-2

I have setup MySQL,Postfix & PostfixAdmin (https://github.com/postfixadmin/postfixadmin) as separate VMs :

sql.example.net - 192.168.99.10
smtp.example.net - 192.168.99.15
admin.example.net - 192.168.99.2

I followed the installation instructions for PostfixAdmin, created the DB and user, ran the PA setup and it configures the DB correctly. I can see the tables and add domains and mailboxes in. However when i try and send an email to smtp.example.net, postfix fails to deliver the email and throws lookup errors as :

Nov 15 00:23:03 smtp postfix/virtual[1522]: error: open /etc/postfix/sql/mysql_virtual_mailbox_maps.cf: Permission denied
Nov 15 00:23:03 smtp postfix/virtual[1522]: error: open /etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf: Permission denied
Nov 15 00:23:03 smtp postfix/virtual[1522]: warning: mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf is unavailable. open /etc/postfix/sql/mysql_virtual_mailbox_maps.cf: Permission denied

File /etc/postfix/sql/mysql_virtual_mailbox_maps.cf is as follows :

user = postfix
password = SMTP_POSTFIX_PASS
hosts = sql.example.net
dbname = postfix
query           = SELECT maildir FROM mailbox WHERE username='%s' AND active = '1'
#expansion_limit = 100

ls -la /etc/postfix/sql/mysql_virtual_mailbox_maps.cf
-rw-r--r-- 1 root root 207 Nov 15 00:17 /etc/postfix/sql/mysql_virtual_mailbox_maps.cf
ls -la /etc/postfix
drwxr-x---  6 root root  4096 Nov 15 00:29 .
drwxr-xr-x 86 root root  4096 Nov 15 00:19 ..
-rw-r--r--  1 root root    99 Nov 15 00:19 dynamicmaps.cf
drwxr-xr-x  2 root root  4096 Apr  1  2019 dynamicmaps.cf.d
-rw-r--r--  1 root root  1686 Nov 15 00:19 main.cf
-rw-r--r--  1 root root 27129 Nov 15 00:19 main.cf.proto
-rw-r--r--  1 root root  6208 Nov 15 00:19 master.cf
-rw-r--r--  1 root root  6208 Nov 15 00:19 master.cf.proto
-rwxr-xr-x  1 root root 29872 Apr  1  2019 post-install
-rw-r--r--  1 root root 10268 Apr  1  2019 postfix-files
drwxr-xr-x  2 root root  4096 Nov 15 00:19 postfix-files.d
-rwxr-xr-x  1 root root 11532 Apr  1  2019 postfix-script
drwxr-xr-x  2 root root  4096 Apr  1  2019 sasl
drw-r--r--  2 root root  4096 Nov 15 00:19 sql

I can use the mysql command line client from smtp.example.net to connect to sql.example.net with username : postfix and password : SMTP_POSTFIX_PASS and run select commands on the tables

mysql -upostfix -p -h sql.example.net postfix
MariaDB [postfix]> SELECT maildir FROM mailbox WHERE username='test1@example.net' AND active = '1';
+-------------------+
| maildir           |
+-------------------+
| example.net/test1/ |
+-------------------+
1 row in set (0.000 sec)

/etc/postfix/main.cf :

smtpd_banner = ESMTP
relayhost = 
inet_interfaces = all
mynetworks_style = host
inet_protocols = ipv4
local_recipient_maps = 
mydestination = 
delay_warning_time = 4h
unknown_local_recipient_reject_code = 450
maximal_queue_lifetime = 7d
minimal_backoff_time = 1000s
maximal_backoff_time = 8000s
smtp_helo_timeout = 60s
smtpd_recipient_limit = 16
smtpd_soft_error_limit = 3
smtpd_hard_error_limit = 12
smtpd_helo_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_hostname, reject_invalid_hostname, permit
smtpd_sender_restrictions = permit_mynetworks, warn_if_reject reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauth_pipelining, permit
smtpd_client_restrictions = reject_rbl_client sbl.spamhaus.org, reject_rbl_client blackholes.easynet.nl
smtpd_recipient_restrictions = reject_unauth_pipelining, permit_mynetworks, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination, permit
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_delay_reject = yes
disable_vrfy_command = yes
alias_maps = hash:/etc/postfix/aliases
alias_database = hash:/etc/postfix/aliases
virtual_mailbox_base = /vmail
virtual_mailbox_maps = mysql:/etc/postfix/sql/mysql_virtual_mailbox_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_mailbox_maps.cf
virtual_alias_maps = mysql:/etc/postfix/sql/mysql_virtual_alias_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_maps.cf, mysql:/etc/postfix/sql/mysql_virtual_alias_domain_catchall_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/sql/mysql_virtual_domains_maps.cf
virtual_uid_maps = static:150
virtual_gid_maps = static:8
compatibility_level = 2


mysql : Ver 15.1 Distrib 10.3.17-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2
postfix : mail_version = 3.4.5
postfixadmin : 3.2

I can not see any issues with file permissions (if I grant less restrictive permissions to the sql folder or the .cf files within it, postfix complains about it on startup) I have confirmed that I can access the DB and tables from the machine running postfix and have hunted high and low for hours on google :(

Anyone able to tell me what I am doing wrong?

Marl
  • 169
  • 1
  • 7

1 Answers1

0

Thanks to some people on IRC #postfix I found the issue, so for future me and anyone else who comes across this issue :

NOT WORKING

# namei /etc/postfix/sql/mysql_virtual_domains_maps.cf  -lv
f: /etc/postfix/sql/mysql_virtual_domains_maps.cf
drwxr-xr-x root root /
drwxr-xr-x root root etc
drwxr-x--- root root postfix
drwxr-xr-x root root sql
-rw-r--r-- root root mysql_virtual_domains_maps.cf

(Command namei simply lists all the folders leading upto the final file, and -lv displays the permissions)

My issue was that the postfix folder had permission drwxr-x---, so owner and group could access the folder but all others had no access, didn't stop postfix from reading its own config files, but did stop it reading the other config files

WORKING PERMISSIONS

# namei /etc/postfix/sql/mysql_virtual_domains_maps.cf  -lv
f: /etc/postfix/sql/mysql_virtual_domains_maps.cf
drwxr-xr-x root root /
drwxr-xr-x root root etc
drwxr-xr-x root root postfix
drwxr-xr-x root root sql
-rw-r--r-- root root mysql_virtual_domains_maps.cf

Take note, the postfix folder now has read/exec permissions for all users (not just owner and group). As soon as this was updated, postfix starting reading the .cf files and worked great.

Marl
  • 169
  • 1
  • 7