[Dovecot] Unable to get Dovecot LDA/deliver working
I want to setup Dovecot LDA, but I don't understand what I'm doing anymore. I have to note that I'm a Linux beginner. I've been trying now for several months and I'm about to give up. Till so far I'm having no result. :-(
My current setup is done as described at http://www.linuxmail.info. We use Postfix 2.3.3 (with Postgrey, Spamassassin and ClamAV), Dovecot 1.2.11 and OpenLDAP 2.4.1 on CentOS 5.5. All incoming e-mail are delivered by Postfix in the users' maildir. We use this as a base for SOGo, our groupware solution and it runs smoothly.
I have to setup a new mailserver, because we're standardising on Debian. My employer wants to have new functions like out-of-office-replies and forwarding. I want to make use of sieve. Unfortunately I don't know anyone who can help me.
My problem is that I don't understand how the delivery process is working. I've read much documentation from Postfix and Dovecot, but I find it too difficult to understand.
What do I understand? I know that I have to make changes in /etc/dovecot, /etc/postfix/main.cf and /etc/postfix/master.cf as described at http://wiki.dovecot.org/LDA.
/etc/dovecot.conf
# OS: Linux 2.6.18-028stab064.7 i686 CentOS release 5.5 (Final) reiserfs base_dir: /var/run/dovecot/ protocols: imap imaps pop3 pop3s managesieve ssl: no version_ignore: yes login_dir: /var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login login_executable(managesieve): /usr/libexec/dovecot/managesieve-login mail_location: maildir:/home/vmail/%u/Maildir mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_executable(managesieve): /usr/libexec/dovecot/managesieve mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 mail_plugin_dir(managesieve): /usr/local/lib/dovecot/managesieve imap_client_workarounds(default): delay-newmail outlook-idle netscape-eoh imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): managesieve_logout_format(default): bytes=%i/%o managesieve_logout_format(imap): bytes=%i/%o managesieve_logout_format(pop3): bytes=%i/%o managesieve_logout_format(managesieve): bytes ( in=%i : out=%o ) lda: postmaster_address: postmaster@domain.nl mail_plugins: cmusieve mail_plugin_dir: /usr/lib/dovecot/lda deliver_log_format: msgid=%m: %$ -- FROM=%f SUBJECT=%s log_path: /var/log/dovecot-deliver.log info_log_path: /var/log/dovecot-deliver.log syslog_facility: mail sendmail_path: /usr/lib/sendmail rejection_subject: Rejected: %s rejection_reason: Your message to <%t> was automatically rejected:%n%r auth_socket_path: /usr/local/var/run/dovecot-auth-master auth default: mechanisms: plain login username_format: %Lu passdb: driver: ldap args: /etc/dovecot-ldap.conf userdb: driver: static args: uid=500 gid=500 home=/home/vmail/%u socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail plugin: sieve: /var/sieve-scripts/%u.sieve sieve_dir: %h/sieve sieve_global_dir: /var/lib/dovecot/sieve/global/
/etc/postfix/main.cf
virtual_mailbox_domains = /etc/postfix/domains ## Plain text file with the domains virtual_mailbox_base = /home/vmail virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf virtual_alias_maps = ldap:/etc/postfix/ldap-groups.cf virtual_uid_maps = static:500 virtual_gid_maps = static:500 dovecot_destination_recipient_limit = 1 #virtual_transport = dovecot ## Commented out to deliver by Postfix
/etc/postfix/ldap-users.cf
server_host = localhost search_base = dc=domain,dc=com version = 3 query_filter = (&(objectclass=mailUser)(mail=%s)) result_attribute = uid result_format = %s/Maildir/
/etc/postfix/ldap-groups.cf
server_host = localhost search_base = dc=domain,dc=com version = 3 query_filter = (&(objectclass=mailGroup)(mail=%s)) leaf_result_attribute = mail special_result_attribute = member
/etc/postfix/master.cf
dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -d <username>
I hope someone can help me, because many people on the internet say that it is easy. If anyone needs more information or anyone can help me, please contact me.
Best, Frank
LS: I know that I'm using Hotmail, but I want to post this anonymously.
On Sun, 18 Jul 2010 19:37:01 +0200 Frank van Amsterdam <frank122595@hotmail.com> articulated:
{snip}
Next time, post the output of:
postconf -n dovecot -n
Please include log entries to show what your problem is.
BTW, your version of Postfix is seriously deprecated. Would it be possible to update to the latest stable version before continuing with this venture?
-- Jerry ✌ Dovecot.user@seibercom.net
Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header.
Frank van Amsterdam wrote on 18.07.2010:
I want to setup Dovecot LDA, but I don't understand what I'm doing anymore. I have to note that I'm a Linux beginner. I've been trying now for several months and I'm about to give up. Till so far I'm having no result. :-(
My current setup is done as described at http://www.linuxmail.info. We use Postfix 2.3.3 (with Postgrey, Spamassassin and ClamAV), Dovecot 1.2.11 and OpenLDAP 2.4.1 on CentOS 5.5. All incoming e-mail are delivered by Postfix in the users' maildir. We use this as a base for SOGo, our groupware solution and it runs smoothly.
I have to setup a new mailserver, because we're standardising on Debian. My employer wants to have new functions like out-of-office-replies and forwarding. I want to make use of sieve. Unfortunately I don't know anyone who can help me.
If you would like to use Sieve you should use the Dovecot LDA instead of the Postfix LDA "virtual". You can also use the ManageSieve service so that users can create their own Sieve scripts. Some clients supports it like Horde Ingo, Thunderbird with plugin...
When you use Debian (Lenny) you should use Dovecot from backports (current: 1.2.11) instead of the stable repository.
The Postfix version that comes with Debian Lenny (2.5.5) is OK so it's not needed to update.
I think the easiest way to implement the Dovecot LDA is to use virtual_transport or transport_maps if you use "virtual" users or within mailbox_command for system users - but this depends on your environment/configuration.
My problem is that I don't understand how the delivery process is working. I've read much documentation from Postfix and Dovecot, but I find it too difficult to understand.
Hmm, there's not much to say about that... If you use virtual_tranport or transport_maps then Postfix sends the mail to the Dovecot LDA. The Dovecot LDA handles further delivery of the mail.
What do I understand? I know that I have to make changes in /etc/dovecot, /etc/postfix/main.cf and /etc/postfix/master.cf as described at http://wiki.dovecot.org/LDA.
For Postfix all relevant informations are here: http://wiki.dovecot.org/LDA/Postfix
-- Daniel
I've added some more information. This is the error.
2010-07-18T03:15:55.870734+02:00 h1690529 postfix/pipe[20360]: CC8F2AEC087: to=<test@domain.com>, relay=dovecot, delay=0.03, delays=0.01/0.01/0/0.01, dsn=4.3.0, status=deferred (temporary failure)
I don't have any clue what this warning/error means.
I was 'playing' with /etc/postfix/master.cf.
dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop}
I've tried several parameters like -d <username>, -m <mailbox> or -d ${user}.
2010-07-18T03:43:27.569493+02:00 h1690529 postfix/pipe[3723]: 81238AEC087: to=<test@domain.com>, relay=dovecot, delay=0.04, delays=0.01/0.01/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)
It looks like it was delivered properly, but it wasn't. I was written to /home/vmail/Maildir instead of /home/vmail/test/Maildir. All incoming e-mail was delivered to /home/vmail/Maildir if i used deliver -d <username> -m <mailbox>
My LDAP tree looks like this and it's very simple.
dc=domain,dc=com +contacts (Thunderbird contacts) +groups (mainly Posix groups for applications) +users (real users and mailing lists)
So the DN of the user 'test' is uid=test,ou=users,dc=domain,dc=com
I want e-mail sent to test@domain.com or for example test.test.test@domain being delivered in the maildir of the user 'test'.
I'm almost sure it has something to do with the deliver parameters. What can it be?
I'm planning to build a new server. I've done it before. Everytime I make the same mistake again. That's something what I want to prevent.
Thanks again in advance,
Frank
From: "Daniel Luttermann" <daniel@dlutt.de> Sent: Sunday, July 18, 2010 8:55 PM To: <dovecot@dovecot.org> Subject: Re: [Dovecot] Unable to get Dovecot LDA/deliver working
Frank van Amsterdam wrote on 18.07.2010:
I want to setup Dovecot LDA, but I don't understand what I'm doing anymore. I have to note that I'm a Linux beginner. I've been trying now for several months and I'm about to give up. Till so far I'm having no result. :-(
My current setup is done as described at http://www.linuxmail.info. We use Postfix 2.3.3 (with Postgrey, Spamassassin and ClamAV), Dovecot 1.2.11 and OpenLDAP 2.4.1 on CentOS 5.5. All incoming e-mail are delivered by Postfix in the users' maildir. We use this as a base for SOGo, our groupware solution and it runs smoothly.
I have to setup a new mailserver, because we're standardising on Debian. My employer wants to have new functions like out-of-office-replies and forwarding. I want to make use of sieve. Unfortunately I don't know anyone who can help me.
If you would like to use Sieve you should use the Dovecot LDA instead of the Postfix LDA "virtual". You can also use the ManageSieve service so that users can create their own Sieve scripts. Some clients supports it like Horde Ingo, Thunderbird with plugin...
When you use Debian (Lenny) you should use Dovecot from backports (current: 1.2.11) instead of the stable repository.
The Postfix version that comes with Debian Lenny (2.5.5) is OK so it's not needed to update.
I think the easiest way to implement the Dovecot LDA is to use virtual_transport or transport_maps if you use "virtual" users or within mailbox_command for system users - but this depends on your environment/configuration.
My problem is that I don't understand how the delivery process is working. I've read much documentation from Postfix and Dovecot, but I find it too difficult to understand.
Hmm, there's not much to say about that... If you use virtual_tranport or transport_maps then Postfix sends the mail to the Dovecot LDA. The Dovecot LDA handles further delivery of the mail.
What do I understand? I know that I have to make changes in /etc/dovecot, /etc/postfix/main.cf and /etc/postfix/master.cf as described at http://wiki.dovecot.org/LDA.
For Postfix all relevant informations are here: http://wiki.dovecot.org/LDA/Postfix
-- Daniel
On 19.7.2010, at 0.42, Frank van Amsterdam wrote:
2010-07-18T03:15:55.870734+02:00 h1690529 postfix/pipe[20360]: CC8F2AEC087: to=<test@domain.com>, relay=dovecot, delay=0.03, delays=0.01/0.01/0/0.01, dsn=4.3.0, status=deferred (temporary failure)
I don't have any clue what this warning/error means.
It means you haven't found the real error message. http://wiki.dovecot.org/LDA#logging
I've been trying a few scenario's.
Scenario 1
I changed the file rights on deliver.
-rwsr-xr-x 1 root root 870720 mrt 18 17:54 /usr/lib/dovecot/deliver
from /var/log/mail.log
Jul 19 16:37:03 h1690641 postfix/pipe[15686]: 3195B9C8934: to=<test@ophelia.cocamsterdam.net>, orig_to=<test@cocamsterdam.net>, relay=dovecot, delay=0.03, delays=0.03/0/0/0.01, dsn=4.3.0, status=deferred (temporary failure. Command output: pipe: fatal: pipe_command: execvp /usr/lib/dovecot/deliver: Permission denied )
Scenario 2
I changed the file rights on deliver again.
-rwsr-xr-x 1 root root 870720 mrt 18 17:54 /usr/lib/dovecot/deliver
from /var/log/mail.log
Jul 19 16:40:38 h1690641 postfix/pipe[17735]: A56E79C8936: to=<test@ophelia.cocamsterdam.net>, orig_to=<test@cocamsterdam.net>, relay=dovecot, delay=0.07, delays=0.03/0.01/0/0.03, dsn=4.3.0, status=deferred (temporary failure)
from /var/log/dovecot.log
2010-07-19 16:40:38 deliver(test): Fatal: setgid(55228) failed with euid=8(mail), gid=8(mail), egid=8(mail): Operation not permitted (This binary should probably be called with process group set to 55228 instead of 8(mail))
Scenario 3
I've changed /etc/sudoers
Defaults:dovelda !syslog mail ALL=NOPASSWD:/usr/lib/dovecot/deliver
And I've also changed /etc/postfix/master.cf
dovecot unix - n n - - pipe flags=DRhu user=mail:mail argv=/usr/bin/sudo /usr/lib/dovecot/deliver -f ${sender} -d ${user}
It looks like this is working for me. Is it secure enough?
Best, Frank
From: "Timo Sirainen" <tss@iki.fi> Sent: Monday, July 19, 2010 1:48 AM To: "Frank van Amsterdam" <frank122595@hotmail.com> Cc: <dovecot@dovecot.org> Subject: Re: [Dovecot] Unable to get Dovecot LDA/deliver working
On 19.7.2010, at 0.42, Frank van Amsterdam wrote:
2010-07-18T03:15:55.870734+02:00 h1690529 postfix/pipe[20360]: CC8F2AEC087: to=<test@domain.com>, relay=dovecot, delay=0.03, delays=0.01/0.01/0/0.01, dsn=4.3.0, status=deferred (temporary failure)
I don't have any clue what this warning/error means.
It means you haven't found the real error message. http://wiki.dovecot.org/LDA#logging
On 19.7.2010, at 22.59, Frank van Amsterdam wrote:
Scenario 1
-rwsr-xr-x 1 root root 870720 mrt 18 17:54 /usr/lib/dovecot/deliver
Scenario 2
-rwsr-xr-x 1 root root 870720 mrt 18 17:54 /usr/lib/dovecot/deliver
None of these are what http://wiki.dovecot.org/LDA#multipleuids tells you to do.
Scenario 3
I've changed /etc/sudoers
Defaults:dovelda !syslog mail ALL=NOPASSWD:/usr/lib/dovecot/deliver
And I've also changed /etc/postfix/master.cf
dovecot unix - n n - - pipe flags=DRhu user=mail:mail argv=/usr/bin/sudo /usr/lib/dovecot/deliver -f ${sender} -d ${user}
It looks like this is working for me. Is it secure enough?
Well, I'd use a dedicated user rather than "mail", just in case there is something else also running as mail.
participants (4)
-
Daniel Luttermann
-
Frank van Amsterdam
-
Jerry
-
Timo Sirainen