dovecot - Jun 2010 - configuring sendmail to work with dovecot+LDAP

I would like to setup dovecot (1.1.20) with LDAP virtual users,
but I don't seem to understand how to get my sendmail to accept
mail for the virtual users.
(I am rather new to this, so I may have some misunderstandings)

I have followed - wiki.dovecot.org/HowTo/DovecotOpenLdap
(OpenLDAP 2.3.43)
and I think I have IMAP working for virtual users.
I can connect to port 143, enter a username and password and
it works.

Now I surmise I need to configure my SMTP server to accept mail
for these LDAP virtual users, and deliver it appropriately.
(The above HowTo doesn't address this step, from what I can tell)

I read - wiki.dovecot.org/LDA and wiki.dovecot.org/LDA/Sendmail
(I'm using OpenBSD 4.7, which uses sendmail for MTA / SMTP server,
sendmail version 8.14.3)

For sendmail.cf, I made the changes in my sendmail.mc file to include the
dovecot mailer (calling /usr/local/libexec/dovecot/deliver),
and compiled with m4 and installed the new sendmail.cf

For dovecot.conf, I edited the portions (abbreviated):
protocol lda { auth_socket_path = /var/run/dovecot/auth-master }
and
auth default { socket listen { master {path = /var/run/dovecot/auth-master }}}

When I try to test this, (telnet www.example.org 25)
If I try: MAIL TO:jdoe at www.example.org
 I get "User unknown"
I see that if I try: MAIL TO:jdoe at example.org
 I get "Relaying denied"
Either way it doesn't get delivered.


Thank you for any help.
And if anyone knows a good basic tutorial for dovecot+LDAP+sendmail
I would really appreciate it.





dovecot -n (de-identified, and yes I know SSL is disabled, after it all works
I'll fix it)
----------
# 1.1.20: /etc/dovecot.conf
Warning: fd limit 128 is lower than what Dovecot can use under full load (more
than 640). Either grow the limit or change login_max_processes_count and
max_mail_processes settings
# OS: OpenBSD 4.7 i386  ffs
base_dir: /var/dovecot/
protocols: imap
listen: *:143
ssl_disable: yes
ssl_cert_file: /etc/ssl/dovecotcert.pem
disable_plaintext_auth: no
login_dir: /var/dovecot/login
login_executable: /usr/local/libexec/dovecot/imap-login
login_user: _dovecot
verbose_proctitle: yes
first_valid_uid: 519
last_valid_uid: 519
first_valid_gid: 519
last_valid_gid: 519
mail_uid: 519
mail_gid: 519
mail_location: mbox:/var/mail/virtual/%u/mail
mbox_write_locks: fcntl
imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep
lda:
  postmaster_address: postmaster at example.org
  sendmail_path: /usr/sbin/sendmail
  auth_socket_path: /var/run/dovecot/auth-master
auth default:
  verbose: yes
  passdb:
    driver: bsdauth
  passdb:
    driver: ldap
    args: /etc/dovecot-ldap.conf
  userdb:
    driver: passwd
  userdb:
    driver: ldap
    args: /etc/dovecot-ldap.conf
  socket:
    type: listen
    master:
      path: /var/run/dovecot/auth-master
      mode: 384
      user: _dovevirt

Douglas Maus <dmaus at speakeasy.net> wrote:
> I would like to setup dovecot (1.1.20) with LDAP virtual users,
> but I don't seem to understand how to get my sendmail to accept
> mail for the virtual users.
> (I am rather new to this, so I may have some misunderstandings)
>
> I have followed - wiki.dovecot.org/HowTo/DovecotOpenLdap
> (OpenLDAP 2.3.43)
> and I think I have IMAP working for virtual users.
> I can connect to port 143, enter a username and password and
> it works.
>
> Now I surmise I need to configure my SMTP server to accept mail
> for these LDAP virtual users, and deliver it appropriately.
> (The above HowTo doesn't address this step, from what I can tell)
>
> I read - wiki.dovecot.org/LDA and wiki.dovecot.org/LDA/Sendmail
> (I'm using OpenBSD 4.7, which uses sendmail for MTA / SMTP server,
> sendmail version 8.14.3)
>
> For sendmail.cf, I made the changes in my sendmail.mc file to include the
> dovecot mailer (calling /usr/local/libexec/dovecot/deliver),
> and compiled with m4 and installed the new sendmail.cf
> [....]
> When I try to test this, (telnet www.example.org 25)
> If I try: MAIL TO:jdoe at www.example.org
>  I get "User unknown"
> I see that if I try: MAIL TO:jdoe at example.org
>  I get "Relaying denied"
> Either way it doesn't get delivered.
>
> Thank you for any help.
> And if anyone knows a good basic tutorial for dovecot+LDAP+sendmail
> I would really appreciate it.
> [...]
http://wiki.dovecot.org/LDA/Sendmail tells about adding "per virtual
domain" routing entry into sendmail's mailertable.
[ after it mailertable requires recompilation with makemap ]

IF the virtual domain is a local email domain 
THEN mailertable is not consulted and sendmail (typically) checks
     existence of OS account (no OS account => "User unknown" )
ELSE access (table) entry is required to avoid "Relaying denied"

# access (table) entry to allow accepting messages to the.virtual.domain
# from anywhere
to:the.virtual.domain RELAY

To get list of local email domains as root execute
  echo '$=w' | sendmail -bt
To stop sendmail from guessing list of local email domain you may use
define(`confDONT_PROBE_INTERFACES',`True') in sendmail.mc
  http://www.sendmail.org/m4/tweaking_config.html#confDONT_PROBE_INTERFACES

*WARNINGS* The above:
a) WILL NOT configure SMTP AUTH to use LDAP
   [ AFAIK sendmail supports Cyrus SASL only ]
b) WILL NOT make sendmail check existence of virtual mailbox in reply to
   "RCPT TO:" in SMTP session
"a" and "b" require another configuration

-- 
[pl>en: Andrew] Andrzej Adam Filip : anfi at onet.eu
We have lingered long enough on the shores of the Cosmic Ocean.
  -- Carl Sagan