FreeBSD, Postfix, Dovecot, and Active Directory
A while back one of my clients had an unpatched qmail server configured with local system users, it was set up in a collocation long before I took over. After having to listen to a lot of complaints about slow internet connectivity I found out that 40-50MB attachments were very common. Another thing I didn’t like about this set-up is the fact I had to maintain 2 password databases; An Active Directory for local user login and a shadow file for mail. So a local set-up with Active Directory as a back end was needed.
Postfix comes to the rescue. Having used Postfix for the past 3 years I believe it is the best MTA out there. qmail has it’s merits, but I’m not a big fan. After a lot of arguing the client managed to budge and give me one of the old workstations to use as a server, which, a month later had a hard drive crash and I forgot everything about this. Yesterday I thought I should document this since I didn’t see an easy to follow HOWTO for doing such a set-up.
NOTE: Unless mentioned otherwise, all the samples provided here show the lines you need to change in your configuration files, not the whole contents of those files. Remember to restart each daemon after configuration file changes.
Update: After checking vgumus’s setup I need to mention this. You’ll notice the user part of the email address is the same as the Active Directory user name (mshami and mshami@shami.net). Dovecot expects to get the Active Directory username from Postfix. If you want to use some other address in the “mail” field you have to use the virtual alias maps feature from Postfix to return sAMAccountName.
Update 2: This tutorial isn’t a substitute for reading the manual pages and having the basic skills to perform these operations. Please consult the manuals to get an idea of the configuration options for each software.
Enough with the introduction, lets get down to business. Here is what we’re going to use in order of installation:
FreeBSD 7.0. You can use Linux if you want, but you have to change a few steps. I’m using the ports version that came on the CD.
Dovecot 1.0.10
Postfix 2.4.6
Preparation:
We will need to have an Active Directory environment set up. This is out of the scope of this document
We need a non-privileged user in Active Directory to allow the other programs to authenticate, I’m calling it LDAP, and the password will be qwerty
Test username will be mshami and password will be qazxsw
Domain name is shami.local
Base DN is DC=shami,DC=local
IP addresses for our domain controllers are 192.168.192.210 and 192.168.192.211
FreeBSD:
Start your FreeBSD installation, I like to go with minimal installations and then add the needed components. Just make sure to give /usr about 5GB of space and give /var a LOT of space to hold the logs and the mail files. Then install the ports collection.
Dovecot:
The first time I did this I used Courier-IMAP. Its a good program but here it has a major issue. You have to create the home directories for all your users before they can log in. I wrote a patch for that but you have to apply it on both the IMAP and the POP3 daemons. You also have to patch Maildrop to do the same. So I decided to go ahead with Dovecot which after some research appears to have better performance than Courier-IMAP and more importantly has self-healing capabilities which solves this issue.
First, add a user called vmail (Assuming UID 1001 and GID 1001), this will be responsible for handling the virtual mailboxes. Then install Dovecot from ports
adduser
cd /usr/ports/mail/dovecot/
make
make installChoose LDAP, LDA, and any other options you want to use
Answer yes when asked to create the group and the user dovecot. Asseming UID and GID of 143.
mkdir /var/vmail
chown vmail:vmail /var/vmailConfiguration:
vi /etc/rc.conf
dovecot_enable="YES"Configure Dovecot
cd /usr/local/etc
cp dovecot-example.conf dovecot.conf
vi dovecot.conf and change the following stuff:
#We'll be starting with IMAP only, add other protocols when you get your system to start
protocols = imap
#Set all usernames to lowercase before authenticating, because Dovecot will create folders with the mixed case characters.
auth_username_format = %Lu
#Enable non-secure logging for testing
disable_plaintext_auth = no
ssl_disable = yes
#No matter how many domains we have, the usernames will be unique, so save the messages to /var/vmail/username
#Same as default_mail_env
mail_location = maildir:/var/vmail/%n
#Since we have virtual delivery, only the vmail user should be able to deliver, in my case the UID of that user is 1001
first_valid_uid = 1001
last_valid_uid = 1001
#Same thing for groups
first_valid_gid = 1001
last_valid_gid = 1001
#Set this to were you want the messages to reside
valid_chroot_dirs = /var/vmail
#auth default section
##Comment passdb pam
##Commend userdb passwd
##Add ldap passdb and userdb
passdb ldap {
# Path for LDAP configuration file, see doc/dovecot-ldap.conf for example
args = /usr/local/etc/dovecot-ldap.conf
}
userdb ldap {
# Path for LDAP configuration file, see doc/dovecot-ldap.conf for example
args = /usr/local/etc/dovecot-ldap.conf
}Set up the LDAP backend:
cp /usr/ports/mail/dovecot/work/dovecot-1.0.10/doc/dovecot-ldap-example.conf /usr/local/etc/dovecot-ldap.conf
vi dovecot-ldap.conf
hosts = 192.168.192.210 192.168.192.211
dn = CN=LDAP User,OU=Special Users,DC=shami,DC=local
dnpass = qwerty
auth_bind = yes
ldap_version = 3
base = dc=shami, dc=local
user_attrs = sAMAccountName=home
user_filter = (&(ObjectClass=person)(sAMAccountName=%u))
pass_filter = (&(ObjectClass=person)(sAMAccountName=%u))
user_global_uid = 1001
user_global_gid = 1001auth_bind tells dovecot to try to bind to Active Directory with the username and password clients authenticate with. Since Active Directory won’t let us read the password field then we need to do this. we’re not using Kerberos here.
Testing:
/usr/local/etc/rc.d/dovecot start
telnet localhost 143
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
* OK Dovecot ready.
a LOGIN mshami qazxsw
a OK Logged in.
a EXAMINE INBOX
* FLAGS (Answered Flagged Deleted Seen Draft)
* OK [PERMANENTFLAGS ()] Read-only mailbox.
* 0 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1206022806] UIDs valid
* OK [UIDNEXT 1] Predicted next UID
a OK [READ-ONLY] Select completed.
a LOGOUT
* BYE Logging out
a OK Logout completed.
Connection closed by foreign host.If you get that then you’re OK. Otherwise check your logs. You can turn on debugging in dovecot.conf. Also, you can use the Global Catalog port in your queries. The Global Catalog doesn’t use referrals, referrals cause some issues some times.
Now it’s time to get SMTP working
cd /usr/ports/mail/postfix
make
make installMake sure you choose DOVECOT and OPENLDAP. Also choose any other options you need. No need for any Kerberos options. You can use the default options during the make install operation.
Disable sendmail:
vi /etc/rc.conf
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
vi /etc/periodic.conf
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"Enable Postfix:
vi /etc/rc.conf
postfix_enable="YES"Fix the Postfix maps
postalias /etc/aliasesReboot the system for all settings to take effect, then test:
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 server ESMTP Postfix
quit
221 2.0.0 ByeNow that Postfix is running, lets hook it up to Active Directory (This is the complete file)
myhostname=mailhost
mydestination=localhost
mynetworks=127.0.0.1
myorigin=shami.net
virtual_mailbox_base = /var/vmail
virtual_uid_maps = static:1001
virtual_gid_maps = static:1001
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
alias_maps = hash:/etc/aliases
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
virtual_mailbox_domains =
shami.net
#LDAP Stuff
virtual_mailbox_maps = ldap:ldapvirtual
ldapvirtual_server_host =
ldap://192.168.192.210
ldap://192.168.192.211
ldapvirtual_search_base = DC=shami,DC=local
ldapvirtual_bind = yes
ldapvirtual_bind_dn = SHAMIldap
ldapvirtual_bind_pw = qwerty
ldapvirtual_query_filter = (sAMAccountName=%u)
ldapvirtual_result_attribute = sAMAccountName
ldapvirtual_version = 3
ldapvirtual_chase_referrals = yes
ldapvirtual_result_format=%s/Lets test:
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mailhost ESMTP Postfix
helo localhost
250 mailhost
mail from: mshami@shami.net
250 2.1.0 Ok
rcpt to: mshami@shami.net
250 2.1.5 Ok
data
354 End data with .
hi
.
250 2.0.0 Ok: queued as 92B5911460
quit
221 2.0.0 Bye
Connection closed by foreign host.If all goes well, Postfix will deliver the message to /var/vmail/mshami/
Using the Dovecot LDA:
Normally the virtual delivery agent is enough, but if you want to apply quota or vacation auto reply you’re going to have to use the Dovecot LDA. Also, the Dovecot LDA updates the mailbox indexes which will give you better IMAP/POP3 performance
vi /usr/local/etc/postfix/master.cf
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -d ${user}
vi /usr/local/etc/postfix/main.cf
virtual_transport=dovecot
dovecot_destination_recipient_limit=1
vi /usr/local/etc/dovecot.conf and uncomment the following (client section removed):
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
user = vmail
group = vmail
}
}
Test again:
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mailhost ESMTP Postfix
helo localhost
250 mailhost
mail from: mshami@shami.net
250 2.1.0 Ok
rcpt to: mshami@shami.net
250 2.1.5 Ok
data
354 End data with .
hi
.
250 2.0.0 Ok: queued as 9DBBF1143B
quit
221 2.0.0 Bye
Connection closed by foreign host.Now check your logs, you should see something like this:
postfix/pipe[904]: 9DBBF1143B: to=, relay=dovecot, delay=6.9, delays=6.4/0.01/0/0.56, dsn=2.0.0, status=sent (delivered via dovecot service)Great, now we’re ready to enable SMTP authentication:
vi /usr/local/etc/postfix/main.cf
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
vi /usr/local/etc/dovecot.conf
client {
path = /var/run/dovecot/auth-client
mode = 0660
user = postfix
group = postfix
}Testing:
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mailhost ESMTP Postfix
ehlo localhost
250-mailhost
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN AG1zaGFtaQBxYXp4c3c=
235 2.0.0 Authentication successful
quit
221 2.0.0 Bye
Connection closed by foreign host.Instead of AG1zaGFtaQBxYXp4c3c= you can generate your own username/password combination by using the command
printf '�username�password' | mmencodeWhere � is the null byte.
Enabling quota:
There is no need to go through this here, as the Dovecot wiki explains it clearly.
Mohammad H. Al-Shami. Email and DNS security specialist, ex-code monkey, and bad swimmer
I would like to personally thank you for your outstanding walk-through! After 4 days of parsing manuals and visiting both the dovecot and postfix sites, I stumbled across your information. Thank you for the very detailed, yet simple, outline — it worked great for my topology! I now own a permanent bookmark to this site!
Cheers
I’m glad this info helped, and thanks for the kind words
Good luck with your setup
* SQL and LDAP: user_global_uid and user_global_gid fields have
been removed from their config files. Instead you can now use mail_uid
and mail_gid settings in dovecot.conf.
hi..is there any set-up guide on how to install LDAP server? coz’ in your installation guide somehow the active LDAP is out of your scope..i hope you gonna post also the steps of configuring LDAP server…MANY THANKS!
hope you’ll have time for this…
and most of all thank you very much! for this great and useful tutorial..
Thanks for the comment. I’ve never personally installed an OpenLDAP server before, but it shouldn’t be that hard. As for Active Directory I’ve done it a few times (never for production though) and it’s not that hard, you can check here
Have a good one
wow! your such a nice person with a great personality..
I’m glad that as soon as possible you replied with my request…
sorry for the time…I’m just a newbie in freeBSD mail server set-up and with the help of your walkthrough,
I’m not getting lost with the installation but,anyways, thanks!..i hope your always approachable with the people who needs you help…again MANY THANKS!
by the way..where can i find the LDAP server set-up in the site you provided..:) sorry I’m just messed up…:)
Active directory runs on an LDAP backend, so you just need to install Active Directory and you’ll be ready. Check here for detailed instructions on how to install it on Windows Server 2003.
As for OpenLDAP, I’ve never installed it myself, Google is your best option. Good luck
hi,
I’ve configured the system according to the documents, but the speech was a problem
dovecot-ldap.conf
hosts = 192.168.2.100
dn = cn=administrator, cn=Users, dc=4gbilisim, dc=local
dnpass = 1234567
auth_bind = yes
ldap_version = 3
base = dc=4gbilisim, dc=local
user_attrs = sAMAccountName=home
user_filter = (&(ObjectClass=person)(sAMAccountName=%u))
pass_filter = (&(ObjectClass=person)(sAMAccountName=%u))
ldapvirtual.cf
server_host = 192.168.2.100
search_base = dc=4gbilisim, dc=local
bind = yes
bind_dn = CN=Administrator,CN=Users,DC=4gbilisim,DC=local
bind_pw = 1234567
version = 3
query_filter = (mail=%s)
result_attribute = sAMAccountName
result_format = %s/
special_result_attribute = member
maillog
May 19 10:11:18 mailsrv01 postfix/smtpd[1210]: 1001120DBB: client=localhost[127.0.0.1]
May 19 10:11:24 mailsrv01 postfix/cleanup[1228]: 1001120DBB: message-id=
May 19 10:11:24 mailsrv01 postfix/qmgr[1207]: 1001120DBB: from=, size=371, nrcpt=1 (queue active)
May 19 10:11:26 mailsrv01 postfix/pipe[1229]: 1001120DBB: to=, relay=dovecot, delay=19, delays=17/0.22/0/1.9, dsn=5.1.1, status=bounced (user unknown)
May 19 10:11:26 mailsrv01 postfix/cleanup[1228]: E204920DBD: message-id=
May 19 10:11:26 mailsrv01 postfix/qmgr[1207]: E204920DBD: from=, size=2165, nrcpt=1 (queue active)
May 19 10:11:26 mailsrv01 postfix/bounce[1231]: 1001120DBB: sender non-delivery notification: E204920DBD
May 19 10:11:26 mailsrv01 postfix/qmgr[1207]: 1001120DBB: removed
May 19 10:11:29 mailsrv01 postfix/pipe[1229]: E204920DBD: to=, relay=dovecot, delay=2.1, delays=0.03/0.03/0/2, dsn=5.1.1, status=bounced (user unknown)
postmap -q veysi@4gbilisim.com ldap:/usr/local/etc/postfix/ldapvirtual.cf
Veysi.Gumus/
Test 1 OK
telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
220 mailsrv01.4gbilisim.local ESMTP Postfix
ehlo -l
250-mailsrv01.4gbilisim.local
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: veysi.gumus
250 2.1.0 Ok
rcpt to: recep.ayaz
250 2.1.5 Ok
data
354 End data with .
deneme
.
250 2.0.0 Ok: queued as DCCED20DBB
Test 2 Error
telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
220 mailsrv01.4gbilisim.local ESMTP Postfix
ehlo -l
250-mailsrv01.4gbilisim.local
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: veysi@4gbilisim.com
250 2.1.0 Ok
rcpt to: recep@4gbilisim.com
550 5.1.1 : Recipient address rejected: User unknown in virtual mailbox table
dovecot-ldap.conf
hosts = 192.168.2.100
dn = cn=administrator, cn=users, dc=4gbilisim, dc=local
dnpass = 1234567
auth_bind = yes
ldap_version = 3
base = dc=4gbilisim, dc=local
user_attrs = sAMAccountName=home
user_filter = (&(ObjectClass=person)(sAMAccountName=%u))
pass_filter = (&(ObjectClass=person)(sAMAccountName=%u))
ldapvirtual.cf
server_host = 192.168.2.100
search_base = dc=4gbilisim, dc=local
bind = yes
bind_dn = CN=Administrator,CN=Users,DC=4gbilisim,DC=local
bind_pw = 1234567
version = 3
query_filter = (sAMAccountName=%u)
result_attribute = sAMAccountName
result_format = %s/
postmap -q veysi.gumus ldap:/usr/local/etc/postfix/ldapvirtual.cf
Veysi.Gumus/
Sorry for the delay, I’ve been very busy and haven’t had the chance to reply.
Did you make sure you put the correct lines in master.cf?
Also I’m going to need the output of postconf -n on your sever
Hi,
postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
disable_vrfy_command = yes
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mime_header_checks = regexp:/etc/postfix/mime_header_checks
mydestination = $myhostname localhost.$mydomain localhost
mydomain = 4gbilisim.com
myhostname = mailsrv01.4gbilisim.local
mynetworks = 127.0.0.0/8, 192.168.2.0/24
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
notify_classes = protocol, resource, software
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtpd_banner = $myhostname ESMTP
smtpd_helo_required = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_type = dovecot
unknown_local_recipient_reject_code = 550
virtual_gid_maps = static:1002
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = $mydomain
virtual_mailbox_maps = proxy:ldap:/usr/local/etc/postfix/ldapvirtual.cf
virtual_transport = dovecot
virtual_uid_maps = static:1002
I do not know much English I’m using Google Translate. hopefully I can explain the problems.
dovecot -n
# 1.1.11: /usr/local/etc/dovecot.conf
# OS: FreeBSD 7.2-RELEASE i386 ufs
protocols: imap pop3
ssl_disable: yes
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
login_greeting_capability(default): yes
login_greeting_capability(imap): yes
login_greeting_capability(pop3): no
valid_chroot_dirs: /var/vmail
verbose_proctitle: yes
first_valid_uid: 1002
last_valid_uid: 1002
first_valid_gid: 1002
last_valid_gid: 1002
mail_privileged_group: mail
mail_uid: vmail
mail_gid: vmail
mail_location: maildir:/var/vmail/%n
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
imap_client_workarounds(default): delay-newmail netscape-eoh tb-extra-mailbox-sep
imap_client_workarounds(imap): delay-newmail netscape-eoh tb-extra-mailbox-sep
imap_client_workarounds(pop3):
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
auth default:
mechanisms: plain login
username_format: %Lu
debug: yes
passdb:
driver: ldap
args: /usr/local/etc/dovecot-ldap.conf
userdb:
driver: ldap
args: /usr/local/etc/dovecot-ldap.conf
socket:
type: listen
client:
path: /var/run/dovecot/auth-client
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
user: vmail
group: vmail
master.cf
dovecot unix – n n – – pipe
flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -d ${user}
Does virtual delivery work if you use “virtual”?
hi,
master.cf
virtual unix – n n – – virtual
hi,
test ok
telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
220 mailsrv01.4gbilisim.local ESMTP
ehlo -l
250-mailsrv01.4gbilisim.local
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: veysi.gumus
250 2.1.0 Ok
rcpt to: recep.ayaz
250 2.1.5 Ok
data
354 End data with .
deneme
.
250 2.0.0 Ok: queued as A2CAD20DC1
maill log
May 23 16:57:19 mailsrv01 dovecot: auth(default): new auth connection: pid=1483
May 23 16:57:19 mailsrv01 postfix/smtpd[1483]: connect from localhost[127.0.0.1]
May 23 16:57:40 mailsrv01 postfix/smtpd[1483]: A2CAD20DC1: client=localhost[127.0.0.1]
May 23 16:57:46 mailsrv01 postfix/cleanup[1486]: A2CAD20DC1: message-id=
May 23 16:57:46 mailsrv01 postfix/qmgr[1398]: A2CAD20DC1: from=, size=354, nrcpt=1 (queue active)
May 23 16:57:47 mailsrv01 dovecot: auth(default): master in: USER 1 recep.ayaz service=deliver
May 23 16:57:47 mailsrv01 dovecot: auth(default): ldap(recep.ayaz): user search: base=dc=4gbilisim, dc=local scope=subtree filter=(&(ObjectClass=person)(sAMAccountName=recep.ayaz)) fields=sAMAccountName
May 23 16:57:49 mailsrv01 dovecot: auth(default): ldap(recep.ayaz): result: sAMAccountName(home)=recep.ayaz
May 23 16:57:49 mailsrv01 dovecot: auth(default): master out: USER 1 recep.ayaz home=recep.ayaz
May 23 16:57:49 mailsrv01 deliver(recep.ayaz): msgid=: saved mail to INBOX
May 23 16:57:49 mailsrv01 postfix/pipe[1487]: A2CAD20DC1: to=, orig_to=, relay=dovecot, delay=20, delays=17/0.16/0/2.2, dsn=2.0.0, status=sent (delivered via dovecot service)
May 23 16:57:49 mailsrv01 postfix/qmgr[1398]: A2CAD20DC1: removed
test error
telnet localhost 25
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
220 mailsrv01.4gbilisim.local ESMTP
ehlo -l
250-mailsrv01.4gbilisim.local
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: veysi@4gbilisim.com
250 2.1.0 Ok
rcpt to: recep@4gbilisim.com
550 5.1.1 : Recipient address rejected: User unknown in virtual mailbox table
Hi,
I Could Not Solve The Problem.May You Help me?
what wrong the error when start dovecot
Warning: Last died with error (see error log for more information): Auth process died too early – shutting down
Info: If you have trouble with authentication failures,
enable auth_debug setting. See http://wiki.dovecot.org/WhyDoesItNotWork
im set ssl_disable = yes
help!…
Please check http://wiki.dovecot.org/WhyDoesItNotWork. You should be able to fix it with proper logging. Good luck
hi! i configured internal mail server with your how-to, but i’m faced with such trouble:
i cant send mail to root/postmaster and other aliases, that defined in /etc/aliases. in logs:
Jun 30 11:44:15 mail postfix/pipe[48486]: A2F0610E447: to=, relay=dovecot, delay=0.12, delays=0.11/0/0/0.01, dsn=5.1.1, status=bounced (user unknown)
Jun 30 11:44:15 mail postfix/qmgr[52868]: C025210E449: removed
the impression that postfix does not check for aliases in /etc/aliases and immediately tries to deliver a letter to the user postmaster (which of course is not in the ad)
#postconf -n | grep ^alias
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
/etc/aliases.db created
request assistance in resolving problem…
P.S. sorry for my english…
Hi and sorry for the late reply. Either try adding a postmaster account on Active Directory or using virtual_alias_maps.
hi guy, i make config ssl_disable=no and make cert and key, in the end i run
start dovecot but i got the message below.
dovecot: Jul 02 20:14:16 Error: auth(default): LDAP: binding failed (dn CN=administrator,OU=Users,DC=example,DC=com): Invalid credentials
question:
how i know dovecot connect to active directory service work or not.
Thank guy.
hello..
[root@mail1 ~]# cp dovecot-example.conf dovecot.conf
cp: dovecot-example.conf: No such file or directory
please help me where can i find the dovecot-example.conf? Do i have to make it myself or can i find it inside dovecot?
virtual_transport=dovecot
dovecot_destination_recipient_limit=1
i can’t find these part here..help me please…
hello man,..i’m a newbie..where can i find the file to hook it up to Active Directory?
Sorry guys, I haven’t checked my blog in ages
Active Directory uses LDAP, so you need to use that.
You won’t find virtual_transport=dovecot and dovecot_destination_recipient_limit=1 in the configuration file. Add them
Hope that helps
thanks man…about the test username and pasword mshami qazxsw…
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
a LOGIN mshami qazxsw
a NO [UNAVAILABLE] Temporary authentication failure.
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
220 mailhost ESMTP Postfix
ehlo localhost
250-mailhost
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN
503 5.5.1 Error: authentication not enabled
why is it?can you help me man??
We need a non-privileged user in Active Directory to allow the other programs to authenticate, Iām calling it LDAP, and the password will be qwerty
Test username will be mshami and password will be qazxsw
Domain name is shami.local
Base DN is DC=shami,DC=local
IP addresses for our domain controllers are 192.168.192.210 and 192.168.192.211
hi…im just novice in AD,
just want to ask if test username and password is something made by on our own? or do we have to set-up in AD? and second, is it always two ip address to used? is that the IP address of our win2k3 AD server?
thanks!
hope you reply….
helo sir,..where did u get mshami and qazxsw?
Trying 127.0.0.1ā¦
Connected to localhost.
Escape character is ā^]ā.
220 mailhost ESMTP Postfix
ehlo localhost
250-mailhost
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN
503 5.5.1 Error: authentication not enabled
hello! Al-Shami
i found some errors on the authentication scheme
but i can’t figured out how to solve this problem.
hope you could help me….
what seems to be the problem?
—————————————–
[root@mail1 ~]# telnet localhost 143
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
a LOGIN juan qwerty
a NO [UNAVAILABLE] Temporary authentication failure.
——————————————-
I already created a non-previlege user but still
I can’t authenticate and bind to active directory…
is there something wrong with my configuration files?
Thanks!…
Turn on debugging and check the logs, that should tell you what’s wrong
Hello,..i am stuck with ldap..where do mshami username and qazxsw be found?
mshami is an Active Directory user, and qazxsw is his password
Hello again,..thanks for reply…and about the non-privileged user-LDAP User and the password,qwerty, is this an active directory user also, and do i have to specify OU?Hoping for your favorable response..
Hey there,
Postfix uses the non-privileged account to do lookups. Place it anywhere in Active Directory, it should work even inside an OU
hi..Al-Shami..
what is this shami.net?
is this a freebsd host?
coz’ i can’t deliver emails to localhost
with postfix!
it says: No Route to Host
-my dovecot is running
-in my mail log status=deferred
what seems to be the problem?
hope you reply!
Thanks!
Hi Brent,
shami.net is the email domain you want to host. Check your logs and documentation for details on how you can solve this problem
ok man…thank you so much..i have fixed it..
Thanks sir al-shami for this wonderful information. It really helped us in our project.=)
Hi,
windows 2008 server and dovecot working due to the underlying cause is available in the following error.
Nov 7 11:13:43 mailsrv dovecot: auth(default): new auth connection: pid=35475
Nov 7 11:13:52 mailsrv dovecot: auth(default): client in: AUTH 1 PLAIN service=imap secured lip=127.0.0.1 rip=127.0.0.1 lport=143 rport=51726 resp=AG1ha3N1ADY1NDMyMQ==
Nov 7 11:13:52 mailsrv dovecot: auth(default): ldap(maksu,127.0.0.1): bind search: base=dc=gbb, dc=local filter=(&(ObjectClass=person)(sAMAccountName=maksu))
Nov 7 11:13:52 mailsrv dovecot: auth(default): ldap(maksu,127.0.0.1): no fields returned by the server
Nov 7 11:13:52 mailsrv dovecot: auth(default): client out: OK 1 user=maksu
Nov 7 11:13:52 mailsrv dovecot: auth(default): master in: REQUEST 2 35473 1
Nov 7 11:13:52 mailsrv dovecot: auth(default): ldap(maksu,127.0.0.1): user search: base=dc=gbb, dc=local scope=subtree filter=(&(ObjectClass=person)(sAMAccountName=maksu)) fields=sAMAccountName
Nov 7 11:13:52 mailsrv dovecot: auth(default): ldap(maksu,127.0.0.1): result: sAMAccountName(home)=maksu
Nov 7 11:13:52 mailsrv dovecot: auth(default): master out: USER 2 maksu home=maksu
Nov 7 11:13:52 mailsrv dovecot: dovecot: Relative home directory paths not supported (user maksu): maksu
Nov 7 11:13:52 mailsrv dovecot: imap-login: Internal login failure (auth failed, 1 attempts): user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Sadly I’ve never used Windows 2008, so I’m not sure where to start. The guide is a bit outdated and the new Dovecot configuration is a bit different. I’ll update the guide if I can manage to get some free time and energy to do so.
Hi Al-Shami, your howto is wonderfull ! I configured dovecot/postfix and all go fine! I have only a little problem with dovecot quota, when I want ovverride default quota for some users is impossible change value. I use a Debian Lenny with dovecot release 1.0.15-2.3+lenny1
dovecot.conf
userdb prefetch {
}
dovecot-ldap.conf
user_attrs = sAMAccountName=home,phone=quota
I wrote override value in win2k3 on phone field
Please help me !
Ciao from Italy
Rudy
p.s sorry for my poor english
Hi Rudy, I’ve done this once but ages ago. I think your configuration is correct but I’m not sure. If I remember correctly the key is the value in the phone field. What are you populating it with?
I have recently installed postfix and Dovecot and can telnet to both ports successfully. LDAP authentication has been setup with Active Directory and this works too. Wehn I send a mail to myself from Outlook express, the mail is sent successfully, but I do not receive the mail. The mail log shows
postfix/virtual[509]: 063BE107AD: to=, relay=virtual, delay=0, status=SOFTBOUNCE (unknown user: “tsd001@sample.local”)
The main.cf, mail log and dovecot logs are pasted below. What does ‘no fields returned” in the dovecot log mean?
main.cf file
————
soft_bounce = yes
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
mail_owner = postfix
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = maildrop
html_directory = /usr/share/doc/packages/postfix/html
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/packages/postfix/samples
readme_directory = /usr/share/doc/packages/postfix/README_FILES
inet_protocols = all
biff = no
mail_spool_directory = /var/mail
canonical_maps = hash:/etc/postfix/canonical
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_alias_domains = hash:/etc/postfix/virtual
relocated_maps = hash:/etc/postfix/relocated
transport_maps = hash:/etc/postfix/transport
sender_canonical_maps = hash:/etc/postfix/sender_canonical
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender, header_recipient
#myhostname = samplel.sample.local
mydomain=sample.local
myhostname = samplel.sample.local
myorigin = $mydomain
program_directory = /usr/lib/postfix
inet_interfaces = all
masquerade_domains =
mydestination = $myhostname, localhost.$mydomain
defer_transports =
mynetworks = 10.0.0.0/8, 127.0.0.0/8, 192.0.0.0/8
#relay_domains=$mydestination
disable_dns_lookups = yes
#relayhost = samplel.sample.local
mailbox_command =
mailbox_transport =
strict_8bitmime = no
disable_mime_output_conversion = no
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
strict_rfc821_envelopes = no
smtpd_recipient_restrictions = permit_inet_interfaces, permit_mynetworks, reject_unauth_destination
smtp_sasl_auth_enable = no
smtpd_sasl_auth_enable = no
smtpd_use_tls = no
smtp_use_tls = no
smtpd_reject_unlisted_recipient = yes
alias_maps = hash:/etc/aliases
mailbox_size_limit = 0
message_size_limit = 10240000
local_recipient_maps =
debug_peer_list=sample.local
debug_peer_level = 5
virtual_mailbox_base = /var/vmail
virtual_uid_maps = static:1009
virtual_gid_maps = static:1003
virtual_mailbox_domains = sample.local
#LDAP Stuff
#virtual_mailbox_maps = ldap:ldapvirtual
ldapvirtual_server_host = 10.1.2.13
ldapvirtual_search_base = DC=sample,DC=local
ldapvirtual_bind = yes
ldapvirtual_bind_dn = cn=ldapuser,OU=Service Accounts,DC=sample,DC=local
ldapvirtual_bind_pw = ldappass
ldapvirtual_query_filter = (sAMAccountName=%u)
ldapvirtual_result_attribute = sAMAccountName
ldapvirtual_version = 3
ldapvirtual_chase_referrals = yes
ldapvirtual_result_format=%s/
mail log
——-
Nov 25 14:40:52 samplel postfix/smtpd[502]: running: PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin? xxgdb /usr/lib/postfix/smtpd 502 & sleep 5
Nov 25 14:40:57 samplel postfix/smtpd[502]: connect from unknown[10.7.3.11]
Nov 25 14:40:57 samplel postfix/smtpd[502]: DB1A2107AB: client=unknown[10.7.3.11]
Nov 25 14:40:58 samplel postfix/smtpd[502]: 063BE107AD: client=unknown[10.7.3.11]
Nov 25 14:40:58 samplel postfix/cleanup[507]: 063BE107AD: message-id=
Nov 25 14:40:58 samplel postfix/qmgr[432]: 063BE107AD: from=, size=1444, nrcpt=1 (queue active)
Nov 25 14:40:58 samplel postfix/virtual[509]: 063BE107AD: to=, relay=virtual, delay=0, status=SOFTBOUNCE (unknown user: “tsd001@sample.local”)
Nov 25 14:40:58 samplel postfix/smtpd[502]: disconnect from unknown[10.7.3.11]
dovecot log
———–
Nov 25 14:40:58 auth(default): Info: new auth connection: pid=511
Nov 25 14:41:58 auth(default): Info: client in: AUTH 1 PLAIN service=imap lip=10.63.1.202 rip=10.7.3.11 lport=143 rport=4275 resp=
Nov 25 14:41:58 auth(default): Info: ldap(tsd001,10.7.3.11): bind search: base=DC=sample,DC=local filter=(&(ObjectClass=*)(sAMAccountName=tsd001))
Nov 25 14:41:58 auth(default): Info: ldap(tsd001,10.7.3.11): no fields returned by the server
Nov 25 14:41:58 auth(default): Info: client out: OK 1 user=tsd001
Nov 25 14:41:58 auth(default): Info: master in: REQUEST 213 511 1
Nov 25 14:41:58 auth(default): Info: ldap(tsd001,10.7.3.11): user search: base=DC=sample,DC=local scope=subtree filter=(&(ObjectClass=*)(sAMAccountName=tsd001)) fields=homeDirectory,uidNumber,gidNumber
Nov 25 14:41:58 auth(default): Info: ldap(tsd001,10.7.3.11): no fields returned by the server
Nov 25 14:41:58 auth(default): Info: master out: USER 213 tsd001
Nov 25 14:41:58 imap-login: Info: Login: user=, method=PLAIN, rip=10.7.3.11, lip=10.63.1.202
Nov 25 14:41:58 IMAP(tsd001): Info: Disconnected in IDLE bytes=183/600
Nov 25 14:41:58 auth(default): Info: client in: AUTH 1 PLAIN service=imap lip=10.63.1.202 rip=10.7.3.11 lport=143 rport=4276 resp=
Nov 25 14:41:58 auth(default): Info: ldap(tsd001,10.7.3.11): bind search: base=DC=sample,DC=local filter=(&(ObjectClass=*)(sAMAccountName=tsd001))
Nov 25 14:41:58 auth(default): Info: ldap(tsd001,10.7.3.11): no fields returned by the server
Nov 25 14:41:58 auth(default): Info: client out: OK 1 user=tsd001
Nov 25 14:41:58 auth(default): Info: master in: REQUEST 214 500 1
Nov 25 14:41:58 auth(default): Info: ldap(tsd001,10.7.3.11): user search: base=DC=sample,DC=local scope=subtree filter=(&(ObjectClass=*)(sAMAccountName=tsd001)) fields=homeDirectory,uidNumber,gidNumber
Nov 25 14:41:58 auth(default): Info: ldap(tsd001,10.7.3.11): no fields returned by the server
Nov 25 14:41:58 auth(default): Info: master out: USER 214 tsd001
Nov 25 14:41:58 imap-login: Info: Login: user=, method=PLAIN, rip=10.7.3.11, lip=10.63.1.202
Nov 25 14:41:58 IMAP(tsd001): Info: Disconnected in IDLE bytes=259/1394
Nov 25 14:41:58 auth(default): Info: new auth connection: pid=516
Nov 25 14:41:58 auth(default): Info: new auth connection: pid=517
Hey there, and sorry for the late reply.
Since Dovecot is authenticating properly your problem is in Postfix. Your “virtual_mailbox_maps” seems to be commented out, so Postfix isn’t reading the maps from AD. Seems you skipped something in the HOWTO
Great walkthrough, though I do still miss one thing:
if I set reject_sender_login_mismatch in smtpd_sender_restrictions section I cannot send anything, because: “: Sender address rejected: not owned by user fbar;”.
The fbar user does have email attr set properly in Active Directory. Can you give me a hint on this one?
Hi, and sorry for the late reply.
That’s because your sender maps are not set. If you check the postfix documentation you’ll see you need to set smtpd_sender_login_maps as well. That can be easily done using an LDAP lookup to the “email” field or some other one if you chose to do so.
Hi, I got a “Internal login failure” when I test dovecot using telnet. I am using FreeBSD 7.2. Could help me pls???
Hi,
Enable debugging and check the logs. That way you will be able to figure out where the error is an fix it. Good luck
I have some e-mails which are aliases to other real e-mail, for example: some e-mail to help@mydomain.com goes to jhon@mydomain.com, luiz@mydomain.com and gomes@mydomain.com; do you know how resolve that?? I’m using your how to.
Thanks.
Hi there,
In order to add aliases you can use virtual_alias_maps in postfix, you have to do this manually though. Hope that helps. Good luck