Hi there, was thinking around of the best place to post this. Initially I thought maybe the Dovecot mailing list but I’m not sure if this is a Dovecot issue or if the issue lies with Postfix, so I figured maybe a more general Linux community. If people have suggestions about where I could post this that may have more people see it who are able/willing to help, I would also appreciate that.

I apologise, this post will probably be quite long, so I really do appreciate if anyone takes the time to read it and give advice.

Anyway, I was following this tutorial to set up a mail server with Postfix and Dovecot. The tutorial is for Ubuntu but I am using an Alpine Linux server, however the tutorial mostly concerns configuring Postfix and Dovecot which is distro-independent.

Deviations from the tutorial

I followed the tutorial with the exceptions of the following (deviations listed in order of the part of the tutorial they deviated from, so hopefully this is easy to follow linearly):

My server’s hostname is domain.com not mail.domain.com (mail.domain.com is what my MX record points to), but this shouldn’t really matter as I configured postfix with:

myhostname=mail.domain.com
mydomain=domain.com

I installed packages with apk not apt obviously, and installed Postfix with doas apk add postfix.

I didn’t get the ncurses Postfix configuration popup when I installed or started Postfix.

Alpine doesn’t auto-start the Postfix service, so I did

doas rc-update add postfix default
doas rc-service postfix start

I used doas apk add mailutils --update-cache --repository https://dl-cdn.alpinelinux.org/alpine/edge/testing/ to install and test the mail program.

I didn’t increase attachment size limit.

Alpine doesn’t seem to have a dovecot-imapd package, so I just installed dovecot and dovecot-lmtpd.

When configuring /etc/dovecot/conf.d/15-mailboxes.conf, I also set Drafts, Junk, and Sent Messages to auto-create as well as Trash.

I started the dovecot service the same way I did postfix above.

What works

I can send mail with sendmail and GNU mailutils mail. The following works:

echo "test email" | sendmail [email protected]

And

mail -a FROM:[email protected] [email protected]

(where domain.com is my Postfix mail server, and my@email.com is my existing email address with an external provider)

The above results in me receiving the email in my spam folder at my@email.com from me@domain.com, email all appears normal to me.

The issue

I’ve noticed two problems which may be related.

Can’t log into Thunderbird

Firstly, I can’t log into Thunderbird. I get the following error:

(Transcription: Unable to log in at server. Probably wrong configuration, username or password.)

To log in, I am entering my email address at user@domain.com, where user is my UNIX user (which is part of the mail group), and domain.com is my domain. I entered my password as my user account’s password.

Thunderbird seems to recognise my mail server as it auto configured to the following:

INCOMING: IMAP, hostname mail.domain.com, port 993, SSL/TLS, normal password, username user (i.e. without the @domain.com)

OUTGOING: hostname mail.domain.com, port 465, SSL/TLS, normal password, username user

I have also tried the same configuration with STARTTLS and ports 143 and 587, to the same error.

Can’t receive mail

I’ve also tried to send myself emails from my other email addresses. I’ve tried two of my external email addresses so far. My email clients say they’ve sent the emails and they appear in my Sent folder, however my Protonmail has sent me some emails today from their mailer daemon complaining that Your email could not be delivered for more than 12 hour(s).:

<user@domain.com>: host domain.com[MY IP] said: 454 4.7.1
    <user@domain.com>: Relay access denied (in reply to RCPT TO command)

I’ve checked /var/log/messages (which is the Alpine Linux syslog) and found the following, which I don’t know how to interpret:

Nov  2 17:57:03 domain mail.info postfix/smtpd[28188]: connect from mail-41103.protonmail.ch[185.70.41.103]
Nov  2 17:57:03 domain mail.info postfix/smtpd[28188]: Anonymous TLS connection established from mail-41103.protonmail.ch[185.70.41.103]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1)
Nov  2 17:57:04 domain mail.info postfix/smtpd[28188]: NOQUEUE: reject: RCPT from mail-41103.protonmail.ch[185.70.41.103]: 454 4.7.1 <user@domain.com>: Relay access denied; from=<my@protonmail.com> to=<user@domain.com> proto=ESMTP helo=<mail-41103.protonmail.ch>
Nov  2 17:57:04 domain mail.info postfix/smtpd[28188]: disconnect from mail-41103.protonmail.ch[185.70.41.103] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8

I have dovecot configured to use the maildir format (or at least I think I do; I followed the tutorial to set it up to use maildir) but I don’t see anything in my ~/Maildir directory.

Running GNU mail results in the output:

Cannot open mailbox /var/mail/user: No such file or directory
No mail for user

My configuration

Output of postconf -n:

command_directory = /usr/sbin
compatibility_level = 3.9
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
home_mailbox = Maildir/
html_directory = no
inet_protocols = ipv4
mail_owner = postfix
mailbox_size_limit = 0
mailbox_transport = lmtp:unix:private/dovecot-lmtp
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
meta_directory = /etc/postfix
mydomain = domain.com
myhostname = mail.domain.com
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix/readme
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
shlib_directory = /usr/lib/postfix
smtp_header_checks = regexp:/etc/postfix/smtp_header_checks
smtp_tls_loglevel = 1
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_cert_file = /etc/letsencrypt/live/mail.domain.com/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/mail.domain.com/privkey.pem
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtputf8_enable = no
unknown_local_recipient_reject_code = 550

Output of doveconf -n:

# 2.3.21.1 (d492236fa0): /etc/dovecot/dovecot.conf
# OS: Linux 6.6.58-0-lts x86_64  
# Hostname: domain.com
auth_debug = yes
auth_mechanisms = plain login
auth_username_format = %n
auth_verbose = yes
log_path = /var/log/dovecot.log
mail_debug = yes
mail_location = maildir:~/Maildir
mail_privileged_group = mail
mbox_write_locks = fcntl
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    auto = create
    special_use = \Drafts
  }
  mailbox Junk {
    auto = create
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    auto = create
    special_use = \Sent
  }
  mailbox Trash {
    auto = create
    special_use = \Trash
  }
  prefix = 
}
passdb {
  args = scheme=CRYPT username_format=%u /etc/dovecot/users
  driver = passwd-file
}
protocols = imap lmtp lmtp
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service lmtp {
  unix_listener lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
}
ssl = required
ssl_cert = </etc/letsencrypt/live/mail.domain.com/fullchain.pem
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
userdb {
  args = username_format=%u /etc/dovecot/users
  driver = passwd-file
}

Logs

This seems to be a dovecot log of an authentication attempt.

Nov 02 18:11:11 auth: Debug: client in: AUTH    3       PLAIN   service=imap    secured=tls     session=JeHL+PEltufBIH/a        lip=<my server IP>       rip=<my home IP>      lport=993       rport=59318     local_name=mail.domain.com       resp=<hidden>
Nov 02 18:11:11 auth: Debug: passwd-file(user,<my home IP>,<JeHL+PEltufBIH/a>): Performing passdb lookup
Nov 02 18:11:11 auth: Debug: passwd-file(user,<my home IP>,<JeHL+PEltufBIH/a>): lookup: user=user file=/etc/dovecot/users
Nov 02 18:11:11 auth: Info: passwd-file(user,<my home IP>,<JeHL+PEltufBIH/a>): unknown user
Nov 02 18:11:11 auth: Debug: passwd-file(user,<my home IP>,<JeHL+PEltufBIH/a>): Finished passdb lookup
Nov 02 18:11:11 auth: Debug: auth(user,<my home IP>,<JeHL+PEltufBIH/a>): Auth request finished
Nov 02 18:11:13 auth: Debug: client passdb out: FAIL    3       user=user       original_user=user@domain.com
Nov 02 18:11:13 imap-login: Debug: Ignoring unknown passdb extra field: original_user
Nov 02 18:11:13 imap-login: Info: Disconnected: Connection closed (auth failed, 3 attempts in 22 secs): user=<user>, method=PLAIN, rip=<my home IP>, lip=<my server IP>, TLS, session=<JeHL+PEltufBIH/a>

Thanks for reading this fairly long post. Do ask if I need to provide any more configs, logs, etc. Appreciate any help, thanks in advance

  • 2xsaiko@discuss.tchncs.de
    link
    fedilink
    arrow-up
    1
    ·
    25 days ago

    Currently I have multiple PTR records for all the subdomains I’m using, which hasn’t caused problems yet…

    Wait, what? PTR is set on an IP address, not on a domain name. It should resolve to the canonical domain name of the host behind that IP.

    • 0v0@scribe.disroot.orgOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      25 days ago

      I meant that for my one IP address, I set it to have a PTR to multiple domain names. My VPS host allows me to add multiple domains to my IP address’s PTR records. But yeah I’ll change it to the NAME.domain.com you suggested

      • schizo@forum.uncomfortable.business
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        25 days ago

        Uh, don’t do that if you expect your mail to be delivered.

        Multiple PTRs, depending on how the DNS service is set up, may be returned in round-robin fashion, and if you return a PTR that doesn’t match what your HELO claims you are, then congrats on your mail being likely tossed in the trash.

        Pick the most accurate name (that is, match your HELO domain), and only set one PTR.

        (Useless fact of the day: multiple A records behave the same way and you can use that as a poverty-spec version of a load balancer.)

        • 0v0@scribe.disroot.orgOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          25 days ago

          Thanks, yeah I’m changing it now. I am new to server stuff in case that wasn’t obvious, I just got a VPS and domain name as a bit of a personal project to learn more about server stuff :) Good to know all these things!

          • schizo@forum.uncomfortable.business
            link
            fedilink
            English
            arrow-up
            1
            ·
            24 days ago

            Yeah DNS is, in general, just goofy and weird and a lot of the interactions I wouldn’t expect someone who’s done it for years to necessarily know.

            And besides, the round-robin thing is my favorite weird DNS fact so any excuse to share it is great.