Mail setup tutorial - Testing and startup

1. Preparations
2. Courier IMAP
3. Cyrus SASL2
4. Postfix
5. Testing and startup
6. Setting up TLS
7. Squirrelmail
8. Spamassassin

This article assumes that you've followed the steps in the previous articles of this tutorial

You are now ready to test if everything works as intended. Postfix has a check command that provides validation of the configuration files. It will inform you of any errors. It doesn't matter which folder you're currently positioned in, when you do this:

postfix check

If Postfix correctly installed and configured, nothing is returned. If there are any problems the command will report them to you both on screen and in your log file (/var/log/maillog).

After a succesfull check, you can start Postfix:

postfix start

You also need to start IMAP and POP3 services:

cd /usr/local/etc/rc.d/
./courier-authdaemond.sh start
./courier-imap-pop3d.sh start
./courier-imap-pop3d-ssl.sh start
./courier-imap-imapd.sh start
./courier-imap-imapd-ssl.sh start

The system should now respond to the following ports:

The netstat command will show you if this is actually the case:

netstat -p tcp -an

Check for these lines in the output

Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp4       0      0  *.25                   *.*                    LISTEN
tcp4       0      0  *.110                  *.*                    LISTEN
tcp4       0      0  *.995                  *.*                    LISTEN
tcp4       0      0  *.993                  *.*                    LISTEN
tcp4       0      0  *.143                  *.*                    LISTEN

Testing incoming mail

The accounts you've created can not be used for sending mail if the folder of the account has not been created yet in /usr/local/virtual/. But the system creates it automatically the first time it receives a mail for the account.

Try to send a mail to the account you've created earlier. Use your hotmail account or another account from outside your server.

If the mail has been received correctly, the message is stored in the folder of the account:

cd /usr/local/virtual/postmaster@domain.tld/new/
ls
1088643664.V27405Id03be.example.domain.tld

Since mail is received for a local user, the SMTP authentication with SASL doesn't take effekt. This only happens when mail is received for delivery outside the system (aka relaying).

Testing relay

Your system should be water-proof ... relay from localhost is always okay, but if anyone tries to connect from the outside world, your mail server should ask them to authenticate.

Here's a simpel test on localhost (bold text is provided by you):

telnet mail.domain.tld 25
Trying 123.456.789.10...
Connected to mail.domain.tld.
Escape character is '^]'.
220 mail.domain.tld ESMTP Postfix
EHLO mail.domain.tld
250 mail.nerdgirl.dk
MAIL FROM: my@sender.tld
250 Ok
RCPT TO: my@recepient.tld
250 Ok
DATA
354 End data with .
Subject: A little test message
Hello from me
.
250 Ok: queued as 4A7F842
quit
221 Bye
Connection closed by foreign host.

Remember to replace 'domain.tld' with your own domain name.

Note that you can send mail with no questions asked. But if you connect to your server from another server, this is what should happen:

telnet mail.domain.tld 25
Trying 123.456.789.10...
Connected to mail.domain.tld.
Escape character is '^]'.
220 mail.domain.tld ESMTP Postfix
EHLO mail.domain.tld
250-mail.domain.tld
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
250-AUTH=NTLM LOGIN PLAIN GSSAPI DIGEST-MD5 CRAM-MD5
250 8BITMIME
MAIL FROM: my@sender.tld
250 Ok
RCPT TO: my@recepient.tld
554 : Relay access denied
QUIT
221 Bye
Connection closed by foreign host.

As you can se from the above, you are presented with different methods of authentication. If you try to send a mail anyway, you'll be rejected.

But if you have an account, you can login and do your business...:

telnet mail.domain.tld 25
Trying 123.456.789.10...
Connected to mail.domain.tld.
Escape character is '^]'.
220 example.domain.tld ESMTP Postfix
EHLO domain.tld
250-example.domain.tld
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-XVERP
250 8BITMIME
AUTH LOGIN cG9zdG1hc3RlckBuZXJkZ2lybC5kaw==
334 UGFzc3dvcmQ6
Ym9ndXNwYXNz
235 Authentication successful
MAIL FROM: my@sender.tld
250 Ok
RCPT TO: my@recepient.tld
250 Ok
DATA
354 End data with .
Subject: A little test message
Hello from me
.
250 Ok: queued as 4A7F842
quit
221 Bye
Connection closed by foreign host.

Username and password must be encoded in base64. Remember that the username in this mail setup is the complete mail address. Below I've provided a little tool for this:

Note the two lines 250-AUTH LOGIN PLAIN and 250-AUTH=LOGIN PLAIN. If they don't show up in your test, SASL hasn't been configurated correctly.

Testing IMAP and POP3

Now is the time to see if users can connect through a mail client. I use Mozilla Thunderbird, but you might have another favorite client you want to use.

If things don't work as expected, don't jump to conclusions thinking that you probably did something wrong at your server. I struggled for two days checking logs and configurations files ... then I found out that Norton Antivirus was interfering. Also later I came across a server-side firewall where port 143 was blocked.

If you are sure that client- and/or server-side antivirus- and firewall software is not the reason for your trouble, take a look at your logs (both maillog and mysqllog). Most of the time they will give you hints in the right direction.