-1

[Please read before marking as duplicate]

I have installed Postfix and dovecot on Ubuntu (for virtual Users).

So i can login into the mail server from home using cellphone(mail app) and even on windows(Windows Mail).

but when i move to a different location, i cannot login anymore.

So i tried to change mynetwork to 0.0.0.0 in /etc/postfix/main.cf and it's not helping:

#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks = 0.0.0.0

How can i fix this problem?

Edit

i followed this tutorial: linuxize

Mail Client on cellphone

The email server (mail.example.net) is not responding.
you can continue the setup process but you'll not be able to receive emails until your account has been verified by the server

root@mail:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere
Nginx Full                 ALLOW       Anywhere
80                         ALLOW       Anywhere
443                        ALLOW       Anywhere
21/tcp                     ALLOW       Anywhere
924                        ALLOW       Anywhere
25                         ALLOW       Anywhere
25/tcp                     ALLOW       Anywhere
Anywhere                   ALLOW       168.167.80.116
22 (v6)                    ALLOW       Anywhere (v6)
Nginx Full (v6)            ALLOW       Anywhere (v6)
80 (v6)                    ALLOW       Anywhere (v6)
443 (v6)                   ALLOW       Anywhere (v6)
21/tcp (v6)                ALLOW       Anywhere (v6)
924 (v6)                   ALLOW       Anywhere (v6)
25 (v6)                    ALLOW       Anywhere (v6)
25/tcp (v6)                ALLOW       Anywhere (v6)
995 (v6)                   ALLOW       Anywhere (v6)
993 (v6)                   ALLOW       Anywhere (v6)

/var/log/dovecot-debug.log

Aug 26 09:28:12 auth: Debug: auth client connected (pid=0)
Aug 26 09:28:12 auth: Debug: auth client connected (pid=0)
Aug 26 09:28:12 auth: Debug: auth client connected (pid=0)
Aug 26 09:28:12 auth: Debug: auth client connected (pid=0)

/var/log/mail.log

Aug 26 09:29:03 mail postfix/smtpd[2179]: connect from fml.ips.net[ip.address.here]
Aug 26 09:29:03 mail postfix/smtpd[2178]: connect from fml.ips.net[ip.address.here]
Aug 26 09:29:03 mail postfix/smtpd[2180]: connect from fml.ips.net[ip.address.here]
Aug 26 09:29:03 mail postfix/smtpd[2181]: connect from fml.ips.net[ip.address.here]
Aug 26 09:29:03 mail postfix/smtpd[2178]: lost connection after EHLO from fml.ips.net[ip.address.here]
Aug 26 09:29:03 mail postfix/smtpd[2178]: disconnect from fml.ips.net[ip.address.here]
Aug 26 09:29:03 mail postfix/smtpd[2179]: lost connection after EHLO from fml.ips.net[ip.address.here]
Aug 26 09:29:03 mail postfix/smtpd[2179]: disconnect from fml.ips.net[ip.address.here]
Aug 26 09:29:03 mail postfix/smtpd[2180]: lost connection after EHLO from fml.ips.net[ip.address.here]
Aug 26 09:29:03 mail postfix/smtpd[2180]: disconnect from fml.ips.net[ip.address.here]
Aug 26 09:29:03 mail postfix/smtpd[2181]: lost connection after EHLO from fml.ips.net[ip.address.here]
Aug 26 09:29:03 mail postfix/smtpd[2181]: disconnect from fml.ips.net[ip.address.here]

/etc/postfix/master.cf

# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#smtp      inet  n       -       -       -       1       postscreen
#smtpd     pass  -       -       -       -       -       smtpd
#dnsblog   unix  -       -       -       -       0       dnsblog
#tlsproxy  unix  -       -       -       -       0       tlsproxy
submission inet n       -       y       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
smtps     inet  n       -       y       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       -       -       -       qmqpd
pickup    unix  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      unix  n       -       n       300     1       qmgr
#qmgr     unix  n       -       n       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
#  mailbox_transport = lmtp:inet:localhost
#  virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus     unix  -       n       n       -       -       pipe
#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix  -       n       n       -       -       pipe
#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

/etc/dovecot/conf.d/10-master.conf

#default_process_limit = 100
#default_client_limit = 1000

# Default VSZ (virtual memory size) limit for service processes. This is mainly
# intended to catch and kill processes that leak memory before they eat up
# everything.
#default_vsz_limit = 256M

# Login user is internally used by login processes. This is the most untrusted
# user in Dovecot system. It shouldn't have access to anything at all.
#default_login_user = dovenull

# Internal user is used by unprivileged processes. It should be separate from
# login user, so that login processes can't disturb other processes.
#default_internal_user = dovecot

service imap-login {
  inet_listener imap {
    #port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }

  # Number of connections to handle before starting a new process. Typically
  # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
  # is faster. <doc/wiki/LoginProcess.txt>
  #service_count = 1

  # Number of processes to always keep waiting for more connections.
  #process_min_avail = 0

  # If you set service_count=0, you probably need to grow this.
  #vsz_limit = $default_vsz_limit
}

service pop3-login {
  inet_listener pop3 {
    #port = 110
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}

service submission-login {
  inet_listener submission {
    port = 587
  }
}

service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    mode = 0600
    user = postfix
    group = postfix
  }

  # Create inet listener only if you can't use the above UNIX socket
  #inet_listener lmtp {
    # Avoid making LMTP visible for the entire internet
    #address =
    #port =
  #}
}

service imap {
  # Most of the memory goes to mmap()ing files. You may need to increase this
  # limit if you have huge mailboxes.
  #vsz_limit = $default_vsz_limit

  # Max. number of IMAP processes (connections)
  #process_limit = 1024
}

service pop3 {
  # Max. number of POP3 processes (connections)
  #process_limit = 1024
}

service submission {
  # Max. number of SMTP Submission processes (connections)
  #process_limit = 1024
}

service auth {
  # auth_socket_path points to this userdb socket by default. It's typically
  # used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
  # full permissions to this socket are able to get a list of all usernames and
  # get the results of everyone's userdb lookups.
  #
  # The default 0666 mode allows anyone to connect to the socket, but the
  # userdb lookups will succeed only if the userdb returns an "uid" field that
  # matches the caller process's UID. Also if caller's uid or gid matches the
  # socket's uid or gid the lookup succeeds. Anything else causes a failure.
  #
  # To give the caller full permissions to lookup all users, set the mode to
  # something else than 0666 and Dovecot lets the kernel enforce the
  # permissions (e.g. 0777 allows everyone full permissions).
  unix_listener auth-userdb {
    mode = 0600
    user = vmail
    group = vmail
  }

  # Postfix smtp-auth
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }

  # Auth process is run as this user.
  #user = $default_internal_user
}

service auth-worker {
  # Auth worker process is run as root by default, so that it can access
  # /etc/shadow. If this isn't necessary, the user should be changed to
  # $default_internal_user.
  user = vmail
}

service dict {
  # If dict proxy is used, mail processes should have access to its socket.
  # For example: mode=0660, group=vmail and global mail_access_groups=vmail
  unix_listener dict {
    mode = 0600
    user = vmail
    group = vmail
  }
}
chawila
  • 177
  • 7
  • 2
    That configuration has nothing to do with IMAP/POP3 login. What you've done is set your system to be an open relay for the whole world. If you've not yet been used as a spam source, it's pure luck. – Jenny D Aug 26 '19 at 09:32
  • 2
    In order to be able to help you, we'd need to know what the error message is that you're getting, what your dovecot config looks like, what the IMAP/POP3 logs show from the failed attempts. – Jenny D Aug 26 '19 at 09:34
  • @Jenny D Thanks for replying, i have updated my question. – chawila Aug 26 '19 at 13:47
  • 1
    You still haven't posted the actual error message you're getting. But for starters, in the file `/etc/dovecot/conf.d/10-master.conf`, you have configured your server to listen to ports 993 and 995. Those ports are not open in your firewall. If you want to be able to connect from other systems you need to open those ports. – Jenny D Aug 26 '19 at 14:11
  • There is no other error, but on my phone it says: `The email server (mail.example.net) is not responding. you can continue the setup process but you'll not be able to receive emails until your account has been verified by the server` – chawila Aug 26 '19 at 14:33
  • Opened ports? Are they listening on 0.0.0.0? -> From a remote (not on your home lan) machine try to telnet the port: `telnet mail.yourdomain.com 993` & `telnet mail.yourdomain.com 995` - do you see it connect? If you do not, the problem is your routing/nat. If you do connect, more than likely it's your dovecot configs. – B. Shea Aug 26 '19 at 14:43
  • 1
    @bshea, thank for your comment but you came late to the party, i opened them and it's now woriing like a charm!! – chawila Aug 26 '19 at 14:47
  • Yeah noted that :-) – B. Shea Aug 26 '19 at 14:52

2 Answers2

1

This is likely an issue at your router. You need to forward the IMAP and POP3 ports to your server. I would suggest that you require TLS and forward the IMAPS and POP3S ports as well. The LetsEncrypt project allows you to get a trusted certificate, although for a small network self-signed certificates will work.

You will likely need to configure a DDNS (Dynamic DNS) name for your home so that you can connect remotely. This will be a different name than you have at home. This can be fixed by setting up a custom record in your local DNS server such as Dnsmasq.

BillThor
  • 27,354
  • 3
  • 35
  • 69
  • **that seems more technical**, can you try explaining in `layman's term`. i have also updated my question. – chawila Aug 26 '19 at 13:45
0

Finally it's working. Just open the ports. sorry for all the headaches i caused..

chawila
  • 177
  • 7
  • 1
    Make sure you fix your postfix `mynetworks` directive (in your OP). You are trusting ALL ip's with 0.0.0.0 under postfix. That directive holds trusted networks/IPs, not the listener IP. READ: http://www.postfix.org/postconf.5.html#mynetworks – B. Shea Aug 26 '19 at 14:49
  • 1
    Thanks. i will check it out. – chawila Aug 26 '19 at 14:50
  • 1
    Put 127.0.0.1 and your LAN network (192.168.1.0/24 for instance) under `mynetworks` - that is all. (and ip6 ones if you use ip6). `0.0.0.0` (or ip6 = `::/0`) should >never< ever be used in that directive unless you want to relay everyone on Internet. Mine: `mynetworks = 10.9.9.0/24 23.23.23.24/32 127.0.0.0/8` (10. is my lan, 23. is my remote web server, 127 of course is local only box) - and again this has nothing to do with dovecot/imap or pop. – B. Shea Aug 26 '19 at 14:57