Active Directory/LDAP Virtual Users for RHEL/CentOS 5

This guide will show you how to integrate Active Directory/LDAP into Postfix and Dovecot. In this page, you will learn how to enable Postfix to lookup email addresses in LDAP and how to enable Dovecot to authenticate to an LDAP server.

This is what a typical Active Directory layout looks like.

And here’s a sample OpenLDAP layout. See OpenLDAP Setup Howto for a guide in setting up OpenLDAP. Or better yet, use the Fedora Directory Server.

Note I used JXplorer to browse the LDAP servers, you’ll need the Java Runtime Environment to use it.

We will be using the following attributes

samaccountname or uid – User Name for Active Directory or OpenLDAP respectively.
mail – Email Address. For Active Directory users, you need to fill-up the E-mail field of the User.
othermailbox – For Active Directory only. We will use this field to store email aliases. Use ADSI Edit to update this field.

Create the Virtual Mail User Account

Since the Active Directory/OpenLDAP user names are not part of the Linux system, we will have to create a user that will be the owner for all the files belonging to the LDAP user names.

1. Create a new user, we will call it vmail. Change the Login Shell to /sbin/nologin, this user account should not be used for logging in. Learn how to use the User Manager application here.

2. Take note of the User ID and Home Directory of vmail.

3. Click the Groups tab and now note down the Group ID of vmail. We’ll be needing all of them later.

Postfix Active Directory/LDAP Integration

1. Create the file /etc/postfix/ldap-users.cf containing the lines below

server_host = your ldap server
search_base = your search base
version = 3
query_filter = (&(objectclass=person)(mail=%s))
result_attribute = samaccountname
result_format = %s/Maildir/

If you are connecting to an Active Directory server and would like to have email alias capability, change the query filter to (&(objectclass=person)(|(mail=%s)(othermailbox=%s))) to include the othermailbox field in the search.

Change samaccountname to uid if you will be connecting to an OpenLDAP server. If your server requires authentication, add the lines below

bind = yes
bind_dn = cn=mailuser,dc=acme,dc=local
bind_pw = password

Replace the value of bind_dn and bind_pw with a valid user account and password respectively. If you will be connecting to an Active Directory server, bind_dn can also be

bind_dn = acme\mailuser

bind_dn = mailuser@acme.local

2. Test your postfix configuration file by typing in the command

postmap -q bugsbunny@acme.local ldap:/etc/postfix/ldap-users.cf

in a terminal window. Replace bugsbunny@acme.local with a valid email address from your server. It should return the path to a mailbox file.

Note If you are querying a Windows 2003 Server and postmap does not seem to work, try enabling the Windows 2003 Active Directory anonymous ldap operations.

3. Edit the postfix configuration file /etc/postfix/main.cf and edit the line below

mydestination = $myhostname, localhost.$mydomain, localhost

and add the lines below

virtual_mailbox_domains = $mydomain
virtual_mailbox_base = /home/vmail/
virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf
virtual_uid_maps = static:501
virtual_gid_maps = static:501

virtual_mailbox_base, virtual_uid_maps and virtual_gid_maps should contain the home directory, user id and group id of vmail respectively.

Make sure $mydomain in mydestination has been removed, otherwise the lookup will not work and you will get a “User unknown in local recipient table” error.

4. Restart the Postfix or MailScanner service if you have installed it. Learn how to start and stop services here.

5. You should now be able to send email to addresses found in your LDAP server. See Test Postfix using Telnet and try using LDAP email addresses instead of the system user names.

Dovecot Active Directory/LDAP Integration

Important If you will be connecting to an Active Directory server, use Active Directory and Dovecot PAM Authentication which uses Kerberos authentication instead. The Kerberos authentication method is more reliable since it doesn’t require a persistent connection and you can gain fail-over capabilities if you have multiple Active Directory servers.

1. Create the file /etc/dovecot-ldap.conf containing the lines below

hosts = your ldap server
base = your search base
ldap_version = 3
auth_bind = yes

Depending on the LDAP server and the layout you are going query, you have 3 ways to enable Dovecot to authenticate to your LDAP server.

Option 1: Active Directory
Replace acme with your own domain name. Works only with Microsoft’s Active Directory.

auth_bind_userdn = acme\%u

Option 2: Distinguished Name Template
Change the sample value to one that is appropriate for your layout.

auth_bind_userdn = uid=%u,ou=people,dc=acme,dc=local

Option 3: Search Filter
This should work with any layout but requires an additional search operation to find the correct distinguished name. Change the sample value to one that is appropriate for your layout.

pass_filter = (&(objectclass=person)(uid=%u))

2. Edit the file /etc/dovecot.conf and change the value of the following keys below

passdb ldap {
  args = /etc/dovecot-ldap.conf
}

userdb static {
  args = uid=501 gid=501 home=/home/vmail/%u
}

uid, gid and home should contain the user id, group id and home directory respectively of the vmail user account.

Note Comment out all the other passdb and userdb sections except for those specified above to ensure that nothing will conflict with our LDAP virtual accounts.

3. Restart the dovecot service. Learn how to start and stop services here.

4. You should now be able to login using the user names found in your LDAP server. See Test Dovecot using Telnet and try using LDAP user names instead of the system user names.

If you encounter any problems, check the log file at /var/log/maillog.

How to use the Active Directory Distribution Group in Postfix.

***
Posted on 11/2/2007 and last updated on 2/22/2009
Filed under Active Directory , CentOS 5 , Dovecot , LDAP , Postfix , Red Hat Enterprise Linux 5

118 Responses to “Active Directory/LDAP Virtual Users for RHEL/CentOS 5”

Mahmud Says:
January 2nd, 2008 at 1:30 pm
Hi,

I am not trying to configure my mail server with Virtual Mail account from Active directory (2003). My /etc/postfix/ldap-users.cf is as follows,

server_host = mymail.mydomain.local
search_base = dc=mydomain,dc=local
version = 3
query_filter = (&(objectclass=person)(mail=%s))
result_attribute = administrator
result_format = %s/Maildir/

bind = yes
bind_dn = cn=administrator,dc=mydomain,dc=local
bind_pw = password

When, i try to run a user mailbox test,

postmap -q mailtest@mydomain.local ldap:/etc/postfix/ldap-users.cf

It is unsuccessful. The log file shows,

Jan 2 19:27:32 postfix postfix/postmap[3099]: warning: dict_ldap_connect: Unable to bind to server ldap://mymail.mydomain.local:389 as cn=administrator,dc=mydomain,dc=local: 49 (Invalid credentials)

Pls help.

Mahmud
consultant Says:
January 2nd, 2008 at 2:27 pm
Hi,

The “Invalid credentials” is the problem, since you are connecting to an active directory server, it would be better if you use “mydomain\administrator” instead of “cn=administrator,dc=mydomain,dc=local” so that you need not be concerned about where exactly administrator is located, it may be in “cn=administrator,cn=users,dc=mydomain,dc=local”

Next in your /etc/postfix/ldap-users.cf the correct line should be
result_attribute = samaccountname
not
result_attribute = administrator

Finally, if you will not be using the Virtual Mail accounts, you should not use ldap-users.cf above and instead follow the steps in Active Directory Integration with Samba for RHEL/CentOS 5, it shows a few test to ensure that your Active Directory entries from Samba should automatically work with Postfix and Dovecot.
Mahmud Says:
January 3rd, 2008 at 8:26 am
Hi,

Thanks for ur reply.

I change my ldap-users.cf as per ur configuration. But now the “postmap -q mailtest@mydomain.local ldap:/etc/postfix/ldap-users.cf” shows nothing at maillog related to ldap authentication. Even if I put a invalid user account to test, it shows the same, nothing.

I am using CentOS 5.0.
I don’t know what is the problem.

Pls help.

Mahmud
consultant Says:
January 3rd, 2008 at 9:21 am
Hi,

No problem.

I’m assuming you are now using Virtual Users. If no errors appear in maillog, this means that the configuration file is now working. The reason it shows nothing when you use a valid email address is because the E-mail field in Active Directory is empty. You could either fillup the E-mail field for every user you want to have a mail account or change the line in ldap-users.cf to query_filter = (&(objectclass=person)(samaccountname=%u)). I don’t recommend the other solution because all Active Directory accounts, including built in system accounts, will become valid email address.
Mahmud Says:
January 3rd, 2008 at 9:38 am
thanks.

U r right. Authentication is successful, but don’t shows any log information. If I put wrong password, then it shows “Invalid credentials” at maillog.

Rgds,

Mahmud Jami
Mahmud Says:
January 3rd, 2008 at 10:06 am
Need help again…

After ldap-users.cf configuration, when I did the SMTP testing using “telnet 127.0.0.1 25″ with a valid sender address and rcpt address, the maillog shows,

Jan 3 15:59:28 postfix postfix/smtp[3151]: 178374DF08C: to=, relay=none, delay=0.01, delays=0/0/0.01/0, dsn=5.4.6, status=bounced (mail for mydomain.local loops back to myself)

Pls help.

Rgds,

Mahmud Jami
Mahmud Says:
January 3rd, 2008 at 10:16 am
i have fixed the loops back problem.
Mahmud Says:
January 3rd, 2008 at 10:20 am
Now I am getting the following error:

Jan 3 16:17:49 postfix postfix/virtual[3477]: fatal: setrlimit: Permission denied
Jan 3 16:17:50 postfix postfix/master[3451]: warning: process /usr/libexec/postfix/virtual pid 3477 exit status 1
Jan 3 16:17:50 postfix postfix/master[3451]: warning: /usr/libexec/postfix/virtual: bad command startup — throttling

Pls help.

Mahmud Jami
consultant Says:
January 3rd, 2008 at 1:39 pm
You probably did not disable SELinux. Leaving SELinux enabled causes a lot of problems including this one and disabling it does not make your system any less secure.
Mahmud Jami Says:
January 7th, 2008 at 8:54 am
Thanks.

I disabled SELinux and it is working fine now.

Rgds,

Mahmud Jami
rootytoot Says:
January 22nd, 2008 at 2:48 am
Hi,

I cannot get this to work:
postmap -q cent50@centaur.local ldap:/etc/postfix/ldap-users.cf

here’s its contents:————-
server_host = centaur
search_base = dc=centaur,dc=local
version = 3
query_filter = (&(objectclass=inetOrgPerson)(mail=%s))
result_attribute = cent50
result_format = %s/Maildir/
bind = yes
bind_dn = cn=root,dc=centaur,dc=local
bind_pw = rootpw

here’s an ldif of my cent50 user (uid 500):

dn: cn=cent50,dc=centaur,dc=local
objectClass: inetOrgPerson
objectClass: top
cn: cent50
street: 123 main
telephoneNumber: 866-555-1212
mobile: 866-555-1212
givenName: cent50
mail: cent50@centaur.local
sn: cent50
l: park place
o: my org
postalCode: 90210
st: ca

BTW, I have trouble getting JXplore working. I’m using phpLDAPadmin. Any opinion on that software?
consultant Says:
January 22nd, 2008 at 1:33 pm
Hi,

result_attribute should be cn, not cent50. That’s why it’s not working.

I haven’t tried phpLDAPadmin. I use mostly Windows that’s why I prefer desktop applications like JXplorer. And yes, JXplorer is very troublesome to setup due to the fact that the installer no longer works with the new Java 1.6.

If you still like to try JXplorer, download the platform independent version of JXplorer. That’s the one I’m using.
rootytoot Says:
January 22nd, 2008 at 10:15 pm
That fixed it. Thanks.

WRT JXplorer, I had trouble even getting Java up and running as a plugin to FireFox. Turns out the install procedure on Sun’s site (and others’ sites) was wrong. The plugin doesn’t go in /usr/lib/mozilla, it goes in /usr/lib/firefox-2.0.0.11/plugins (my current version) directory. So once that was working, JXplorer wouldn’t install, complaining that the Java VM had to be in the PATH, but gave no explanation of how to do that. I tried various things: setenv PATH=$PATH:/usr/jre1.6.0_03/bin and a few others, but to no avail.

I’ll look into the platform independent version.
rootytoot Says:
January 23rd, 2008 at 1:37 am
I’m using the vmail (uid:501) user account.

I added a virtual user named fuzzy, password wuzzy.
Here’s the OpenLDAP ldif output:

dn: cn=fuzzy,dc=centaur,dc=local
objectClass: inetOrgPerson
objectClass: top
cn: fuzzy
street: 123 main
postalCode: 90210
st: ca
givenName: fuzzy
l: nowhere
mail: fuzzy@centaur.local
o: my organization
sn: fuzzy
userPassword: {MD5}57rpZeO0+GnMPaOfefB4WA==
uid: fuzzy

Here is the file /etc/dovecot-ldap.conf:

hosts = centaur
base = dc=centaur,dc=local
auth_bind = yes
#auth_bind_userdn = uid=%u,ou=people,dc=centaur,dc=local
pass_filter = (&(objectclass=inetOrgPerson)(uid=%u))

I tried method 2 and 3. I made the appropriate changes to dovecot.conf and restarted the service.

When I try to log into squirrelmail with u: fuzzy, p: wuzzy, I get an error: Unknown user or password incorrect.

The /var/log/maillog says this:

Jan 22 19:27:00 centaur dovecot: auth(default): LDAP: binding failed (dn (none)): Protocol error
Jan 22 19:27:16 centaur dovecot: auth(default): LDAP: binding failed (dn (none)): Protocol error
Jan 22 19:27:16 centaur dovecot: imap-login: Aborted login: user=, method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured

What have I missed?
consultant Says:
January 23rd, 2008 at 11:33 am
Your dn is cn=fuzzy,dc=centaur,dc=local which means auth_bind_userdn should be cn=%u,dc=centaur,dc=local
rootytoot Says:
January 23rd, 2008 at 11:55 pm
I tried cn=%u,dc=centaur,dc=local, but get the same failed login and error in /var/log/maillog.

I did a search online for the error “LDAP: binding failed (dn(none)): Protocol error” and someone suggested allow_bind_v2 in slapd.conf, bu that didn’t work.
consultant Says:
January 24th, 2008 at 1:05 pm
Ok, please confirm first that your ldap authentication is working. Try the following command ldapsearch -x -D “cn=fuzzy,dc=centaur,dc=local” -w wuzzy “cn=*”

If it works, try authenticating via POP3.

If it still works, at least we know that the problem is something about your IMAP configuration. I’ll think of something else, please try the above tests first.
rootytoot Says:
January 25th, 2008 at 3:04 am
Ok. The ldapsearch worked. fuzzy is there. But the authentication via pop3 failed “ERR – Temporary authentication failure” after the “pass wuzzy”.

So I logged in to squirrelmail as cent50 (another user I used to send mail to fuzzy) and found that the mesg was returned: : Host or domain name not found. Name service error for name=centaur.local type=A: Host not found.

Could it be that the attribute I added for fuzzy’s password – userPassword: {MD5}57rpZeO0+GnMPaOfefB4WA== – is not correct? Is there a specific attribute name I must use for email passwords for objectClass: inetOrgPerson? Or should I not be using inetOrgPerson at all for objectClass?
consultant Says:
January 25th, 2008 at 3:59 pm
ldapsearch worked. This means that the user passwords are stored correctly.

Now I get it, the only difference between the Postfix and Dovecot configuration is that Postfix has version = 3. To fix the problem, you can either add ldap_version = 3 in dovecot-ldap.conf or allow bind_v2 in slapd.conf (not allow_bind_v2).
rootytoot Says:
January 25th, 2008 at 11:18 pm
As I said in comment 16 above, uncommenting allow bind_v2 in slapd.conf and restarting ldap (slapd), dovecot, and postfix, didn’t work.

So I added ldap_version = 3 in dovecot-ldap.conf, restarted dovecot and that works!

I see you’ve added this above in the instructions, but your picture doesn’t have it yet.

Again, thanks.
consultant Says:
January 25th, 2008 at 11:57 pm
> uncommenting allow bind_v2
I see, I thought allow bind_v2 was not properly configured because my slapd.conf has it and it works.

> but your picture doesn’t have it yet.
I’ve updated the picture, you just need to refresh your browser a few times. It didn’t appear in mine too.

Thanks too, this is second page I’ve updated based on your comments.
Deamon Says:
February 11th, 2008 at 4:09 am
hi

“Replace the value of bind_dn and bind_pw with a valid user account and password respectively. If you will be connecting to an Active Directory server, bind_dn can also be”

i can’t understand this one. can u you please explain. username of the password for each user?

FYI. i’m configuring with AD
consultant Says:
February 11th, 2008 at 3:10 pm
Hi,

Some LDAP server configurations (like Active Directory) does not allow anonymous connections, thus you need to specify a valid user name and password to be able to connect.

To be able to connect to the Active Directory server, I created an AD user account mailuser used specifically for authentication purposes only.
Aaron Thompson Says:
March 19th, 2008 at 2:02 am
I’m getting an error: Unknown user in recipient table when I attempt to send to an LDAP defined user. Sending from an LDAP user to any system user works fine, but the other way around fails every time. I have already logged in with the LDAP user and checked to make sure his directory has been created. I have SELinux disabled and have checked the /var/log/maillog file, it returns the same error.
Using:
OS: Fedora Core 8
Machine: VMware v.6.0.2 virtual machine
Any suggestions would be appreciated…
Aaron Thompson
consultant Says:
March 19th, 2008 at 2:26 am
Sorry but you cannot have both LDAP and system user accounts because to enable the LDAP users we need to switch to virtual user accounts in Postfix. You need to migrate or export your system users to LDAP.

In mydestination, $mydomain should be removed.

The line

virtual_mailbox_domains = $mydomain

tells Postfix that $mydomain uses virtual users.

Your Postfix still uses the system accounts because the error should be “User unknown in virtual mailbox table” if virtual users is in use.
Aaron Thompson Says:
March 19th, 2008 at 2:08 pm
I changed the mydestination line to the one without $mydomain, now I don’t get an error, however, none of the mail I send internally gets received. A user can’t even send mail to him/her self.
Any advice would be appreciated…
Aaron Thompson
Aaron Thompson Says:
March 19th, 2008 at 6:13 pm
I have found the cause of the issue:
“virtual_mailbox_base = /home/vmail/” needs to have the trailing “/” dropped;
I also made an error in copying over some of the text.
You might want to update the site…
Thanks,
Aaron Thompson
consultant Says:
March 20th, 2008 at 2:50 am
The trailing “/” in “virtual_mailbox_base = /home/vmail/” is intentionally there to enable the better Maildir format instead of the older Mbox format. If “/” is removed, dovecot will not work since it is also configured to look for a Maildir mailbox.
Francis Says:
March 27th, 2008 at 11:15 pm
Hi,

I have already setup postfix to get user emails from active directory following the steps above, and also has setup dovecot to allow login from active directory users. I can send the mail to the user from active directory, but whenever I log-in with that user from pop3, it says that there’s no inbox for the user. Searching through the maillog, i found permission denied errors. This is it’s contents:

Mar 28 01:28:51 xmail dovecot: POP3(fmondia): mkdir(/var/mail/fmondia/Maildir/cur) failed: Permission denied
Mar 28 01:28:51 xmail dovecot: POP3(fmondia): Couldn’t open INBOX: Internal error occurred. Refer to server log for more information. [2008-03-28 01:28:51]
Mar 28 01:28:51 xmail dovecot: POP3(fmondia): No INBOX for user top=0/0, retr=0/0, del=0/0, size=0

I did manage to send email to a local account and it delivered it to the user’s mailbox just fine.

I didn’t see any “permission setting” in the guide. What could be wrong?

Centos 5
Postfix 2.3.3-2
dovecot-1.0-1.2.rc15.el5
consultant Says:
March 28th, 2008 at 12:25 am
In Postfix SMTP Server Setup Howto, I configured Postfix to save incoming mail to [home directory]/Maildir by adding the line
home_mailbox = Maildir/.

Dovecot on the other hand should be configured to read mails from [home directory]/Maildir by adding the line virtual_mailbox_base = /home/vmail/. Configured this way, you should not encounter any permission problems.

I’ve updated the text above to ensure that Postfix stores its mails to [home directory]/Maildir.
consultant Says:
March 28th, 2008 at 1:09 pm
Sorry, please disregard my previous comment, I got it all mixed up.

In Dovecot, make sure you have the line below

userdb static {
args = uid=501 gid=501 home=/home/vmail/%u
}

This takes care of the permission problem.
The mkdir(/var/mail/fmondia/Maildir/cur) failed: Permission denied means the above is not yet properly set and Dovecot is looking for mails at the wrong location.
Francis Says:
March 28th, 2008 at 11:20 pm
Hi,

Got it to work now. Thanks. One thing though, i was tailing the log files and noticed that there is this line:

Mar 28 21:10:19 xmail MailScanner[11869]: Could not create SpamAssassin cache database /var/spool/MailScanner/incoming/SpamAssassin.cache.db

Is this normal?
Francis Says:
March 28th, 2008 at 11:27 pm
Hi,

I would just like to hear your opinion on these matters.

I would like to have the user mailboxes on an NFS mounted partition so that I can just easily move them around if I run out of space. Is this a recommended solution to the problem I mentioned?

Also, how about maildir quotas? Is it just a matter of adding quota settings to the maildir partition or re-compile postfix with the quota patch?
consultant Says:
March 29th, 2008 at 1:58 am
Re: Could not create SpamAssassin cache database

The above is not normal, SpamAssassin.cache.db should be owned by Postfix. To fix the problem, just delete the file /var/spool/MailScanner/incoming/SpamAssassin.cache.db
and restart MailScanner to automatically recreate the file with the correct owner.
consultant Says:
March 29th, 2008 at 2:06 am
Re: NFS mounted partition mailboxes

This is possible with the setup we our using (maildir mailbox format) but I wouldn’t recommend it though. It adds a whole set of failure points to your mail server. The network switch could fail, the remote machine could go down, etc. etc. Hard disk space is cheap this days and it would be better to invest in a big one.
consultant Says:
March 29th, 2008 at 2:13 am
Re: maildir quotas

You need to re-compile postfix with the quota patch. This gives a complete solution like individual mailbox quota and customizable “limit” message.

Postfix VDA – Postfix Quota Patch
Francis Says:
March 29th, 2008 at 6:32 am
Hi,

I have fixed my aforementioned errors. Thanks for the help. I did get another strange message in my maillog:

Mar 29 01:29:53 xmail dovecot: auth(default): LDAP: ldap_result() failed: Can’t contact LDAP server

What could be causing this? I could log-in with a user from the ldap server fine.
consultant Says:
March 29th, 2008 at 6:44 am
It means dovecot can’t connect to the LDAP server. Did Postfix work? Can you telnet your LDAP server? Your LDAP server’s firewall might be blocking your connection.
Francis Says:
March 29th, 2008 at 7:26 am
It’s on a Windows 2003 Active Directory Server. How do I test it if postfix works? If what you mean is that it’s able to send messages to accounts in the AD server, that’s a yes.

I can ping the LDAP server fine.
consultant Says:
March 29th, 2008 at 7:32 am
Yes you can ping but can you telnet server ldap? Re postfix, I meant does postmap -q [email] ldap:/etc/postfix/ldap-users.cf work? If the postmap test work, you should be able to do the same with dovecot.
Francis Says:
March 29th, 2008 at 8:01 am
In a way yes, postfix works. I used the test above after integrating postfix to ldap. But sending mail to an account found on the ldap server does not work. Ironically, I can log-in with the same account using dovecot.

What could be wrong?
Francis Says:
March 29th, 2008 at 8:04 am
Update to my previous post, yes, postmap -q [email] ldap:/etc/postfix/ldap-users.cf works. I don’t have telnet running on the win2003 machine. Any other service I can try to connect to so that I can verify if it’s a firewall problem?

There’s nothing on the AD server logs that suggests it’s a firewall problem.
consultant Says:
March 29th, 2008 at 1:51 pm
This means that dovecot is working.

You don’t have to install a telnet server in win2003. Just type telnet server ldap from the terminal window and the telnet client will attempt to connect to the server at port 389. Anyway, postfix and dovecot confirms that you can connect to the active directory server.

A lot of things might cause the sending problem.

1. Can you send to system accounts, if yes that is wrong. Read my comment to Aaron Thompson.

2. Before integrating Active Directory, did you check if your mail server is working. You might have misconfigured mailscanner or something. If mailscanner is misconfigured, mails will get stuck in the holding area.
Francis Says:
March 30th, 2008 at 4:18 am
I was able to test the ldap server using telnet and it connected. One thing though, I can still send mail to system accounts. I checked your post to Aaron Thompson and my postfix was configured correctly.

I think it was a temporary problem I guess. I’m still running this setup on a win2003 box inside vmware server. I am already setting-up my “real” physical mail server. Hopefully I won’t be able to encounter these problems when I move to the physical server.
Francis Says:
March 30th, 2008 at 6:14 am
I don’t know if this matters, but I have mail in /var/spool/postfix/incoming. This is mail that’s supposed to go to our existing mail server, but it’s not getting there. Any idea what might be causing this? It’s related I think to the ldap connect server problem I’m having. It has cropped-up in my logs again.
consultant Says:
March 30th, 2008 at 6:48 am
Just as I thought. Whether you are installing into a VMWare or a real physical mail server should not make a difference. Actually, I’m using VMWare myself to get the screenshots and to experiment with several OS and configurations.

Since mails are in /var/spool/postfix/incoming and not in /var/spool/postfix/hold, this means that MailScanner is working properly. From incoming, Postfix should pickup the mail from there and transfer it to the proper mailbox.

Can you post the last few lines of your log. The answer probably lies in there.
Francis Says:
March 31st, 2008 at 5:14 am
May I know what kinds of messages are you looking for? I have pretty much a lot of messages already in my log.

Some of the more suspect lines:

Mar 30 16:14:58 xmail dovecot: auth(default): LDAP: ldap_result() failed: Can’t contact LDAP server
Mar 30 16:23:15 xmail dovecot: auth(default): LDAP: ldap_result() failed: Can’t contact LDAP server
Mar 30 16:31:33 xmail dovecot: auth(default): LDAP: ldap_result() failed: Can’t contact LDAP server
Mar 30 16:39:51 xmail dovecot: auth(default): LDAP: ldap_result() failed: Can’t contact LDAP server
Mar 30 16:48:08 xmail dovecot: auth(default): LDAP: ldap_result() failed: Can’t contact LDAP server
Mar 30 16:56:25 xmail dovecot: auth(default): LDAP: ldap_result() failed: Can’t contact LDAP server
Mar 30 17:01:04 xmail update.bad.phishing.sites: Delaying cron job up to 600 seconds
Mar 30 17:03:29 xmail update.bad.phishing.sites: Phishing bad sites list updated
Mar 30 17:03:30 xmail update.virus.scanners: Delaying cron job up to 600 seconds
Mar 30 17:04:27 xmail update.virus.scanners: Found clamav installed
Mar 30 17:04:27 xmail update.virus.scanners: Running autoupdate for clamav
Mar 30 17:04:28 xmail ClamAV-autoupdate[25929]: ClamAV updater /usr/local/bin/freshclam cannot be run
Mar 30 17:04:30 xmail update.virus.scanners: Found generic installed
Mar 30 17:04:30 xmail update.virus.scanners: Running autoupdate for generic
Mar 30 17:04:47 xmail dovecot: auth(default): LDAP: ldap_result() failed: Can’t contact LDAP server
Mar 30 17:13:08 xmail dovecot: auth(default): LDAP: ldap_result() failed: Can’t contact LDAP server
Mar 30 17:21:27 xmail dovecot: auth(default): LDAP: ldap_result() failed: Can’t contact LDAP server
Mar 30 17:29:48 xmail dovecot: auth(default): LDAP: ldap_result() failed: Can’t contact LDAP server
Mar 30 17:38:09 xmail dovecot: auth(default): LDAP: ldap_result() failed: Can’t contact LDAP server
consultant Says:
March 31st, 2008 at 1:44 pm
> Ironically, I can log-in with the same account using dovecot.

Can you still log into dovecot using LDAP accounts? It looks like it is not working based on your log.

Anyway, I’m guessing it’s just a configuration problem. Can you send your main.cf and dovecot.conf to consultant@linux-mail.info
offmct Says:
April 1st, 2008 at 10:48 am
Hi, is there a to make postfix write the mailbox name in lowercase too? If my samaccountname is Offmct, postfix writes my mailbox as /home/vmail/Offmct/Maildir. This will not get matched with auth_username_format = %Lu in dovecot.
consultant Says:
April 1st, 2008 at 2:26 pm
Sorry, postfix does not provide the ability to use lower case. I’ve removed auth_username_format = %Lu in dovecot to remain compatible to postfix.
Francis Says:
April 6th, 2008 at 3:48 pm
Hello Consultant,

Ok, Will send you my logs in a day or two. Sorry for the delay, attended a two-day seminar and had some enrollment issues to attend to. Expect my mail tomorrow or the day after that.
Francis Says:
April 7th, 2008 at 3:00 am
Just answer your previous question,

Yes, I can log-in to dovecote with LDAP accounts but the problem is it does not work after a while and then I start to see the LDAP errors from my logs.
consultant Says:
April 17th, 2008 at 3:08 pm
Check out Active Directory and Dovecot PAM Authentication which uses Kerberos authentication. That should work.
cjt Says:
April 18th, 2008 at 2:13 am
thanks for the neat howto
I managed to get things working,
however when i have to restart the domain controller (for updates and all) i am getting errors on my mail server because lookups against ad are failing,
i have two ad servers and per this howto have only configured one to be queried,
how would i set up for a failover scenario…
consultant Says:
April 18th, 2008 at 1:58 pm
Use the instruction from Active Directory and Dovecot PAM Authentication instead. The Kerberos authentication method does not require a persistent connection plus you’ll also get fail-over capabilities.
Francis Says:
April 22nd, 2008 at 3:31 pm
Hi,

I think we should clarify this line:

2. Test your postfix configuration file by typing in the command

postmap -q [email] ldap:/etc/postfix/ldap-users.cf

You should replace [email] with a valid user account on the server. Example:
postmap -q test@acme.local ldap:/etc/postfix/ldap-users.cf

Just to properly guide readers on the value of the [email] variable. Got me to some trouble testing the postfix AD integration part.
consultant Says:
April 22nd, 2008 at 3:56 pm
Sorry about that. I never realized that the instruction was unclear since I was counting on the screenshot to clarify things. I’ve updated the text to make the instruction clearer. Thanks.
Mahmud Jami Says:
April 23rd, 2008 at 2:57 am
Hi,

How can i configure quota for users?
Where it need configure, at postfix or dovecot file?

I am using windows 2003 ADS authentication.

Rgds,

JAMI
consultant Says:
April 23rd, 2008 at 1:33 pm
It should be configured on Postfix. Check out Postfix Quota
Froylan Says:
June 3rd, 2008 at 7:47 am
Need Help…

postmap: warning: dict_ldap_connect: Unable to bind to server ldap://www.maurag.com:389 as nalyrof@maurag.com: 34 (Invalid DN syntax)
[root@www ~]#

server_host = http://www.maurag.com
search_base = dc=maurag,dc=com
version = 3

query_filter = (&(objectclass=person)(mail=%s))
result_attribute = samaccountname
result_format = %s/Maildir/

bind = yes
bind_dn = nalyrof@maurag.com
bind_pw = password
consultant Says:
June 3rd, 2008 at 12:01 pm
nalyrof@maurag.com is applicable only to Active Directory. You’ll have to use something like uid=nalyrof,dc=maurag,dc=com Use JXplorer to get the actual distinguished name.
john phang Says:
August 26th, 2008 at 7:20 am
HI

i need help on the dovecot integrated with LDAP . when the email user name with CAPITAL letter. it end up with the error on the webmail . any idea ?

ERROR: Connection dropped by IMAP server.
Query: CAPABILITY
davtup Says:
August 28th, 2008 at 4:00 am
HI.
I’m using Postfix 2.5 on Cent OS 5.1 and try to use Active Directory is primary LDAP base to authentication Postfix mail.

I do follow with the steps above. I go to step: “2. Test your postfix configuration file by typing in the command” with command is:
postmap -q tudv@domain.corp ldap:/etc/postifx/ldap-users.cf
and result is: “longnc/Maildir”
but when I’m going to try step “test postfix using telnet”
I test SMTP. when type:
rcpt to tudv
I got message: “Recipient address rejected: User unknown in local recipient table”

I don’t know what is that? Could you help me?
davtup Says:
August 28th, 2008 at 8:02 am
Excuse me,
Do we need install Postifx-ldap?
consultant Says:
August 28th, 2008 at 2:03 pm
Hi davtup,

Please check if you did step 3 in Postfix Active Directory/LDAP Integration. This step changes the lookup from local recipient to virtual recipient. Also, check your result_format setting, I think you miss the last ‘/’. Finally, you don’t need to install Postfix-ldap, it is already included in the standard CentOS package.
elXesar Says:
October 5th, 2008 at 5:24 pm
Help me, I have this error in telnet pop3

mail dovecot: POP3(bugsbunny): mkdir(/home/bugsbunny/Maildir/cur) failed: Permission denied
mail dovecot: POP3(bugsbunny): Couldn’t open INBOX: Internal error occurred. Refer to server log for more information.
mail dovecot: POP3(bugsbunny): Couldn’t open INBOX top=0/0, retr=0/0, del=0/0, size=0

Please help me, I configured my dovecot.conf

passdb ldap {
args = /etc/dovecot-ldap.conf
}

userdb static {
args = uid=501 gid=501 home=/home/vmail/%u
}
consultant Says:
October 5th, 2008 at 8:08 pm
Hi elXesar,

In your /etc/dovecot.conf, make sure you have the line below

mail_location = maildir:~/Maildir/
elXesar Says:
October 6th, 2008 at 3:25 am
Yes, my dovecto.con is configured the same as manual,

mail_location = maildir:~/Maildir/

Even so I have trouble
consultant Says:
October 6th, 2008 at 12:18 pm
Hmm… According to your log, dovecot is looking for mail in /home/bugsbunny/Maildir/cur instead of /home/vmail/bugsbunny/Maildir/cur. Another possible cause of the problem is

userdb passwd {
}

still active. Thus, it is looking for bugsbunny in the Linux system account instead of the LDAP account. To be sure, comment off all userdb except for userdb static.
elXesar Says:
October 7th, 2008 at 1:15 am
Exactly, that was the problem, was uncommented

userdb passwd {
}

I commented on it and was OK

Thank you very much
elXesar Says:
October 25th, 2008 at 7:26 pm
Hi, I have this problem. I make this step:

postmap-q bugsbunny@acme.local ldap:/etc/postfix/ldap-users.cf

I returned “bugsbunny/Maildir”, but it really does not create the folder. Someone can help me.

Greetings,
consultant Says:
October 25th, 2008 at 11:30 pm
Hi elXesar,

The bugsbunny/Maildir directory will be automatically created by Postfix if it receives a mail for bugsbunny. It will also be automatically created by Dovecot if bugsbunny checks his email.
elXesar Says:
October 27th, 2008 at 3:16 am
You’re right, now attempt auntenticar a user through POP3, but this message appears: “ERR – Temporary authentication failure”.

Add ldap_version = 3 in dovecot-ldap.conf, but even so remains the same.
consultant Says:
October 27th, 2008 at 11:47 am
Please check /var/log/maillog to get a better idea on what the problem might be.
elXesar Says:
October 27th, 2008 at 11:24 pm
I’m trying another user called “lvasquez” added LDAP, I tested and works with SMTP, but the test does not work with POP3. In the log this message:

Oct 27 13:12:42 mail dovecot: auth(default): ldap(lvasquez,::ffff:127.0.0.1): ldap_bind() failed: Invalid DN syntax
Oct 27 13:15:39 mail dovecot: pop3-login: Disconnected: Inactivity: user=, method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured
consultant Says:
October 28th, 2008 at 12:40 am
Please provide the dovecot setting you used.
elXesar Says:
October 28th, 2008 at 1:37 am
protocols = imap imaps pop3 pop3s

mail_location = maildir:~/Maildir/

protocol imap {
imap_client_workarounds = delay-newmail outlook-idle netscape-eoh
}

protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}

protocol lda {
postmaster_address = postmaster@example.com
}

auth default {

mechanisms = plain

passdb ldap {
args = /etc/dovecot-ldap.conf
}
userdb static {
args = uid=503 gid=503 home=/home/vmail/%u
}
user = root
socket listen {
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = postfix
}
}
}
consultant Says:
October 28th, 2008 at 1:13 pm
Oh, I meant the dovecot-ldap.conf file. I want to see how you configured the distinguished name (DN)
elXesar Says:
October 28th, 2008 at 4:28 pm
hosts = localhost
base = dc=runiversal,dc=com
ldap_version = 3
auth_bind = yes
auth_bind_userdn = runiversal\%u
elXesar Says:
October 28th, 2008 at 4:35 pm
I have my mail server (postfix, dovecot, clamav, mailscanner and spamassassin) with LDAP server (virtual users)
consultant Says:
October 28th, 2008 at 9:44 pm
Option 1 only works for Active Directory. You’ll have to use Option 2 or 3.
elXesar Says:
October 28th, 2008 at 11:13 pm
Ok, thanks
Rajeesh Says:
November 11th, 2008 at 2:40 pm
Hi,

I i want to know how to configure a mail server to authenticate to another ldap server. the scenario is i have one mail server an one ladp server i want hte mail server to authenticate to the LDAP server in ubuntu could you please help me on this.
consultant Says:
November 11th, 2008 at 3:39 pm
No problem, just change hosts in /etc/dovecot-ldap.conf to wherever the ubuntu ldap server is.
sandeep Says:
November 18th, 2008 at 7:56 pm
Hi,

I am new in linux. i have install ubantu and install wibmin . i have one Active Directory Domain mycompany.local. we have parches 1000 mail id from windor. they have given SMTP and POP3 server ip information. we configure this in outlook and download mail from POP3 server. Because Microsoft Exchange server is very expive i go for linex postfix mail server, but i am not know how to configure postfix that work as getway for my mail. all internal mail still work if my Internet will down. and postfix will download all mail from POP3 server and diliver it to perticuler mail id . and also how to link my local mail id and internet mail id Please help me ASAP.
aKBaR Says:
November 19th, 2008 at 4:31 am
Can JXplorer used on Fedora Core 9?if it can, how to install JXplorer to FC9?
elXesar Says:
November 19th, 2008 at 4:52 pm
Any manual to integrate mailbox quota in Postfix with LDAP?
consultant Says:
November 19th, 2008 at 10:05 pm
Hi elXesar,

Yes, see Postfix Quota
consultant Says:
November 19th, 2008 at 10:08 pm
Hi aKBaR,

See Java JRE Setup Howto, it’s for RHEL/CentOS but it might work with FC9.
KS Solanki Says:
November 26th, 2008 at 9:22 am
Hi,

I m trying your guide on fedora 9 with fedora DS and getting the following error ….

Auth process died too early – shutting down
Nov 26 03:05:26 host dovecot: auth(default): Can’t open configuration file /etc/dovecot-ldap.conf: No such file or directory
Nov 26 03:05:26 host dovecot: child 4110 (auth) returned error 89

PLz .. help me …
consultant Says:
November 26th, 2008 at 3:15 pm
Hi KS Solanki,

Make sure you have created /etc/dovecot-ldap.conf See step 1 of the Dovecot Active Directory/LDAP Integration section
Butterfly Says:
November 27th, 2008 at 3:34 am
I’m using Centos, n’ i’m a newer for linux, would u help me how to install JXplorer to my Centos, i have try a comment #89 “Java JRE Setup Howto, it’s for RHEL/CentOS” but it doesn’t work, please help me! thx.
KS Solanki Says:
November 28th, 2008 at 9:25 am
Hi

First of all thanks for your response…..

i have created that /etc/dovecot-ldap.conf file and i am unable to understand that why it is showing that massage “Can’t open configuration file /etc/dovecot-ldap.conf: No such file or directory”

i just want to create a mail server with about 500 users support so Plz…help

Thanks & Regards
KS Solanki
elXesar Says:
December 1st, 2008 at 5:53 pm
I try to install the JXplorer, but see this error:

Extracting the installation resources from the installer archive…
Configuring the installer for this system’s environment…
awk: error while loading shared libraries: libdl.so.2: cannot open shared object file: No such file or directory
dirname: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
/bin/ls: error while loading shared libraries: librt.so.1: cannot open shared object file: No such file or directory
basename: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
dirname: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
basename: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
hostname: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory

Launching installer…

grep: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory
/usr/java/default/bin/java: error while loading shared libraries: libpthread.so.0: cannot open shared object file: No such file or directory

Any idea?
Attila Says:
December 2nd, 2008 at 10:28 pm
I am really grateful of you guys! I have bees set up a server like this several years before, but forgot all things as usual. Now I had been chasing a nice short guide like this for weeks, and finally I found this one, so I set up my new server in 15 minutes!
Thank you, and may the force be with you!
KS Solanki Says:
December 10th, 2008 at 10:49 am
Hi,

thanks for your this wonderful guide …i have created my mail server successfully but i have one problem when i send mail from one user to another it is sent as “user@mail.domain.org” but i want it to be in the form “user@domain.org” that is i want it to append domain part only ….here mail is my host’s name and domain.org is my domain….

my main.cf settings are as follows…

myhostname = mail.domain.org (same as my host name)
mydomain = domain.org
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks_style = host
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
mynetworks = 127.0.0.0/8
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination
broken_sasl_auth_clients = yes

virtual_mailbox_domains = $mydomain
virtual_mailbox_base = /home/vmail/
virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf
virtual_uid_maps = static:502
virtual_gid_maps = static:502

thanks & regards

Er.K.S.Solanki
consultant Says:
December 10th, 2008 at 11:09 am
Hi KS Solanki,

Please type in getent passwd in a terminal window. If you find user, it means it is sending mail to user local account instead of user ldap virtual account.
Osama Says:
December 11th, 2008 at 12:48 am
hi
thanks for your this wonderful guide

i do everything i can send but no receive

this my log

Dec 11 02:35:37 mail dovecot: POP3(usera): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Dec 11 02:35:51 mail postfix/smtpd[5454]: connect from dc.class.com[10.10.10.1]
Dec 11 02:35:51 mail postfix/smtpd[5454]: EA56A15713: client=dc.class.com[10.10.10.1]
Dec 11 02:35:52 mail postfix/cleanup[5457]: EA56A15713: message-id=
Dec 11 02:35:52 mail postfix/smtpd[5454]: disconnect from dc.class.com[10.10.10.1]
Dec 11 02:35:52 mail postfix/qmgr[5390]: EA56A15713: from=, size=628, nrcpt=1 (queue active)
Dec 11 02:35:52 mail postfix/virtual[5459]: EA56A15713: to=, relay=virtual, delay=0.29, delays=0.23/0.05/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox)
Dec 11 02:35:52 mail postfix/qmgr[5390]: EA56A15713: removed
Dec 11 02:35:54 mail dovecot: POP3(usera): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Dec 11 02:35:54 mail dovecot: pop3-login: Login: user=, method=PLAIN, rip=::ffff:10.10.10.1, lip=::ffff:10.10.10.2
thanks
KS Solanki Says:
December 11th, 2008 at 7:08 am
hi,
i am not getting “user” by getent passwd command in the result ….my question was that mails sent from my server should be look like in the form “user@domain.org” but they actually are in the form “user@mail.domain.org” here mail is my localhost’s name ……ok

i want my server to append domain.org instead of mail.domain.org to any mail it sends….

Are u getting my problem…..plz help

thanks in advance …..

Er. KS Solanki
consultant Says:
December 15th, 2008 at 11:36 am
Hi KS Solanki,

It’s probably the mail client that’s doing this. If you are using Squirrelmail, that’s the default domain.
KS Solanki Says:
December 16th, 2008 at 7:01 am
Hi,

you are right …that were mail client ….

you are genius ….thank u very much…

now i have one more problem …how can i let my users to change their account password stored in LDAP i am usin openLDAP and squirrelmail …

i have tried that plugin change_ldappass but not getting it worked for me …..

thanks in advance ….

waiting for your response ….

K S Solanki
consultant Says:
December 16th, 2008 at 7:17 am
See SquirrelMail LDAP Change Password Howto
nfhelp Says:
January 6th, 2009 at 5:29 pm
hi,
need help

when i make the first test

[root@mail ~]# postmap -q user2@test.com ldap:/etc/postfix/ldap-users.cf
user2/Maildir/

and when i test Postfix with telnet i get this

thanks in advance …..

[root@mail ~]# telnet 127.0.0.1 25
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 mail.maquette.com ESMTP Postfix
mail from: administrateur
250 2.1.0 Ok
rcpt to: user1
550 5.1.1 : Recipient address rejected: User unknown in local recipient table

##########################
configuration file main.cf
##########################
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix

mail_owner = postfix
myhostname = mail.test.com
mydomain = test.com
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
unknown_local_recipient_reject_code = 550
mynetworks_style = subnet
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.3.3/samples
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
virtual_mailbox_domains = $mydomain
virtual_mailbox_base = /home/vmail/
virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf
virtual_uid_maps = static:500
virtual_gid_maps = static:500

################################
################################
and ldap-users.cf
################################
################################

server_host = 192.168.1.42
search_base = dc=test,dc=com
version = 3
query_filter = (&(objectclass=person)(mail=%s))
result_attribute = samaccountname
result_format = %s/Maildir/
bind = yes
bind_dn = cn=administrateur,cn=users,dc=test,dc=com
bind_pw = 123456
consultant Says:
January 6th, 2009 at 9:53 pm
Hi nfhelp,

Your mail server is mail.maquette.com so your default domain is “maquette.com” which is different from your virtual domain “test.com”. You need to specify the full email address user1@test.com in your rcpt to to make it work.
nfhelp Says:
January 7th, 2009 at 9:58 am
hi again
I change hostname mail.maquette.com to mail.test.com

[root@mail ~]# telnet 127.0.0.1 25
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 mail.test.com ESMTP Postfix
mail from: administrateur@test.com
250 2.1.0 Ok
rcpt to: user2@test.com
550 5.1.1 : Recipient address rejected: User unknown in local recipient table

##############
other test
##############

[root@mail ~]# telnet 127.0.0.1 25
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 mail.test.com ESMTP Postfix
mail from: adminitrateur
250 2.1.0 Ok
rcpt to: user1
550 5.1.1 : Recipient address rejected: User unknown in local recipient table

thanks for help
nfhelp Says:
January 7th, 2009 at 11:17 am
tanks it’s work
nfhelp Says:
January 7th, 2009 at 5:35 pm
hi,
my mail server work without problem

just if i send a mail for user like administrateur and the user in ADS is Administrateur then postfix creat a new floder for administrateur and i get this

[root@mail ~]# cd /home/vmail/
[root@mail vmail]# ll

drwx—— 3 vmail vmail 4096 jan 7 10:42 administrateur
drwx—— 3 vmail vmail 4096 jan 7 10:25 Administrateur

how can i fix this

Again thanks.
consultant Says:
January 8th, 2009 at 11:04 pm
Hi nfhelp,

Sorry, but Postfix does not provide lower case formatting. See comment #50.
Alexos Says:
January 15th, 2009 at 12:08 pm
Hi,

I need help please

I make postmap test and return OK:

$postmap -q webmail@domain.org ldap:/etc/postfix/ldap-users.cf

$204284399/Maildir/

But when I make the telnet test return a error:

telnet localhost smtpTrying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 host.domain.org ESMTP Postfix
ehlo
501 Syntax: EHLO hostname
ehlo host
250-host.domain.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:webmail
250 2.1.0 Ok
rcpt to:webmail
550 5.1.1 : Recipient address rejected: User unknown in local recipient table

My main.cf is;

queue_directory = /var/spool/postfix
command_directory = /usr/sbin
mail_owner = postfix
myhostname = webmail.ssp.ba.gov.br
mydomain = ssp.ba.gov.br
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
local_recipient_maps = unix:passwd.byname $alias_maps
unknown_local_recipient_reject_code = 550
relay_domains = $mydestination
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
recipient_delimiter = +
home_mailbox = Maildir/
mail_spool_directory = /var/spool/mail
virtual_mailbox_domains = $mydomain
virtual_mailbox_base = /home/vmail/
virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf
virtual_uid_maps = static:507
virtual_gid_maps = static:507

You can help me please?

Regards,

Alex
Alexos Says:
January 15th, 2009 at 12:27 pm
Hi,

I edit my main.cf:

local_recipient_maps = unix:passwd.byname $alias_maps

to

local_recipient_maps =

When I make a new telnet test, my maillog file show a unknow user error:

*******
Telnet test
*******

telnet localhost smtpTrying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 host.domain.org ESMTP Postfix
ehlo
501 Syntax: EHLO hostname
ehlo host
250-host.domain.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:webmail
250 2.1.0 Ok
rcpt to:webmail
250 2.1.0 Ok
data
354 End data with .
teste
.
250 2.0.0 Ok: queued as C160C430068

**********
Maillog
**********

tail /var/log/maillog
Jan 15 09:18:02 range-rover postfix/cleanup[2423]: C160C430068: message-id=
Jan 15 09:18:02 range-rover postfix/qmgr[2403]: C160C430068: from=, size=360, nrcpt=1 (queue active)
Jan 15 09:18:02 range-rover postfix/local[2432]: C160C430068: to=, orig_to=, relay=local, delay=19, delays=19/0.01/0/0, dsn=5.1.1, status=bounced (unknown user: “webmail”)
Jan 15 09:18:02 range-rover postfix/cleanup[2423]: 5917843006C: message-id=
Jan 15 09:18:02 range-rover postfix/bounce[2433]: C160C430068: sender non-delivery notification: 5917843006C
Jan 15 09:18:02 range-rover postfix/qmgr[2403]: 5917843006C: from=, size=2216, nrcpt=1 (queue active)
Jan 15 09:18:02 range-rover postfix/qmgr[2403]: C160C430068: removed
Jan 15 09:18:02 range-rover postfix/local[2432]: 5917843006C: to=, relay=local, delay=0, delays=0/0/0/0, dsn=5.1.1, status=bounced (unknown user: “webmail”)
Jan 15 09:18:02 range-rover postfix/qmgr[2403]: 5917843006C: removed
Jan 15 09:18:04 range-rover postfix/smtpd[2412]: disconnect from localhost.local

Thanks again!

Regards,

Alex
consultant Says:
January 15th, 2009 at 2:11 pm
Hi Alexos,

Your problem is the same as nfhelp in comment #103, please re-read my article, I’ve updated its content.
nfhelp Says:
January 19th, 2009 at 12:54 pm
hi again

I need some help about sendmail and ldap
I want tuto or links to do this like postfix and ldap inthis page.

thanks in advance
Alexos Says:
January 20th, 2009 at 7:21 pm
Thanks for help.

Now the postfix is working but the messages are going to the directory /home/user/Maildir and not for /home/vmail/user/Maildir

What may be happening?

Regards,

Alexos
ryan Says:
January 27th, 2009 at 8:06 pm
First off, thanks for a great Howto! Although, I have one issue with my setup.

Whenever I try to test dovecot via telnet I get the following error:

Escape character is ‘^]’.
+OK Dovecot ready.
user bugsbunny
+OK
pass password
-ERR Temporary authentication failure.
^]

Here is my dovecot-ldap.conf
hosts = homeinsurance.local
base = dc=homeinsurance,dc=local
ldap_version = 3
auth_bind = yes
auth_bind_userdn = uid=%u,uo=people,dc=homeinsurance,dc=local

and my dovecot.conf:

protocols = imap imaps pop3 pop3s

protocol imap {
}
protocol pop3 {

}

protocol lda {
postmaster_address = postmaster@example.com
}

auth default {
mechanisms = plain

passdb ldap {
args = /etc/dovecot-ldap.conf
}

userdb static {
args = uid=102 gid=105 home=/home/vmail/%u
}

user = root

}

dict {
}

plugin {
}

Thanks again,

Ryan
ryan Says:
January 27th, 2009 at 9:50 pm
Here is my maillog:
Jan 27 16:49:57 mail dovecot: auth(default): ldap(bugsbunny@homeinsurance.local,::ffff:127.0.0.1): ldap_bind() failed: Invalid DN syntax
Jan 27 16:50:03 mail dovecot: pop3-login: Disconnected: user=, method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured
bob_bipbip Says:
March 23rd, 2009 at 2:38 pm
hello, i’ve got (mixed)case issues when using the beginning of this howto, and the pam/kerberos/dovecot howto, postfix create a mail box with upercase/lowercase/mixedcase wiche come from sammacount name in ad database, while dovecot is using lowercase everywhere. is it possible to use userdb from ldap or something wich keep case sensitivity in dovecot?
thanks a lot
(and yes, i’ve read #50)
b4 Says:
April 20th, 2009 at 8:02 am
Hello, i cant read ldap information from 2008 server active directory with simle user account, but whis work with domain admin account. Any ideas to make it work with user account?
Zordrak Says:
June 27th, 2009 at 3:14 am
I was wondering what you recommend for handling vacation auto-response in this kind of setup. Ideally I would use postfixadmin, but it conflicts with LDAP/AD setups because it treats the e-mail address as the username rather than allowing for a separated username.

Previously I have been using Exim4 using local accounts and .forward files to pipe mail into the vacation program and allowing users to modify their own vacation settings using the vacation module for usermin.

In a vmail configuration such as this to allow for LDAP account management, I’mstruggling to see how it could be done.

If you were to do something simple such as defining an auto-response transport that pipes mail into vacation and then setting up aliases for user@autoresponder.domain.tld then not only would I have to manually write a PHP interface to allow a user to add or remove the alias definition, but I would also have to provide them with a method for creating a vacation message. While I might not have to write it from scratch, I could perhaps borrow the usermin vacation module and hack away at it until it does what I ask of it, but it would be a lot of work and would still require me to install, run and maintain webmin and usermin JUST for vacation functionality.

I have seen other implementations where the autoresponse information is stored in LDAP, but even with a different storage backend there’s still no simple way to modify the AD schema without messing it up (since you cannot delete schema modifications) and there’s still no way to provide users with the ability to make their own adjustments.

I have been told that it is possible to get an LDAP configuration for postfix and dovecot that doesn’t require the vmail configuration and the virtual transport, but if I go down that path, I then make a mess of what is a very clean mail server configuration that keeps the mail users and the system users separated as they ought to be.

The only shining light of possibility at the moment is to investigate the options available if I change the MDA from virtual to maildrop or procmail, but I’m not certain how many more problems I am going to introduce by doing so, and even with a different MDA I still have the same basic problems with providing users what they want.

I would love for you to tell me I’m not going to have to manage this all manually by user-requests or that I’m not going to have to write my own LAMP application from scratch to do the dirty deed.

Your feedback is most welcome!

Social Web
E-mail

Linux Mail Server Setup and Howto Guide