This is way harder than I thought! ViMbAdmin V3.0.15 does not quite work for me

[Michael Rupp]

I'm not sure if anybody could help me, but I'm at the desperate giving up stage.
My goal was to privately & securely serve mail for the two domains I have {wnymathguy, outsourcedmath} an possibly future ones my kids might make. I've been poking around the instructions for managing Virtual Mailboxes, etc., but I'm too ignorant to notice my own ignorance. I started down another path for an older program equivalent to ViMbAdmin (PostfixAdmin), but that was too old to work with my MySQL 5.7.19 and PHP7.0.22 so I rolled back that and tried this one.

As of now I'm running Ubuntu 16.04 server on a pretty decent HP Proliant box. I'm connected through Verizon FiOS so I know that can be some trouble because a reverse DNS isn't the URL I say I am.

I followed all the instructions I found on these pages:

1. https://github.com/opensolutions/ViMbAdmin/wiki/Installation
2. https://github.com/opensolutions/ViMbAdmin/wiki/Configuration
3. https://github.com/opensolutions/ViMbAdmin/wiki/Full-setup-installation-%28ViMbAdmin-postfix-dovecot%29
4. https://github.com/opensolutions/ViMbAdmin/wiki/Mail-System-Install-on-Ubuntu
5. https://gist.github.com/barryo/8918488

Because I don't know what I'm doing, I created a 3rd domain to be like a site manager for the other virtual "services"; ruppssites.com. I thought that I needed one solid one in the Postfix files to allow the virtual ones mentioned above.

I have the ViMbAdmin running, and my Apache serves the site via https://email.ruppssites.com/ but it's with a cheap-skate self signed cert. (as I wrote that I thought I should get a LetsEncrypt one for it)

I used the ViMbAdmin interface to create a domain for my wnymathguy.com, and it is visible when I look at the vimbadmin database in table domain using phpMyAdmin. If I look at the domains list with the interface it's empty. Also, it didn't create a folder in the /srv/vmail/ directory as I expected it to.

I created a user with the ViMbAdmin interface and just like the domain, I can see the user in the vimbadmin database in table mailbox using phpMyAdmin. Similarly, it didn't create a folder in the /srv/vmail/ directory as I expected it to.

Shouldn't I see a folder "/srv/vmail/wnymathguy.com/someguy/"?

I tried sending a test mail into that account from an outside Gmail account and don't see it in the system's Read User Mail anywhere, even in the vmail account. I didn't get a bounce back error from Gmail yet though and it's been over an hour now.

I tried logging in with Thunderbird on a Ubuntu 17.04 Desktop a variety of ways with baleful results. I thought I made all the possible ways available; POP3, IMAP, SIEVE <-whatever that is.

Not sure what type of info anybody needs to diagnose this mess, so I'll upload info as it's requested.

[Bernd Kalbfuss-Zimmermann]

Hi Michael,

I have done something similar on a Raspberry Pi running Debian (Raspbian to be precise). I use it for secure mail and other things. This tutorial [1] got me started. Certificates are generated with Let's encrypt. Hope that helps.

Cheers,

Bernd

--

[1] https://easyengine.io/tutorials/mail/server/postfix-dovecot-ubuntu/

--
--
--
 
ViMbAdmin :: Virtual Mailbox Administration :: https://github.com/opensolutions/ViMbAdmin
 
You received this message because you are subscribed to the Google
Groups "vimbadmin-discuss" group.
To post to this group, send email to vimbadmi...@googlegroups.com
To unsubscribe from this group, send email to
vimbadmin-disc...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/vimbadmin-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "vimbadmin-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vimbadmin-disc...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Michael Rupp]

I looked carefully at the differences between my first install guide and the one you suggested.
e.g. uid=5000 gid=5000 home=/var/vmail/%d/%u
 vs. uid=2000 gid=2000 home=/srv/vmail/%d/%n
I kept my old settings in cases like that because I know what UID and GID I used when making the vmail account. I saw some things that looked like they would correct problems and changed them, however, after the changes I had new problems and things were working worse than before. I've been spending a lot of time copying error messages found in my log files and Googling for solutions. I did have to remove the ViMbAdmin install and drop all the tables in order to retry things. I'm still not at a working state and all the original problems I wrote about with ViMbAdmin are there. It writes to the database, it doesn't read from where it wrote to populate the lists for domains and users. Their's no folders appearing for domains or users created in the /srv/vmail directory. The admin list of ViMbAdmin shows of me in it, so that works.

Also I seem to recall a prerequisite in one of the install guides of a working Postfix mail system prior to installing ViMbAdmin. I did try to do that fully first before removing and reinstalling ViMbAdmin. I tried to redo my server as if I had done things right to begin with. HOLY SHIT that was a headache! I had so much go wrong trying to change my servers name and FQDN that I wish I would have just formatted the server and redone everything from scratch. All my SSL stuff went wonky, my Apache server wouldn't load for days of Google the error's, try something and try starting it again.

As of right now I have the domain of the server ruppssites.com, which is intended as a managerial domain for other domains. The default Apache host is that managerial domain RuppsSites and it's SSL is from LetsEncrypt. After a lot of tinkering, and some security relaxing I got my first message into postfix, but it's not a great victory. I sent the messages to 3 recipients and only one arrived; sup...@ruppssites.com and mi...@wnymathguy.com were made with ViMbAdmin but didn't receive a message and it's bounce responce (I think) is user does not exist on the system, but the rootuser@RuppsSites.com who doesnt have an entry in ViMbAdmin receieved the message. Nobody said to change the Postfix user or group to vmail so I left that setting alone, and nobody said to change the Postfix setting for user mailboxes from /var/mail so I left that, but I feel like both of those settings are wrong.

I was testing outbound mail with a shell command 'echo "Hello in the body of the email" | mail -s "This is my 6th test" myn...@yahoo.com'
I kept getting errors about no SASL mechanisms until I relaxed the security, but if it's not sending on secure channels, it won't get past my ISP.

Sep 26 13:49:30 RuppsSites postfix/smtpd[415]: warning: SASL: Connect to private/auth failed: Permission denied
Sep 26 13:49:30 RuppsSites postfix/smtpd[415]: fatal: no SASL authentication mechanisms

Also I see this a lot lately and don't know what to do:

Sep 26 14:33:37 RuppsSites postfix/postfix-script[6919]: warning: group or other writable: /usr/lib/postfix/./libpostfix-util.so.1
Sep 26 14:33:37 RuppsSites postfix/postfix-script[6920]: warning: group or other writable: /usr/lib/postfix/./libpostfix-global.so.1
Sep 26 14:33:37 RuppsSites postfix/postfix-script[6921]: warning: group or other writable: /usr/lib/postfix/./sbin/lmtp
Sep 26 14:33:37 RuppsSites postfix/postfix-script[6922]: warning: group or other writable: /usr/lib/postfix/./libpostfix-master.so.1
Sep 26 14:33:37 RuppsSites postfix/postfix-script[6923]: warning: group or other writable: /usr/lib/postfix/./libpostfix-tls.so.1
Sep 26 14:33:37 RuppsSites postfix/postfix-script[6924]: warning: group or other writable: /usr/lib/postfix/./libpostfix-dns.so.1
Sep 26 14:33:37 RuppsSites postfix/postfix-script[6925]: warning: group or other writable: /usr/lib/postfix/sbin/./lmtp

[Michael Rupp]

Okay... While experimenting tonight, I realized that I didn't understand the culture of ViMbAdmin when it came to the listings of the Domains, and Mailboxes. If I typed something valid in the search textbox and used the enter key, then it listed the intended mailbox or domain for editing and/or deletion "Purging". BTW the logs got cascade deleted with the mailbox and domain instead of having additional log message entries for the deletion. Not sure why that is how it's done, but I would have left the old logs and added new entries for a Purge action.

I also discovered while looking at Postfix in Webmin that I had "mysql:/etc/postfix/mysql/virtual_alias_maps.cf" in my virtual_mailbox_domains variable. I think that's a Webmin read/display error.

Here's some new error messages I'm gazing at:


Sep 27 02:48:51 RuppsSites postfix/postscreen[17572]: CONNECT from [52.236.89.232]:56829 to [192.168.1.228]:25
Sep 27 02:48:51 RuppsSites postfix/postscreen[17572]: PASS OLD [52.236.89.232]:56829
Sep 27 02:48:51 RuppsSites postfix/smtpd[17573]: connect from unknown[52.236.89.232]
Sep 27 02:48:51 RuppsSites postfix/smtpd[17573]: warning: SASL: Connect to private/auth failed: Permission denied
Sep 27 02:48:51 RuppsSites postfix/smtpd[17573]: fatal: no SASL authentication mechanisms
Sep 27 02:48:52 RuppsSites postfix/master[17219]: warning: process /usr/lib/postfix/sbin/smtpd pid 17573 exit status 1
Sep 27 02:48:52 RuppsSites postfix/master[17219]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
Sep 27 02:50:32 RuppsSites postfix/anvil[17576]: statistics: max connection rate 1/60s for (smtpd:52.236.89.232) at Sep 27 02:48:51
Sep 27 02:50:32 RuppsSites postfix/anvil[17576]: statistics: max connection count 1 for (smtpd:52.236.89.232) at Sep 27 02:48:51
Sep 27 02:50:32 RuppsSites postfix/anvil[17576]: statistics: max cache size 1 at Sep 27 02:48:51

Those came after trying to send a single message to 2 internal recipients and 1 external one. Before sending I manually made the directories and files that should be there for the mail to land.




[Michael Rupp]

I'm not positive what I'm doing right yet, but the SMTP encryption keys may have been done not totally correct, and following along these lines:
http://www.postfix.org/TLS_LEGACY_README.html got me through it which may have been my SASL problems. Also related...
I saw a post that stated the Debian Postfix had installer errors and all the "warning: group or other writeable:" errors were because Postfix doesn't tolerate symboliclinks, so copying the files that are linked to, and renaming them as the link was named and replacing the links with the renamed files eliminated all the errors of that type.

The thing that's bothering me the most is, why the hell am I trying so hard to get ViMbAdmin to be the manager of my Postfix and Dovecot? I already have the Webmin interface to manage Postfix with point and click. Anybody want to sell me on why I should think ViMbAdmin is worth all this confusion?

[postc...@gmail.com]

Hey just came across you post while searching something else for VimbAdmin. I have the full install instructions for the updated Centos 7 and Ubuntu 16.04 running on Nginx/MariaDB/php7.1 with Solr for full text search and Amavisd with Spamassassin plus ClamAV, along strong ssl ciphers and Letsencrypt for encryption, it also pulls block lists for spam from the top 5 spam block lists. I'm a systems engineer and its an enterprise server stack that I use for HIPAA and DOD complicate business. If you are still working on this project let me know and I will either post my configs here or more than likely post a install script with configs on GitLabs so you can just input variables and just run script. 

Also VimbAdmin is on GitHub so I would post a new issue under their wiki stating that the install instructions need to be updated (most links are 404s for install instructions for dovecot and postfix) and that they need to be more detailed instructions on the integration of both dovecot and postfix in VimbAdmin. You will get a better response that way, or at least better help and someone will share their configs with you, or search under issue on GitHub for install.

[Barry O'Donovan]

postc...@gmail.com wrote:
> Also VimbAdmin is on GitHub so I would post a new issue under their wiki
> stating that the install instructions need to be updated (most links are
> 404s for install instructions for dovecot and postfix) and that they
> need to be more detailed instructions on the integration of both dovecot
> and postfix in VimbAdmin.

ViMbAdmin is also open source and volunteer led. No one's dinner is
being earned from ViMbAdmin - at least not mine!

Rather than opening an issue, please contribute by fixing links,
updating the documentation, etc.

Thanks!

- Barry

[Michael Rupp]

That sounds pretty good to me. I got desperate today and asked a CSE teacher (ironically via email) from UB that I had 17 years ago for help. Doubt he will answer, but I could trust him with my life. Just to be clear, I'm trying to do a few things at the same time, and I have no idea what parts of my plan conflict with others. Every time I think I know something, I discover it didn't solve any problems. It might be my age getting the better of my faculties.

I have 3 FQDN's, one is the actual hardware servers name, and I'm trying to make that a Virtual Alias Server. The other two I'm trying to make Virtual Mailbox Servers, but because one was set-up half a year ago with Google Apps for Business to take the email, I'm only doing Virtual Mailbox Server for the one that has never had email set-up (until it works right then I'll do both). 

I use Let's Encrypt for my https keys. I have the self-signed cert key's thing working too; that is the Webmin way on Ubuntu 16.04. I don't understand enough about how keys work and think I'm doing things right, but encryption is complicated and changing fast enough to make 75%+ the helpful internet posts be obsolete. I also think I know what I'm doing with my Custom Resource Records for smtp, spf, dmarc & dkim, but really, that could be fucked up too. Like my Alias server has a smtp.ALIASDOMAIN.com MX pointer to the same IP as the smtp.VIRTUALDOMAIN.com's MX pointer, so I have different self-signed keys for the two different canonical smtp names, and that feels wrong but I don't know what to do. I've tried so many things in Postfix and Dovecot to have a great key in the right places, but apart from the Diffie-Helman parameters, I don't trust anything I do. My attempts are all crap. One time I did something I saw in the Postfix literature where you cat a stack of certs into one file starting from the smtp public key to the self-signed cert to the domain's public cert, but even if that's the right thing to do, I may have done it wrong.

I love the ViMbAdmin software and can see tweaking it to become more powerful for my situation. Like in the domain table for instance, have the transport field be one of {virtual, alias, transport} then in Postfix you can have: 

• virtual_alias_domains = mysql:/etc/postfix/mysql/virtual_aliasdomain_maps.cf
• query = SELECT domain FROM domain WHERE domain = '%d' AND transport = 'alias' AND backupmx = '0' AND active = '1'
  
• virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual_domains_maps.cf
  
• query = SELECT domain FROM domain WHERE domain = '%d' AND transport = 'virtual' AND backupmx = '0' AND active = '1'
  
• transport_maps = proxy:mysql:/etc/postfix/mysql/virtual_transport_maps.cf
• query = SELECT domain FROM domain WHERE domain = '%d' AND transport = 'transport' AND backupmx = '0' AND active = '1'

In the splitting of Alias Domain from Virtual Mailbox, maybe this would help the permissions of writing to system users accounts instead of virtual users:

• virtual_uid_maps = mysql:/etc/postfix/mysql/virtual_uid_maps.cf
  
• query = SELECT uid FROM mailbox WHERE username = '%s' AND active = '1'
  
• virtual_gid_maps = mysql:/etc/postfix/mysql/virtual_gid_maps.cf
  
• query = SELECT gid FROM mailbox WHERE username = '%s' AND active = '1'
  
• smtpd_sender_login_maps = mysql:/etc/postfix/mysql/controlled_envelope_senders.cf
  
• query = SELECT goto FROM alias WHERE address = '%s' AND active = '1'
  

Right now I have Postfix all set to hash: tables and the mysql: tables are just commented out as well as any settings for smtp & smtpd or links to Dovecot. Mailing inside the server one account to another doesn't even work though. Trying things three ways I get "dsn=5.1.1, status=bounced (User unknown in virtual alias table)" in the mail.log file. Two of the three ways is the virtual hash has the form [user@ALIASDOMAIN.com user] and the test email was done with and without the @ALIASDOMAIN.com in the to field. The third way was to have the virtual hash of the form [user@ALIASDOMAIN.com user@ALIASDOMAIN.com] and the test email was done with the @ALIASDOMAIN.com in the to field. When executing 

    postmap -q sup...@ruppssites.com hash:/etc/postfix/virtual

I get the expected result every time. How's it gonna say "User unknown in virtual alias table"? It gives that error message for the bounce message too, so the sender doesn't get notified. The sent email folder has things stacking up properly for the sender though, whoopie!

What's the emoticon for pulling one's own hair out? I feel like I'm trying to dig my way out of a hole I dug myself into.

Maybe I wrote too much for a first hello, so now I'll wait to answer questions. 

[Michael Rupp]

I feel like a big newbie here, but how does a person have authority to fix links and update the documentation? Don't you have to grant them trusted user access somewhere first?

[Barry O'Donovan]

Michael Rupp wrote:
> I feel like a big newbie here, but how does a person have authority to
> fix links and update the documentation? Don't you have to grant them
> trusted user access somewhere first?

nah, if you have a GitHub account you should be able to contribute to
the wiki. Let me know if not.

- Barry

[Michael Rupp]

Thanks, I do have the git ID, didn't realize how open open-projects were. I'm kind-of still coming out of a corporate world Platonic cave. Only heard of Git 6 months ago.

[Michael Rupp]

Just got a little closer to having things work. This little nugget...

    virtual_alias_domains = example.com ...other hosted domains...

...from the Postfix Virtual Alias Server instructions was a real fly in the ointment. I put my main machine's FQDN in that variable, but I think it's supposed to be for any FQDN  other than the name of the machine it's running on. When I moved it from that variable to the "mydestination = " variable errors I was getting yesterday went away. 

Right now I'm receiving inbound mail in the Maildir/ format for my main FQDN and my Virtual Mailbox Server. 

That idea of a Virtual Alias Server is when the machine is FQDN1 but you want to receive inbound email for FQDN2 AND the mailboxes for the FQDN2 are not virtual but instead their accounts for users on the system with normal Unix/Linux priveledges.

I had also erroneously put mailbox path statement entries in the hash:/etc/postfix/vmailbox (mysql:/etc/postfix/mysql/virtual_mailbox_maps.cf) for my Alias Domain user accounts but shouldn't have had them in there. Clearing that and changing the "mydestination = " variable allowed internal mail to work right. 

Next thing I have left to do is get outbound mail to work right. I think that problem is Verizon FiOS blocking port 25 traffic.

On Wednesday, October 18, 2017 at 6:49:29 PM UTC-4, Michael Rupp wrote:

That sounds pretty good to me. I got desperate today and asked a CSE teacher (ironically via email) from UB that I had 17 years ago for help. Doubt he will answer, but I could trust him with my life. Just to be clear, I'm trying to do a few things at the same time, and I have no idea what parts of my plan conflict with others. Every time I think I know something, I discover it didn't solve any problems. It might be my age getting the better of my faculties.

I have 3 FQDN's, one is the actual hardware servers name, and I'm trying to make that a Virtual Alias Server. The other two I'm trying to make Virtual Mailbox Servers, but because one was set-up half a year ago with Google Apps for Business to take the email, I'm only doing Virtual Mailbox Server for the one that has never had email set-up (until it works right then I'll do both). 

I use Let's Encrypt for my https keys. I have the self-signed cert key's thing working too; that is the Webmin way on Ubuntu 16.04. I don't understand enough about how keys work and think I'm doing things right, but encryption is complicated and changing fast enough to make 75%+ the helpful internet posts be obsolete. I also think I know what I'm doing with my Custom Resource Records for smtp, spf, dmarc & dkim, but really, that could be fucked up too. Like my Alias server has a smtp.ALIASDOMAIN.com MX pointer to the same IP as the smtp.VIRTUALDOMAIN.com's MX pointer, so I have different self-signed keys for the two different canonical smtp names, and that feels wrong but I don't know what to do. I've tried so many things in Postfix and Dovecot to have a great key in the right places, but apart from the Diffie-Helman parameters, I don't trust anything I do. My attempts are all crap. One time I did something I saw in the Postfix literature where you cat a stack of certs into one file starting from the smtp public key to the self-signed cert to the domain's public cert, but even if that's the right thing to do, I may have done it wrong.

I love the ViMbAdmin software and can see tweaking it to become more powerful for my situation. Like in the domain table for instance, have the transport field be one of {virtual, alias, transport} then in Postfix you can have: 

• virtual_alias_domains = mysql:/etc/postfix/mysql/virtual_aliasdomain_maps.cf
• query = SELECT domain FROM domain WHERE domain = '%d' AND transport = 'alias' AND backupmx = '0' AND active = '1'
  
• virtual_mailbox_domains = mysql:/etc/postfix/mysql/virtual_domains_maps.cf
  
• query = SELECT domain FROM domain WHERE domain = '%d' AND transport = 'virtual' AND backupmx = '0' AND active = '1'
  
• transport_maps = proxy:mysql:/etc/postfix/mysql/virtual_transport_maps.cf
• query = SELECT domain FROM domain WHERE domain = '%d' AND transport = 'transport' AND backupmx = '0' AND active = '1'

In the splitting of Alias Domain from Virtual Mailbox, maybe this would help the permissions of writing to system users accounts instead of virtual users:

• virtual_uid_maps = mysql:/etc/postfix/mysql/virtual_uid_maps.cf
  
• query = SELECT uid FROM mailbox WHERE username = '%s' AND active = '1'
  
• virtual_gid_maps = mysql:/etc/postfix/mysql/virtual_gid_maps.cf
  
• query = SELECT gid FROM mailbox WHERE username = '%s' AND active = '1'
  
• smtpd_sender_login_maps = mysql:/etc/postfix/mysql/controlled_envelope_senders.cf
  
• query = SELECT goto FROM alias WHERE address = '%s' AND active = '1'
  

Right now I have Postfix all set to hash: tables and the mysql: tables are just commented out as well as any settings for smtp & smtpd or links to Dovecot. Mailing inside the server one account to another doesn't even work though. Trying things three ways I get "dsn=5.1.1, status=bounced (User unknown in virtual alias table)" in the mail.log file. Two of the three ways is the virtual hash has the form [user@ALIASDOMAIN.com user] and the test email was done with and without the @ALIASDOMAIN.com in the to field. The third way was to have the virtual hash of the form [user@ALIASDOMAIN.com user@ALIASDOMAIN.com] and the test email was done with the @ALIASDOMAIN.com in the to field. When executing 

    postmap -q user@ALIASDOMAIN.com hash:/etc/postfix/virtual

[Michael Rupp]

So more precisely, if I wanted to casually suggest improvements as a voyeur on git, what's the best way?

Not really suggestions about the source code, but like the *.cf files and standardized values in the MySQL tables?

On Thursday, October 19, 2017 at 2:33:01 AM UTC-4, Barry O'Donovan wrote:

[Barry O'Donovan]

Typically forks and pull requests.

Other options: open an issue to track it all.

> --
> --
> --
>
> ViMbAdmin :: Virtual Mailbox Administration ::
> https://github.com/opensolutions/ViMbAdmin
>
> You received this message because you are subscribed to the Google
> Groups "vimbadmin-discuss" group.
> To post to this group, send email to vimbadmi...@googlegroups.com
> To unsubscribe from this group, send email to
> vimbadmin-disc...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/vimbadmin-discuss?hl=en
> ---
> You received this message because you are subscribed to the Google
> Groups "vimbadmin-discuss" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to vimbadmin-disc...@googlegroups.com

> <mailto:vimbadmin-disc...@googlegroups.com>.

> For more options, visit https://groups.google.com/d/optout.

--

Kind regards,
Barry O'Donovan

Office: +353 1 531 3334
Mobile: +353 86 801 7669

Island Bridge Networks Limited
52 Sandwith Street Lower
Dublin, D02 WR26, Ireland

[Michael Rupp]

Just got back to this project.

I found this helpful for a Git newbie like me...

https://services.github.com/on-demand/ 

It's a clever and fun way to learn to Git.

Also, I just forked your gist. I don't see any "pull" request type buttons like the "branch" has when you want it to be reviewed for comments. I hope I forked right.

https://gist.github.com/WNYmathGuy/819cbb8af6e04d47ecc0f485dbb8df19

> <mailto:vimbadmin-discuss+unsub...@googlegroups.com>.