Hello Folks,
I am a longtime Linux user and admin. Server drive got somewhat corrupt
so I re-installed to new drive. Using Mandrive 2009.0 from the live CD
with Postfix retrieved via urpmi. Using 2.2 and Dovecot. Tried Cyrus
also. I have used uw-pop3 and pop-before-smtp in the past. Most other
systems I deal with are on sendmail.
I am sure y'all are sick of this but I am getting the usual Relay Access
Denied when sending from remote pop3 clients. I have searched for days
and have tried all manner of fixes. I f I enable logins for sending I
also get errors that it cannot authenticate.
The dovecot.conf:
## Dovecot configuration file
# If you're in a hurry, see http://wiki.dovecot.org/QuickConfiguration
# "dovecot -n" command gives a clean output of the changed settings. Use it
# instead of copy&pasting this file when posting to the Dovecot mailing
list.
# --with-ssldir=/etc/ssl
# Base directory where to store runtime data.
#base_dir = /var/run/dovecot/
# Protocols we want to be serving: imap imaps pop3 pop3s
# If you only want to use dovecot-auth, you can set this to "none".
protocols = imap imaps pop3 pop3s
# A space separated list of IP or host addresses where to listen in for
# connections. "*" listens in all IPv4 interfaces. "[::]" listens in all
IPv6
# interfaces. Use "*, [::]" for listening both IPv4 and IPv6.
#
# If you want to specify ports for each service, you will need to configure
# these settings inside the protocol imap/pop3 { ... } section, so you can
# specify different ports for IMAP/POP3. For example:
# protocol imap {
# listen = *:10143
# ssl_listen = *:10943
# ..
# }
# protocol pop3 {
# listen = *:10100
# ..
# }
#listen = *
disable_plaintext_auth = no
pop3_uidl_format = %08Xu%08Xv
#shutdown_clients = yes
##
## Logging
##
# Log file to use for error messages, instead of sending them to syslog.
# /dev/stderr can be used to log into stderr.
#log_path =
# Log file to use for informational and debug messages.
# Default is the same as log_path.
#info_log_path =
# Prefix for each line written to log file. % codes are in strftime(3)
# format.
#log_timestamp = "%b %d %H:%M:%S "
#syslog_facility = mail
##
## SSL settings
##
# IP or host address where to listen in for SSL connections. Defaults
# to above if not specified.
#ssl_listen =
# Disable SSL/TLS support.
#ssl_disable = no
ssl_cert_file = /etc/pki/tls/certs/dovecot.pem
ssl_key_file = /etc/pki/tls/private/dovecot.pem
# If key file is password protected, give the password here. Alternatively
# give it when starting dovecot with -p parameter.
#ssl_key_password =
# File containing trusted SSL certificate authorities. Set this only if you
# intend to use ssl_verify_client_cert=yes. The CAfile should contain the
# CA-certificate(s) followed by the matching CRL(s).
#ssl_ca_file =
# Request client to send a certificate. If you also want to require it, set
# ssl_require_client_cert=yes in auth section.
#ssl_verify_client_cert = no
# Which field from certificate to use for username. commonName and
# x500UniqueIdentifier are the usual choices. You'll also need to set
# ssl_username_from_cert=yes.
#ssl_cert_username_field = commonName
# How often to regenerate the SSL parameters file. Generation is quite CPU
# intensive operation. The value is in hours, 0 disables regeneration
# entirely.
#ssl_parameters_regenerate = 168
# SSL ciphers to use
#ssl_cipher_list = ALL:!LOW:!SSLv2
# Show protocol level SSL errors.
#verbose_ssl = no
##
## Login processes
##
# <doc/wiki/LoginProcess.txt>
#login_dir = /var/run/dovecot/login
# chroot login process to the login_dir. Only reason not to do this is
if you
# wish to run the whole Dovecot without roots. <doc/wiki/Rootless.txt>
#login_chroot = yes
#login_user = dovecot
# Set max. process size in megabytes. If you don't use
# login_process_per_connection you might need to grow this.
#login_process_size = 64
#login_process_per_connection = yes
# Number of login processes to keep for listening new connections.
#login_processes_count = 3
#login_max_processes_count = 128
#login_max_connections = 256
# Greeting message for clients.
#login_greeting = Dovecot ready.
# Space-separated list of elements we want to log. The elements which have
# a non-empty variable value are joined together to form a comma-separated
# string.
#login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c
# Login log format. %$ contains login_log_format_elements string, %s
contains
# the data we want to log.
#login_log_format = %$: %s
##
## Mailbox locations and namespaces
##
#mail_location =
# If you need to set multiple mailbox locations or want to change default
#namespace private {
#separator =
# Prefix required to access this namespace. This needs to be
different for
# all namespaces. For example "Public/".
#prefix =
# Physical location of the mailbox. This is in same format as
# mail_location, which is also the default for it.
#location =
# There can be only one INBOX, and this setting defines which namespace
# has it.
#inbox = no
#hidden = yes
# Show the mailboxes under this namespace with LIST command. This
makes the
# namespace visible for clients that don't support NAMESPACE extension.
#list = yes
# Namespace handles its own subscriptions. If set to "no", the parent
# namespace handles them (empty prefix should always have this as "yes")
#subscriptions = yes
#}
#mail_uid =
#mail_gid =
#mail_privileged_group =
#mail_access_groups =
#mail_full_filesystem_access = no
##
## Mail processes
##
#mail_debug = no
#mail_log_prefix = "%Us(%u): "
#mail_log_max_lines_per_sec = 10
#mmap_disable = no
#dotlock_use_excl = yes
#fsync_disable = no
#mail_nfs_storage = no
# mmap_disable=yes and fsync_disable=no.
#mail_nfs_index = no
#lock_method = fcntl
#mail_drop_priv_before_exec = no
#verbose_proctitle = no
#first_valid_uid = 500
#last_valid_uid = 0
#first_valid_gid = 1
#last_valid_gid = 0
#max_mail_processes = 512
#mail_process_size = 256
# Maximum allowed length for mail keyword name. It's only forced when trying
# to create new keywords.
#mail_max_keyword_length = 50
#valid_chroot_dirs =
#mail_chroot =
#mail_cache_min_mail_count = 0
#mailbox_idle_check_interval = 30
#mail_save_crlf = no
##
## Maildir-specific settings
##
#maildir_stat_dirs = no
#maildir_copy_with_hardlinks = yes
#maildir_copy_preserve_filename = no
##
## mbox-specific settings
##
#mbox_read_locks = fcntl
mbox_write_locks = fcntl
# Maximum time in seconds to wait for lock (all of them) before aborting.
#mbox_lock_timeout = 300
# If dotlock exists but the mailbox isn't modified in any way, override the
# lock file after this many seconds.
#mbox_dotlock_change_timeout = 120
#mbox_dirty_syncs = yes
# Like mbox_dirty_syncs, but don't do full syncs even with SELECT, EXAMINE,
# EXPUNGE or CHECK commands. If this is set, mbox_dirty_syncs is ignored.
#mbox_very_dirty_syncs = no
#mbox_lazy_writes = yes
# If mbox size is smaller than this (in kilobytes), don't write index files.
# If an index file already exists it's still read, just not updated.
#mbox_min_index_size = 0
##
## dbox-specific settings
##
# Maximum dbox file size in kilobytes until it's rotated.
#dbox_rotate_size = 2048
# Minimum dbox file size in kilobytes before it's rotated
# (overrides dbox_rotate_days)
#dbox_rotate_min_size = 16
# Maximum dbox file age in days until it's rotated. Day always begins from
# midnight, so 1 = today, 2 = yesterday, etc. 0 = check disabled.
#dbox_rotate_days = 0
##
## IMAP specific settings
##
protocol imap {
#mail_executable = /usr/libexec/dovecot/imap
#imap_max_line_length = 65536
#mail_max_userip_connections = 10
# Support for dynamically loadable plugins. mail_plugins is a space
separated
# list of plugins to load.
#mail_plugins =
#mail_plugin_dir = /usr/lib/dovecot/imap
#login_greeting_capability = no
# IMAP logout format string:
# %i - total number of bytes read from client
# %o - total number of bytes sent to client
#imap_logout_format = bytes=%i/%o
# Override the IMAP CAPABILITY response.
#imap_capability =
}
##
## POP3 specific settings
##
protocol pop3 {
# Login executable location.
#login_executable = /usr/libexec/dovecot/pop3-login
# POP3 executable location. See IMAP's mail_executable above for examples
# how this could be changed.
#mail_executable = /usr/libexec/dovecot/pop3
# Don't try to set mails non-recent or seen with POP3 sessions. This is
# mostly intended to reduce disk I/O. With maildir it doesn't move files
# from new/ to cur/, with mbox it doesn't write Status-header.
#pop3_no_flag_updates = no
# Support LAST command which exists in old POP3 specs, but has been
removed
# from new ones. Some clients still wish to use this though. Enabling
this
# makes RSET command clear all \Seen flags from messages.
#pop3_enable_last = no
# If mail has X-UIDL header, use it as the mail's UIDL.
#pop3_reuse_xuidl = no
# Keep the mailbox locked for the entire POP3 session.
#pop3_lock_session = no
# Note that Outlook 2003 seems to have problems with %v.%u format
which was
# Dovecot's default, so if you're building a new server it would be a
good
# idea to change this. %08Xu%08Xv should be pretty fail-safe.
#
#pop3_uidl_format = %08Xu%08Xv
#pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
# Maximum number of POP3 connections allowed for a user from each IP
address.
# NOTE: The username is compared case-sensitively.
#mail_max_userip_connections = 3
# Support for dynamically loadable plugins. mail_plugins is a space
separated
# list of plugins to load.
#mail_plugins =
#mail_plugin_dir = /usr/lib/dovecot/pop3
# Workarounds for various client bugs:
# outlook-no-nuls:
# Outlook and Outlook Express hang if mails contain NUL characters.
# This setting replaces them with 0x80 character.
# oe-ns-eoh:
# Outlook Express and Netscape Mail breaks if end of headers-line is
# missing. This option simply sends it if it's missing.
# The list is space-separated.
#pop3_client_workarounds =
}
##
## LDA specific settings
##
protocol lda {
# Address to use when sending rejection mails.
postmaster_address = postmas...@example.com
#hostname =
# Support for dynamically loadable plugins. mail_plugins is a space
separated
# list of plugins to load.
#mail_plugins =
#mail_plugin_dir = /usr/lib/dovecot/lda
# If user is over quota, return with temporary failure instead of
# bouncing the mail.
#quota_full_tempfail = no
# Format to use for logging mail deliveries. You can use variables:
# %$ - Delivery status message (e.g. "saved to INBOX")
# %m - Message-ID
# %s - Subject
# %f - From address
#deliver_log_format = msgid=%m: %$
# Binary to use for sending mails.
#sendmail_path = /usr/lib/sendmail
# Human readable error message for rejection mails. Use can use
variables:
# %n = CRLF, %r = reason, %s = subject, %t = recipient
#rejection_reason = Your message to <%t> was automatically rejected:%n%r
# UNIX socket path to master authentication server to find users.
#auth_socket_path = /var/run/dovecot/auth-master
}
##
## Authentication processes
##
# Executable location
#auth_executable = /usr/libexec/dovecot/dovecot-auth
# Set max. process size in megabytes.
#auth_process_size = 256
#auth_cache_size = 0
#auth_cache_ttl = 3600
# TTL for negative hits (user not found). 0 disables caching them
completely.
#auth_cache_negative_ttl = 3600
#auth_realms =
# Default realm/domain to use if none was specified. This is used for both
# SASL realms and appending @domain to username in plaintext logins.
#auth_default_realm =
#auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
#auth_username_translation =
#auth_username_format =
#auth_master_user_separator =
# Username to use for users logging in with ANONYMOUS SASL mechanism
#auth_anonymous_username = anonymous
#auth_verbose = no
#auth_debug = no
#auth_debug_passwords = no
#auth_worker_max_count = 30
# Number of auth requests to handle before destroying the process. This may
# be useful if PAM plugins leak memory.
#auth_worker_max_request_count = 0
# Host name to use in GSSAPI principal names. The default is to use the
# name returned by gethostname().
#auth_gssapi_hostname =
#auth_krb5_keytab =
#auth_ntlm_use_winbind = no
# Path for Samba's ntlm_auth helper binary.
#auth_winbind_helper_path = /usr/bin/ntlm_auth
# Number of seconds to delay before replying to failed authentications.
#auth_failure_delay = 2
auth default {
mechanisms = plain login
# PAM authentication. Preferred nowadays by most systems.
# Note that PAM can only be used to verify if user's password is correct,
# so it can't be used as userdb. If you don't want to use a separate user
# database (passwd usually), you can use static userdb.
# REMEMBER: You'll need /etc/pam.d/dovecot file created for PAM
# authentication to actually work. <doc/wiki/PasswordDatabase.PAM.txt>
passdb pam {
# [session=yes] [setcred=yes] [failure_show_msg=yes]
# [cache_key=<key>] [<service name>]
#
# session=yes makes Dovecot open and immediately close PAM session.
Some
# PAM plugins need this to work, such as pam_mkhomedir.
#
# setcred=yes makes Dovecot establish PAM credentials if some PAM
plugins
# need that. They aren't ever deleted though, so this isn't enabled by
# default.
#
# cache_key can be used to enable authentication caching for PAM
# (auth_cache_size also needs to be set). It isn't enabled by default
# because PAM modules can do all kinds of checks besides checking
password,
# such as checking IP address. Dovecot can't know about these checks
# without some help. cache_key is simply a list of variables (see
# doc/wiki/Variables.txt) which must match for the cached data to
be used.
# Here are some examples:
# %u - Username must match. Probably sufficient for most uses.
# %u%r - Username and remote IP address must match.
# %u%s - Username and service (ie. IMAP, POP3) must match.
#
# The service name can contain variables, for example %Ls expands to
# pop3 or imap.
#
# Some examples:
# args = session=yes %Ls
# args = cache_key=%u dovecot
#args = dovecot
}
# System users (NSS, /etc/passwd, or similiar). In many systems
nowadays this
# uses Name Service Switch, which is configured in /etc/nsswitch.conf.
# <doc/wiki/AuthDatabase.Passwd.txt>
userdb passwd {
# [blocking=yes] - By default the lookups are done in the main
dovecot-auth
# process. This setting causes the lookups to be done in auth worker
# proceses. Useful with remote NSS lookups that may block.
# NOTE: Be sure to use this setting with nss_ldap or users might get
# logged in as each others!
#args =
}
# passwd-like file with specified location
# <doc/wiki/AuthDatabase.PasswdFile.txt>
#userdb passwd-file {
# [username_format=<format>] <Path for passwd-file>
#args =
#}
# static settings generated from template
<doc/wiki/UserDatabase.Static.txt>
#userdb static {
# Template for the fields. Can return anything a userdb could normally
# return. For example:
#
# args = uid=500 gid=500 home=/var/mail/%u
#args =
#}
# SQL database <doc/wiki/AuthDatabase.SQL.txt>
#userdb sql {
# Path for SQL configuration file, see doc/dovecot-sql-example.conf
#args =
#}
#args =
#}
# vpopmail <doc/wiki/AuthDatabase.VPopMail.txt>
#userdb vpopmail {
#}
#userdb prefetch {
#}
user = root
#chroot =
# Number of authentication processes to create
#count = 1
.
#ssl_require_client_cert = no
#ssl_username_from_cert = no
# It's possible to export the authentication interface to other programs:
socket listen {
#master {
#}
client {
#path = /var/run/dovecot/auth-client
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
#auth external {
# socket connect {
# master {
# path = /var/run/dovecot/auth-master
# }
# }
#}
dict {
#quota = mysql:/etc/dovecot-dict-quota.conf
}
# Path to Berkeley DB's configuration file. See doc/dovecot-db-example.conf
#dict_db_config =
plugin {
.
# dict: Keep quota stored in dictionary (eg. SQL)
# maildir: Maildir++ quota
# fs: Read-only support for filesystem quota
#
#quota = maildir
#acl = vfile:/etc/dovecot-acls:cache_secs=300
#convert_alt_hierarchy_char = _
#trash = /etc/dovecot-trash.conf
# dovecot --exec-mail ext /usr/libexec/dovecot/expire-tool
#expire = Trash 7 Spam 30
#expire_dict = db:/var/lib/dovecot/expire.db
#lazy_expunge = .EXPUNGED/ .DELETED/ .DELETED/.EXPUNGED/
#mail_log_events = delete undelete expunge copy mailbox_delete
mailbox_rename
#mail_log_group_events =
#mail_log_fields = uid box msgid size
}
The main.cf:
# These are changed by postfix install script
readme_directory = /usr/share/doc/postfix/README_FILES
html_directory = /usr/share/doc/postfix/html
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
command_directory = /usr/sbin
manpage_directory = /usr/share/man
daemon_directory = /usr/lib/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
queue_directory = /var/spool/postfix
mail_owner = postfix
# User configurable parameters
mydomain = robob.com
mydestination = $myhostname, localhost.$mydomain, $mydomain,
bradleyconsult.com, eoberjr.com
#inet_interfaces = localhost
#mynetworks_style = host
#delay_warning_time = 4h
smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) (Mandriva Linux)
unknown_local_recipient_reject_code = 450
smtp-filter_destination_concurrency_limit = 2
lmtp-filter_destination_concurrency_limit = 2
data_directory = /var/lib/postfix
I have a client/user who has not been able to retrieve mail since
saturday so I would appreciate help with this.
Thanks,
Robert A. Ober
