Skip Navigation
Linux @lemmy.ml 0v0 @scribe.disroot.org
SOLVED

[SOLVED] Tech support: Postfix + Dovecot mail server, can't receive mail or log in via Thunderbird

Hi there, was thinking around of the best place to post this. Initially I thought maybe the Dovecot mailing list but I'm not sure if this is a Dovecot issue or if the issue lies with Postfix, so I figured maybe a more general Linux community. If people have suggestions about where I could post this that may have more people see it who are able/willing to help, I would also appreciate that.

I apologise, this post will probably be quite long, so I really do appreciate if anyone takes the time to read it and give advice.

Anyway, I was following this tutorial to set up a mail server with Postfix and Dovecot. The tutorial is for Ubuntu but I am using an Alpine Linux server, however the tutorial mostly concerns configuring Postfix and Dovecot which is distro-independent.

Deviations from the tutorial

I followed the tutorial with the exceptions of the following (deviations listed in order of the part of the tutorial they deviated from, so hopefully this is easy to follow linearly):

My server's hostname is domain.com not mail.domain.com (mail.domain.com is what my MX record points to), but this shouldn't really matter as I configured postfix with:

myhostname=mail.domain.com
mydomain=domain.com

I installed packages with apk not apt obviously, and installed Postfix with doas apk add postfix.

I didn't get the ncurses Postfix configuration popup when I installed or started Postfix.

Alpine doesn't auto-start the Postfix service, so I did

doas rc-update add postfix default
doas rc-service postfix start

I used doas apk add mailutils --update-cache --repository https://dl-cdn.alpinelinux.org/alpine/edge/testing/ to install and test the mail program.

I didn't increase attachment size limit.

Alpine doesn't seem to have a dovecot-imapd package, so I just installed dovecot and dovecot-lmtpd.

When configuring /etc/dovecot/conf.d/15-mailboxes.conf, I also set Drafts, Junk, and Sent Messages to auto-create as well as Trash.

I started the dovecot service the same way I did postfix above.

What works

I can send mail with sendmail and GNU mailutils mail. The following works:

echo "test email" | sendmail [email protected]

And

mail -a FROM:[email protected] [email protected]

(where domain.com is my Postfix mail server, and [email protected] is my existing email address with an external provider)

The above results in me receiving the email in my spam folder at [email protected] from [email protected], email all appears normal to me.

The issue

I've noticed two problems which may be related.

Can't log into Thunderbird

Firstly, I can't log into Thunderbird. I get the following error:

(Transcription: Unable to log in at server. Probably wrong configuration, username or password.)

To log in, I am entering my email address at [email protected], where user is my UNIX user (which is part of the mail group), and domain.com is my domain. I entered my password as my user account's password.

Thunderbird seems to recognise my mail server as it auto configured to the following:

INCOMING: IMAP, hostname mail.domain.com, port 993, SSL/TLS, normal password, username user (i.e. without the @domain.com)

OUTGOING: hostname mail.domain.com, port 465, SSL/TLS, normal password, username user

I have also tried the same configuration with STARTTLS and ports 143 and 587, to the same error.

Can't receive mail

I've also tried to send myself emails from my other email addresses. I've tried two of my external email addresses so far. My email clients say they've sent the emails and they appear in my Sent folder, however my Protonmail has sent me some emails today from their mailer daemon complaining that Your email could not be delivered for more than 12 hour(s).:

<[email protected]>: host domain.com[MY IP] said: 454 4.7.1
    <[email protected]>: Relay access denied (in reply to RCPT TO command)

I've checked /var/log/messages (which is the Alpine Linux syslog) and found the following, which I don't know how to interpret:

Nov  2 17:57:03 domain mail.info postfix/smtpd[28188]: connect from mail-41103.protonmail.ch[185.70.41.103]
Nov  2 17:57:03 domain mail.info postfix/smtpd[28188]: Anonymous TLS connection established from mail-41103.protonmail.ch[185.70.41.103]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1)
Nov  2 17:57:04 domain mail.info postfix/smtpd[28188]: NOQUEUE: reject: RCPT from mail-41103.protonmail.ch[185.70.41.103]: 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-41103.protonmail.ch>
Nov  2 17:57:04 domain mail.info postfix/smtpd[28188]: disconnect from mail-41103.protonmail.ch[185.70.41.103] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8

I have dovecot configured to use the maildir format (or at least I think I do; I followed the tutorial to set it up to use maildir) but I don't see anything in my ~/Maildir directory.

Running GNU mail results in the output:

Cannot open mailbox /var/mail/user: No such file or directory
No mail for user

My configuration

Output of postconf -n:

command_directory = /usr/sbin
compatibility_level = 3.9
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
home_mailbox = Maildir/
html_directory = no
inet_protocols = ipv4
mail_owner = postfix
mailbox_size_limit = 0
mailbox_transport = lmtp:unix:private/dovecot-lmtp
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
meta_directory = /etc/postfix
mydomain = domain.com
myhostname = mail.domain.com
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix/readme
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
shlib_directory = /usr/lib/postfix
smtp_header_checks = regexp:/etc/postfix/smtp_header_checks
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.domain.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.domain.com/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtputf8_enable = no
unknown_local_recipient_reject_code = 550

Output of doveconf -n:

# 2.3.21.1 (d492236fa0): /etc/dovecot/dovecot.conf
# OS: Linux 6.6.58-0-lts x86_64  
# Hostname: domain.com
auth_debug = yes
auth_mechanisms = plain login
auth_username_format = %n
auth_verbose = yes
log_path = /var/log/dovecot.log
mail_debug = yes
mail_location = maildir:~/Maildir
mail_privileged_group = mail
mbox_write_locks = fcntl
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    auto = create
    special_use = \Drafts
  }
  mailbox Junk {
    auto = create
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    auto = create
    special_use = \Sent
  }
  mailbox Trash {
    auto = create
    special_use = \Trash
  }
  prefix = 
}
passdb {
  args = scheme=CRYPT username_format=%u /etc/dovecot/users
  driver = passwd-file
}
protocols = imap lmtp lmtp
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service lmtp {
  unix_listener lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
}
ssl = required
ssl_cert = </etc/letsencrypt/live/mail.domain.com/fullchain.pem
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
userdb {
  args = username_format=%u /etc/dovecot/users
  driver = passwd-file
}

Logs

This seems to be a dovecot log of an authentication attempt.

Nov 02 18:11:11 auth: Debug: client in: AUTH    3       PLAIN   service=imap    secured=tls     session=JeHL+PEltufBIH/a        lip=<my server IP>       rip=<my home IP>      lport=993       rport=59318     local_name=mail.domain.com       resp=<hidden>
Nov 02 18:11:11 auth: Debug: passwd-file(user,<my home IP>,<JeHL+PEltufBIH/a>): Performing passdb lookup
Nov 02 18:11:11 auth: Debug: passwd-file(user,<my home IP>,<JeHL+PEltufBIH/a>): lookup: user=user file=/etc/dovecot/users
Nov 02 18:11:11 auth: Info: passwd-file(user,<my home IP>,<JeHL+PEltufBIH/a>): unknown user
Nov 02 18:11:11 auth: Debug: passwd-file(user,<my home IP>,<JeHL+PEltufBIH/a>): Finished passdb lookup
Nov 02 18:11:11 auth: Debug: auth(user,<my home IP>,<JeHL+PEltufBIH/a>): Auth request finished
Nov 02 18:11:13 auth: Debug: client passdb out: FAIL    3       user=user       [email protected]
Nov 02 18:11:13 imap-login: Debug: Ignoring unknown passdb extra field: original_user
Nov 02 18:11:13 imap-login: Info: Disconnected: Connection closed (auth failed, 3 attempts in 22 secs): user=<user>, method=PLAIN, rip=<my home IP>, lip=<my server IP>, TLS, session=<JeHL+PEltufBIH/a>

Thanks for reading this fairly long post. Do ask if I need to provide any more configs, logs, etc. Appreciate any help, thanks in advance

16

You're viewing a single thread.

16 comments

  • For the IMAP login issue, I'm pretty sure this is the cause looking at the "unknown user" error:

    userdb {
  args = username_format=%u /etc/dovecot/users
  driver = passwd-file
}

    Have you set up the users in that file (/etc/dovecot/users) if you even want to do that instead of just using passwd? Also note %u is the full user string including domain. Not sure how that plays together with auth_username_format=%n which is just the user name.

    Personally I just have

    userdb {
  driver = passwd
}

    so I don't have anything further to go off of.

    • Hm, still no luck. I now have

      passdb {
  driver = passwd
}
userdb {
  driver = passwd
}

      to be as simple as I can. I'm now getting

      Nov 02 21:11:06 auth: Debug: Read auth token secret from /run/dovecot/auth-token-secret.dat
Nov 02 21:11:06 auth: Debug: auth client connected (pid=12662)
Nov 02 21:11:06 auth: Debug: client in: AUTH    1       PLAIN   service=imap    secured=tls     session=JNRsffQlRuXBIH/a        lip=<server IP>       rip=<home IP>      lport=993       rport=58694     local_name=mail.domain.com
Nov 02 21:11:06 auth: Debug: client passdb out: CONT    1       
Nov 02 21:11:06 auth: Debug: client in: CONT<hidden>
Nov 02 21:11:06 auth: Debug: passwd(user,<home IP>,<JNRsffQlRuXBIH/a>): Performing passdb lookup
Nov 02 21:11:06 auth-worker(12667): Debug: Loading modules from directory: /usr/lib/dovecot/auth
Nov 02 21:11:06 auth-worker(12667): Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so
Nov 02 21:11:06 auth-worker(12667): Debug: conn unix:auth-worker (pid=12664,uid=90): Server accepted connection (fd=13)
Nov 02 21:11:06 auth-worker(12667): Debug: conn unix:auth-worker (pid=12664,uid=90): Sending version handshake
Nov 02 21:11:06 auth-worker(12667): Debug: conn unix:auth-worker (pid=12664,uid=90): auth-worker<1>: Handling PASSV request
Nov 02 21:11:06 auth-worker(12667): Debug: conn unix:auth-worker (pid=12664,uid=90): auth-worker<1>: passwd(user,<home IP>,<JNRsffQlRuXBIH/a>): Performing passdb lookup
Nov 02 21:11:06 auth-worker(12667): Debug: conn unix:auth-worker (pid=12664,uid=90): auth-worker<1>: passwd(user,<home IP>,<JNRsffQlRuXBIH/a>): lookup
Nov 02 21:11:06 auth-worker(12667): Info: conn unix:auth-worker (pid=12664,uid=90): auth-worker<1>: passwd(user,<home IP>,<JNRsffQlRuXBIH/a>): Password mismatch
Nov 02 21:11:06 auth-worker(12667): Debug: conn unix:auth-worker (pid=12664,uid=90): auth-worker<1>: passwd(user,<home IP>,<JNRsffQlRuXBIH/a>): Finished passdb lookup
Nov 02 21:11:06 auth-worker(12667): Debug: conn unix:auth-worker (pid=12664,uid=90): auth-worker<1>: Finished: password_mismatch
Nov 02 21:11:06 auth: Debug: passwd(user,<home IP>,<JNRsffQlRuXBIH/a>): Finished passdb lookup
Nov 02 21:11:06 auth: Debug: auth(user,<home IP>,<JNRsffQlRuXBIH/a>): Auth request finished
Nov 02 21:11:08 auth: Debug: client passdb out: FAIL    1       user=user

      In my dovecot logs. It claims a password mismatch, but I am pretty sure the password is the password to my UNIX user, copy and pasted from my password manager. I can log into my user through VNC by pasting this password and authenticate doas with this password, so unless it somehow pastes differently into Thunderbird...

      I also tried authenticating with PAM instead but got

      Nov 02 21:03:23 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth
Nov 02 21:03:23 auth: Fatal: Support not compiled in for passdb driver 'pam'

      So I guess unfortunately the dovecot binary Alpine distributes doesn't support pam. I might try install a version compiled with pam support just to test it but I'd rather just use the dovecot from my package manager if I can get it to work.

      Have you set up the users in that file (/etc/dovecot/users) if you even want to do that instead of just using passwd?

      Yep I do want to use passwd/UNIX users, not a users file. Thanks for pointing that out—the tutorial didn't mention it so I assumed I didn't need to change that to get it working with UNIX users.

      What do you have your passdb set to if you don't mind me asking?

16 comments