dovecot - Feb 2020 - dovecot 2 samba ad-dc

Helo you,

I try to build a mail server based on Centos 7, postfix and dovecot 2.
My backend is a Samba4 ad-dc.

I tried a lot and I don't know what else I could try.I'm new to this
mailing list so please forgive me if I don't give right information or
anything

Samba4 ad-dc is up incl. dns. Win10 Client joined domain and
authentication works.

Postfix is up and checks against ldap whether recipient address exists.
It takes mail via telnet and queues them. But can't give it to dovecot.


my master.cf locks like that:


[root at mail1t postfix]# cat master.cf
smtp????? inet? n?????? -?????? -?????? -?????? -?????? smtpd
submission inet n?????? -?????? -?????? -?????? -?????? smtpd
? -o smtpd_enforce_tls=yes
? -o smtpd_tls_security_level=encrypt
? -o tls_preempt_cipherlist=yes
pickup??? fifo? n?????? -?????? -?????? 60????? 1?????? pickup
cleanup?? unix? n?????? -?????? -?????? -?????? 0?????? cleanup
qmgr????? fifo? n?????? -?????? n?????? 300???? 1?????? qmgr
tlsmgr??? unix? -?????? -?????? -?????? 1000??? 1?????? tlsmgr
rewrite?? unix? -?????? -?????? -?????? -?????? -?????? trivial-rewrite
bounce??? unix? -?????? -?????? -?????? -?????? 0?????? bounce
defer???? unix? -?????? -?????? -?????? -?????? 0?????? bounce
trace???? unix? -?????? -?????? -?????? -?????? 0?????? bounce
verify??? unix? -?????? -?????? -?????? -?????? 1?????? verify
flush???? unix? n?????? -?????? -?????? 1000??? 0?????? flush
proxymap? unix? -?????? -?????? n?????? -?????? -?????? proxymap
proxywrite unix -?????? -?????? n?????? -?????? 1?????? proxymap
smtp????? unix? -?????? -?????? -?????? -?????? -?????? smtp
relay???? unix? -?????? -?????? -?????? -?????? -?????? smtp
showq???? unix? n?????? -?????? -?????? -?????? -?????? showq
error???? unix? -?????? -?????? -?????? -?????? -?????? error
retry???? unix? -?????? -?????? -?????? -?????? -?????? error
discard?? unix? -?????? -?????? -?????? -?????? -?????? discard
local???? unix? -?????? n?????? n?????? -?????? -?????? local
virtual?? unix? -?????? n?????? n?????? -?????? -?????? virtual
lmtp????? unix? -?????? -?????? -?????? -?????? -?????? lmtp
anvil???? unix? -?????? -?????? -?????? -?????? 1?????? anvil
scache??? unix? -?????? -?????? -?????? -?????? 1?????? scache
maildrop? unix? -?????? n?????? n?????? -?????? -?????? pipe
? flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp????? unix? -?????? n?????? n?????? -?????? -?????? pipe
? flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail??? unix? -?????? n?????? n?????? -?????? -?????? pipe
? flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp???? unix? -?????? n?????? n?????? -?????? -?????? pipe
? flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix? -?? n?? n?? -?? 2?? pipe
? flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman?? unix? -?????? n?????? n?????? -?????? -?????? pipe
? flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
? ${nexthop} ${user}
dovecot?? unix? -?????? n?????? n?????? -?????? -?????? pipe
? flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f
${sender} -d ${user}@${nexthop}
#smtp????? inet? n?????? -?????? n?????? -?????? 1?????? postscreen
#smtpd???? pass? -?????? -?????? n?????? -?????? -?????? smtpd
#dnsblog?? unix? -?????? -?????? n?????? -?????? 0?????? dnsblog
#tlsproxy? unix? -?????? -?????? n?????? -?????? 0?????? tlsproxy
postlog?? unix-dgram n? -?????? n?????? -?????? 1?????? postlogd


my ldap.conf on mailserver:

[root at mail1t openldap]# cat ldap.conf
#
# LDAP Defaults
#

# See ldap.conf(5) for details
# This file should be world readable but not world writable.

#BASE??? dc=example,dc=com
#URI??? ldap://ldap.example.com ldap://ldap-master.example.com:666
URI ldaps://ldap1t.test.loc:636

#SIZELIMIT??? 12
#TIMELIMIT??? 15
#DEREF??? ??? never

#TLS_CACERTDIR??? /etc/openldap/certs
TLS_CACERTDIR /etc/pki/tls/certs/ka

# Turning this off breaks GSSAPI used with krb5 when rdns = false
SASL_NOCANON??? on

TLS_REQCERT never


dovecot.conf:

[root at mail1t dovecot]# cat dovecot.conf
auth_mechanisms = plain login
mail_uid = vmail
mail_gid = vmail
ssl_cert = </etc/ssl/mail.pem
ssl_key = </etc/ssl/key.pem
login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l
mpid=%e
%c %k"
#mail_plugins = quota
ssl_cipher_list
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA

log_timestamp = "%Y-%m-%d %H:%M:%S "
log_path = /var/log/dovecot.log
info_log_path = /var/log/dovecot-info.log
debug_log_path = /var/log/dovecot-debug.log

#auth_verbose=yes
auth_debug=yes
auth_debug_passwords=yes
mail_debug=yes
verbose_ssl=yes


protocols = imap
listen = *
auth_cache_size = 50000 # ~ 200 Benutzer mit Passwort
auth_cache_ttl = 300s # in Sekunden, 5 Minute
auth_cache_negative_ttl = 30s # wenn Benutzer nicht existierte bei
letztem Check



passdb {
? args = /etc/dovecot/dovecot-ldap.conf.ext
? driver = ldap
}

userdb {
? driver = prefetch
}
userdb {
? args = /etc/dovecot/dovecot-ldap.conf.ext
? driver = ldap
}


service auth {
? unix_listener /var/spool/postfix/private/auth_dovecot {
??? group = postfix
??? mode = 0660
??? user = postfix
? }
? unix_listener auth-userdb {
??? mode = 0600
??? user = root
? }
? user = root
}

service dict {
??? unix_listener dict {
??????? mode = 0660
??????? user = vmail
??????? group = vmail
??? }
}

namespace inbox {
? inbox = yes
? location ? mailbox Drafts {
??? auto = subscribe
??? special_use = \Drafts
? }
? mailbox Junk {
??? auto = subscribe
??? special_use = \Junk
? }
? mailbox Sent {
??? auto = subscribe
??? special_use = \Sent
? }
? mailbox Trash {
??? auto = subscribe
??? special_use = \Trash
? }
? prefix }

protocol imap {
? mail_plugins = quota imap_quota
}

plugin {
? quota = maildir:User quota
}


dovecot-ldap.conf.ext:

root at mail1t dovecot]# cat dovecot-ldap.conf.ext
#hosts = 192.168.122.30:636 # Windows Active Directory
uris = ldaps://192.168.122.30:636

#dn = CN=DovecotAdministrator,OU=ServiceAccounts,OU=Identitiy,DC=test,DC=loc
dn = CN=Administrator,CN=Users,DC=test,DC=loc
dnpass = Test123!
tls = no # Ben?tige ich (!) nicht
auth_bind = yes # F?r die Dauer der Authentifizierung bindet sich
Dovecot als einloggender Mailuser
auth_bind_dn = %u
ldap_version = 3
base = OU=Identitiy,DC=domain,DC=local # Meine OU mit Benutzern
scope = subtree # Oder "base", falls nicht rekursiv in der OU gesucht
werden soll
pass_attrs = \
? =user=%{ldap:mail}, \
? =passwerd=%{ladp:user}, \
user_attrs = \
? =user=%{ldap:mail}, \

user_filter = (mailRoutingAddress=%u)
pass_filter = (mail=%u)
iterate_attrs = mail? #mail=user # Wird vor allem von "doveadm"
ben?tigt, um Benutzer zu finden
iterate_filter = (objectClass=smiMessageRecipient? #(objectClass=person)


maillog gives me:

Feb 20 08:34:56 mail1t postfix/smtpd[1794]: 04229120B0D:
client=unknown[192.168.122.30]
Feb 20 08:35:01 mail1t postfix/cleanup[1798]: 04229120B0D: message-id=<>
Feb 20 08:35:01 mail1t postfix/qmgr[1268]: 04229120B0D:
from=<test at test.loc>, size=176, nrcpt=1 (queue active)
Feb 20 08:35:01 mail1t postfix/pipe[1799]: 04229120B0D:
to=<test at test.loc>, relay=dovecot, delay=12, delays=12/0.01/0/0.07,
dsn=4.3.0, status=deferred (temporary failure)
Feb 20 08:35:03 mail1t postfix/smtpd[1794]: disconnect from
unknown[192.168.122.30] helo=1 mail=1 rcpt=1 data=1 quit=1 commands=5

dovecot debug log:

2020-02-20 08:31:18 auth: Debug: Loading modules from directory:
/usr/lib/dovecot/auth
2020-02-20 08:31:18 auth: Debug: Module loaded:
/usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so
2020-02-20 08:35:01 lda(test at test.loc)<1800><>: Debug:
auth-master:
userdb lookup(test at test.loc): Started userdb lookup
2020-02-20 08:35:01 lda(test at test.loc)<1800><>: Debug:
auth-master: conn
unix:/var/run/dovecot/auth-userdb: Connecting
2020-02-20 08:35:01 lda(test at test.loc)<1800><>: Debug:
auth-master: conn
unix:/var/run/dovecot/auth-userdb: Client connected (fd=13)
2020-02-20 08:35:01 auth: Debug: Loading modules from directory:
/usr/lib/dovecot/auth
2020-02-20 08:35:01 auth: Debug: Module loaded:
/usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so
2020-02-20 08:35:01 lda(test at test.loc)<1800><>: Debug:
auth-master: conn
unix:/var/run/dovecot/auth-userdb: Disconnected: Connection closed:
read(size=8192) failed: Connection reset by peer (fd=13)
2020-02-20 08:35:01 lda(test at test.loc)<1800><>: Debug:
auth-master:
userdb lookup(test at test.loc): Userdb lookup failed


a ldap search gives me:

[root at mail1t dovecot]# ldapsearch -D
"cn=administrator,cn=Users,dc=test,dc=loc" -W -H
ldaps://ldap1t.test.loc:636 -b "ou=Identitiy,dc=test,dc=loc" -s sub
-x?
"(objectclass=person)"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <ou=Identitiy,dc=test,dc=loc> with scope subtree
# filter: (objectclass=person)
# requesting: ALL
#

# testuser2, Identitiy, test.loc
dn: CN=testuser2,OU=Identitiy,DC=test,DC=loc
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: testuser2
instanceType: 4
whenCreated: 20191029150406.0Z
uSNCreated: 4540
name: testuser2
objectGUID:: zfJ3SmPoLkO8wrVKP0Mc6g=badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAGQ/+ZjR2CNb9IiNGUQQAAA=accountExpires:
9223372036854775807
sAMAccountName: testuser2
sAMAccountType: 805306368
userPrincipalName: testuser2 at test.loc
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=test,DC=loc
mail: test at test.loc
userAccountControl: 512
lockoutTime: 0
pwdLastSet: 132257935214848870
lastLogon: 132258326087696220
logonCount: 9
lastLogonTimestamp: 132258326087696220
whenChanged: 20200210182328.0Z
uSNChanged: 7912
distinguishedName: CN=testuser2,OU=Identitiy,DC=test,DC=loc

# DovecotAdministrator, ServiceAccounts, Identitiy, test.loc
dn: CN=DovecotAdministrator,OU=ServiceAccounts,OU=Identitiy,DC=test,DC=loc
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: DovecotAdministrator
instanceType: 4
whenCreated: 20191029155812.0Z
displayName: DovecotAdministrator
uSNCreated: 4735
name: DovecotAdministrator
objectGUID:: 6LODLEOIQ0iVbSDrOftLgg=badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAGQ/+ZjR2CNb9IiNGUwQAAA=accountExpires:
9223372036854775807
logonCount: 0
sAMAccountName: DovecotAdministrator
sAMAccountType: 805306368
userPrincipalName: DovecotAdministrator at test.loc
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=test,DC=loc
userAccountControl: 66048
pwdLastSet: 132240938772523690
lastLogonTimestamp: 132263319652676310
whenChanged: 20200216130605.0Z
uSNChanged: 7935
distinguishedName:
CN=DovecotAdministrator,OU=ServiceAccounts,OU=Identitiy,DC?test,DC=loc

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2


Can someone give me a hint?


Best

Phil

Hi,

No expert, but:

We always use the postmap utility to check that the right mailboxes are 
actually found:

postmap -q test at test.loc  ldap:/etc/postfix/ldap-config.cf

And perhaps show us your postfix main.cf?

MJ

On 2/20/20 8:46 AM, phil wrote:
> Helo you,
> 
> I try to build a mail server based on Centos 7, postfix and dovecot 2.
> My backend is a Samba4 ad-dc.
> 
> I tried a lot and I don't know what else I could try.I'm new to
this
> mailing list so please forgive me if I don't give right information or
> anything
> 
> Samba4 ad-dc is up incl. dns. Win10 Client joined domain and
> authentication works.
> 
> Postfix is up and checks against ldap whether recipient address exists.
> It takes mail via telnet and queues them. But can't give it to dovecot.
> 
> 
> my master.cf locks like that:
> 
> 
> [root at mail1t postfix]# cat master.cf
> smtp????? inet? n?????? -?????? -?????? -?????? -?????? smtpd
> submission inet n?????? -?????? -?????? -?????? -?????? smtpd
>  ? -o smtpd_enforce_tls=yes
>  ? -o smtpd_tls_security_level=encrypt
>  ? -o tls_preempt_cipherlist=yes
> pickup??? fifo? n?????? -?????? -?????? 60????? 1?????? pickup
> cleanup?? unix? n?????? -?????? -?????? -?????? 0?????? cleanup
> qmgr????? fifo? n?????? -?????? n?????? 300???? 1?????? qmgr
> tlsmgr??? unix? -?????? -?????? -?????? 1000??? 1?????? tlsmgr
> rewrite?? unix? -?????? -?????? -?????? -?????? -?????? trivial-rewrite
> bounce??? unix? -?????? -?????? -?????? -?????? 0?????? bounce
> defer???? unix? -?????? -?????? -?????? -?????? 0?????? bounce
> trace???? unix? -?????? -?????? -?????? -?????? 0?????? bounce
> verify??? unix? -?????? -?????? -?????? -?????? 1?????? verify
> flush???? unix? n?????? -?????? -?????? 1000??? 0?????? flush
> proxymap? unix? -?????? -?????? n?????? -?????? -?????? proxymap
> proxywrite unix -?????? -?????? n?????? -?????? 1?????? proxymap
> smtp????? unix? -?????? -?????? -?????? -?????? -?????? smtp
> relay???? unix? -?????? -?????? -?????? -?????? -?????? smtp
> showq???? unix? n?????? -?????? -?????? -?????? -?????? showq
> error???? unix? -?????? -?????? -?????? -?????? -?????? error
> retry???? unix? -?????? -?????? -?????? -?????? -?????? error
> discard?? unix? -?????? -?????? -?????? -?????? -?????? discard
> local???? unix? -?????? n?????? n?????? -?????? -?????? local
> virtual?? unix? -?????? n?????? n?????? -?????? -?????? virtual
> lmtp????? unix? -?????? -?????? -?????? -?????? -?????? lmtp
> anvil???? unix? -?????? -?????? -?????? -?????? 1?????? anvil
> scache??? unix? -?????? -?????? -?????? -?????? 1?????? scache
> maildrop? unix? -?????? n?????? n?????? -?????? -?????? pipe
>  ? flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
> uucp????? unix? -?????? n?????? n?????? -?????? -?????? pipe
>  ? flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
> ($recipient)
> ifmail??? unix? -?????? n?????? n?????? -?????? -?????? pipe
>  ? flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
> bsmtp???? unix? -?????? n?????? n?????? -?????? -?????? pipe
>  ? flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
> $recipient
> scalemail-backend unix? -?? n?? n?? -?? 2?? pipe
>  ? flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
> ${nexthop} ${user} ${extension}
> mailman?? unix? -?????? n?????? n?????? -?????? -?????? pipe
>  ? flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
>  ? ${nexthop} ${user}
> dovecot?? unix? -?????? n?????? n?????? -?????? -?????? pipe
>  ? flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f
> ${sender} -d ${user}@${nexthop}
> #smtp????? inet? n?????? -?????? n?????? -?????? 1?????? postscreen
> #smtpd???? pass? -?????? -?????? n?????? -?????? -?????? smtpd
> #dnsblog?? unix? -?????? -?????? n?????? -?????? 0?????? dnsblog
> #tlsproxy? unix? -?????? -?????? n?????? -?????? 0?????? tlsproxy
> postlog?? unix-dgram n? -?????? n?????? -?????? 1?????? postlogd
> 
> 
> my ldap.conf on mailserver:
> 
> [root at mail1t openldap]# cat ldap.conf
> #
> # LDAP Defaults
> #
> 
> # See ldap.conf(5) for details
> # This file should be world readable but not world writable.
> 
> #BASE??? dc=example,dc=com
> #URI??? ldap://ldap.example.com ldap://ldap-master.example.com:666
> URI ldaps://ldap1t.test.loc:636
> 
> #SIZELIMIT??? 12
> #TIMELIMIT??? 15
> #DEREF??? ??? never
> 
> #TLS_CACERTDIR??? /etc/openldap/certs
> TLS_CACERTDIR /etc/pki/tls/certs/ka
> 
> # Turning this off breaks GSSAPI used with krb5 when rdns = false
> SASL_NOCANON??? on
> 
> TLS_REQCERT never
> 
> 
> dovecot.conf:
> 
> [root at mail1t dovecot]# cat dovecot.conf
> auth_mechanisms = plain login
> mail_uid = vmail
> mail_gid = vmail
> ssl_cert = </etc/ssl/mail.pem
> ssl_key = </etc/ssl/key.pem
> login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l
mpid=%e
> %c %k"
> #mail_plugins = quota
> ssl_cipher_list >
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
> 
> log_timestamp = "%Y-%m-%d %H:%M:%S "
> log_path = /var/log/dovecot.log
> info_log_path = /var/log/dovecot-info.log
> debug_log_path = /var/log/dovecot-debug.log
> 
> #auth_verbose=yes
> auth_debug=yes
> auth_debug_passwords=yes
> mail_debug=yes
> verbose_ssl=yes
> 
> 
> protocols = imap
> listen = *
> auth_cache_size = 50000 # ~ 200 Benutzer mit Passwort
> auth_cache_ttl = 300s # in Sekunden, 5 Minute
> auth_cache_negative_ttl = 30s # wenn Benutzer nicht existierte bei
> letztem Check
> 
> 
> 
> passdb {
>  ? args = /etc/dovecot/dovecot-ldap.conf.ext
>  ? driver = ldap
> }
> 
> userdb {
>  ? driver = prefetch
> }
> userdb {
>  ? args = /etc/dovecot/dovecot-ldap.conf.ext
>  ? driver = ldap
> }
> 
> 
> service auth {
>  ? unix_listener /var/spool/postfix/private/auth_dovecot {
>  ??? group = postfix
>  ??? mode = 0660
>  ??? user = postfix
>  ? }
>  ? unix_listener auth-userdb {
>  ??? mode = 0600
>  ??? user = root
>  ? }
>  ? user = root
> }
> 
> service dict {
>  ??? unix_listener dict {
>  ??????? mode = 0660
>  ??????? user = vmail
>  ??????? group = vmail
>  ??? }
> }
> 
> namespace inbox {
>  ? inbox = yes
>  ? location >  ? mailbox Drafts {
>  ??? auto = subscribe
>  ??? special_use = \Drafts
>  ? }
>  ? mailbox Junk {
>  ??? auto = subscribe
>  ??? special_use = \Junk
>  ? }
>  ? mailbox Sent {
>  ??? auto = subscribe
>  ??? special_use = \Sent
>  ? }
>  ? mailbox Trash {
>  ??? auto = subscribe
>  ??? special_use = \Trash
>  ? }
>  ? prefix > }
> 
> protocol imap {
>  ? mail_plugins = quota imap_quota
> }
> 
> plugin {
>  ? quota = maildir:User quota
> }
> 
> 
> dovecot-ldap.conf.ext:
> 
> root at mail1t dovecot]# cat dovecot-ldap.conf.ext
> #hosts = 192.168.122.30:636 # Windows Active Directory
> uris = ldaps://192.168.122.30:636
> 
> #dn =
CN=DovecotAdministrator,OU=ServiceAccounts,OU=Identitiy,DC=test,DC=loc
> dn = CN=Administrator,CN=Users,DC=test,DC=loc
> dnpass = Test123!
> tls = no # Ben?tige ich (!) nicht
> auth_bind = yes # F?r die Dauer der Authentifizierung bindet sich
> Dovecot als einloggender Mailuser
> auth_bind_dn = %u
> ldap_version = 3
> base = OU=Identitiy,DC=domain,DC=local # Meine OU mit Benutzern
> scope = subtree # Oder "base", falls nicht rekursiv in der OU
gesucht
> werden soll
> pass_attrs = \
>  ? =user=%{ldap:mail}, \
>  ? =passwerd=%{ladp:user}, \
> user_attrs = \
>  ? =user=%{ldap:mail}, \
> 
> user_filter = (mailRoutingAddress=%u)
> pass_filter = (mail=%u)
> iterate_attrs = mail? #mail=user # Wird vor allem von "doveadm"
> ben?tigt, um Benutzer zu finden
> iterate_filter = (objectClass=smiMessageRecipient? #(objectClass=person)
> 
> 
> maillog gives me:
> 
> Feb 20 08:34:56 mail1t postfix/smtpd[1794]: 04229120B0D:
> client=unknown[192.168.122.30]
> Feb 20 08:35:01 mail1t postfix/cleanup[1798]: 04229120B0D:
message-id=<>
> Feb 20 08:35:01 mail1t postfix/qmgr[1268]: 04229120B0D:
> from=<test at test.loc>, size=176, nrcpt=1 (queue active)
> Feb 20 08:35:01 mail1t postfix/pipe[1799]: 04229120B0D:
> to=<test at test.loc>, relay=dovecot, delay=12,
delays=12/0.01/0/0.07,
> dsn=4.3.0, status=deferred (temporary failure)
> Feb 20 08:35:03 mail1t postfix/smtpd[1794]: disconnect from
> unknown[192.168.122.30] helo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
> 
> dovecot debug log:
> 
> 2020-02-20 08:31:18 auth: Debug: Loading modules from directory:
> /usr/lib/dovecot/auth
> 2020-02-20 08:31:18 auth: Debug: Module loaded:
> /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so
> 2020-02-20 08:35:01 lda(test at test.loc)<1800><>: Debug:
auth-master:
> userdb lookup(test at test.loc): Started userdb lookup
> 2020-02-20 08:35:01 lda(test at test.loc)<1800><>: Debug:
auth-master: conn
> unix:/var/run/dovecot/auth-userdb: Connecting
> 2020-02-20 08:35:01 lda(test at test.loc)<1800><>: Debug:
auth-master: conn
> unix:/var/run/dovecot/auth-userdb: Client connected (fd=13)
> 2020-02-20 08:35:01 auth: Debug: Loading modules from directory:
> /usr/lib/dovecot/auth
> 2020-02-20 08:35:01 auth: Debug: Module loaded:
> /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so
> 2020-02-20 08:35:01 lda(test at test.loc)<1800><>: Debug:
auth-master: conn
> unix:/var/run/dovecot/auth-userdb: Disconnected: Connection closed:
> read(size=8192) failed: Connection reset by peer (fd=13)
> 2020-02-20 08:35:01 lda(test at test.loc)<1800><>: Debug:
auth-master:
> userdb lookup(test at test.loc): Userdb lookup failed
> 
> 
> a ldap search gives me:
> 
> [root at mail1t dovecot]# ldapsearch -D
> "cn=administrator,cn=Users,dc=test,dc=loc" -W -H
> ldaps://ldap1t.test.loc:636 -b "ou=Identitiy,dc=test,dc=loc" -s
sub -x
> "(objectclass=person)"
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base <ou=Identitiy,dc=test,dc=loc> with scope subtree
> # filter: (objectclass=person)
> # requesting: ALL
> #
> 
> # testuser2, Identitiy, test.loc
> dn: CN=testuser2,OU=Identitiy,DC=test,DC=loc
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: testuser2
> instanceType: 4
> whenCreated: 20191029150406.0Z
> uSNCreated: 4540
> name: testuser2
> objectGUID:: zfJ3SmPoLkO8wrVKP0Mc6g=> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> primaryGroupID: 513
> objectSid:: AQUAAAAAAAUVAAAAGQ/+ZjR2CNb9IiNGUQQAAA=> accountExpires:
9223372036854775807
> sAMAccountName: testuser2
> sAMAccountType: 805306368
> userPrincipalName: testuser2 at test.loc
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=test,DC=loc
> mail: test at test.loc
> userAccountControl: 512
> lockoutTime: 0
> pwdLastSet: 132257935214848870
> lastLogon: 132258326087696220
> logonCount: 9
> lastLogonTimestamp: 132258326087696220
> whenChanged: 20200210182328.0Z
> uSNChanged: 7912
> distinguishedName: CN=testuser2,OU=Identitiy,DC=test,DC=loc
> 
> # DovecotAdministrator, ServiceAccounts, Identitiy, test.loc
> dn: CN=DovecotAdministrator,OU=ServiceAccounts,OU=Identitiy,DC=test,DC=loc
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: DovecotAdministrator
> instanceType: 4
> whenCreated: 20191029155812.0Z
> displayName: DovecotAdministrator
> uSNCreated: 4735
> name: DovecotAdministrator
> objectGUID:: 6LODLEOIQ0iVbSDrOftLgg=> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> primaryGroupID: 513
> objectSid:: AQUAAAAAAAUVAAAAGQ/+ZjR2CNb9IiNGUwQAAA=> accountExpires:
9223372036854775807
> logonCount: 0
> sAMAccountName: DovecotAdministrator
> sAMAccountType: 805306368
> userPrincipalName: DovecotAdministrator at test.loc
> objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=test,DC=loc
> userAccountControl: 66048
> pwdLastSet: 132240938772523690
> lastLogonTimestamp: 132263319652676310
> whenChanged: 20200216130605.0Z
> uSNChanged: 7935
> distinguishedName:
> CN=DovecotAdministrator,OU=ServiceAccounts,OU=Identitiy,DC> 
?test,DC=loc
> 
> # search result
> search: 2
> result: 0 Success
> 
> # numResponses: 3
> # numEntries: 2
> 
> 
> Can someone give me a hint?
> 
> 
> Best
> 
> Phil
>

Hi Phil,

phil, 20.02.20:
> I try to build a mail server based on Centos 7, postfix and dovecot 2.
> My backend is a Samba4 ad-dc.
> 
> I tried a lot and I don't know what else I could try.I'm new to
this
> mailing list so please forgive me if I don't give right information or
> anything
> 
> Samba4 ad-dc is up incl. dns. Win10 Client joined domain and
> authentication works.
> 
> Postfix is up and checks against ldap whether recipient address exists.
> It takes mail via telnet and queues them. But can't give it to dovecot.
You told postfix to hand over the messages to dovecot using 
dovecot-deliver. I 'm not sure which privileges are used/needed by 
dovecot in this case. Your dovecot has been configured to use uid/gid 
vmail/vmail, and maybe this causes problems.

I'd give lmtp a try. Just define a "transport" for postfix which
hands
over messages for "local delivery" to dovecot using lmtp. From my
point
of view, this makes life easier qith dovecot running with vmail/vmail.

You should take another look at dovecot's userdb settings as dovecot's 
last log line states "Userdb lookup failed".

After having taken a closer look, I'm just wondering about your
user_filter = (mailRoutingAddress=%u)

There is no such attribute (MailRoutingAddress) in your ldapsearch results.
My conclusion: dovecot is looking for something non-existant - and can't 
find it ;-)...

I'd also recommend using a preceding "%L" to make dovecot use
lowercase
characters, e.g.:
user_attrs = uid=%Lu,=home=/mail/%Ld/%Ln
This can make life easier sometimes...

Kind Regards,
Christian

-- 
No signature available.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5444 bytes
Desc: S/MIME Cryptographic Signature
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20200228/a4470ccd/attachment.p7s>