Switch from LDA to Postfix - Dovecot LMTP delivery (with virtual users)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Switch from LDA to Postfix - Dovecot LMTP delivery (with virtual users)

Nikolaos Milas
Hello,

I am setting up a new box with Postfix 3.2.2 and Dovecot.

Until now I have been using LDA delivery successfully. On the new server
LDA setup works fine too, but I am considering to move to LMTP.

IMPORTANT NOTE: It is important in my setup to keep functional all
virtual_alias_maps & virtual_mailbox_maps.

I've followed the directions at:
https://wiki.dovecot.org/HowTo/PostfixDovecotLMTP but LMTP delivery does
not work.

Here is a session:

Aug  4 12:19:42 vmail2 postfix/submission/smtpd[3145]: connect from
admin3.astro.noa.gr[195.251.202.163]
Aug  4 12:19:42 vmail2 postfix/submission/smtpd[3145]: Anonymous TLS
connection established from admin3.astro.noa.gr[195.251.202.163]:
TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Aug  4 12:19:42 vmail2 postfix/submission/smtpd[3145]: 64EF58EE1BCBE:
client=admin3.astro.noa.gr[195.251.202.163], sasl_method=PLAIN,
sasl_username=nmilas
Aug  4 12:19:42 vmail2 postfix/cleanup[3150]: 64EF58EE1BCBE:
message-id=<[hidden email]>
Aug  4 12:19:42 vmail2 opendkim[20675]: 64EF58EE1BCBE: DKIM-Signature
field added (s=default, d=noa.gr)
Aug  4 12:19:42 vmail2 postfix/qmgr[3131]: 64EF58EE1BCBE:
from=<[hidden email]>, size=821, nrcpt=1 (queue active)
Aug  4 12:19:42 vmail2 postfix/lmtp[3151]: 64EF58EE1BCBE:
to=<[hidden email]>, relay=vmail2.noa.gr[private/dovecot-lmtp],
delay=0.21, delays=0.17/0.015/0.01/0.015, dsn=5.1.1, status=bounced
(host vmail2.noa.gr[private/dovecot-lmtp] said: 550 5.1.1
<[hidden email]> User doesn't exist: [hidden email] (in reply to
RCPT TO command))
Aug  4 12:19:42 vmail2 postfix/cleanup[3150]: 8DDF28EE1BCC6:
message-id=<[hidden email]>
Aug  4 12:19:42 vmail2 postfix/qmgr[3131]: 8DDF28EE1BCC6: from=<>,
size=3275, nrcpt=1 (queue active)
Aug  4 12:19:42 vmail2 postfix/bounce[3153]: 64EF58EE1BCBE: sender
non-delivery notification: 8DDF28EE1BCC6
Aug  4 12:19:42 vmail2 postfix/qmgr[3131]: 64EF58EE1BCBE: removed
Aug  4 12:19:42 vmail2 postfix/lmtp[3151]: 8DDF28EE1BCC6:
to=<[hidden email]>, relay=vmail2.noa.gr[private/dovecot-lmtp],
delay=0.015, delays=0.004/0.001/0.001/0.01, dsn=5.1.1, status=bounced
(host vmail2.noa.gr[private/dovecot-lmtp] said: 550 5.1.1
<[hidden email]> User doesn't exist: [hidden email] (in reply to RCPT TO
command))
Aug  4 12:19:42 vmail2 postfix/qmgr[3131]: 8DDF28EE1BCC6: removed
Aug  4 12:19:42 vmail2 postfix/submission/smtpd[3145]: disconnect from
admin3.astro.noa.gr[195.251.202.163] ehlo=2 starttls=1 auth=1 mail=1
rcpt=1 data=1 quit=1 commands=8

Can you please help me with figuring out what I am doing wrong?

The setup (postconf -n) with LDA, follows below (working correctly).

# postconf -n
alias_database = hash:/etc/postfix/aliases,
hash:/etc/postfix/aliases.d/virtual_aliases
alias_maps = hash:/etc/aliases
allowed_gein = check_client_access
cidr:/etc/postfix/gein_admin_ips.cidr,reject
allowed_iaasars = check_client_access
cidr:/etc/postfix/iaasars_admin_ips.cidr,reject
allowed_list1 = check_sasl_access
hash:/etc/postfix/allowed_groupmail_users,reject
allowed_list2 = check_sasl_access
hash:/etc/postfix/allowed_groupmail_users2,reject
allowed_meteo = check_client_access
cidr:/etc/postfix/meteo_admin_ips.cidr,reject
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
controlled_senders = check_sender_access hash:/etc/postfix/blocked_senders
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
default_process_limit = 25
delay_logging_resolution_limit = 3
deliver_lock_attempts = 40
dovecot_destination_recipient_limit = 1
gwcheck = reject_unverified_recipient, reject_unauth_destination
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4, ipv6
local_header_rewrite_clients = static:all
mail_name = NOA Mail Srv XAPITI XPICTOY
mail_owner = postfix
mailbox_command = /usr/lib/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 41943040
milter_default_action = accept
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = noa.gr
myhostname = vmail2.noa.gr
mynetworks = 195.251.204.0/24, 195.251.202.0/23, 194.177.194.0/23,
127.0.0.0/8, 10.201.0.0/16, [2001:648:2011::]/48, 83.212.5.24/29,
[2001:648:2ffc:1115::]/64, 62.217.124.0/29, [2001:648:2ffc:126::]/64
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
parent_domain_matches_subdomains =
postfwdcheck = check_policy_service inet:127.0.0.1:10040
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
recipient_canonical_maps = hash:/etc/postfix/domainrecipientmap
relay_domains = $mydestination
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sender_canonical_maps = hash:/etc/postfix/domainsendermap
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_client_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject
smtpd_delay_reject = yes
smtpd_end_of_data_restrictions = check_client_access
cidr:/etc/postfix/postfwdpolicy.cidr
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/protected_destinations permit_sasl_authenticated
reject_unverified_recipient reject_unauth_destination
smtpd_restriction_classes =
controlled_senders,allowed_list1,allowed_list2,
allowed_iaasars,allowed_meteo,allowed_gein,postfwdcheck,gwcheck
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/pki/tls/certs/DigiCertCA.crt
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/star_noa_gr-1243437.crt
smtpd_tls_exclude_ciphers = DES,3DES,MD5,aNULL,AES128,CAMELLIA128
smtpd_tls_key_file = /etc/pki/tls/private/star_noa_gr-1243437.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_preempt_cipherlist = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/aliases,
hash:/etc/postfix/aliases.d/virtual_aliases,
proxy:ldap:/etc/postfix/ldap-alias-vacation.cf,
proxy:ldap:/etc/postfix/ldap-aliases.cf
virtual_gid_maps = static:500
virtual_mailbox_base = /home/vmail/
virtual_mailbox_domains = $mydomain, space.$mydomain, admin.$mydomain,
nestor.$mydomain, gein.$mydomain, meteo.$mydomain, technet.$mydomain,
astro.$mydomain, hesperia-space.eu
virtual_mailbox_limit = 0
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap-users.cf
virtual_transport = dovecot
virtual_uid_maps = static:500
postconf: warning: /etc/postfix/main.cf: unused parameter:
127.0.0.1:10040_time_limit=3600

Here is postconf -n after trying to switch to LMTP:

# postconf -n
alias_database = hash:/etc/postfix/aliases,
hash:/etc/postfix/aliases.d/virtual_aliases
alias_maps = hash:/etc/aliases
allowed_gein = check_client_access
cidr:/etc/postfix/gein_admin_ips.cidr,reject
allowed_iaasars = check_client_access
cidr:/etc/postfix/iaasars_admin_ips.cidr,reject
allowed_list1 = check_sasl_access
hash:/etc/postfix/allowed_groupmail_users,reject
allowed_list2 = check_sasl_access
hash:/etc/postfix/allowed_groupmail_users2,reject
allowed_meteo = check_client_access
cidr:/etc/postfix/meteo_admin_ips.cidr,reject
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
controlled_senders = check_sender_access hash:/etc/postfix/blocked_senders
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5
default_process_limit = 25
delay_logging_resolution_limit = 3
deliver_lock_attempts = 40
gwcheck = reject_unverified_recipient, reject_unauth_destination
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4, ipv6
local_header_rewrite_clients = static:all
mail_name = NOA Mail Srv XAPITI XPICTOY
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 41943040
milter_default_action = accept
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = noa.gr
myhostname = vmail2.noa.gr
mynetworks = 195.251.204.0/24, 195.251.202.0/23, 194.177.194.0/23,
127.0.0.0/8, 10.201.0.0/16, [2001:648:2011::]/48, 83.212.5.24/29,
[2001:648:2ffc:1115::]/64, 62.217.124.0/29, [2001:648:2ffc:126::]/64
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
parent_domain_matches_subdomains =
postfwdcheck = check_policy_service inet:127.0.0.1:10040
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
recipient_canonical_maps = hash:/etc/postfix/domainrecipientmap
relay_domains = $mydestination
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sender_canonical_maps = hash:/etc/postfix/domainsendermap
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_client_restrictions =
permit_mynetworks,permit_sasl_authenticated,reject
smtpd_delay_reject = yes
smtpd_end_of_data_restrictions = check_client_access
cidr:/etc/postfix/postfwdpolicy.cidr
smtpd_milters = inet:127.0.0.1:8891
smtpd_recipient_restrictions = check_recipient_access
hash:/etc/postfix/protected_destinations permit_sasl_authenticated
reject_unverified_recipient reject_unauth_destination
smtpd_restriction_classes =
controlled_senders,allowed_list1,allowed_list2,
allowed_iaasars,allowed_meteo,allowed_gein,postfwdcheck,gwcheck
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_tls_CAfile = /etc/pki/tls/certs/DigiCertCA.crt
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/star_noa_gr-1243437.crt
smtpd_tls_exclude_ciphers = DES,3DES,MD5,aNULL,AES128,CAMELLIA128
smtpd_tls_key_file = /etc/pki/tls/private/star_noa_gr-1243437.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_preempt_cipherlist = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
unverified_recipient_reject_code = 550
virtual_alias_maps = hash:/etc/postfix/aliases,
hash:/etc/postfix/aliases.d/virtual_aliases,
proxy:ldap:/etc/postfix/ldap-alias-vacation.cf,
proxy:ldap:/etc/postfix/ldap-aliases.cf
virtual_gid_maps = static:500
virtual_mailbox_base = /home/vmail/
virtual_mailbox_domains = $mydomain, space.$mydomain, admin.$mydomain,
nestor.$mydomain, gein.$mydomain, meteo.$mydomain, technet.$mydomain,
astro.$mydomain, hesperia-space.eu
virtual_mailbox_limit = 0
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap-users.cf
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_uid_maps = static:500
postconf: warning: /etc/postfix/main.cf: unused parameter:
127.0.0.1:10040_time_limit=3600

Thanks in advance,
Nick


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Switch from LDA to Postfix - Dovecot LMTP delivery (with virtual users)

Alex JOST-2
Am 04.08.2017 um 11:37 schrieb Nikolaos Milas:

> Hello,
>
> I am setting up a new box with Postfix 3.2.2 and Dovecot.
>
> Until now I have been using LDA delivery successfully. On the new server
> LDA setup works fine too, but I am considering to move to LMTP.
>
> IMPORTANT NOTE: It is important in my setup to keep functional all
> virtual_alias_maps & virtual_mailbox_maps.
>
> I've followed the directions at:
> https://wiki.dovecot.org/HowTo/PostfixDovecotLMTP but LMTP delivery does
> not work.
>
> Here is a session:
>
> Aug  4 12:19:42 vmail2 postfix/lmtp[3151]: 64EF58EE1BCBE:
> to=<[hidden email]>, relay=vmail2.noa.gr[private/dovecot-lmtp],
> delay=0.21, delays=0.17/0.015/0.01/0.015, dsn=5.1.1, status=bounced
> (host vmail2.noa.gr[private/dovecot-lmtp] said: 550 5.1.1
> <[hidden email]> User doesn't exist: [hidden email] (in reply to
> RCPT TO command))

Dovecot needs to know about the user. What does 'doveadm user -u
[hidden email]' print?

--
Alex JOST
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Switch from LDA to Postfix - Dovecot LMTP delivery (with virtual users)

Nikolaos Milas
On 4/8/2017 1:59 μμ, Alex JOST wrote:

> Dovecot needs to know about the user. What does 'doveadm user -u
> [hidden email]' print?

Thank you Alex,

I just found the problem. After switching to LMTP, Dovecot receives from
Postfix a fully qualified username, whereas with LDA it was receiving a
'naked' username.

Thus, although I had %u (instead of %n, see below), it was working right
with LDA.

So, I had to change my dovecot ldap component so that it uses only the
username, i.e.:

    hosts = localhost
    tls = no
    base = ou=people, dc=noa, dc=gr
    scope = onelevel
    ldap_version = 3
    dn = uid=auth,ou=Sys,dc=noa,dc=gr
    dnpass = secret
    auth_bind = yes
    user_filter = (uid=%n)
    pass_filter = (uid=%n)
    pass_attrs = uid=user,userPassword=password
    auth_bind_userdn = uid=%n,ou=people,dc=noa,dc=gr
    user_attrs = roomNumber=quota_rule=*:bytes=%$,uid=home=/home/vmail/%n
    iterate_filter = (objectClass=*)

Cheers,
Nick

Loading...