I meant that for my one IP address, I set it to have a PTR to multiple domain names. My VPS host allows me to add multiple domains to my IP address's PTR records. But yeah I'll change it to the NAME.domain.com you suggested
Thank you! I can now receive mail and my Maildir is being populated :)
Set system hostname, PTR, and myhostname to NAME.domain.com where NAME is a unique name that you made up (e.g. I have ‘polaris.dblsaiko.net’). This also makes adding more hosts later less awkward (as opposed to having the hostname be domain.com).
Cheers, will do
Hm, still no luck. I now have
passdb {
driver = passwd
}
userdb {
driver = passwd
}
to be as simple as I can. I'm now getting
Nov 02 21:11:06 auth: Debug: Read auth token secret from /run/dovecot/auth-token-secret.dat
Nov 02 21:11:06 auth: Debug: auth client connected (pid=12662)
Nov 02 21:11:06 auth: Debug: client in: AUTH 1 PLAIN service=imap secured=tls session=JNRsffQlRuXBIH/a lip=<server IP> rip=<home IP> lport=993 rport=58694 local_name=mail.domain.com
Nov 02 21:11:06 auth: Debug: client passdb out: CONT 1
Nov 02 21:11:06 auth: Debug: client in: CONT<hidden>
Nov 02 21:11:06 auth: Debug: passwd(user,<home IP>,<JNRsffQlRuXBIH/a>): Performing passdb lookup
Nov 02 21:11:06 auth-worker(12667): Debug: Loading modules from directory: /usr/lib/dovecot/auth
Nov 02 21:11:06 auth-worker(12667): Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so
Nov 02 21:11:06 auth-worker(12667): Debug: conn unix:auth-worker (pid=12664,uid=90): Server accepted connection (fd=13)
Nov 02 21:11:06 auth-worker(12667): Debug: conn unix:auth-worker (pid=12664,uid=90): Sending version handshake
Nov 02 21:11:06 auth-worker(12667): Debug: conn unix:auth-worker (pid=12664,uid=90): auth-worker<1>: Handling PASSV request
Nov 02 21:11:06 auth-worker(12667): Debug: conn unix:auth-worker (pid=12664,uid=90): auth-worker<1>: passwd(user,<home IP>,<JNRsffQlRuXBIH/a>): Performing passdb lookup
Nov 02 21:11:06 auth-worker(12667): Debug: conn unix:auth-worker (pid=12664,uid=90): auth-worker<1>: passwd(user,<home IP>,<JNRsffQlRuXBIH/a>): lookup
Nov 02 21:11:06 auth-worker(12667): Info: conn unix:auth-worker (pid=12664,uid=90): auth-worker<1>: passwd(user,<home IP>,<JNRsffQlRuXBIH/a>): Password mismatch
Nov 02 21:11:06 auth-worker(12667): Debug: conn unix:auth-worker (pid=12664,uid=90): auth-worker<1>: passwd(user,<home IP>,<JNRsffQlRuXBIH/a>): Finished passdb lookup
Nov 02 21:11:06 auth-worker(12667): Debug: conn unix:auth-worker (pid=12664,uid=90): auth-worker<1>: Finished: password_mismatch
Nov 02 21:11:06 auth: Debug: passwd(user,<home IP>,<JNRsffQlRuXBIH/a>): Finished passdb lookup
Nov 02 21:11:06 auth: Debug: auth(user,<home IP>,<JNRsffQlRuXBIH/a>): Auth request finished
Nov 02 21:11:08 auth: Debug: client passdb out: FAIL 1 user=user
In my dovecot logs. It claims a password mismatch, but I am pretty sure the password is the password to my UNIX user, copy and pasted from my password manager. I can log into my user through VNC by pasting this password and authenticate doas with this password, so unless it somehow pastes differently into Thunderbird...
I also tried authenticating with PAM instead but got
Nov 02 21:03:23 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth
Nov 02 21:03:23 auth: Fatal: Support not compiled in for passdb driver 'pam'
So I guess unfortunately the dovecot binary Alpine distributes doesn't support pam. I might try install a version compiled with pam support just to test it but I'd rather just use the dovecot from my package manager if I can get it to work.
Have you set up the users in that file (/etc/dovecot/users) if you even want to do that instead of just using passwd?
Yep I do want to use passwd/UNIX users, not a users file. Thanks for pointing that out—the tutorial didn't mention it so I assumed I didn't need to change that to get it working with UNIX users.
What do you have your passdb set to if you don't mind me asking?
Thanks, I added $mydomain to mydestination. It seems to be sending although I can't see my mail in ~/Maildir, but this is in the syslog now:
Nov 2 20:45:46 domain mail.info postfix/smtpd[29768]: Anonymous TLS connection es
tablished from mail-43167.protonmail.ch[185.70.43.167]: TLSv1.3 with cipher TLS_AES_
256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1
) server-digest SHA256
Nov 2 20:45:46 domain mail.info postfix/smtpd[29768]: C2E9F125DF5: client=mail-43
167.protonmail.ch[185.70.43.167]
Nov 2 20:45:46 domain mail.info postfix/cleanup[29773]: C2E9F125DF5: message-id=<
id@protonmail.com>
Nov 2 20:45:46 domain mail.info postfix/qmgr[29128]: C2E9F125DF5: from=<my@
protonmail.com>, size=5933, nrcpt=1 (queue active)
Nov 2 20:45:46 domain mail.info postfix/smtpd[29768]: disconnect from mail-43167.
protonmail.ch[185.70.43.167] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=
7
Nov 2 20:45:46 domain mail.info postfix/local[29775]: C2E9F125DF5: passing <user@
domain.com> to transport=lmtp
Nov 2 20:45:46 domain mail.info postfix/lmtp[29776]: C2E9F125DF5: to=<user@domain.c
om>, relay=none, delay=0.05, delays=0.04/0.01/0.01/0, dsn=4.4.1, status=deferred
(connect to mail.domain.com[private/dovecot-lmtp]: No such file or directory)
I think the last message in the log indicates what's wrong but I don't know how to fix it.
You’ll want those to match up, system hostname and postfix’s myhostname, since you’ll need to set the PTR record of your IP to match the hostname your SMTP server identifies itself as, and otherwise your server’s IP resolves to mail.domain.com while the canonical hostname is domain.com. It will work for mail, it’ll just not be nice when your server’s IP resolves to mail.domain.com for stuff that isn’t mail and that isn’t the canonical hostname. I recommend giving it some other hostname (or just setting both to mail.domain.com if the system just handles mail).
So I have the mail server on a server that's hosting a bunch of things on this domain. All the things I'm hosting have the same IP address. On domain.com is a static website (hosted on the same server & IP) for instance.
What would you suggest I set the PTR record to? I don't really want to pay my VPS host for more IP addresses if it's not necessary, but I can if there will be significant problems caused by sharing this IP address. Currently I have multiple PTR records for all the subdomains I'm using, which hasn't caused problems yet...
Hm, with that setup I always have dovecot complaining that it couldn't read
/etc/shadowdespite me addingdovecotto theshadowgroup and/etc/shadowhaving the permissionsI ended up following the configuration here and manually managing an
/etc/dovecot/passwdfile with users and hashed passwords. With this setup I could log in and read my emails in Thunderbird.Thanks for your help though! Even though I couldn't figure out how to set up using UNIX account password authentication, you still helped me figure out that the passdb/userdb settings were the issue so I could keep trying different options till they worked. And I suppose at least this method avoids the security concern of letting dovecot read my entire
/etc/shadowfile.