1

Topic: diferents mail domain and local domain

==== Required information ====
- iRedMail version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Linux/BSD distribution name and version:
- Related log if you're reporting an issue:
==== ==== Required information ====
- iRedMail version: 0.8.1
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: Ubuntu Server 10.04
- Related log if you're reporting an issue:
====
Hi everybody, first sorry my english.

I need your help to finish my full installation of  iRedmail, I have a LAN with a DNS sufix "domain.local"  serve by a Windows Server 2003 SP2 with DNS, DHCP and AD  running on it. This server has IP:192.168.2.4 and the  mail server has IP:192.168.2.5 and his fully name is  mail.domain.local

You have to know that I sucefull finish this job using the same domain on the local domain and the mail domain, eg: "mydomain.com"

I need to install iRedMail so that the mail domain its  "@cpe.com" . . . I install iRedMail with LDAP backend.
Cause I need a diferent domain that I use in my LAN y put  "dc=cpe,dc=com" in the LDAP suffix (root dn) during the  installation, next in the First Virtual Domain Name i use  "cpe.com", Am I rigth??

Once I finish I can login roundcube with test user under de "cpe.com" mail domain. Its ok so far . . .
The next step is integrated AD with the mail server, I use the integration guide on the official web but here I have some doubts, here:

postconf -e smtpd_sasl_local_domain='example.com'
postconf -e virtual_mailbox_domains='example.com'

I must put the mail domain (cpe.com) or the local domain (domain.local) ??

When I created the /etc/postfix/transport file I use "cpe.com" or "domain.local" ??

Now it is time to created the 3 files .cf to query AD, according to http://www.iredmail.org/forum/topic3165 … omain.html  it is necessary to make some changes in the query_filter line but I tried several times and never work for me, eg:
--------------------------------------------------------------------------------------
# File: ad_sender_login_maps.cf
server_host     = ad.domain.local
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = vmail
bind_pw         = password_of_vmail
search_base     = cn=users,dc=domain,dc=local
scope           = sub
query_filter    = (&(userPrincipalName=%s)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
# According to the link above  I need to sustitute "%s" by "%u@cpe.com" but when I use the postmap line tool
# no result is show
#However if I put viceversa "%u@domain.local" and i ask for user@cpe.com seems to work
result_attribute= userPrincipalName // here we got user@domain.local
debuglevel      = 0
--------------------------------------------------------------------------------------
# File: ad_virtual_mailbox_maps.cf
server_host     = ad.domain.local
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = vmail
bind_pw         = passwd_of_vmail
search_base     = cn=users,dc=domain,dc=local
scope           = sub
query_filter    = (&(objectclass=person)(userPrincipalName=%s)) // here happens the same
result_attribute= userPrincipalName
result_format   = %d/%u/Maildir/
debuglevel      = 0
--------------------------------------------------------------------------------------

Now the great doubt, when I edit "/etc/dovecot/dovecot-ldap.conf" in the line

user_filter     = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

what I suposed to do, If I leave like this I can login in roundcubemail but the user appears under "@domain.local" but I cant send mails to users under "cpe.com" mail domain, error SMTP 550 it show. However if I change for example "%u" by "%n@cpe.com" the users never logued in, what I suposed to do?!?!?

Please I need all possible help to finish the full installation, if I make mistakes during the installation or config please tell me where to fix it, thanks . . .

Post's attachments

Dibujo1.jpg
Dibujo1.jpg 28.11 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

2

Re: diferents mail domain and local domain

donaldyg wrote:

Cause I need a diferent domain that I use in my LAN y put  "dc=cpe,dc=com" in the LDAP suffix (root dn) during the  installation, next in the First Virtual Domain Name i use  "cpe.com", Am I rigth??

LDAP suffix is not required to be the same as mail domain name. For example, you can use "dc=example,dc=com" as LDAP suffix, but has mail domain "cpe.com" hosted under this LDAP suffix. It's just fine.

donaldyg wrote:

postconf -e smtpd_sasl_local_domain='example.com'
postconf -e virtual_mailbox_domains='example.com'
I must put the mail domain (cpe.com) or the local domain (domain.local) ??

If you mail domain name is "cpe.com", please use "cpe.com" in above commands. The rest issues mentioned in your post are caused by the confusion on this.

3

Re: diferents mail domain and local domain

Hi ZhangHuangbin

I follow yours instructions, config LDAP sufix as "dc=dominio,dc=local" and the mail domain as "cpe.com". During the integration with AD I use "cpe.com" in:

postconf -e smtpd_sasl_local_domain='cpe.com'
postconf -e virtual_mailbox_domains='cpe.com'

Now when I created the transport file I use "cpe.com" too, IS THIS RIGTH OR I HAVE TO USE "dominio.local"???

You has to know that my local domian AD has users under "dominio.local" but their mails are  "@cpe.com", with this info I created the ad_sender_login_maps.cf file like this:

-----------------------------------
server_host = 192.168.2.4
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = vmail
bind_pw = vmail_pass
search_base = cn=users,dc=dominio,dc=local
scope = sub

# I replace the %s by %u@cpe.com according to http://www.iredmail.org/forum/topic3165 … omain.html

query_filter = (&(userPrincipalName=%u@cpe.com)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

result_attribute = userPrincipalName
debuglevel = 0
-----------------------------------

Now when I try to verify AD query in postfix:

# postmap -q donald@dominio.local ldap:/etc/postfix/ad_sender_login_maps.cf

I got nothing by answer, I tried use donald@cpe.com but nothing appear too, here is tho log when I change debuglevel to 1

root@mail:/etc/postfix# postmap -q donald@dominio.local ldap:/etc/postfix/ad_sender_login_maps.cf
postmap: dict_ldap_debug: ldap_create
postmap: dict_ldap_debug: ldap_url_parse_ext(ldap://192.168.2.4:389)
postmap: dict_ldap_debug: ldap_sasl_bind
postmap: dict_ldap_debug: ldap_send_initial_request
postmap: dict_ldap_debug: ldap_new_connection 1 1 0
postmap: dict_ldap_debug: ldap_int_open_connection
postmap: dict_ldap_debug: ldap_connect_to_host: TCP 192.168.2.4:389
postmap: dict_ldap_debug: ldap_new_socket: 4
postmap: dict_ldap_debug: ldap_prepare_socket: 4
postmap: dict_ldap_debug: ldap_connect_to_host: Trying 192.168.2.4:389
postmap: dict_ldap_debug: ldap_pvt_connect: fd: 4 tm: 10 async: 0
postmap: dict_ldap_debug: ldap_ndelay_on: 4
postmap: dict_ldap_debug: ldap_int_poll: fd: 4 tm: 10
postmap: dict_ldap_debug: ldap_is_sock_ready: 4
postmap: dict_ldap_debug: ldap_ndelay_off: 4
postmap: dict_ldap_debug: ldap_pvt_connect: 0
postmap: dict_ldap_debug: ldap_open_defconn: successful
postmap: dict_ldap_debug: ldap_send_server_request
postmap: dict_ldap_debug: ber_scanf fmt ({it) ber:
postmap: dict_ldap_debug: ber_scanf fmt ({i) ber:
postmap: dict_ldap_debug: ber_flush2: 28 bytes to sd 4
postmap: dict_ldap_debug: ldap_result ld 0x21fb9e00 msgid 1
postmap: dict_ldap_debug: wait4msg ld 0x21fb9e00 msgid 1 (timeout 10000000 usec)
postmap: dict_ldap_debug: wait4msg continue ld 0x21fb9e00 msgid 1 all 1
postmap: dict_ldap_debug: ** ld 0x21fb9e00 Connections:
postmap: dict_ldap_debug: * host: 192.168.2.4  port: 389  (default)
postmap: dict_ldap_debug:   refcnt: 2  status: Connected
postmap: dict_ldap_debug:   last used: Fri Aug 24 11:48:40 2012
postmap: dict_ldap_debug:
postmap: dict_ldap_debug: ** ld 0x21fb9e00 Outstanding Requests:
postmap: dict_ldap_debug:  * msgid 1,  origid 1, status InProgress
postmap: dict_ldap_debug:    outstanding referrals 0, parent count 0
postmap: dict_ldap_debug:   ld 0x21fb9e00 request count 1 (abandoned 0)
postmap: dict_ldap_debug: ** ld 0x21fb9e00 Response Queue:
postmap: dict_ldap_debug:    Empty
postmap: dict_ldap_debug:   ld 0x21fb9e00 response count 0
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x21fb9e00 msgid 1 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x21fb9e00 NULL
postmap: dict_ldap_debug: ldap_int_select
postmap: dict_ldap_debug: read1msg: ld 0x21fb9e00 msgid 1 all 1
postmap: dict_ldap_debug: ber_get_next
postmap: dict_ldap_debug: ber_get_next: tag 0x30 len 16 contents:
postmap: dict_ldap_debug: read1msg: ld 0x21fb9e00 msgid 1 message type bind
postmap: dict_ldap_debug: ber_scanf fmt ({eAA) ber:
postmap: dict_ldap_debug: read1msg: ld 0x21fb9e00 0 new referrals
postmap: dict_ldap_debug: read1msg:  mark request completed, ld 0x21fb9e00 msgid 1
postmap: dict_ldap_debug: request done: ld 0x21fb9e00 msgid 1
postmap: dict_ldap_debug: res_errno: 0, res_error: <>, res_matched: <>
postmap: dict_ldap_debug: ldap_free_request (origid 1, msgid 1)
postmap: dict_ldap_debug: ldap_parse_sasl_bind_result
postmap: dict_ldap_debug: ber_scanf fmt ({eAA) ber:
postmap: dict_ldap_debug: ldap_msgfree
postmap: dict_ldap_debug: ldap_search_ext
postmap: dict_ldap_debug: put_filter: "(&(userPrincipalName=donald@cpe.com)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
postmap: dict_ldap_debug: put_filter: AND
postmap: dict_ldap_debug: put_filter_list "(userPrincipalName=donald@cpe.com)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))"
postmap: dict_ldap_debug: put_filter: "(userPrincipalName=donald@cpe.com)"
postmap: dict_ldap_debug: put_filter: simple
postmap: dict_ldap_debug: put_simple_filter: "userPrincipalName=donald@cpe.com"
postmap: dict_ldap_debug: put_filter: "(objectClass=person)"
postmap: dict_ldap_debug: put_filter: simple
postmap: dict_ldap_debug: put_simple_filter: "objectClass=person"
postmap: dict_ldap_debug: put_filter: "(!(userAccountControl:1.2.840.113556.1.4.803:=2))"
postmap: dict_ldap_debug: put_filter: NOT
postmap: dict_ldap_debug: put_filter_list "(userAccountControl:1.2.840.113556.1.4.803:=2)"
postmap: dict_ldap_debug: put_filter: "(userAccountControl:1.2.840.113556.1.4.803:=2)"
postmap: dict_ldap_debug: put_filter: simple
postmap: dict_ldap_debug: put_simple_filter: "userAccountControl:1.2.840.113556.1.4.803:=2"
postmap: dict_ldap_debug: ldap_send_initial_request
postmap: dict_ldap_debug: ldap_send_server_request
postmap: dict_ldap_debug: ber_scanf fmt ({it) ber:
postmap: dict_ldap_debug: ber_scanf fmt ({) ber:
postmap: dict_ldap_debug: ber_flush2: 188 bytes to sd 4
postmap: dict_ldap_debug: ldap_result ld 0x21fb9e00 msgid 2
postmap: dict_ldap_debug: wait4msg ld 0x21fb9e00 msgid 2 (timeout 10000000 usec)
postmap: dict_ldap_debug: wait4msg continue ld 0x21fb9e00 msgid 2 all 1
postmap: dict_ldap_debug: ** ld 0x21fb9e00 Connections:
postmap: dict_ldap_debug: * host: 192.168.2.4  port: 389  (default)
postmap: dict_ldap_debug:   refcnt: 2  status: Connected
postmap: dict_ldap_debug:   last used: Fri Aug 24 11:48:40 2012
postmap: dict_ldap_debug:
postmap: dict_ldap_debug: ** ld 0x21fb9e00 Outstanding Requests:
postmap: dict_ldap_debug:  * msgid 2,  origid 2, status InProgress
postmap: dict_ldap_debug:    outstanding referrals 0, parent count 0
postmap: dict_ldap_debug:   ld 0x21fb9e00 request count 1 (abandoned 0)
postmap: dict_ldap_debug: ** ld 0x21fb9e00 Response Queue:
postmap: dict_ldap_debug:    Empty
postmap: dict_ldap_debug:   ld 0x21fb9e00 response count 0
postmap: dict_ldap_debug: ldap_chkResponseList ld 0x21fb9e00 msgid 2 all 1
postmap: dict_ldap_debug: ldap_chkResponseList returns ld 0x21fb9e00 NULL
postmap: dict_ldap_debug: ldap_int_select
postmap: dict_ldap_debug: read1msg: ld 0x21fb9e00 msgid 2 all 1
postmap: dict_ldap_debug: ber_get_next
postmap: dict_ldap_debug: ber_get_next: tag 0x30 len 16 contents:
postmap: dict_ldap_debug: read1msg: ld 0x21fb9e00 msgid 2 message type search-result
postmap: dict_ldap_debug: ber_scanf fmt ({eAA) ber:
postmap: dict_ldap_debug: read1msg: ld 0x21fb9e00 0 new referrals
postmap: dict_ldap_debug: read1msg:  mark request completed, ld 0x21fb9e00 msgid 2
postmap: dict_ldap_debug: request done: ld 0x21fb9e00 msgid 2
postmap: dict_ldap_debug: res_errno: 0, res_error: <>, res_matched: <>
postmap: dict_ldap_debug: ldap_free_request (origid 2, msgid 2)
postmap: dict_ldap_debug: ldap_parse_result
postmap: dict_ldap_debug: ber_scanf fmt ({iAA) ber:
postmap: dict_ldap_debug: ber_scanf fmt (}) ber:
postmap: dict_ldap_debug: ldap_msgfree
postmap: dict_ldap_debug: ldap_free_connection 1 1
postmap: dict_ldap_debug: ldap_send_unbind
postmap: dict_ldap_debug: ber_flush2: 7 bytes to sd 4
postmap: dict_ldap_debug: ldap_free_connection: actually freed

------------------------------------------------------------------

Please tell me what I doing wrong, Im new in this world and I need your help, thanks

4

Re: diferents mail domain and local domain

- Does user "donald@cpe.com" (userPrincipalName=donald@cpe.com)exist in AD server?
- Why not simplify it with simpler LDAP filter first? e.g. Use "(userPrincipalName=donald@cpe.com)" as LDAP query filter instead of "(&(userPrincipalName=donald@cpe.com)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"

5

Re: diferents mail domain and local domain

Hi ZhangHuangbin:

In fact, donald@cpe.com not exist as user, the user is donald@dominio.local, remember that my domian is "dominio.local", but all my user have mail under "cpe.com" cause I need the mail domain use this sufix. Im new in this and I dont know many things about postfix and dovecot. I need to know various things, eg:

dovecot cpe.com -- what is this ???

ad_sender_login_maps.cf have a result_attribute = userPrincipalName, this result is what I need to login the mail server or the user I send the mail ???

ad_virtual_mailbox_maps.cf have a result_format=xxxxxx, this is the mailbox dir ???

ad_virtual_group_maps.cf have a result_attribute=userPrincipalName, this list the users who are part of this group ???

Please help me with this doubts, thanks to that I'll be able to understand more about the config I need

6

Re: diferents mail domain and local domain

You make me confused.

The query_filter is used to query mail accounts against AD, if it cannot find any account with query_filter, that means user doesn't exist.

Could you please show us the full LDIF data of your user?

7

Re: diferents mail domain and local domain

Hi ZhangHuangbin:

Here is the LDIF data of the user donald:
--------------------------------------------------------------
dn: CN=Donald Yañez,CN=Users,DC=dominio,DC=local
changetype: add
accountExpires: 9223372036854775807
cn:: RG9uYWxkIFlhw7Fleg==
codePage: 0
countryCode: 0
displayName:: RG9uYWxkIFlhw7Fleg==
distinguishedName::
Q049RG9uYWxkIFlhw7FleixDTj1Vc2VycyxEQz1kb21pbmlvLERDPWxvY2Fs
givenName: Donald
instanceType: 4
mail: donald@cpe.com
name:: RG9uYWxkIFlhw7Fleg==
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=dominio,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
sAMAccountName: donald
sn:: WWHDsWV6
userAccountControl: 512
userPrincipalName: donald@dominio.local
uSNChanged: 16426
uSNCreated: 16403
whenChanged: 20120824153437.0Z
whenCreated: 20120824152837.0Z
--------------------------------------------------------------
As you see if I use

query_filter=(&(userPrincipalName=%u@cpe.com)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

never got a valid asnwer, but if I change the query to

query_filter=(&(userPrincipalName=%u@dominio.local)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

and i query for donald@cpe.com then I got a valid answer result_attribute=userPrincipalName=donald@dominio.local

But my doubts still if this result_attribute=donald@dominio.local if the data that mail use to login an account or if a simple query to verify the existency of a valid user around de domain?!?!? Why not use result_attribute=mail for example????

Sorry me please . . . thanks . . .

8

Re: diferents mail domain and local domain

donaldyg wrote:

As you see if I use
query_filter=(&(userPrincipalName=%u@cpe.com)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
never got a valid asnwer

Because you don't have "userPrincipalName=xxx@cpe.com at all, it's "mail=xxx@cpe.com". So please update query_filter to below:

query_filter=(&(mail=%u@cpe.com)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

9

Re: diferents mail domain and local domain

Hi  ZhangHuangbin

Thanks for your replay, I make the changes and now I got a valid answer every time a make a query, no matter if I ask for the domain user "donald@dominio.local" or the mail user "donald@cpe.com" the lines in the 3 .cf files looks like this:

------------------------------------
ad_sender_login_maps.cf

query_filter = (&(mail=%u@cpe.com)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
result_attribute = userPrincipalName
------------------------------------
ad_virtual_group_maps.cf

query_filter = (&(objectClass=group)(sAMAccountName=%u))
special_result_attribute = member
result_attribute = userPrincipalName
------------------------------------
ad_virtual_mailbox_maps.cf

query_filter = (&(objectClass=person)(mail=%u@cpe.com))
result_attribute = userPrincipalName
result_format = %d/%u/Maildir/
------------------------------------

Now its time to modify the dovecot-ldap.conf file, in the line:

user_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

like in the postfix .cf files I must change "userPrincipalName=%u" by "mail=%n@cpe.com" ??????

I hope that with this last doubt the integration goes well, only you can help, my congratulations for the great work you are making here !!! Thanks

10

Re: diferents mail domain and local domain

donaldyg wrote:

like in the postfix .cf files I must change "userPrincipalName=%u" by "mail=%n@cpe.com" ??????

Yes.

It's a good idea to try it first before asking. smile

11 (edited by donaldyg 2012-09-01 23:51:37)

Re: diferents mail domain and local domain

Hi ZhangHuangbin

Finally, after hours and hours of hard work, reading documentation, testing and more testing finally finish the job. Wow, isn't been easy for me, is my firts time config a mail server . . .but thanks to you I made it . . . however I have 2 or 3 minors issues to tuneup, eg:

Since my AD domain is "dominio.local" and my users email are under "@cpe.com" fill up manually in the mail field of each user I can login Webamil using "user@dominio.local" and "user@cpe.com" and only "user", last two are ok for me but not the first . . . I dont want thet users use the full domain name to login the webmail service . . . where i can put some rule to invalidate the user when he try to login using full domain name??? Any ideas???

Later I'll put here the .cf and dovecot-ldap.conf files config to all the users who need help working in some config like this . . .

12 (edited by donaldyg 2012-09-01 23:50:10)

Re: diferents mail domain and local domain

other doubt . .  . many users use the same pc to send/recieve mails via roundcube webmail . . . the first user write a mail to his girlfriend with a subject I LOVE YOU . . .  when de second user login webmail and try to write a mail and in the subject field put for eg: YOU..... the subject filed show the I LOVE YOU subject from the first user. . . .how i disable in roundcube the autocomplete  SUBJECT field when i write a subject ????

13

Re: diferents mail domain and local domain

donaldyg wrote:

I dont want thet users use the full domain name to login the webmail service

Try to tune Dovecot config file (/etc/dovecot/dovecot-ldap.conf) to use only username (without @domain.ltd) as login name.

donaldyg wrote:

how i disable in roundcube the autocomplete  SUBJECT field when i write a subject ????

This is web browser issue, it will help remember them. Not sure whether this feature can be disabled or not. Please try Google yourself.

14

Re: diferents mail domain and local domain

thanks for all your help . . . you can closed the post and mark as solved . . .  thanks again