Debian Mail Server Setup with Postfix + Dovecot + SASL + Squirrel Mail

Postfix is an attempt to provide an alternative to the widely-used Sendmail program. Postfix attempts to be fast, easy to administer, and hopefully secure, while at the same time being sendmail compatible enough to not upset your users.

Dovecot is an open source IMAP and POP3 server for Linux/UNIX-like systems, written with security primarily in mind. Dovecot is an excellent choice for both small and large installations. It’s fast, simple to set up, requires no special administration and it uses very little memory.

When sending mail, the Postfix SMTP client can look up the remote SMTP server hostname or destination domain (the address right-hand part) in a SASL password table, and if a username/password is found, it will use that username and password to authenticate to the remote SMTP server. And as of version 2.3, Postfix can be configured to search its SASL password table by the sender email address.

SquirrelMail is a standards-based webmail package written in PHP. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render in pure HTML 4.0 (with no JavaScript required) for maximum compatibility across browsers. It has very few requirements and is very easy to configure and install. SquirrelMail has all the functionality you would want from an email client, including strong MIME support, address books, and folder manipulation.

Note : If you install Postfix/Dovecot mail server you will ONLY be able to send mail within your network. You can only send mail externally if you install SASL authentication with TLS. As otherwise you get “Relay Access Denied” error.

Install Postfix MTA (Mail Transfer Agent)

Use the following command to install postfix in debian

#aptitude install postfix postfix-tls libsasl2 sasl2-bin libsasl2-modules popa3d

During installation, postfix will ask for few questions like name of server and answer those questions by entering your domain name and select Internet site for postfix.

Postfix configuration file is located at:/etc/postfix/main.cf. You can edit this file using popular text editor vi /etc/postfix/main.cf

Restart Postfix Server using the following command

#/etc/init.d/postfix restart

Install Dovecot

Dovecot is POP3/IMAP server which needs MTA like Postfix to work properly.

#aptitude install dovecot-imapd dovecot-pop3d dovecot-common

Dovecot configuration file is located at: /etc/dovecot/dovecot.conf

Before we proceed we need to make some changes with dovecot configuration file. Double check the following entries in the file if the values are entered properly.

Edit the dovecot configuration file using the following command

#vi /etc/dovecot/dovecot.conf

# specify protocols = imap imaps pop3 pop3s
protocols = pop3 imap
# uncomment this and change to no.
disable_plaintext_auth = no
pop3_uidl_format = %08Xu%08Xv

Now, create a user to test our pop3 mail with outlook:

#adduser user_name

Note: Always create a separate user to test your mail or ftp.

Restart Dovecot using the following command

#/etc/init.d/dovecot restart

Now, you can use your outlook express to test whether your new mail server is working or not. Just enter username: with password in outlook.

Remember you will NOT be able to send email outside your network, you will be only be able to send within your domain or local network. If you attempt to send email you get “relay access denied” error from outlook express. However, you should have no problems in receiving your email from outlook. Inorder to send email external email you will need to configure SASL authentication as described below.

Configure SASL Authentication with TLS

SASL Configuration + TLS (Simple authentication security layer with transport layer security) used mainly to authenticate users before sending email to external server, thus restricting relay access. If your relay server is kept open, then spammers could use your mail server to send spam. It is very essential to protect your mail server from misuse.

Let us set up SMTP authentication for our users with postfix and dovecot.

Edit the postfix configuration file /etc/postfix/main.cf and enter the few lines to enable authentication of our users

smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = yourdomain.com
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
smtpd_sasl_security_options = noanonymous

postfix does a chroot so it can’t communicate with saslauthd.

#rm -r /var/run/saslauthd/

#mkdir -p /var/spool/postfix/var/run/saslauthd

#ln -s /var/spool/postfix/var/run/saslauthd /var/run

#chgrp sasl /var/spool/postfix/var/run/saslauthd

#adduser postfix sasl

On the Dovecot side you also need to specify the dovecot authentication daemon socket. In this case we specify an absolute pathname. Refer to this postfix manual here

Edit /etc/dovecot/dovecot.conf file

#vi /etc/dovecot/dovecot.conf

Look for the line that starts with auth default, before that insert the lines below.

auth default {
mechanisms = plain login
passdb pam {
}
userdb passwd {
}
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}

}

}

Now, rename previous auth default to auth default2. If you dont rename this then dovecot server will give you error like multiple instances of auth default.

Now restart all the following components of mail server

#/etc/init.d/saslauthd restart

#/etc/init.d/postfix restart

#/etc/init.d/dovecot restart

Test whether your mail server works or not with your outlook express. Configure a user with a user name (without @domain) and make sure that you select my server requires authentication. Under settings select same as incoming mail server

Note:
1. If you dont enable My server requires authentication in outlook you cannot send emails to external recipients and you get relay access denied error.
2. Do not use root login to login to your mail server.
3. Dont forget to create a new user before you authenticate using outlook.

Forwarding Mails

Ever wondered how to forward your mails especially if you are a webmaster managing number of sites. You might need to forward any email sent to your primary email address. Its that easy. Just create a .forward file on your home directory. Insert list of emails addresses separated by commas, where you want to get forwarded.

Login as user and type

echo ‘destination_email_address’ > .forward

or you can use vi to create .forward file. Just Delete .forward file if you dont want any forwarding.

Installing Squirrel Web Mail

Before installing Squirrel Web Mail you need to make sure you have installed apache2 with php support

#aptitude install apache2

#aptitude install libapache2-mod-php5 php5-cli php5-common php5-cgi

#aptitude install squirrelmail

Squirrelmail configuration file is located in: /etc/squirrelmail/ folder. By default all settings are preloaded.

# Run squirrelmail configuration utility as ROOT
/usr/sbin/squirrelmail-configure

Now we want to setup to run under apache. Edit apache configuration file /etc/apache2/apache2.conf and insert the following line

Include /etc/squirrelmail/apache.conf

Restart the webserver using the following command

#/etc/init.d/apache2 restart

Access your webmail using the following link

http://yourdomain or server ip/squirrelmail

Create a separate local user and login as a new user.

Mail Server Logs

Always refer to logs located in /var/log/mail.log so that you can identify what the problem is before you can troubleshoot.

Sponsored Link

84 thoughts on “Debian Mail Server Setup with Postfix + Dovecot + SASL + Squirrel Mail

  1. Hi,

    I have setup my mail server using this tutorial and I can send and receive mails. However, forwarding does not work. When mail is sent to an address that needs to be forwarded the email just doesn’t go through. (I think Greg outlined the same issue in post # 17). Is there any solution for this ?

  2. I saw Jesse post this error before but did not explain how it was resolved.
    Can anyone help?
    Is there some dir I need to chmod?

    Service not available, closing channel
    421 4.3.0 collect: Cannot write ./dfo1Q4NwM0016357 (bfcommit, uid=0, gid=127): No such file or directory

  3. Hi

    I have setup my mail server using this tutorial but error login http://myip/squirellmail attempt and receive this error.

    ERROR:
    ERROR: Connection dropped by IMAP server.

    /var/log/mail.log is

    Mar 4 16:03:49 debian dovecot: IMAP(deneme): mail_location not set and autodetection failed: Mail storage autodetection failed with home=/home/deneme
    Mar 4 16:03:49 debian dovecot: IMAP(deneme): Fatal: Namespace initialization failed

    What can I do please help me

  4. Hi, I have a problem with the configuration.
    I got here:
    “Now, to rename previous auth default auth default2. If you dont then rename this dovecot server will give you error like multiple instances of default auth.”

    But Nos understand what to do.

    I tried to restart Dovecot but this error:
    Fatal: Invalid configuration settings unknow: path on line 1049

    The line would be 1049 path = / var / spool / postfix / private / auth

    How can I fix?

    Thanks to all

  5. HI Im think I have everything set up ok but I can recieve mail locally on my server go not going out or back in,

    Im getting timed out by the recieving servers. I can see in the logs that its hitting the outside serves or atleast i assume it is as the recieving servers ip address shows up on the logs.

    any thoughts.
    Thanks

  6. Hi, I’m getting this error like Vera, what shall I do? I could not find information about this error.

    Service not available, closing channel
    421 4.3.0 collect: Cannot write ./dfo1Q4NwM0016357 (bfcommit, uid=0, gid=127): No such file or directory

  7. Like Vera & Yasin, I too am getting the dreaded:
    Message not sent. Server replied:

    Service not available, closing channel
    421 4.3.0 collect: Cannot write ./dfo5LDR9UQ022336 (bfcommit, uid=0, gid=110): No such file or directory

    From sending inside Squirel Mail (attached to ISPConfig 3.x).
    Any assistance or direction pointing would be much appreciated.
    Thank you,

    Edward.

  8. Thanks for the help

    I reconfigure the postfix and can successfully send/receive the emails within the internal network now after configuring the SASL
    I configure the outlook express “My server required authentication” and after that I tried to send/receive the eamil from outlook express but the getting the below error:

    error message from the outlook express:

    The connection to the server has failed. Account: ‘mail.saudivalves.com’, Server: ‘mail.saudivalves.com’, Protocol: SMTP, Port: 25, Secure(SSL): No, Socket Error: 10061, Error Number: 0x800CCC0E

    after that I configure the mail client on my mail server and send/receive the email and then tries to send an email to my hotmail account but getting below error under the /var/log/maillog file

    taill -f /var/log/maillog

    Jul 15 08:24:39 localhost postfix/smtpd[9308]: connect from mail.saudivalves.com[127.0.0.1]
    Jul 15 08:24:51 localhost postfix/smtpd[9308]: ACE851C0377: client=mail.saudivalves.com[127.0.0.1], sasl_method=PLAIN, sasl_username=rashid
    Jul 15 08:24:51 localhost postfix/cleanup[9429]: ACE851C0377: message-id=
    Jul 15 08:24:51 localhost postfix/qmgr[8881]: ACE851C0377: from=, size=1478, nrcpt=1 (queue active)
    Jul 15 08:24:51 localhost postfix/smtp[9430]: connect to saudivalves.com[192.168.12.4]: Connection refused (port 25)
    Jul 15 08:24:51 localhost postfix/smtp[9430]: ACE851C0377: to=, relay=none, delay=0.15, delays=0.13/0.02/0/0, dsn=4.4.1, status=deferred (connect to saudivalves.com[192.168.12.4]: Connection refused)

    Kindly help me to sort out this problem

    Regards,

    Rashid

  9. before configuring the sasl everything working fine but after configuring this I get the error on client outlook:
    error message from the outlook express:

    The connection to the server has failed. Account: ‘mail.saudivalves.com’, Server: ‘mail.saudivalves.com’, Protocol: SMTP, Port: 25, Secure(SSL): No, Socket Error: 10061, Error Number: 0x800CCC0E

  10. before configuring the sasl everything working fine but after configuring this I get the error on client outlook:
    error message from the outlook express:

    The connection to the server has failed. Account: ‘mail.saudivalves.com’, Server: ‘mail.saudivalves.com’, Protocol: SMTP, Port: 25, Secure(SSL): No, Socket Error: 10061, Error Number: 0x800CCC0E

  11. The connection to the server has failed. Account: ‘mail.saudivalves.com’, Server: ‘mail.saudivalves.com’, Protocol: SMTP, Port: 25, Secure(SSL): No, Socket Error: 10061, Error Number: 0x800CCC0E

  12. hi, thanks for tutorail, i am trying to make it work right now, following couple tutorials and just found out that you are missing this settings in main.cf:
    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth
    without this i wans not able to sent any email from my account via thunderbird.

  13. What if you just peruse the logfile manually, perhaps using the “less” command and jumping to the end of the file, rather than grepping for “dovecot”?

  14. hy boys. i have a little problem. I modify the dovecot.conf. after i try restarting dovecot. but the answer is : dovecot error: Error in configuration file /etc/dovecot/dovecot.conf line 831: Unknown setting: mechanisms Fatal: invalid configuration in etc/dovecot/dovecot.conf
    Please help me.

  15. Hello,
    anybody tell me how to connect randomly generated email to Squirrelmail server.
    Please reply me thankx.

  16. hy, all working squirrel is ok but when i try to use another client setted up with my imap server i receive connection refused, imapd is up and running

    pop3 works but i want to use imap any suggestion?

  17. I installed Dovecot and use Thunderbird to check the connection. I can’t create account in thunderbird.

  18. Have to agree with @Gondo, the send function is only working with the addition of the two lines:

    smtpd_sasl_type = dovecot
    smtpd_sasl_path = private/auth

    Thanks anyway for the great tutorial.

  19. Aziz you are a legend. I tried everything for 3 days solid. mail_location = maildir:~/Maildir worked magic. Thanks mate.

  20. I all,
    I can send email but I can’t receive and this is the error that I receive from 2 days…
    what I can to do?
    from email return rejected:

    Hi. This is the qmail-send program at anothersite.anothersite.net.
    I'm afraid I wasn't able to deliver your message to the following addresses.
    This is a permanent error; I've given up. Sorry it didn't work out.
    :
    123.9.0.123 does not like recipient.
    Remote host said: 554 5.7.1 : Relay access denied
    Giving up on 123.9.0.123.

    my postfix logs:
    from= to= proto=ESMTP helo=
    Jul 29 00:12:18 server postfix/smtpd[2635]: disconnect from ns.giombg.net[100.100.100.100]
    Jul 29 00:15:16 server postfix/smtpd[2640]: connect from ns.giombg.net[100.100.100.100]
    Jul 29 00:15:16 server postfix/smtpd[2640]: NOQUEUE: reject: RCPT from ns.giombg.net[100.100.100.100]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo=
    Jul 29 00:15:16 server postfix/smtpd[2640]: disconnect from ns.giombg.net[100.100.100.100]


    suggestions?
    respect
    GioMBG

  21. Same as @GioMBG here..

    I can send, but I cannot receive. Any guess where to look?

    Thanks,

    Pimmy

  22. hi, i already follow instruction, but when I want to login this message appear,

    >> Error connecting to IMAP server: localhost:143.
    111 : Connection refused

    then i used telnet localhost 143, but it connection refused,

    anyone can help me?

    thanx.. πŸ™‚

  23. We are working on RHEL 5 platform on webmail server(Davecot server) and we are facing the problem like when our clients are going to attach the files on their mails it is showing the error message like

    Could not move/copy file. File not attach.

    So could you please assist us to fix this issue.

  24. Hi there

    I have the same problem like GIOMBG and Pimmy. I cannot receive emails. Does anybody solved the problem?
    Thank you

  25. Hi not to sure what happened was not working for me but when i reinstalled the pop3ad and restarted the postfix it worked any idea why thank you

  26. “telnet localhost 143 “: “Trying 127.0.0.1…Trying ::1…telnet: Unable to connect to remote host: Connection refused “.

Leave a comment

Your email address will not be published. Required fields are marked *