Problems with Outlook 2010 (beta) sending mails

[blackwing01]

would this be the same solution for postfix mail server that is mysql supported where are authentication are done tru mysql registered user in the database?

or should I approach it differently?

[kilburn]

@blackwing01: it will probably work. Nevertheless, trying it is SO easy that you shuld do that instead of asking

[blackwing01]

@kilburn - well I did tried it but didn't work. I'm still looking for solution on how should I approach this.

[kilburn]

You have to disable SASL NTLM authentication. If you have a custom configuration, then you should know/discover how to do it as we can't help you...

[Nuxwin]

I've postfix and smtp authentication through authdaemon with mysql. I can show you my config if you want.

[blackwing01]

@Nuxwin - that will be great.

[Nuxwin]

Hello:

My /etc/postfix/main.cf file:

Code:

smtpd_banner = $myhostname ESMTP
biff = no

append_dot_mydomain = no
#delay_warning_time = 4h

myhostname = smtp.ispcp.fr
mydomain = ispcp.fr

relayhost =

mynetworks = 127.0.0.0/8
inet_interfaces = all

recipient_delimiter = +
transport_maps = proxy:mysql:/etc/postfix/sql/mysql_transport_maps.cf

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases

myorigin = /etc/mailname
mydestination = $mydomain, $myhostname, localhost.$mydomain

home_mailbox = Maildir/
mailbox_size_limit = 0

virtual_alias_maps =
   proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf,
   proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf,
   proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
virtual_alias_domains =

virtual_mailbox_base = /var/mail
virtual_mailbox_maps =
   proxy:mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf,
   proxy:mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf

virtual_mailbox_domains = proxy:mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf

virtual_minimum_uid = 5000
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000

# sasl
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_local_domain =

# SMTP restrictions
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination,
permit

smtpd_data_restrictions =
reject_unauth_pipelining,
permit

# quotas
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_maildir_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/sql/mysql-virtual-mailbox-limit-maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = "The user you are trying to reach is over quota."
virtual_overquota_bounce = yes

# Proxymap
proxy_read_maps =
$local_recipient_maps,
$mydestination,
$virtual_alias_maps,
$virtual_alias_domains,
$virtual_mailbox_maps,
$virtual_mailbox_domains,
$virtual_mailbox_limit_maps,
$relay_recipient_maps,
$relay_domains,
$canonical_maps,
$sender_canonical_maps,
$recipient_canonical_maps,
$relocated_maps,
$transport_maps,
$mynetworks

# Added for security reasons
disable_vrfy_command = yes
smtpd_helo_required = yes

# DKIM/Domainkey like yahoo
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891 inet:localhost:8892
non_smtpd_milters = inet:localhost:8891 inet:localhost:8892

Note1: Very small and no finish configuration... (I should add TLS ans some other things...)
Note2: Don't take care about DKIM/Domainkey filters

my /etc/postfix/sasl/smtpd.conf file:

Code:

log_level: 3
pwcheck_method: authdaemond
mech_list: PLAIN LOGIN
authdaemond_path: /var/run/courier/authdaemon/socket

my /etc/postfix/sql/mysql-virtual-mailbox-limit.cf file:

Code:

user = mail_xxxx
password = xxxxxx
hosts = 88.191.xx.xx
dbname = mail
query = SELECT quota FROM mailbox WHERE username='%s' AND active = '1'

my /etc/postfix/sql/mysql_transport_maps.cf file:

Code:

user = mail_xxxx
password = xxxxxx
hosts = 88.191.xx.xx
dbname = mail
query = SELECT transport FROM domain WHERE domain='%d'

my /etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf file:

Code:

# handles catch-all settings of target-domain
user = mail_xxxx
password = xxxxxx
hosts = 88.191.xx.xx
dbname = mail
query  = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'

my /etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf file:

Code:

user = mail_xxxx
password = xxxxxx
hosts = 88.191.xx.xx
dbname = mail
query = SELECT maildir FROM mailbox,alias_domain WHERE alias_domain.alias_domain = '%d' and mailbox.username = CONCAT('%u', '@', alias_domain.target_domain) AND mailbox.active = 1 AND alias_domain.active='1'

my /etc/postfix/sql/mysql_virtual_alias_domain_maps.cf file:

Code:

user = mail_xxxx
password = xxxxxx
hosts = 88.191.xx.xx
dbname = mail
query = SELECT goto FROM alias,alias_domain WHERE alias_domain.alias_domain = '%d' and alias.address = CONCAT('%u', '@', alias_domain.target_domain) AND alias.active = 1 AND alias_domain.active='1'

my /etc/postfix/sql/mysql_virtual_alias_maps.cf file:

Code:

user = mail_xxxx
password = xxxxxx
hosts = 88.191.xx.xx
dbname = mail
query = SELECT goto FROM alias WHERE address='%s' AND active = '1'

my /etc/postfix/sql/mysql_virtual_domain_maps.cf file:

Code:

user = mail_xxxx
password = xxxxxx
hosts = 88.191.xx.xx
dbname = mail
query = SELECT domain FROM domain WHERE domain='%s' AND active = '1'

my /etc/postfix/sql/mysql_virtual_mailbox_maps.cf file:

Code:

user = mail_xxxx
password = xxxxxx
hosts = 88.191.xx.xx
dbname = mail
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1

my /etc/courier/authdaemonrc file:

Code:

##VERSION: $Id: authdaemonrc.in,v 1.13 2005/10/05 00:07:32 mrsam Exp $
#
# Copyright 2000-2005 Double Precision, Inc.  See COPYING for
# distribution information.
#
# authdaemonrc created from authdaemonrc.dist by sysconftool
#
# Do not alter lines that begin with ##, they are used when upgrading
# this configuration.
#
# This file configures authdaemond, the resident authentication daemon.
#
# Comments in this file are ignored.  Although this file is intended to
# be sourced as a shell script, authdaemond parses it manually, so
# the acceptable syntax is a bit limited.  Multiline variable contents,
# with the \ continuation character, are not allowed.  Everything must
# fit on one line.  Do not use any additional whitespace for indentation,
# or anything else.

##NAME: authmodulelist:2
#
# The authentication modules that are linked into authdaemond.  The
# default list is installed.  You may selectively disable modules simply
# by removing them from the following list.  The available modules you
# can use are: authuserdb authpam authpgsql authldap authmysql authcustom authpipe

#authmodulelist="authpam"
authmodulelist="authpam authmysql"

##NAME: authmodulelistorig:3
#
# This setting is used by Courier's webadmin module, and should be left
# alone

authmodulelistorig="authuserdb authpam authpgsql authldap authmysql authcustom authpipe"

##NAME: daemons:0
#
# The number of daemon processes that are started.  authdaemon is typically
# installed where authentication modules are relatively expensive: such
# as authldap, or authmysql, so it's better to have a number of them running.
# PLEASE NOTE:  Some platforms may experience a problem if there's more than
# one daemon.  Specifically, SystemV derived platforms that use TLI with
# socket emulation.  I'm suspicious of TLI's ability to handle multiple
# processes accepting connections on the same filesystem domain socket.
#
# You may need to increase daemons if as your system load increases.  Symptoms
# include sporadic authentication failures.  If you start getting
# authentication failures, increase daemons.  However, the default of 5
# SHOULD be sufficient.  Bumping up daemon count is only a short-term
# solution.  The permanent solution is to add more resources: RAM, faster
# disks, faster CPUs...

daemons=5

##NAME: authdaemonvar:2
#
# authdaemonvar is here, but is not used directly by authdaemond.  It's
# used by various configuration and build scripts, so don't touch it!

authdaemonvar=/var/run/courier/authdaemon

##NAME: DEBUG_LOGIN:0
#
# Dump additional diagnostics to syslog
#
# DEBUG_LOGIN=0   - turn off debugging
# DEBUG_LOGIN=1   - turn on debugging
# DEBUG_LOGIN=2   - turn on debugging + log passwords too
#
# ** YES ** - DEBUG_LOGIN=2 places passwords into syslog.
#
# Note that most information is sent to syslog at level 'debug', so
# you may need to modify your /etc/syslog.conf to be able to see it.

DEBUG_LOGIN=0

##NAME: DEFAULTOPTIONS:0
#
# A comma-separated list of option=value pairs. Each option is applied
# to an account if the account does not have its own specific value for
# that option. So for example, you can set
#   DEFAULTOPTIONS="disablewebmail=1,disableimap=1"
# and then enable webmail and/or imap on individual accounts by setting
# disablewebmail=0 and/or disableimap=0 on the account.

DEFAULTOPTIONS=""

##NAME: LOGGEROPTS:0
#
# courierlogger(1) options, e.g. to set syslog facility
#

LOGGEROPTS=""

##NAME: LDAP_TLS_OPTIONS:0
#
# Options documented in ldap.conf(5) can be set here, prefixed with 'LDAP'.
# Examples:
#
#LDAPTLS_CACERT=/path/to/cacert.pem
#LDAPTLS_REQCERT=demand
#LDAPTLS_CERT=/path/to/clientcert.pem
#LDAPTLS_KEY=/path/to/clientkey.pem

my /etc/courier/authmysqlrc file:

Code:

MYSQL_SERVER    88.191.xx.xx
MYSQL_USERNAME  mail_xxxx
MYSQL_PASSWORD  xxxxxx
MYSQL_PORT      3306
MYSQL_DATABASE  mail
MYSQL_USER_TABLE        mailbox
MYSQL_CRYPT_PWFIELD     password
MYSQL_UID_FIELD 5000
MYSQL_GID_FIELD 5000
MYSQL_LOGIN_FIELD       username
MYSQL_HOME_FIELD        "/var/mail"
MYSQL_MAILDIR_FIELD     maildir
MYSQL_WHERE_CLAUSE      active="1"
MYSQL_QUOTA_FIELD       quota

My modified /etc/init.d/courier-authdaemon file:

Code:

#! /bin/sh -e
#
### BEGIN INIT INFO
# Provides:          courier-authdaemon
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
### END INIT INFO

prefix="/usr"
exec_prefix=${prefix}
sysconfdir="/etc/courier"
sbindir="${exec_prefix}/sbin"
daemonscript="${sbindir}/authdaemond"

. /lib/lsb/init-functions

# Check for a leftover init script
if [ ! -x $daemonscript ]; then
        exit 0
fi

case "$1" in
start)
        # Start daemon.
        cd /
        log_daemon_msg "Starting Courier authentication services" "authdaemond"
        $daemonscript start
        log_end_msg 0

        # hardlink creation for authdaemond socket Postfix access
        log_daemon_msg "Create hard link" "Postfix authdaemon socket hard link"
        sleep 1
        ln -f /var/run/courier/authdaemon/socket /var/spool/postfix/var/run/courier/authdaemon/socket
        log_end_msg 0
        ;;
stop)
        # Stop daemon.
        cd /
        log_daemon_msg "Stopping Courier authentication services" "authdaemond"
        $daemonscript stop
        log_end_msg 0
    ;;
restart|reload|force-reload)
        $0 stop
        $0 start
    ;;
*)
        echo "Usage: $0 {start|stop|restart|reload|force-reload}" >&2
        exit 2
        ;;
esac
exit 0

Note: See the hardlink creation for authdaemon due to postfix jail.

---

For the record:

Code:

smtp:~# ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.2   1980   688 ?        Ss   Sep12   0:18 init [2]      
daemon     229  0.0  0.1   1764   496 ?        Ss   Sep12   0:03 /sbin/portmap
root       294  0.0  0.5  27100  1356 ?        Sl   Sep12   0:36 /usr/sbin/rsyslogd -c3
root       303  0.0  0.3   5272  1032 ?        Ss   Sep12   0:01 /usr/sbin/sshd
root       320  0.0  0.1   1832   424 ?        S    Sep12   0:05 /usr/sbin/courierlogger -pid=/var/run/courier/imapd.pid -start -name=imapd /usr/sbin/courier
root       321  0.0  0.2   1936   612 ?        S    Sep12   0:04 /usr/sbin/couriertcpd -address=0 -maxprocs=40 -maxperip=20 -nodnslookup -noidentlookup 143 /
root       326  0.0  0.1   1832   424 ?        S    Sep12   0:01 /usr/sbin/courierlogger -pid=/var/run/courier/pop3d.pid -start -name=pop3d /usr/sbin/courier
root       327  0.0  0.2   1936   608 ?        S    Sep12   0:01 /usr/sbin/couriertcpd -maxprocs=40 -maxperip=4 -nodnslookup -noidentlookup -address=0 110 /u
104        331  0.0  0.4  36840  1244 ?        Ssl  Sep12   0:11 /usr/bin/dk-filter -u dk-filter -P /var/run/dk-filter/dk-filter.pid -p inet:8892@localhost -
103        337  0.0  0.2   5416   620 ?        Ss   Sep12   0:00 /usr/sbin/dkim-filter -x /etc/dkim-filter.conf -u dkim-filter -P /var/run/dkim-filter/dkim-f
103        338  0.0  0.6  62892  1740 ?        Sl   Sep12   0:19 /usr/sbin/dkim-filter -x /etc/dkim-filter.conf -u dkim-filter -P /var/run/dkim-filter/dkim-f
root       422  0.0  0.3   3288   940 ?        Ss   Sep12   0:20 /usr/sbin/famd -T 0
root       437  0.0  0.3   3768   792 ?        Ss   Sep12   0:02 /usr/sbin/cron
root       447  0.0  1.8  23852  4764 ?        Sl   Sep12  10:23 /usr/bin/python /usr/bin/fail2ban-server -b -s /var/run/fail2ban/fail2ban.sock
root     24359  0.0  1.0   8176  2716 ?        Ss   00:47   0:00 sshd: root@pts/0
root     24362  0.0  0.6   4588  1716 pts/0    Ss   00:47   0:00 -bash
root     24602  0.0  0.1   1832   424 ?        S    01:11   0:00 /usr/sbin/courierlogger -pid=/var/run/courier/authdaemon/pid -start /usr/lib/courier/courier
root     24603  0.0  0.4   4404  1084 ?        S    01:11   0:00 /usr/lib/courier/courier-authlib/authdaemond
root     24604  0.0  0.1   4404   352 ?        S    01:11   0:00 /usr/lib/courier/courier-authlib/authdaemond
root     24605  0.0  0.1   4404   352 ?        S    01:11   0:00 /usr/lib/courier/courier-authlib/authdaemond
root     24607  0.0  0.1   4404   352 ?        S    01:11   0:00 /usr/lib/courier/courier-authlib/authdaemond
root     24609  0.0  0.1   4404   352 ?        S    01:11   0:00 /usr/lib/courier/courier-authlib/authdaemond
root     24611  0.0  0.1   4404   352 ?        S    01:11   0:00 /usr/lib/courier/courier-authlib/authdaemond
root     24701  0.0  0.6   5476  1800 ?        Ss   01:12   0:00 /usr/lib/postfix/master
postfix  24702  0.0  0.6   5488  1728 ?        S    01:12   0:00 pickup -l -t fifo -u -c
postfix  24703  0.0  0.6   5532  1760 ?        S    01:12   0:00 qmgr -l -t fifo -u
root     24715  0.0  0.3   4056  1012 pts/0    R+   01:13   0:00 ps aux

Authentication test via telnet:

1. First, creating needed data:

Code:

smtp:~# perl ~/encode64
encryption type: plain
username: testing@nuxwin.com
password:
Auth String: AHRlc3RpbmdAbnV4d2luLmNvbQB0ZXN0aW5n

2. Trying authentication:

Code:

smtp:~# telnet smtp.ispcp.fr 25
Trying 88.191.229.226...
Connected to smtp.ispcp.fr.
Escape character is '^]'.
220 smtp.ispcp.fr ESMTP
EHLO testing.domain.tld
250-smtp.ispcp.fr
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN
334
AHRlc3RpbmdAbnV4d2luLmNvbQB0ZXN0aW5n
235 2.7.0 Authentication successful
QUIT
221 2.0.0 Bye
Connection closed by foreign host.
smtp:~#

Other test:

Code:

Return-Path: <l.declercq@nuxwin.com>
X-Original-To: testing@nuxwin.com
Delivered-To: testing@nuxwin.com
Received: from dev.nuxwin.com (ip-228.net-89-3-168.rev.numericable.fr [89.3.168.228])
    by smtp.ispcp.fr (Postfix) with ESMTPA id 0D9377DE
    for <testing@nuxwin.com>; Thu, 14 Oct 2010 01:57:02 +0200 (CEST)
X-DomainKeys: Sendmail DomainKeys Filter v1.0.0 smtp.ispcp.fr 0D9377DE
DomainKey-Signature: a=rsa-sha1; s=dkmail; d=nuxwin.com; c=simple; q=dns;
    b=e/QFDTtgfxIrR8Uj7izjf0IDzsxSzj/CCrMBlingGTnMLe0RwxL0q+0E9hUPQwVYv
    hULwsNPbMuPzdSLIBbdmA==
X-DKIM: Sendmail DKIM Filter v2.6.0 smtp.ispcp.fr 0D9377DE
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nuxwin.com; s=mail;
    t=1287014222; bh=GSt33Z83/UpP+B2KGcIGi5c+8irqhFU9NZON6igMRyU=;
    h=MIME-Version:Content-Type:Content-Transfer-Encoding:Date:From:To:
     Subject:Message-ID; b=DmKiV50ebkdOMYoZqxjJt+VBMycuOmNB2db9kZ6A5pBa
    FXo3Ja8oDbfOnaUzHy/G57f4D7r2O3/PLnO98WxWcvVltCnwvYr99hTRKsqDYMcJYoT
    kDrhgL1pr1u52ZZ5t8Rk7dsBh8eGM+vwDPGrbJlrcRLqShtF82hjEWx0SfYc=
MIME-Version: 1.0
Content-Type: text/plain;
charset=UTF-8
Content-Transfer-Encoding: 7bit
Date: Thu, 14 Oct 2010 02:02:09 +0200
From: <l.declercq@nuxwin.com>
To: <testing@nuxwin.com>
Subject: test
Message-ID: <b72a02cdb1b97b037fde83a697715926@smtp.ispcp.fr>
X-Sender: l.declercq@nuxwin.com
User-Agent: RoundCube Webmail/0.4-beta

the test

Note: I uses postfixadmin to manage my mails accounts. The mysql server is hosted on another server. My Postfix is patched with VDA (quotas). Both servers are containers --> openVZ (Debian Lenny).

Note: If you want, I can check you config on your server.

[blackwing01]

i don't have this file on my server /etc/postfix/sasl/smtpd.conf

I also use postfixadmin for my mail managing. I think we have the same setting for the post fix except for that particular file.

[kilburn]

@blackwin: C'mon dude, you've said that you tried my solution and it didn't work. Now, back to my solution:

Quote:By the way, on a debian lenny system the mechs are configured in the following file (create it if it doesn't exist):

Code:

# cat /etc/postfix/sasl/smtpd.conf
mech_list: plain login

Which amounts to executing:

Code:

echo 'mech_list: plain login' > /etc/postfix/sasl/smtpd.conf && /etc/init.d/postfix restart

Have you *really* tried it?

[Nuxwin]

If he has not the file /etc/postfix/sasl/smtpd.conf, it's surely that he hasn't tried... but right now, if he uses another pwcheck method than userdb, your example is not complet Marc...