Getting up my own e-mail host was always fascinating me. Several days ago I finally decided to give it a try.
I have a server in my house that’s hang up near the ceiling in the kitchen. It runs FreeBSD and some sites of mine served by Apache & nginx. I decided to set up a mail system there so I can have a neat address like sοmewhο@i-forge.net.
A friend of mine had told me that Postfix
was easy to set up and that there are a lot of tutorials explaining how to do so. I believed
and first tried setting it up on a virtual maching under VMware (also running FreeBSD 8).
Postfix itself, indeed installed with no problems. However, things started to blow up asI approached Cyrus…
On the VM Cyrus refused to work with Segmentation fault error – I thought that it was
an issue with my VM and as everything else seemed to work fine I moved on to my server.
I hadn’t found many tutorials about Cyrus that were up-to-date (msot of them were as of2003-2008 years) – some option names have changed or disappeared.
After two days of trial I managed to get everything up and running and decided to writethis article.
Naturally, this stem is the easiest one thanks to FreeBSD ports collection. During installation (make install) you might get questions (like «add to mailer.conf?» or «add to group mail?») – answer «y» to any.
Before installing Postfix let’s stop sendmail:
shell$ cd /etc/mail $ make stop
I installed Postfix from /usr/ports/mail/postfix-current/ with all configuration options disabled except the first two:
shell$ cd /usr/ports/mail/postfix-current/ $ make install
FreeBSD’s ports tree has 3 different versions of Cyrus-IMAPd in its collection:
I tried all three versions several times before I decided upon cyrus-imapd22 (v2.2) – maybe others will work for you but now that I’ve finally got everything working I’ll just left this one be.
I installed Cyrus with no options checked (I guess this means it uses Berkeley DB even if it’s unchecked).
shell$ cd /usr/ports/mail/cyrus-imap22/ $ make install
This will also automatically install SASL 2 which we’ll need later.
We need both Postfix’ and Cyrus’ users to be in one group mail. Do so:
shell$ pw user mod postfix -G mail $ pw user mod cyrus -G mail $ pw group show mail mail:*:6:postfix,cyrus
If the output of last comment is the same then everything went smoothly.
Log files can save us a lot of troubles while we’re installign things if we configure them to give us as much info as possible. Add this to /etc/syslogd.conf:
conflocal6.debug /var/log/imapd.log
auth.debug /var/log/auth.log
…create log file for imapd and restart syslogd:
shell$ touch /var/log/imapd $ chmod 0600 /var/log/imapd $ killall -HUP syslogd
This will log info of Cyrus IMAP daemon (imapd.log) and SASL (auth.log) operations. Don’t forget to remove these lines when you’re done setting up your server as log files will grow large pretty fast at debug log level.
You also need to add some services to your /etc/services. Make sure these are present:
confpop3 110/tcp
imap 143/tcp
imaps 993/tcp
pop3s 995/tcp
sieve 2000/tcp
lmtp 2003/tcp
fud 4201/udp
A bit of theory first. Postfix is a replacement for standard sendmail utility that doesn’t only send e-mails but actually accepts them, sorts out, stores, etc. Its implementation is very old and unseure (at times when it was made there was no need to much security – just like with DNS protocols, I guess). sendmail is found on most *nix systems by default AFAIK.
Official Postfix docs are located here.
For postfix to override sendmail it needs to be recorded into /etc/mail/mailer.conf. By default Postfix’ installator already does it for you but if it didn’t you can do this manually. Set /etc/mail/mailer.conf to this:
conf# Execute the Postfix sendmail program, named /usr/local/sbin/sendmail sendmail /usr/local/sbin/sendmail send-mail /usr/local/sbin/sendmail mailq /usr/local/sbin/sendmail newaliases /usr/local/sbin/sendmail
As Postfix postinstall message suggests we also need to manually add these lines to /etc/rc.conf:
confpostfix_enable="YES" # let Postfix run on reboot sendmail_enable="NO" # don't let sendmail start up sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO"
We also can turn off some sendmail tasks that are ran from time to time. This is done in /etc/periodic.conf – if it doesn’t exist, create and fill with this:
confdaily_clean_hoststat_enable="NO" daily_status_mail_rejects_enable="NO" daily_status_include_submit_mailq="NO" daily_submit_queuerun="NO"
Most configuration is done on /usr/local/etc/postfix/main.cf file. We need to change the following options:
If you want to deny some spam messages the following settings will help:
confsmtpd_client_restrictions = permit_mynetworks # hosts must have PTR (reverse DNS) record and they must exist; reject all but FQDN. smtpd_helo_restrictions = permit_mynetworks, reject_unknown_hostname, reject_non_fqdn_hostname, reject_invalid_hostname # require proper HELO/EHLO SMTP greeting. smtpd_helo_required = yes # require FQDN of the sender and make sure that domain really exists. smtpd_sender_restrictions = reject_unknown_sender_domain, reject_non_fqdn_sender
Sometimes it’s adviced to have reject_unknown_client listed in smtpd_client_restrictions – however, if you’ll be sending e-mails from a machine that has no domain name assigned to IP (PTR DNS record) – e.g. from within your network – Postfix will refuse to talk to you at all.
And now final Postfix config options in main.cf:
We’re done with main.cf; let’s switch for master.cf now. Find a line that starts like the following and change it to this (uncomment them if necessary):
confcyrus unix - n n - - pipe flags=u user=cyrus argv=/usr/local/cyrus/bin/deliver -e -r ${sender} -m ${extension} $
It’s important that lines other than the first start with at least one space.
After changing Postfix’ config files when it’s running you need to reload
it using
shpostfix reload command.
There’s a handy Postfix command that will find the location of any Postfix config file:
shell$ postconf alias_maps alias_maps = hash:/usr/local/etc/postfix/aliases
E-mail user name aliases are specified in /usr/local/etc/postfix/main.cf – for example, if you want to receive root’s mail as myself@example.com then change this line:
confroot: you # change the above to: root: myself
You can add more aliases in similar fashion (merns@, erns@ and michaelerns@ will all point to mike@):
confmerns: michaelerns
erns: michaelerns
michaelerns: mike
After changing this file don’t forget to rehash it (as explained in next
section) using
shpostalias or
shnewaliases.
We need to generate hashtables for access, transport and aliases config files:
shell$ postmap /usr/local/etc/postfix/access $ postmap /usr/local/etc/postfix/transport $ postalias /usr/local/etc/postfix/aliases
It seems like the last command can also be ran as
shnewaliases.
Now we can check if Postfix can run:
shell$ postfix start postfix/postfix-script: starting the Postfix mail system $ tail /var/log/messages
Last command should display a bunch of latest messages – if nothing is connected with Postfix then it works fine.
If you’ve already installed Cyrus you can use its smtptest program to talk to Postfix:
shell$ smtptest localhost S: 220 I, the i-forge.net mailer, greet thou. C: EHLO example.com S: 250-i-forge.net S: 250-PIPELINING S: 250-SIZE 10240000 S: 250-VRFY S: 250-ETRN S: 250-ENHANCEDSTATUSCODES S: 250-8BITMIME S: 250 DSN Authenticated. Security strength factor: 0 ^DC: QUIT 221 2.0.0 Bye Connection closed.
Here we see the result of changing smtpd_banner option in main.cf :) If you see
the output similar to above then Postfix accepts mails. Exit
shsmtptest by pressing Ctrl+D.
Now that’s where things get serious. Unlike Postfix I’d spent more time tryign to get
Cyrus running.
Official manual for messing with Cyrus is locatedhere.
Cyrus-IMAP daemon will serve us our mail via some e-mail client like Thunderbird.
Before we proceed I sugest you create symlinks to both config files in /etc/ – I saw comments on the Internet that complained about hardcoded config file oath in Cyrus. As they were old I don’t know if it’s still an issue but let’s create them neverthless:
shell$ ln -s /usr/local/etc/imapd.conf /etc/imapd.conf $ ln -s /usr/local/etc/cyrus.conf /etc/cyrus.conf
This is where most important configuration is defined. Change the following settings in /usr/local/etc/imapd.conf:
/usr/local/etc/imapd.conf might use no configuration but for better behaviour we can tweak it like this:
This is a bit of tricky thing because for some strange reason Cyrus’ script creates paths with parmissions that differ even from the ones described in its own documentation.
First off, change to cyrus user and execute /usr/local/cyrus/bin/mkimap:
shell$ su cyrus $ /usr/local/cyrus/bin/mkimap $ exit
shell$ mkdir /usr/sieve $ chown cyrus:mail /usr/sieve $ chmod 750 /usr/sieve $ $ chown cyrus:mail /var/spool/imap $ chmod 750 /var/spool/imap $ $ chown cyrus:mail /var/imap $ chmod 750 /var/imap
Permission issues have been my pain with Cyrus for a few hours so let’s make sure you can avoid them.
We’ve already fixed perms for IMAP, IMAP spool and SIEVE dirs above; now let’s go for SASL.
For some reason Cyrus installer sets wrong permissions for /usr/local/cyrus and Cyrus’ programs inside /usr/local/cyrus/bin are unavailable so make sure all path components have rx for all users:
shell$ chmod 0755 /usr/local/cyrus
Also, after all installations /etc/mail/mailer.conf tends to be getting wrong perms too – let’s fix it by setting «r» (0644) for all:
-rw-r--r-- 1 root wheel 211 Jan 18 09:34 mailer.conf
After creating IMAP structure in /var/imap and starting Cyrus its LMTP socket will probably have wrong perms (one more stranginess). You need to make it readable for mail group and make sure it belongs to mail group instead of cyrus (which it gets created with):
shell$ ls -l /var/imap/socket/lmtp srwxr--r-- 1 cyrus mail 0 Jan 19 13:36 /var/imap/socket/lmtp=
Sometimes when restarting Cyrus will revert LMTP socket’s permissions back to whatever it thinks they must be (0777 root:mail for me).
Now let’s make /etc/opieaccess and /etc/opiekeys files accessible – I’ve read some guesses of why they are used by Cyrus but nothing specific seemed to be known so I set their perms as the following and it worked:
shell$ ls -l /etc | grep opie -rw-rw---- 1 root mail 446 Nov 21 2009 opieaccess -rw-rw---- 1 root mail 0 Jan 18 10:42 opiekeys
The following error in /var/messages indicates that there’s a problem with the 2 files above:
logJan 18 10:38:03 my imap[49632]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied
Make sure that SASL DB is owned by cyrus and mail:
shell$ ls -l /usr/local/etc | grep sasl -rw-r----- 1 cyrus mail 16384 Jan 18 11:37 sasldb2.db
Meke sure that SASL’s auth mechanisms («mechs») in /usr/local/lib/sasl2 are accessible (rx perms for all):
shell$ ls -l /usr/local/lib | grep sasl2/ drwxr-xr-x 2 root wheel 1024 Jan 14 08:56 sasl2/
If you didn’t do that auth.log will be filled with errors like these:
logJan 18 10:15:54 my lmtpunix[49185]: looking for plugins in '/usr/local/lib/sasl2', failed to open directory, error: Permission denied Jan 18 10:21:20 my imap[49364]: looking for plugins in '/usr/local/lib/sasl2', failed to open directory, error: Permission denied
…and it is also source for issues («no worthy mechs» and «generic failure» of SASL) that were driving me mad the first day:
logJan 14 09:58:22 my perl: No worthy mechs found Jan 14 10:29:29 my imtest: No worthy mechs found Jan 18 11:30:45 my imap[1745]: badlogin: localhost [127.0.0.1] plaintext proger SASL(-1): generic failure: checkpass failed
…which in turn resulted in cyradm not being able to connect to my host:
Login failed: generic failure at .../Cyrus/IMAP/Admin.pm line 118 cyradm: cannot authenticate to server with as cyrus
In fact, unavailable SASL modules will result in imtest displaying no AUTH=xx capabilities as well – which means you can’t login because there are no means for checking your identity loaded.
Alright! We’re finally at the point where we can start up our Cyrus server and see if it works.
Boot Cyrus-IMAP up and see the log:
shell$ /usr/local/etc/rc.d/imapd start $ tail -20 /var/log/messages
Most likely on a freshly installed Cyrus server you’ll get the following warnings:
logJan 18 09:55:57 my master[48708]: process started Jan 18 09:55:58 my ctl_cyrusdb[48709]: recovering cyrus databases Jan 18 09:55:58 my ctl_cyrusdb[48709]: done recovering cyrus databases Jan 18 09:55:58 my master[48708]: ready for work Jan 18 09:55:58 my ctl_cyrusdb[48710]: checkpointing cyrus databases Jan 18 09:55:58 my ctl_cyrusdb[48710]: DBERROR: error listing log files: DB_NOTFOUND: No matching key/data pair found Jan 18 09:55:58 my ctl_cyrusdb[48710]: DBERROR: archive /var/imap/db: cyrusdb error Jan 18 09:55:58 my ctl_cyrusdb[48710]: DBERROR: error listing log files: DB_NOTFOUND: No matching key/data pair found Jan 18 09:55:58 my ctl_cyrusdb[48710]: DBERROR: archive /var/imap/db: cyrusdb error Jan 18 09:55:58 my ctl_cyrusdb[48710]: DBERROR: error listing log files: DB_NOTFOUND: No matching key/data pair found Jan 18 09:55:58 my ctl_cyrusdb[48710]: DBERROR: archive /var/imap/db: cyrusdb error Jan 18 09:55:58 my ctl_cyrusdb[48710]: DBERROR: error listing log files: DB_NOTFOUND: No matching key/data pair found Jan 18 09:55:58 my ctl_cyrusdb[48710]: DBERROR: archive /var/imap/db: cyrusdb error Jan 18 09:55:58 my ctl_cyrusdb[48710]: done checkpointing cyrus databases
This is of no problem – I had searched the Internet and didn’t find anything specific
but later when I got Cyrus running for some time already I understood why it happened.
It’s because there are yet no log files in IMAP database. They’re named like log.0000000001– so if you see no files like that in /var/imap/db then it’s fine and you can ignore
warnings above – when you’ll get first logfile (I got mine pretty soon) they’ll go away.
Just for a record, normal startup of Cyrus yields these lines in logfile:
logJan 19 13:37:37 my master[20111]: process started Jan 19 13:37:37 my ctl_cyrusdb[20112]: recovering cyrus databases Jan 19 13:37:37 my ctl_cyrusdb[20112]: skiplist: recovered /var/imap/mailboxes.db (4 records, 1144 bytes) in 0 seconds Jan 19 13:37:37 my ctl_cyrusdb[20112]: skiplist: recovered /var/imap/annotations.db (0 records, 144 bytes) in 0 seconds Jan 19 13:37:37 my ctl_cyrusdb[20112]: done recovering cyrus databases Jan 19 13:37:37 my master[20111]: ready for work Jan 19 13:37:37 my ctl_cyrusdb[20113]: checkpointing cyrus databases Jan 19 13:37:37 my ctl_cyrusdb[20113]: done checkpointing cyrus databases
Let’s see the talk of our new IMAP server in its nudity – run
shimtest that comes with
Cyrus (note that user login is specified as -a instead of -u):
shell$ imtest -a cyrroot localhost S: * OK my.i-forge.net Cyrus IMAP4 v2.2.13p1 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE AUTH=NTLM AUTH=GSSAPI AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR S: C01 OK Completed C: A01 AUTHENTICATE NTLM TlRMTVNTUAABAAAABwIAAAAAAAAgAAAAAAAAACAAAAA= S: + TlRMTVNTUAACAAAAHAAcADAAAAAFAgIA5cwJTQjnMNoAAAAAAAAAAAAAAAAAAAAATQBZAC4ASQAtAEYATwBSAEcARQAuAE4ARQBUAA== Please enter your password:
Let’s examine what we have here: at first a usual greeting («server ready») after which
a very important line follows (* CAPABILITY IMAP4...) – it tells us which features the
server supports. What we need here are caps starting with «AUTH=» – they list SASL auth
mechanisms that are available.
Naturally, to be able to connect we need at least one authorization mechanism listed –if you see none then go back to Fixing permissions section and recheck SASL perms.
After more technical info (which may vary depending on auth method imtest chose to
use; by default it uses the strongest available) a password prompt follows.
After you’ve successfully entered it you must see something like this:
S: A01 OK Success (no protection) Authenticated. Security strength factor: 0
Press Ctrl+D to logout from IMAP session.
If you examine auth.log, imapd.log or debug.log you’ll see some traces of your presence.
As we’re using SASL to manage user accounts the following 2 commands are useful for us:
shadduser,
shpw and such).Let’s now add Cyrus admin accounts that you specified in admins option of /usr/local/etc/imapd.conf:
shell$ saslpasswd2 -c <admin> Password: Again (for verification):
You can delete existing accounts as -d:
shell$ saslpasswd2 -d user
Verify that accounts were added:
shell$ sasldblistusers2 cyrroot@example.com: userPassword proger@example.com: userPassword
Cyrus has an admin tool cyradm which connects to any (even remote) Cyrus server and lets you manage it.
Let’s connect right now (connect with any user listed in admins config of imapd.conf):
shell% cyradm -u <one_of_admins> localhost Segmentation fault.
That was a second deadlock I got stuck in yesterday. Why the hell would it segfault? I
still have no ideas regarding possible causes of that but I’ve got a solution.
First check if segmentation fault is occurring because of authorization methods – likeit was for me:
shell$ cyradm cyradm> connect -noauth localhost localhost>
If you got localhost> prompt then segfault is happening due to an auth mechanism
used by cyradm. You can fix it if you force a different mechanism.
Do you remember capabilities that Cyrus has sent to us when we connected to it viaimtest? That’s what we need. Let’s take one of others – I hoose CRAM-MD5. It’s
done by --auth parameter:
shell$ cyradm --auth CRAM-MD5 -u <admin> localhost Password: localhost>
Hey, it works! We’re inside our server. Now let’s create a mailbox for ourselves that we’ll use as normal users (remember – don’t receive mail as an admin):
shcyradm – see below.shsaslpasswd2 -c <login>shadduser or
shpw user add.shadduser and similar will create a home directory for you (default /home/<user>) it can be safely deleted after creating the user.If you attempt to send an e-mail to a user which has a mailbox and exists in SASL database but doesn’t has system user created the mail will be rejected with message
Recipient address rejected: User unknown in local recipient table.
Last 2 steps are simple and the 2nd is even covered above so I’ll only explain the first here.
Log into your Cyrus using one of administrator logins:
shell$ cyradm --auth CRAM-MD5 -u <admin> localhost localhost> cm user.proger localhost> lm user.proger (\HasChildren) user.proger.Sent (\HasNoChildren) user.proger.Drafts (\HasNoChildren) user.proger.Trash (\HasNoChildren)
You probably won’t have all folders (Sent/Drafts/Trash) right now but at least one must exist.
Exit
shcyradm by Ctrl+D.
As might have noticed, mailbbox names have this format: user.<login>[.<folder>]– beginning with «user.» – it’s said in the documentation so let it be.
By the way, yf you like Unix-style slashes more than dots you can use them instead so mailboxes will look like «user/proger/Drafts» – just set unixhierarchysep of imapd.conf to «yes».
You can set quota and perform other useful operations – type «help» in
shcyradm for the
lsit of commands. Note that some of them need special permissions.
localhost> setquota user.proger 512000 quota:512000 localhost> listquota user.proger STORAGE 15451/512000 (3.0177734375%)
Note that setquota takes argument in Kilobytes – not bytes.
Users will be warned by IMAP server on each connect when they come close to their limit –
normally such warnings are shown as «Server message: …» by mail clients. Default threshold
of showing warnings is 90%; you can change it as quotawarn in imapd.conf (don’t
forget to
sh/usr/local/etc/rc.d/imapd restart after changing Cyrus’ config).
Even if you’re logged in as one of Cyrus admins you can’t delete a mailbox by just
typing delete <mbox> – this operation requires «c» right and by default Cyrus doesn’t
assign it to root – only to mailbox owner.
So in order to delete a mailbox you need to assign «c» perm to yourself:
shell$ localhost> setacl <mbbox> <your_login> c $ localhost> delete a
Postfix has 2 size limit config options that are specified in /usr/etc/postfix/main.cf:
By default these values are 10 MiB for message size limit and 50 MiB for mailbox limit. You can set either (or both) of them to 0 to indicate that there’s no limit imposed.
We’ve reaced a point when we can finally test all parts working together – Postfix receiving mails (via SMTP) and Cyrus serving them via IMAP.
Get your favourite e-mail client and set up new account with login/password you used
when calling saslpasswd2 and cm command of
shcyradm. You should be able to see
empty IMAP tree shortly.
After doing all things described above you should be able to send/receive e-mails without problems – so send yourself an e-mail from an account on a different mail server and see if it’s been received; then compose one yourself and send it somewhere via your brand-new mail host.
If things don’t work well first thing you do is obvious – check the logs. However, this
doesn’t fix anything if itself and sometimes they even keep silent.
In this case you switch to Postfix admin tools.
Mail queue keeps messages that are yet to be processed (sent or delivered). In Postfix you can display them like this:
shell$ postqueue -p Mail queue is empty
Or its output might look like this:
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
C136C5C003 532 Wed Jan 19 13:42:58 proger i-forge net
(host mx.pochta.ru[x.x.x.x] said: 450 Your host is greylisted, please retry later. (in reply to end of DATA command))
mailme smtp ru
-- 1 Kbytes in 1 Request.
You can remove everything from the queue, discarding undelivered e-mails:
shell$ postsuper -d ALL postsuper: Deleted: 1 message
Unlike postqueue which needs basic priviledges postsuper can only be ran by root.
As written in the Postfix’ docs you can send mails
as you would with usual
shsendmail using -v parameter but status reports will be mailed
to your account instead of being displayed in console (this is because Postfix runs as
daemon and doesn’t execute queries right off the bat; see
shpostqueue and such).
sh/usr/sbin/sendmail -bv you@example.comsh/usr/sbin/sendmail -v you@example.comIn both variants you’ll get the following message:
Mail Delivery Status Report will be mailed to <your login name or From-field>.
Some answers were taken from here.
logpostfix/lmtp[563]: …status=deferred (connect to /var/imap/socket/lmtp[/var/imap/socket/lmtp]: Permission denied
The above error message tells you that lmtp:unix:/var/imap/socket/lmtp is inaccessible by Postfix. It can be fixed by changing its perms as described here.
If you’ve just created a mailbox but can’t connect to it make sure the user has all perms to it (by default it’s the case). Assuming that mailbox is named user.proger and user name is proger:
shell$ cyradm -... localhost> setacl user.proger proger all
logJan 19 08:57:45 my lmtpunix[14917]: verify_user(user.proger) failed: Over quota
This error means a user has exceeded his quota. However, if you’re sure that he hasn’t
(e.g. listquota of
shcyradm tells so) and you’ve just increased it then maybe it’s
too early yet – quota changes take up to a few minutes to apply.
I’ve also seen a piece of advice on the web to run these commands from within
shcyradm
whenever you’re running over problems with mailboxes:
shell$ localhost> reconstruct -r <mbox> $ localhost> quota -f <mbox>
It can occur in 2 cases that I’m aware of:
You can check if it’s BDB’s issue like this:
shell$ ldd /usr/local/cyrus/bin/ctl_cyrusdb | grep libdb libdb41.so.1 => /usr/local/lib/libdb41.so.1 (0x2814e000)
Compare the result on both machines and you’ll get your answer. You can read more about this problem here.
reject: RCPT from example.com[x.x.x.x]: 554 <someone at example.com>: Relay access denied; from=<one at other.com> to=<someone at example.com> proto=ESMTP helo=<hello>
The above error message appears if Postfix refused to send mail to a host. Check mynetworks_style option of Postfix’ main.cf, as well as relay_domains and related.
Some people say
that Cyrus has a hardcoded 2 GiB limit of mailbox quota so even if
shcyradm successfully
sets quota above that number Cyrus itself will work as if it’s just 2 GiB.
See this articlefor more information.
<root@example.com> (expanded from <root>): host i-forge.net[/var/imap/socket/lmtp] said: 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown (in reply to RCPT TO command)
logJan 20 13:14:41 my lmtpunix[1994]: verify_user(user.root) failed: Mailbox does not exist
E-mail user name alias file of Postfix is located at /usr/local/etc/postfix/aliases
and defines alternative account names that can be redirected to other users, written to
file(s) and more.
The format of this file is described in details here.Normally you would like to redirect root’s mails to some address and the following line
will do so – send all root’s mail to myself:
root: myself
However, if Postfix still complains that there’s no root mailbox (or whatever) and you’re using hash file type of access file (alias_maps = hash:/usr/local/etc/postfix/aliases):
shell$ newaliases $ postfix reload
confalias_maps = hash:/usr/local/etc/postfix/aliases alias_database = hash:/usr/local/etc/postfix/aliases
Don’t forget to refresh Postfix and hash DB after modifications (item #1).
logJan 21 11:19:47 my postfix/local[14428]: fatal: main.cf configuration error: mailbox_size_limit is smaller than message_size_limit
The above error might be output into /var/log/maillog.
In any case you need to check mailbox & message size limits as explained here.
Recipient address rejected: User unknown in local recipient table.
This usually happens when you’ve added a user’s mailbox and added its password to SASL
database but didn’t create a system user (via
shadduser or
shpw user add).
Please refer to the Adding new mailbox/user section for more details.