1

Topic: amavis disable local user verification OR create proper LDAP query

==== Required information ====
- iRedMail version: 0.8.3
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: Debian Squeeze 64-bit
- Related log if you're reporting an issue:
====

I use Open source edition and manually added aliases and catch-all e-mails for my domains.
Everything works OK when amavis is off.

When I enable amavis aliases and catch-all stops working.
The problem is probably in LDAP query in amavis config file, it matches only email accounts not aliases.

I think that there are two possible solutions:

1. To correct LDAP query so it will match aliases - help needed. Query format is a bit unclear for me. Anybody has proper one?

2. To disable local recipient verification at amavis level and let postfix do it later. I tried this with setting $enable_ldap to 0 and commenting out LDAP query string but with no success.

I will appreciate your help and suggestions how to fix it

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: amavis disable local user verification OR create proper LDAP query

Sorry, what does your "stops working" exactly mean?

The LDAP query configured in Amavisd doesn't query mail alias account at all, and we didn't add Amavisd required LDAP objectclass to mail alias account, too. So you cannot simply update LDAP query filter to make it work.

3

Re: amavis disable local user verification OR create proper LDAP query

Status before enabling amavis:
all mails sent to aliases were delivered with no problems

Status after enabling amavis:
mails sent to real users are still delivered OK
mails set to aliases and catch-all are bounced with user unknown, "Undelivered Mail Returned to Sender"

4

Re: amavis disable local user verification OR create proper LDAP query

mateooo wrote:

mails set to aliases and catch-all are bounced with user unknown, "Undelivered Mail Returned to Sender"

This is caused by Dovecot, not Amavisd. Could you please paste me related log in /var/log/dovecot.log and/or /var/log/sieve.log to help troubleshoot.

5

Re: amavis disable local user verification OR create proper LDAP query

I'm bit confused about your request for dovecot logs. As far as I know it's IMAP server. IMAP in my case works perfectly OK.

The problem is at SMTP server, in this case postfix

Mails are rejected by postfix after LDAP lookup done by amavis

6

Re: amavis disable local user verification OR create proper LDAP query

Mails scanned by SpamAssassin + ClamAV (both invoked by Amavisd) will be re-injected into Postfix queue (by Amavisd, of course), and Postfix will invoke proper transport to deliver them, in this stage, the transport is usually set to "dovecot" which defined in /etc/postfix/master.cf. Transport "dovecot" executes Dovecot MDA (mail deliver agent) program to deliver emails.

That's why i asked for Dovecot logs.

I suggest turning on debug mode in Dovecot, then try sending a testing email again and paste related log in Dovecot log files.
Reference:

- How to turn on debug mode in Dovecot
  http://www.iredmail.org/wiki/index.php? … In.Dovecot

7

Re: amavis disable local user verification OR create proper LDAP query

You are right, I enabled dovecot logs and after sending e-mail to alias there is:

Oct 17 09:28:26 auth(default): Info: new auth connection: pid=1331
Oct 17 09:28:26 auth(default): Info: new auth connection: pid=1340
Oct 17 09:28:26 auth(default): Info: master in: USER    1       alias@voipexchange.eu service=deliver
Oct 17 09:28:26 auth(default): Info: ldap(alias@voipexchange.eu): user search: base=o=domains,dc=netcentrica,dc=pl scope=subtree filter=(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(mail=alias@voipexchange.eu)(&(enabledService=shadowaddress)(shadowAddress=alias@voipexchange.eu)))) fields=mail,homeDirectory,mailMessageStore,mailQuota
Oct 17 09:28:26 auth(default): Info: ldap(alias@voipexchange.eu): Unknown user
Oct 17 09:28:26 auth(default): Info: master out: NOTFOUND       1

When sending to existing account it's OK:

Oct 17 09:29:43 auth(default): Info: client out: OK     1       user=existing.user@voipexchange.eu
Oct 17 09:29:43 auth(default): Info: master in: REQUEST 1       1201    1

How to modify LDAP query in dovecot so it will match aliases and catch-all addresses?

8

Re: amavis disable local user verification OR create proper LDAP query

Any suggestions how to fix it?

9

Re: amavis disable local user verification OR create proper LDAP query

Since no one responded, I've digged forums, wiki and 1000 other places and found solution of that problem.
I'm posting it to help others with the same problem:

modify /etc/dovecot/dovecot-ldap.conf

and change filters to:

user_filter     = (&(objectClass=mailUser)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u)))(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc))
pass_filter     = (&(objectClass=mailUser)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u)))(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc))

Problem solved

10

Re: amavis disable local user verification OR create proper LDAP query

Those are default settings in iRedMail, not sure why your original settings were incorrect after iRedMail installation.