SMTP and IMAP doesn't work properly on Virtualmin --minimal install

9 posts / 0 new
Last post
#1 Mon, 09/25/2017 - 08:57
trenzterra

SMTP and IMAP doesn't work properly on Virtualmin --minimal install

Hi there,

Was re-setting up my web server and decided to give Virtualmin --minimal a go. Using DigitalOcean VPS and Ubuntu 16.04 on a LEMP installation.

Everything works fine and I am very satisfied with the setup. I am configuring an SSL-enabled website with LetsEncrypt and have setup Dovecot and Postfix to use the LE generated cert. Webmail works fine with Usermin, but SMTP and IMAP refuses to work properly no matter what I do. I noted that saslauthd wasn't installed, so I went to apt install sasl2-bin. Still, I am getting the following errors in my log:

Sep 25 13:47:54 buyfromwhere dovecot: imap-login: Login: user=<buyfromwhere>, method=PLAIN, rip=2406:3003:2064:4d3:e497:4468:fc82:5ff5, lip=2400:6180:0:d0::21:1, mpid=28129, TLS, session=<4GI5zgNaOcokBjADIGQE0+SXRGj8gl/1> Sep 25 13:47:55 buyfromwhere dovecot: imap(buyfromwhere): Logged out in=8 out=395 Sep 25 13:47:59 buyfromwhere dovecot: imap-login: Login: user=<buyfromwhere>, method=PLAIN, rip=2406:3003:2064:4d3:e497:4468:fc82:5ff5, lip=2400:6180:0:d0::21:1, mpid=28131, TLS, session=<bPCCzgNaO8okBjADIGQE0+SXRGj8gl/1> Sep 25 13:47:59 buyfromwhere dovecot: imap(buyfromwhere): Error: open(/var/mail/buyfromwhere) failed: Permission denied (euid=1000(buyfromwhere) egid=1000(buyfromwhere) missing +w perm: /var/mail, we're not in group 8(mail), dir owned by 0$ Sep 25 13:47:59 buyfromwhere dovecot: imap(buyfromwhere): Error: Failed to autocreate mailbox INBOX: Internal error occurred. Refer to server log for more information. [2017-09-25 13:47:59] Sep 25 13:48:12 buyfromwhere postfix/smtpd[28127]: connect from unknown[2406:3003:2064:4d3:e497:4468:fc82:5ff5] Sep 25 13:48:15 buyfromwhere postfix/smtpd[28127]: warning: SASL authentication failure: Password verification failed Sep 25 13:48:15 buyfromwhere postfix/smtpd[28127]: warning: unknown[2406:3003:2064:4d3:e497:4468:fc82:5ff5]: SASL PLAIN authentication failed: authentication failure Sep 25 13:48:16 buyfromwhere postfix/smtpd[28127]: warning: unknown[2406:3003:2064:4d3:e497:4468:fc82:5ff5]: SASL LOGIN authentication failed: authentication failure

I have triple-checked my username and password credentials and they are correct. But somehow, something is preventing me from logging in when I use Thunderbird or my Android email client. I tried re-imaging another copy of Ubuntu 16.04 with the same issue.

However, if I re-image and run a full Virtualmin installation without --minimal, everything works fine... It seems as though the --minimal install is not setting some things up properly?

Any help would be greatly appreciated.

Mon, 09/25/2017 - 11:42
paulocoghi

I am having the exact same issue.

Mon, 09/25/2017 - 15:58
noisemarine

--minimal does not install mail. That's why it's minimal. Some users want to handle their email on a different server so they don't need all the mail bits on their webservers.

Mon, 09/25/2017 - 21:31
Joe
Joe's picture

If you want a full-featured Virtualmin system with the full mail server, you don't want the --minimal option. This isn't a bug, this is what --minimal is for. As noisemarine notes, the minimal option pretty much leaves out the mail bits. The logic being, the mail stack is very large, very resource intensive (especially ClamAV), and not everyone wants mail hosted locally.

Ideally, we'd have a number of install targets for various feature combinations...but, that'll take a lot of testing. Right now, it's possible to piece together a configuration you like, with just the bits you want, but, it does require more knowledge.

So...my question is: What were you expecting from the --minimal installation flag? What did you think was left out or should be left out of an install target called --minimal? If there's going to be a --minimal target, it's obviously got to be smaller than the full installation target...something has to go away, and mail seemed the obvious choice. My concern was that I was still installing/configuring too much to really call it minimal...but, that seems to have been unfounded.

To be clear: Most users should not use the --minimal install target. You can always turn off features from the full target you don't want after installation; there's no harm in installing everything, and then picking and choosing the bits you want. The two obvious use cases for the --minimal target: A very low memory system (768MB or less) that won't be hosting mail, or a Virtualmin system in a hosting environment that has much of the mail stack running on a central server using Cloudmin services (and even then you'd need to install the SASL packages and run the necessary virtualmin config-system commands to configure it).

I'd consider adding SASL into the minimal stack; it's not that big, and it's minimally intrusive, and does have some uses even in an environment that doesn't host user email. But, my guts tell me to go the other way and pull out even more of the mail stack in a --minimal install. Again, if you want to host mail, it isn't minimal and you should be installing the whole thing.

So, yeah, communicate what you expected minimal to do, and I'll consider whether I made wrong decisions about what should be in the minimal stack. (But, also keep in mind, I think I want minimal to get even smaller...so if we put something in, like SASL, I'd wanna see something else go away.)

Here's the list of services currently in LAMP minimal:

      "Webmin",  "Apache",  "Bind",       "Net",
      "Postfix", "MySQL",   "Firewalld",  "Procmail",
      "ProFTPd", "Quotas",  "Shells",     "Status",
      "Upgrade", "Usermin", "Virtualmin", "NTP",
      "Fail2banFirewalld"

And, the full list of services in LAMP:

      "Webmin",       "Apache",  "Bind",
      "Dovecot",      "Net",     "AWStats",
      "Postfix",      "MySQL",   "Firewalld",
      "Procmail",     "ProFTPd", "Quotas",
      "SASL",         "Shells",  "Status",
      "Upgrade",      "Usermin", "Webalizer",
      "Virtualmin",   "ClamAV",  "NTP",
      "SpamAssassin", "Fail2banFirewalld"

The package lists are more complicated than that, but this should give you the gist of what we're picking and choosing from.

--

Check out the forum guidelines!

Mon, 09/25/2017 - 21:35
Joe
Joe's picture

Note that you can configure any service at any point for use with Virtualmin using the virtualmin config-system command, but you have to make sure all the necessary packages are installed first. For SASL:

# virtualmin config-system --include SASL

But, again, picking and choosing your system is gonna require a lot more knowledge than starting from a full installation and just turning off the few bits you don't want.

--

Check out the forum guidelines!

Wed, 09/27/2017 - 18:12
trenzterra

Hi Joe,

Thanks for the clarification. Well, I guess I was expecting whatever that was still showing up as an option in Virtualmin to work, such as Dovecot and SASL. I thought that the main memory hoggers were ClamAV and SpamAssassin which I do not require. I will see if I can include SASL and Dovecot using config-system, but for now I will run the full installation and disable ClamAV and SA instead.

Thank you!

Wed, 09/27/2017 - 18:29 (Reply to #8)
Joe
Joe's picture

That's valid. --minimal is really new...I'm still sorting out what it ought to be.

I removed mod_php from minimal a week or so ago, which probably frees up enough space for SASL to come back in. I'm not sure about Dovecot, as it's pretty big (though not having it means only Usermin would work for reading mail, and I'd need to change the default configuration to read Maildir directly). But, the minimal target is still too big...I'd really like it if we could run in 512MB or less, but we have to give up so much to get that small.

I'm gonna make a post about the relative sizes of things and see if we can maybe come up with a consensus on what people want to see from the minimal target.

--

Check out the forum guidelines!

Wed, 09/27/2017 - 18:45
trenzterra

Thanks Joe. And on my part I think I may have missed out the lack of IMAP support on the minimal installation when reading the docs. Fwiw I would prefer Dovecot substituted for Bind. I would ordinarily think more people would use email rather than their own DNS? I don't think there is much point installing SASL without Dovecot since mails can only go one way.

By the way, on LEMP installations, is there a reason why awstats is still installed or appears to be installed? I was under the impression that it doesn't work on Nginx.

Wed, 09/27/2017 - 19:51 (Reply to #10)
Joe
Joe's picture

awstats works on any common log, which I believe nginx produces by default. I've been considering removing AWstats from the default installation (full) as well, as it's much less commonly used today than in the past. It's still better than Webalizer (which is in core Virtualmin, rather than a plugin), but most people who care about analytics run something like Google Analytics or Piwik.

I posted this https://www.virtualmin.com/node/53753 to spin up some discussion about what should be included in a minimal installation, and I think I'm on board with your suggestion of bringing Dovecot back in. But, I think what we need to get rid of is fail2ban (though maybe BIND, too, but BIND is pretty small in an authoritative server role), as it's pretty darned big.

--

Check out the forum guidelines!

Topic locked