dovecot 2 samba ad-dc
phil
philipp.herzog at sudo-it.de
Thu Feb 20 09:46:13 EET 2020
Helo you,
I try to build a mail server based on Centos 7, postfix and dovecot 2.
My backend is a Samba4 ad-dc.
I tried a lot and I don't know what else I could try.I'm new to this
mailing list so please forgive me if I don't give right information or
anything
Samba4 ad-dc is up incl. dns. Win10 Client joined domain and
authentication works.
Postfix is up and checks against ldap whether recipient address exists.
It takes mail via telnet and queues them. But can't give it to dovecot.
my master.cf locks like that:
[root at mail1t postfix]# cat master.cf
smtp inet n - - - - smtpd
submission inet n - - - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_tls_security_level=encrypt
-o tls_preempt_cipherlist=yes
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
relay unix - - - - - smtp
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f
${sender} -d ${user}@${nexthop}
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
postlog unix-dgram n - n - 1 postlogd
my ldap.conf on mailserver:
[root at mail1t openldap]# cat ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example,dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
URI ldaps://ldap1t.test.loc:636
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
#TLS_CACERTDIR /etc/openldap/certs
TLS_CACERTDIR /etc/pki/tls/certs/ka
# Turning this off breaks GSSAPI used with krb5 when rdns = false
SASL_NOCANON on
TLS_REQCERT never
dovecot.conf:
[root at mail1t dovecot]# cat dovecot.conf
auth_mechanisms = plain login
mail_uid = vmail
mail_gid = vmail
ssl_cert = </etc/ssl/mail.pem
ssl_key = </etc/ssl/key.pem
login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e
%c %k"
#mail_plugins = quota
ssl_cipher_list =
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
log_timestamp = "%Y-%m-%d %H:%M:%S "
log_path = /var/log/dovecot.log
info_log_path = /var/log/dovecot-info.log
debug_log_path = /var/log/dovecot-debug.log
#auth_verbose=yes
auth_debug=yes
auth_debug_passwords=yes
mail_debug=yes
verbose_ssl=yes
protocols = imap
listen = *
auth_cache_size = 50000 # ~ 200 Benutzer mit Passwort
auth_cache_ttl = 300s # in Sekunden, 5 Minute
auth_cache_negative_ttl = 30s # wenn Benutzer nicht existierte bei
letztem Check
passdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
service auth {
unix_listener /var/spool/postfix/private/auth_dovecot {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
mode = 0600
user = root
}
user = root
}
service dict {
unix_listener dict {
mode = 0660
user = vmail
group = vmail
}
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
}
protocol imap {
mail_plugins = quota imap_quota
}
plugin {
quota = maildir:User quota
}
dovecot-ldap.conf.ext:
root at mail1t dovecot]# cat dovecot-ldap.conf.ext
#hosts = 192.168.122.30:636 # Windows Active Directory
uris = ldaps://192.168.122.30:636
#dn = CN=DovecotAdministrator,OU=ServiceAccounts,OU=Identitiy,DC=test,DC=loc
dn = CN=Administrator,CN=Users,DC=test,DC=loc
dnpass = Test123!
tls = no # Benötige ich (!) nicht
auth_bind = yes # Für die Dauer der Authentifizierung bindet sich
Dovecot als einloggender Mailuser
auth_bind_dn = %u
ldap_version = 3
base = OU=Identitiy,DC=domain,DC=local # Meine OU mit Benutzern
scope = subtree # Oder "base", falls nicht rekursiv in der OU gesucht
werden soll
pass_attrs = \
=user=%{ldap:mail}, \
=passwerd=%{ladp:user}, \
user_attrs = \
=user=%{ldap:mail}, \
user_filter = (mailRoutingAddress=%u)
pass_filter = (mail=%u)
iterate_attrs = mail #mail=user # Wird vor allem von "doveadm"
benötigt, um Benutzer zu finden
iterate_filter = (objectClass=smiMessageRecipient #(objectClass=person)
maillog gives me:
Feb 20 08:34:56 mail1t postfix/smtpd[1794]: 04229120B0D:
client=unknown[192.168.122.30]
Feb 20 08:35:01 mail1t postfix/cleanup[1798]: 04229120B0D: message-id=<>
Feb 20 08:35:01 mail1t postfix/qmgr[1268]: 04229120B0D:
from=<test at test.loc>, size=176, nrcpt=1 (queue active)
Feb 20 08:35:01 mail1t postfix/pipe[1799]: 04229120B0D:
to=<test at test.loc>, relay=dovecot, delay=12, delays=12/0.01/0/0.07,
dsn=4.3.0, status=deferred (temporary failure)
Feb 20 08:35:03 mail1t postfix/smtpd[1794]: disconnect from
unknown[192.168.122.30] helo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
dovecot debug log:
2020-02-20 08:31:18 auth: Debug: Loading modules from directory:
/usr/lib/dovecot/auth
2020-02-20 08:31:18 auth: Debug: Module loaded:
/usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so
2020-02-20 08:35:01 lda(test at test.loc)<1800><>: Debug: auth-master:
userdb lookup(test at test.loc): Started userdb lookup
2020-02-20 08:35:01 lda(test at test.loc)<1800><>: Debug: auth-master: conn
unix:/var/run/dovecot/auth-userdb: Connecting
2020-02-20 08:35:01 lda(test at test.loc)<1800><>: Debug: auth-master: conn
unix:/var/run/dovecot/auth-userdb: Client connected (fd=13)
2020-02-20 08:35:01 auth: Debug: Loading modules from directory:
/usr/lib/dovecot/auth
2020-02-20 08:35:01 auth: Debug: Module loaded:
/usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so
2020-02-20 08:35:01 lda(test at test.loc)<1800><>: Debug: auth-master: conn
unix:/var/run/dovecot/auth-userdb: Disconnected: Connection closed:
read(size=8192) failed: Connection reset by peer (fd=13)
2020-02-20 08:35:01 lda(test at test.loc)<1800><>: Debug: auth-master:
userdb lookup(test at test.loc): Userdb lookup failed
a ldap search gives me:
[root at mail1t dovecot]# ldapsearch -D
"cn=administrator,cn=Users,dc=test,dc=loc" -W -H
ldaps://ldap1t.test.loc:636 -b "ou=Identitiy,dc=test,dc=loc" -s sub -x
"(objectclass=person)"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <ou=Identitiy,dc=test,dc=loc> with scope subtree
# filter: (objectclass=person)
# requesting: ALL
#
# testuser2, Identitiy, test.loc
dn: CN=testuser2,OU=Identitiy,DC=test,DC=loc
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: testuser2
instanceType: 4
whenCreated: 20191029150406.0Z
uSNCreated: 4540
name: testuser2
objectGUID:: zfJ3SmPoLkO8wrVKP0Mc6g==
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAGQ/+ZjR2CNb9IiNGUQQAAA==
accountExpires: 9223372036854775807
sAMAccountName: testuser2
sAMAccountType: 805306368
userPrincipalName: testuser2 at test.loc
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=test,DC=loc
mail: test at test.loc
userAccountControl: 512
lockoutTime: 0
pwdLastSet: 132257935214848870
lastLogon: 132258326087696220
logonCount: 9
lastLogonTimestamp: 132258326087696220
whenChanged: 20200210182328.0Z
uSNChanged: 7912
distinguishedName: CN=testuser2,OU=Identitiy,DC=test,DC=loc
# DovecotAdministrator, ServiceAccounts, Identitiy, test.loc
dn: CN=DovecotAdministrator,OU=ServiceAccounts,OU=Identitiy,DC=test,DC=loc
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: DovecotAdministrator
instanceType: 4
whenCreated: 20191029155812.0Z
displayName: DovecotAdministrator
uSNCreated: 4735
name: DovecotAdministrator
objectGUID:: 6LODLEOIQ0iVbSDrOftLgg==
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAGQ/+ZjR2CNb9IiNGUwQAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: DovecotAdministrator
sAMAccountType: 805306368
userPrincipalName: DovecotAdministrator at test.loc
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=test,DC=loc
userAccountControl: 66048
pwdLastSet: 132240938772523690
lastLogonTimestamp: 132263319652676310
whenChanged: 20200216130605.0Z
uSNChanged: 7935
distinguishedName:
CN=DovecotAdministrator,OU=ServiceAccounts,OU=Identitiy,DC=
test,DC=loc
# search result
search: 2
result: 0 Success
# numResponses: 3
# numEntries: 2
Can someone give me a hint?
Best
Phil
More information about the dovecot
mailing list