Combination of postfix + cyrus (virtdomains) problems
Guus Leeuw jr
guus.leeuw at itpassion.com
Mon Dec 1 15:04:14 EST 2008
Hello,
I want to be able to run all of these IMAP mailboxes on one machine:
* webmaster at tenantvet.net
* webmaster at option-d.co.uk
At a later stage, I want to run mailboxes like first.last at domain.com.
All with their distinct login ID through ptloader/LDAP.
So I'm testing with webmaster at option-d.co.uk as this account is not normally
receiving emails so far.
I've got a general postfix SMTP server that is capable of redirecting emails
for webmaster at option-d.co.uk to the correct server (imap4).
On imap4 I have been playing around with virtdomains (as I am supposed to)
and am currently giving up, because I don't see anymore why it doesn't work
:D
Here's my (imap4) postconf -n:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_list = option-d.co.uk
html_directory = no
inet_interfaces = 192.168.123.17
local_recipient_maps = ldap:ldaplocal
mail_owner = postfix
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydestination = option-d.co.uk, tenantvet.net mydomain =
chiswick.itpassion.com myhostname = imap4.chiswick.itpassion.com
mynetworks_style = subnet newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix readme_directory =
/usr/share/doc/postfix-2.4.5/README_FILES
relayhost = smtp.chiswick.itpassion.com
sample_directory = /usr/share/doc/postfix-2.4.5/samples
sender_canonical_maps = ldap:ldapsender
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_helo_required = yes
smtpd_recipient_restrictions = reject_invalid_hostname,
reject_non_fqdn_sender, reject_non_fqdn_recipient,
reject_unknown_sender_domain, reject_unknown_recipient_domain,
reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated,
reject_unauth_destination, reject_rbl_client zombie.dnsbl.sorbs.net,
reject_rbl_client list.dsbl.org, reject_rbl_client sbl.spamhaus.org, permit
smtpd_sasl_auth_enable = yes virtual_alias_maps = ldap:ldapvirtual
and here's my master.cf
#
# Postfix master process configuration file. For details on the format # of
the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
smtps inet n - n - - smtpd
-o smtpd_sasl_auth_enable=yes
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
cyrus unix - n n - - pipe
flags= user=cyrus argv=/usr/lib/cyrus-imapd/deliver -r ${sender} -m
${extension} ${recipient}
This all pretty standard, as I use that across 3 other mailservers (where I
serve one domain each).
Here's my cyrus.conf:
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=5
imaps cmd="imapd -s" listen="imaps" prefork=1
pop3 cmd="pop3d" listen="pop3" prefork=3
pop3s cmd="pop3d -s" listen="pop3s" prefork=1
sieve cmd="timsieved" listen="sieve" prefork=0
ptloader cmd="ptloader" listen="/imap/ptclient/ptsock" prefork=1
# these are only necessary if receiving/exporting usenet via NNTP
# nntp cmd="nntpd" listen="nntp" prefork=3
# nntps cmd="nntpd -s" listen="nntps" prefork=1
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/imap/socket/lmtp" prefork=1
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/lib/imap/socket/notify"
proto="udp" prefork=1
}
EVENTS {
# this is required
checkpoint cmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression,
# Sieve or NNTP
delprune cmd="cyr_expire -E 3" at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
}
Again, pretty standard, I would say.
Now the imapd.conf:
admins: cyrus
allowanonymouslogin: no
allowplaintext: yes
allowplainwithouttls: 1
annotation_db: skiplist
autocreatequota: 0
configdirectory: /imap
duplicate_db: skiplist
expunge_mode: delayed
hashimapspool: true
partition-default: /imap/spool
poptimeout: 10
postmaster: postmaster
quotawarn: 90
reject8bit: no
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
servername: imap4.chiswick.itpassion.com
sievedir: /imap/sieve
sieve_maxscriptsize: 96
sieve_maxscripts: 15
timeout: 30
tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
virtdomain: on
defaultdomain: chiswick.itpassion.com
loginrealms: option-d.co.uk
ldap_uri: ldap://security.chiswick.itpassion.com
ldap_version: 3
ldap_size_limit: 20
ldap_sasl: 0
ldap_base: dc=itpassion,dc=com
ldap_filter: (&(uid=%u)(accountStatus=active))
auth_mech: pts
ldap_mech: plain
pts_module: ldap
ptscache_timeout: 10
ptloader_sock: /imap/ptclient/ptsock
When I create webmaster at option-d.co.uk with this setup I get, more often
than not:
localhost> cm user.webmaster at option-d.co.uk
createmailbox: Permission denied
So I stick a unixhierarchysep: 1 in the imapd.conf and
localhost> cm user/webmaster at option-d.co.uk
localhost>
So I think, I have success. Looking in the spool directory, this mailbox
doesn't show up under /imap/spool/domain, instead it shows up under
/imap/spool/w/user/webmaster\@option-d^co^uk
Sending an email to webmaster at option-d.co.uk then gets the following report
from lmtpunix:
Nov 30 15:32:32 imap4 postfix/smtpd[11957]: connect from
smtp.chiswick.itpassion.com[192.168.123.5]
Nov 30 15:32:32 imap4 postfix/smtpd[11957]: DA25318ED88:
client=smtp.chiswick.itpassion.com[192.168.123.5]
Nov 30 15:32:32 imap4 postfix/cleanup[11959]: warning: DA25318ED88:
multi-valued sender_canonical_maps entry for guus.leeuw at itpassion.com Nov 30
15:32:32 imap4 postfix/cleanup[11959]: DA25318ED88:
message-id=<!&!AAAAAAAAAAAYAAAAAAAAAL6W7FSHlxZFmEatnwmRjKeijwAAEAAAAFEXgqFz7
QRHrnzaikCceUIBAAAAAA==@itpassion.com>
Nov 30 15:32:32 imap4 postfix/smtpd[11957]: disconnect from
smtp.chiswick.itpassion.com[192.168.123.5]
Nov 30 15:32:32 imap4 postfix/qmgr[9793]: DA25318ED88:
from=<guus.leeuw at itpassion.com>, size=27336, nrcpt=1 (queue active) Nov 30
15:32:33 imap4 lmtpunix[11922]: accepted connection Nov 30 15:32:33 imap4
lmtpunix[11922]: lmtp connection preauth'd as postman Nov 30 15:32:33 imap4
lmtpunix[11922]: verify_user(user.webmaster) failed:
Mailbox does not exist
Nov 30 15:32:33 imap4 postfix/pipe[11961]: DA25318ED88:
to=<webmaster at option-d.co.uk>, relay=cyrus, delay=0.53,
delays=0.18/0.11/0/0.24, dsn=5.6.0, status=bounced (data format error.
Command output: webmaster at option-d.co.uk: Mailbox does not exist )
I have to specify loginrealms because otherwise I cannot login as
webmaster at option-d.co.uk:
Nov 30 15:40:47 imap4 imap[11937]: ptload(): fetched cache record
(webmaster at option-d.co.uk)(mark 1228059072, current 1228059647, limit
1228059637)
Nov 30 15:40:47 imap4 imap[11937]: ptload(): pinging ptloader Nov 30
15:40:47 imap4 imap[11937]: connected with no delay Nov 30 15:40:47 imap4
imap[11937]: ptload(): connected Nov 30 15:40:47 imap4 imap[11937]:
timeout_select: sock = 16, rp = 0x0, wp = 0xbf8e85a0, sec = 30 Nov 30
15:40:47 imap4 imap[11937]: timeout_select exiting. r = 1; errno = 0 Nov 30
15:40:47 imap4 imap[11937]: ptload sent data Nov 30 15:40:47 imap4
imap[11937]: timeout_select: sock = 16, rp = 0xbf8e8620, wp = 0x0, sec = 30
Nov 30 15:40:47 imap4 ptloader[11921]: accepted connection Nov 30 15:40:47
imap4 ptloader[11921]: mystore: starting txn 2147483659 Nov 30 15:40:47
imap4 ptloader[11921]: mystore: committing txn 2147483659 Nov 30 15:40:47
imap4 imap[11937]: timeout_select exiting. r = 1; errno = 0 Nov 30 15:40:47
imap4 imap[11937]: timeout_select: sock = 16, rp = 0xbf8e8620, wp = 0x0, sec
= 30 Nov 30 15:40:47 imap4 imap[11937]: timeout_select exiting. r = 1; errno
= 0 Nov 30 15:40:47 imap4 imap[11937]: ptload read data back Nov 30 15:40:47
imap4 imap[11937]: ptload returning data Nov 30 15:40:47 imap4 imap[11937]:
canonified webmaster at option-d.co.uk -> webmaster at option-d.co.uk Nov 30
15:40:47 imap4 imap[11937]: badlogin: localhost [127.0.0.1] plaintext
webmaster at option-d.co.uk SASL(-13): authentication failure: cross-realm
login webmaster at option-d.co.uk denied
option-d.co.uk is not a hosted network, and having seen remarks that a
reverse lookup is being executed by imap, I do not understand completely as
to what imap would be looking for in the reverse lookup (option-d.co.uk is
not a hostname..., so that throws me off a little as well.)
Now, I have seen a setup where ctl_mboxlist -d would give:
option-d.co.uk!user.webmaster 0 default webmaster at option-d.co.uk
lrswipkxtecda
option-d.co.uk.Drafts!user.webmaster 0 default
webmaster at option-d.co.uk.drafts lrswipkxtecda
option-d.co.uk.Ham!user.webmaster 0 default
webmaster at option-d.co.uk.ham lrswipkxtecda
option-d.co.uk.Sent!user.webmaster 0 default
webmaster at option-d.co.uk.sent lrswipkxtecda
option-d.co.uk.Spam!user.webmaster 0 default
webmaster at option-d.co.uk.spam lrswipkxtecda
option-d.co.uk.Trash!user.webmaster 0 default
webmaster at option-d.co.uk.trash lrswipkxtecda
But for the life of me, I cannot get that situation back on my newly
installed server. Comparing notes isn't possible (it was a long time ago,
and I trashed that FC7 server for an FC10), although I suspect the whole
problem has something to do with the loginrealms and defaultdomain settings.
Not sure though.
Can somebody check these things, as I really cannot see it anymore (tried
too many things that weren't working)...
Thanks,
Guus
More information about the Info-cyrus
mailing list