send but when I check the settings it defaults back to port 587 which isn't even open with the firewall? Very odd! Whilst there is a setting on the tablet to accept all certificates, signed or unsigned it seems to not connect to the outbound smtp unless it is on standard unsecure port 25.

Perhaps those are more issues with Android than this setup but some pointers from someone in the know would sure help to make the guide more comprehensive.

Something that may also be merit in the new guide is a tip on how to do reverse DNS lookups so as to reduce chances of outgoing mail being flagged as spam etc?

Thanks for all the efforts in any case, it is much appreciated.

Rob.