dovecot - Apr 2014 - Dovecot LDAP issue

On 4/7/2014 6:13 PM, Reindl Harald wrote:
>
>
> Am 07.04.2014 23:47, schrieb Deeztek Support:
>> On 4/7/2014 4:42 PM, Christian Schmidt wrote:
>>> 7.04.2014 20:43, Deeztek Support:
>>>> On 4/7/2014 2:08 PM, Oscar del Rio wrote:
>>>>>
>>>>> On 04/ 7/14 01:46 PM, Deeztek Support wrote:
>>>>>>
>>>>>> I'm authenticating users through AD and it seems to
work with no
>>>>>> problems. Unfortunately, when I try to send e-mail from
a user who's
>>>>>> not in the testou container I get the following error:
>>>>>>
>>>>>> Sender address rejected: User unknown in virtual
mailbox table> #SMTP#.
>>>>>>
>>>>>
>>>>> Looks like a Postfix error, not Dovecot.
>>>>
>>>> I don't think so. Postfix already looks from the root of
the AD down and
>>>> it has no problems. Dovecot does not authenticate at all if I
simply put
>>>> the AD root in the ldap configuration file.
>>>
>>> "User unknown in virtual mailbox table" is what *postfix*
tells you.
>>> Dovecot does not do SMTP (yet). Thus, I suppose that dovecot
doesn't get
>>> involved at all (although this depends on your configuration).
>>>
>>> I recommend to check the restrictions you defined in your postfix
>>> configuration.
>>>
>> The reason I think it's Dovecot generating the error is because
when the IP address of the sending server is not in
>> the mynetworks directive of postfix I get the following error
>
> why in the world do you strip logs
>
> syslog contains even the process who generates a entry and
> so there is not much to guess if you *really* look at the log
>
>
I'm not stripping any logs. The error I put is from the bounce message. 
The syslog says the following:

Apr  7 17:39:39 ewa postfix/pipe[7134]: E35AE860B26: 
to=<someone at domain.tld>, relay=dovecot, delay=0.02, delays=0/0/0/0.01, 
dsn=5.1.1, status=bounced (user unknown. Command output:

So mystery solved, it really is dovecot generating the error.

Question remains, can someone please tell me how to get Dovecot do LDAP 
looks from the AD root?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 7 Apr 2014, Deeztek Support wrote:
> On 4/7/2014 6:13 PM, Reindl Harald wrote:
>> 
>> 
>> Am 07.04.2014 23:47, schrieb Deeztek Support:
>>> On 4/7/2014 4:42 PM, Christian Schmidt wrote:
>>>> 7.04.2014 20:43, Deeztek Support:
>>>>> On 4/7/2014 2:08 PM, Oscar del Rio wrote:
>>>>>> 
>>>>>> On 04/ 7/14 01:46 PM, Deeztek Support wrote:
>>>>>>> 
>>>>>>> I'm authenticating users through AD and it
seems to work with no
>>>>>>> problems. Unfortunately, when I try to send e-mail
from a user who's
>>>>>>> not in the testou container I get the following
error:
>>>>>>> 
>>>>>>> Sender address rejected: User unknown in virtual
mailbox table>
>>>>>>> #SMTP#.
>>>>>>> 
>>>>>> 
>>>>>> Looks like a Postfix error, not Dovecot.
>>>>> 
>>>>> I don't think so. Postfix already looks from the root
of the AD down and
>>>>> it has no problems. Dovecot does not authenticate at all if
I simply put
>>>>> the AD root in the ldap configuration file.
>>>> 
>>>> "User unknown in virtual mailbox table" is what
*postfix* tells you.
>>>> Dovecot does not do SMTP (yet). Thus, I suppose that dovecot
doesn't get
>>>> involved at all (although this depends on your configuration).
>>>> 
>>>> I recommend to check the restrictions you defined in your
postfix
>>>> configuration.
>>>> 
>>> The reason I think it's Dovecot generating the error is because
when the
>>> IP address of the sending server is not in
>>> the mynetworks directive of postfix I get the following error
>> 
>> why in the world do you strip logs
>> 
>> syslog contains even the process who generates a entry and
>> so there is not much to guess if you *really* look at the log
>> 
>> 
>
> I'm not stripping any logs. The error I put is from the bounce message.
The
> syslog says the following:
>
> Apr  7 17:39:39 ewa postfix/pipe[7134]: E35AE860B26: to=<someone at
domain.tld>,
> relay=dovecot, delay=0.02, delays=0/0/0/0.01, dsn=5.1.1, status=bounced
(user
> unknown. Command output:
>
> So mystery solved, it really is dovecot generating the error.
>
> Question remains, can someone please tell me how to get Dovecot do LDAP
looks
> from the AD root?
The primary question is: Does

ldapsearch -H ldap://server.domain.tld:389 \
  -b dc=domain,dc=tld -D ...  -W \
 
'(&(userPrincipalName=<<user>>)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'

return the user?

How many domain controllers to you have in the AD? Which of them holds 
which domains? See 
http://technet.microsoft.com/en-us/library/cc978012.aspx


- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBU0OUvXD1/YhP6VMHAQIF9AgAu2wxEpYXMoHwS1uA7fxKbMPY1tGXU2SE
Ub0GVd6CZ6tUWsYW4YE7rYsyy2LFdLDlTFkeOttP30XeoLdYbvnh8QqOR+iURJx2
u2Y/x91SfTIqhRIjDLckq6pmcgugyaLngWKMBCWvkpra03GTqCUmY7Wndh9FoXRm
/S1F3u/q0vID1JDEZWeoEInrpKh7KCxX4WPDiUTLUho1CwnzYiMpDlLYJMHNn7P/
K8P2ESPapFwr16tShUewXi7l2hGVGt8Eaqb/z2OqnkWEdSNILejnv5TkZif6GT6H
sh8/AxPsotpmV2kEh/IjMG4mjihHCnzvxngpMu96xkTufsBcgt4RyQ==dM6R
-----END PGP SIGNATURE-----