1 (edited by Bozra 2011-09-07 21:49:40)

Topic: Changing iRedMail to POP only server and Gateway Server

==== Provide basic information to help troubleshoot ====
- iRedMail version: iRedAdmin-Pro-LDAP-1.6.2 iredadmin
- Linux/BSD distribution name and version: Centos 6
- Any related log? Log is helpful for troubleshooting.
====

i have two servers installed  with iRedAdmin-Pro-LDAP-1.6.2 iredadmin,i want to achieve the follwing

POP3

Purely pop Server to achieve the following

1.Stores Mailboxes for the domains
2.Virtual domains
3.Administration interface for each domain 4.Quota Allocation
5.Mailing List manager 6.Gives access via pop,imap,webmail(all include  ssl)
7.stores in ldap authentication credentials for all mailbox users
8.Makes this credentials accessible for our other mail servers(MX and )
9.Receives emails only from our MX

MX-Server
  Acts as a Gateway for the pop server
 
Performs scanning, filtering for local  and external domains
a. SPAM Scann
b. Greylisting
c.  Anti-Virus
d.  IP Blacklisting
e.  SPF
f.   Recipient Verification
g.   Contacts POP server for authentication credentials
h. Implements rate limiting - possibly customised per client
  i.    Performs domain routing

please assit on what features should i disable for the pop  so that it wont be sending mails and just be used for poping  mails?

2

Re: Changing iRedMail to POP only server and Gateway Server

First of all, thanks very much for purchasing iRedAdmin-Pro to support iRedMail project. smile

Bozra wrote:

POP3, Purely pop Server to achieve the following

5.Mailing List manager
6.Gives access via pop,imap,webmail(all include  ssl)
7.stores in ldap authentication credentials for all mailbox users
8.Makes this credentials accessible for our other mail servers(MX and )
9.Receives emails only from our MX

#5: Mailing list manager. iRedMail has a built-in mailing list implementation, but it's not a real mailing list manager like Mailman, Sympa. Please make sure it fits your need before it go production.

#6: If you want to provide webmail access, then IMAP service must be enabled. Is this item a typo error or you really want to provide POP3/IMAP/webmail access to users? There're two ways to achieve this goal:

*) If you still want to provide IMAP/Webmail access, then don't touch Dovecot.
*) To be a pure POP3 server, simply remove IMAP/managesieve services from Dovecot setting "protocols =" in /etc/dovecot.conf.
*) If you want to provide POP3 AND webmail access, then don't touch Dovecot, but reject all IMAP access from external network in iptables firewall rule. For example:

# iptables -I INPUT -p tcp -m multiport --dport 143,993 -j DROP
# iptables -I INPUT -i lo -j ACCEPT

#7 and #8: OpenLDAP server doesn't have any access restriction, but iRedMail disables LDAP access from external work in iptables by default. You can remove this restriction in iptables, that's all. If you just want to let some servers access LDAP service on this server, adjust your iptables rules.

#9: Just allow SMTP access from your MX server in iptables, disable access from other networks.

3

Re: Changing iRedMail to POP only server and Gateway Server

Bozra wrote:

MX-Server, Acts as a Gateway for the pop server

a. SPAM Scann
b. Greylisting
c.  Anti-Virus
d.  IP Blacklisting
e.  SPF
f.   Recipient Verification
g.   Contacts POP server for authentication credentials
h. Implements rate limiting - possibly customised per client
  i.    Performs domain routing

#a - #e, all are performed by Amavisd+SpamAssassin+ClamAV+Policyd.
#f and #g, Modify Postfix LDAP queries, change LDAP server address to your POP3 server which has OpenLDAP running, change bind_dn and password.
#h, Can be achieved with Policyd throttling (per-domain or per-user), or Postfix rate limit (global).
#i, It's controlled by Postfix transport setting. It's configurable in iRedAdmin-Pro (domain profile page, tab "Relay").

4 (edited by Bozra 2011-09-08 17:25:25)

Re: Changing iRedMail to POP only server and Gateway Server

Thanks Zhang for the reply,

One more thing on POP

I want to disable smtp on pop i.e it should only use mx for sending internal as well as External mails,what settings do i need to change?

#6: If you want to provide webmail access, then IMAP service must be enabled. Is this item a typo error or you really want to provide POP3/IMAP/webmail access to users? There're two ways to achieve this goal:Yes what are the two ways?

5

Re: Changing iRedMail to POP only server and Gateway Server

Bozra wrote:

I want to disable smtp on pop i.e it should only use mx for sending internal as well as External mails,what settings do i need to change?

To disable SMTP service, you can either disable Postfix service directly, or block all SMTP access from external network in iptables.

6 (edited by Bozra 2011-09-13 07:39:23)

Re: Changing iRedMail to POP only server and Gateway Server

I have set my dns setting for the domain as

kibokowifi.com.         4828    IN      MX      20 pop
kibokowifi.com.         4828    IN      MX      10 mx1

i have added the domain kibokowifi.com on mx1 as relay domain  and i have added below line in /etc/postfix/transport

kibokowifi.com smtp:[pop]

on the pop server i have added the domain and set to relay transport setting for the domain  to mx1 instead of the default dovecot,when i send from yahoo i get below error

1 postfix/smtpd[15065]: NOQUEUE: reject: RCPT from unknown[98.139.91.240]: 554 5.7.1 <bozra@kibokowifi.com>: Relay access denied; from=<nocsimba@yahoo.com> to=<bozra@kibokowifi.com> proto=SMTP helo=<nm11-vm0.bullet.mail.sp2.yahoo.com>
Sep 13 01:25:55 mx1 postfix/smtpd[15065]: disconnect from unknown[98.139.91.240]

what other setting do i need to change?

7

Re: Changing iRedMail to POP only server and Gateway Server

*) To relay all mails to server "pop", you should set Postfix settings on server "mx1" like below:

relay_domains = $mydestinations, kibokowifi.com

*) No need to use /etc/postfix/transport for relay setting.
*) To sent out emails from "mx1" on server "pop", you should set Postfix settings on server "pop" like below:

relayhost = [mx1]

You can replace "[mx1]" here with IP address of "mx1" or hostname like this "[mx1.domain.ltd]". With "[]", Postfix will use destination in its A record instead of MX record.

I just want to emphasize again, please post all you modified to help troubleshoot, we don't know how to help without them.

8 (edited by Bozra 2011-09-14 10:22:31)

Re: Changing iRedMail to POP only server and Gateway Server

==== Provide basic information to help troubleshoot ====
- iRedMail version:
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
====

Dear Zhang,

thanks now i get the following error in logs

Sep 14 04:09:27 mx1 postfix/smtpd[21838]: NOQUEUE: reject: RCPT from unknown[98.138.229.146]: 450 4.7.1 <bozra@kibokowifi.com>: Recipient address rejected: Policy Rejection- Please try later.; from=<nocsimba@yahoo.com> to=<bozra@kibokowifi.com> proto=SMTP helo=<nm38-vm2.bullet.mail.ne1.yahoo.com>

in yahoo i get below bounce back message from mx1

To add this is     MAILER-DAEMON@mx1.simbanet.co.tz

Saying ''This is the mail system at host mx1.simbanet.co.tz.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<bozra@kibokowifi.com>: mail for kibokowifi.com loops back to myself''

9

Re: Changing iRedMail to POP only server and Gateway Server

Bozra wrote:

thanks now i get the following error in logs

Recipient address rejected: Policy Rejection- Please try later.

This is greylisting.
As you mentioned in first post, you might want to disable greylisting, anti-spam, anti-virus on server "pop". Below are steps:

*) Remove "check_policy_service inet:[127.0.0.1]:10031" in /etc/postfix/main.cf to disable Policyd integration. It will disable greylisting.

*) Comment out "content-filter = smtp-amvis:[127.0.0.1]:10024" in /etc/postfix/main.cf to disable Amavisd-new integration. It will disable anti-spam and anti-virus.

*) Restart Postfix service.
*) Stop services: amavisd, clamav.

Bozra wrote:

<bozra @kibokowifi.com>: mail for kibokowifi.com loops back to myself''

Do you have mail domain "kibokowifi.com" hosted on server "mx1"?

You mentioned this item in first post: "g.   Contacts POP server for authentication credentials". How did you do that?
Could you please post all /etc/postfix/ldap/*.cf here? Please REMOVE ldap server address, bind_dn, bind password before posting.

10

Re: Changing iRedMail to POP only server and Gateway Server

Dear Zhang,

please find the details

[root@mx1 ldap]# less /etc/postfix/ldap/*.cf
#
# File generated by iRedMail (2011.09.05.13.56.30):
#
# Version:  0.7.3
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#
server_host     = xxxxx
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         =
bind_pw         =
search_base     = o=domains,dc=simbanet,dc=co,dc=tz
scope           = sub
query_filter    = (&(objectClass=mailUser)(accountStatus=active)(|(mail=@%d)(shadowAddress=@%d)))
result_attribute= mailForwardingAddress
debuglevel      = 0

11

Re: Changing iRedMail to POP only server and Gateway Server

Bozra wrote:

Dear Zhang,

please find the details

[root@mx1 ldap]# less /etc/postfix/ldap/*.cf
#
# File generated by iRedMail (2011.09.05.13.56.30):
#
# Version:  0.7.3
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#
server_host     = xxxxx
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         =
bind_pw         =
search_base     = o=domains,dc=simbanet,dc=co,dc=tz
scope           = sub
query_filter    = (&(objectClass=mailUser)(accountStatus=active)(|(mail=@%d)(shadowAddress=@%d)))
result_attribute= mailForwardingAddress
debuglevel      = 0

where do i do the following changes exaclty i see there is a number ldap .cf files

''Modify Postfix LDAP queries, change LDAP server address to your POP3 server which has OpenLDAP running, change bind_dn and password.''

on which file am i suppose to change the above settings?

12

Re: Changing iRedMail to POP only server and Gateway Server

[root@mx1 ldap]# less /etc/postfix/ldap/*.cf

Oops, my fault. '*.cf' means all files end with '.cf'.

You didn't answer my question:
*) Do you have mail domain "kibokowifi.com" hosted on server "mx1"?
*) You mentioned this item in first post: "g. Contacts POP server for authentication credentials". How did you do that?
Could you please post all /etc/postfix/ldap/*.cf here? Please REMOVE ldap bind_dn, bind password before posting. KEEP "server_host" setting please.

13

Re: Changing iRedMail to POP only server and Gateway Server

Dear Zhang,

1.Domain kibokowifi.com is not in mx1
2.i haven't yet modified ldap settings

i have checked all the .cf  files in /etc/postfix/ldap/  have the same configs as per below


#
# File generated by iRedMail (2011.09.05.13.56.30):
#
# Version:  0.7.3
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#
server_host     = xxxxx
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         =
bind_pw         =
search_base     = o=domains,dc=simbanet,dc=co,dc=tz
scope           = sub
query_filter    = (&(objectClass=mailUser)(accountStatus=active)(|(mail=@%d)(shadowAddress=@%d)))
result_attribute= mailForwardingAddress
debuglevel      = 0

14

Re: Changing iRedMail to POP only server and Gateway Server

I'm really confused about what you actually did/changed till now, you didn't share them completely, i'm not sure what you chould change to achieve your goals.

*) Please paste output of command "postconf -n" on both servers.
*) Paste file content of /etc/postfix/ldap/*.cf (all of them) here, replace password before posting, but do NOT remove ldap server address, and show us which file comes from which server.
*) Clearly explain what you exactly did/changed, paste changed content.
*) Clearly explain what you problems are, paste related error logs.

15

Re: Changing iRedMail to POP only server and Gateway Server

Dear Zhang,

please find the replies as per your request

1.Output of postconf -n

from pop.

[root@pop etc]# postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
biff = no
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
delay_warning_time = 0h
disable_vrfy_command = yes
enable_original_recipient = no
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailbox_command = /usr/libexec/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 4000s
maximal_queue_lifetime = 1d
message_size_limit = 15728640
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
mydomain = simbanet.co
myhostname = pop.simbanet.co.tz
mynetworks = 127.0.0.0/8
mynetworks_style = subnet
myorigin = pop.simbanet.co.tz
newaliases_path = /usr/bin/newaliases.postfix
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_directory = /var/spool/postfix
queue_run_delay = 300s
readme_directory = /usr/share/doc/postfix-2.5.9/README_FILES
recipient_bcc_maps = proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_domain.cf, proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_user.cf
recipient_delimiter = +
relay_domains = $mydestination, proxy:ldap:/etc/postfix/ldap/relay_domains.cf
relayhost = [mx1.simbanet.co.tz]
sample_directory = /usr/share/doc/postfix-2.5.9/samples
sender_bcc_maps = proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_domain.cf, proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_user.cf
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient,check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,smtpd_tls_security_level = may
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = ./dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:ldap:/etc/postfix/ldap/sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
smtpd_tls_CAfile = /etc/pki/tls/certs/iRedMail_CA.pem
smtpd_tls_cert_file = /etc/pki/tls/certs/iRedMail_CA.pem
smtpd_tls_key_file = /etc/pki/tls/private/iRedMail.key
smtpd_tls_loglevel = 0
tls_random_source = dev:/dev/urandom
transport_maps = proxy:ldap:/etc/postfix/ldap/transport_maps_user.cf, proxy:ldap:/etc/postfix/ldap/transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap/virtual_alias_maps.cf, proxy:ldap:/etc/postfix/ldap/virtual_group_maps.cf, proxy:ldap:/etc/postfix/ldap/sender_login_maps.cf, proxy:ldap:/etc/postfix/ldap/catchall_maps.cf
virtual_gid_maps = static:513
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_maps.cf
virtual_minimum_uid = 512
virtual_transport = dovecot
virtual_uid_maps = static:512

2.from mx

[root@mx1 /]# postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
biff = no
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
delay_warning_time = 0h
disable_vrfy_command = yes
enable_original_recipient = no
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailbox_command = /usr/libexec/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 4000s
maximal_queue_lifetime = 1d
message_size_limit = 15728640
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
mydomain = simbanet.co
myhostname = mx1.simbanet.co.tz
mynetworks = 127.0.0.0/8,41.221.41.0/25
mynetworks_style = subnet
myorigin = mx1.simbanet.co.tz
newaliases_path = /usr/bin/newaliases.postfix
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_directory = /var/spool/postfix
queue_run_delay = 300s
readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
recipient_bcc_maps = proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_domain.cf, proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_user.cf
recipient_delimiter = +
relay_domains = $mydestinations, kibokowifi.com,pop.simbanet.co.tz proxy:ldap:/etc/postfix/ldap/relay_domains.cf
sample_directory = /usr/share/doc/postfix-2.6.6/samples
sender_bcc_maps = proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_domain.cf, proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_user.cf
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = ./dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:ldap:/etc/postfix/ldap/sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
smtpd_tls_CAfile = /etc/pki/tls/certs/iRedMail_CA.pem
smtpd_tls_cert_file = /etc/pki/tls/certs/iRedMail_CA.pem
smtpd_tls_key_file = /etc/pki/tls/private/iRedMail.key
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
tls_random_source = dev:/dev/urandom
transport_maps = proxy:ldap:/etc/postfix/ldap/transport_maps_user.cf, proxy:ldap:/etc/postfix/ldap/transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap/virtual_alias_maps.cf, proxy:ldap:/etc/postfix/ldap/virtual_group_maps.cf, proxy:ldap:/etc/postfix/ldap/sender_login_maps.cf, proxy:ldap:/etc/postfix/ldap/catchall_maps.cf
virtual_gid_maps = static:502
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_maps.cf
virtual_minimum_uid = 502
virtual_transport = dovecot
virtual_uid_maps = static:502

2. /etc/postfix/ldap/*.cf from pop.

1. less catchall_maps.cf
#
# File generated by iRedMail (2011.07.06.20.57.35):
#
# Version:  0.7.2
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 127.0.0.1
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = xxxxxxxxxxxxxxxxxxxxxxxx
search_base     = o=domains,dc=simbanet,dc=co,dc=tz
scope           = sub
query_filter    = (&(objectClass=mailUser)(accountStatus=active)(|(mail=@%d)(shadowAddress=@%d)))
result_attribute= mailForwardingAddress
debuglevel      = 0

2.[root@pop ldap]# less recipient_bcc_maps_domain.cf
#
# File generated by iRedMail (2011.07.06.20.57.35):
#
# Version:  0.7.2
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 127.0.0.1
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = xxxxxxxxxxxxxxxxxxxxxxxx
search_base     = o=domains,dc=simbanet,dc=co,dc=tz
scope           = one
query_filter    = (&(objectClass=mailDomain)(|(domainName=%d)(domainAliasName=%d))(accountStatus=active)(enabledService=mail)(enabledService=recipientbcc))
result_attribute= domainRecipientBccAddress
debuglevel      = 0

3.[root@pop ldap]# less recipient_bcc_maps_user.cf
#
# File generated by iRedMail (2011.07.06.20.57.35):
#
# Version:  0.7.2
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 127.0.0.1
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = xxxxxxxxxxxxxxxxxxxxxxxx
search_base     = ou=Users,domainName=%d,o=domains,dc=simbanet,dc=co,dc=tz
scope           = one
query_filter    = (&(mail=%s)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=recipientbcc))
result_attribute= userRecipientBccAddress
debuglevel      = 0
recipient_bcc_maps_user.cf (END)

4.[root@pop ldap]# less relay_domains.cf
#
# File generated by iRedMail (2011.07.06.20.57.35):
#
# Version:  0.7.2
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 127.0.0.1
server_port     = 389
bind            = yes
start_tls       = no
version         = 3
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = xxxxxxxxxxxxxxxxxxxxxxxx
search_base     = o=domains,dc=simbanet,dc=co,dc=tz
scope           = one
query_filter    = (&(objectClass=mailDomain)(|(domainName=%s)(&(enabledService=domainalias)(domainAliasName=%s)))(domainBackupMX=yes)(accountStatus=active)(enabledService=mail))
result_attribute= domainName
debuglevel      = 0

5.[root@pop ldap]# less sender_bcc_maps_domain.cf
#
# File generated by iRedMail (2011.07.06.20.57.35):
#
# Version:  0.7.2
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 127.0.0.1
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = xxxxxxxxxxxxxxxxxxxxxxxx
search_base     = o=domains,dc=simbanet,dc=co,dc=tz
scope           = one
query_filter    = (&(objectClass=mailDomain)(|(domainName=%d)(domainAliasName=%d))(accountStatus=active)(enabledService=mail)(enabledService=senderbcc))
result_attribute= domainSenderBccAddress
debuglevel      = 0

6.[root@pop ldap]# less sender_bcc_maps_user.cf
#
# File generated by iRedMail (2011.07.06.20.57.35):
#
# Version:  0.7.2
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 127.0.0.1
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = xxxxxxxxxxxxxxxxxxxxxxxx
search_base     = ou=Users,domainName=%d,o=domains,dc=simbanet,dc=co,dc=tz
scope           = one
query_filter    = (&(mail=%s)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=senderbcc))
result_attribute= userSenderBccAddress
debuglevel      = 0

7.[root@pop ldap]# less sender_login_maps.cf
#
# File generated by iRedMail (2011.07.06.20.57.35):
#
# Version:  0.7.2
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 127.0.0.1
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = xxxxxxxxxxxxxxxxxxxxxxxx
search_base     = o=domains,dc=simbanet,dc=co,dc=tz
scope           = sub
query_filter    = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=smtp)(|(mail=%s)(&(enabledService=shadowaddress)(shadowAddress=%s))))
result_attribute= mail
debuglevel      = 0

8.[root@pop ldap]# less transport_maps_domain.cf
#
# File generated by iRedMail (2011.07.06.20.57.35):
#
# Version:  0.7.2
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 127.0.0.1
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = xxxxxxxxxxxxxxxxxxxxxxxx
search_base     = o=domains,dc=simbanet,dc=co,dc=tz
scope           = one
query_filter    = (&(objectClass=mailDomain)(|(domainName=%s)(domainAliasName=%s))(accountStatus=active)(enabledService=mail))
result_attribute= mtaTransport
debuglevel      = 0

9.[root@pop ldap]# less virtual_alias_maps.cf
#
# File generated by iRedMail (2011.07.06.20.57.35):
#
# Version:  0.7.2
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 127.0.0.1
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = xxxxxxxxxxxxxxxxxxxxxxxx
search_base     = o=domains,dc=simbanet,dc=co,dc=tz
scope           = sub
query_filter    = (&(|(mail=%s)(shadowAddress=%s))(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(objectClass=mailAlias)(&(objectClass=mailUser)(enabledService=forward))))
result_attribute= mailForwardingAddress
debuglevel      = 0

10.[root@pop ldap]# less virtual_group_maps.cf
#
# File generated by iRedMail (2011.07.06.20.57.35):
#
# Version:  0.7.2
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 127.0.0.1
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = xxxxxxxxxxxxxxxxxxxxxxxx
search_base     = o=domains,dc=simbanet,dc=co,dc=tz
scope           = sub
query_filter    = (&(memberOfGroup=%s)(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(objectClass=mailUser)(objectClass=mailExternalUser)))
result_attribute= mail
debuglevel      = 0
virtual_group_maps.cf (END)

11.[root@pop ldap]# less virtual_mailbox_domains.cf
#
# File generated by iRedMail (2011.07.06.20.57.35):
#
# Version:  0.7.2
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 127.0.0.1
server_port     = 389
bind            = yes
start_tls       = no
version         = 3
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = xxxxxxxxxxxxxxxxxxxxxxxx
search_base     = o=domains,dc=simbanet,dc=co,dc=tz
scope           = one
query_filter    = (&(objectClass=mailDomain)(|(domainName=%s)(&(enabledService=domainalias)(domainAliasName=%s)))(!(domainBackupMX=yes))(accountStatus=active)(enabledService=mail))
result_attribute= domainName
debuglevel      = 0
virtual_mailbox_domains.cf (END)

12.[root@pop ldap]# less virtual_mailbox_maps.cf
#
# File generated by iRedMail (2011.07.06.20.57.35):
#
# Version:  0.7.2
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 127.0.0.1
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = xxxxxxxxxxxxxxxxxxxxxxxx
search_base     = o=domains,dc=simbanet,dc=co,dc=tz
scope           = sub
query_filter    = (&(objectClass=mailUser)(|(mail=%s)(&(enabledService=shadowaddress)(shadowAddress=%s)))(accountStatus=active)(enabledService=mail)(enabledService=deliver))
result_attribute= mailMessageStore
debuglevel      = 0


FROM MX1.

1.[root@mx1 ldap]# less catchall_maps.cf
#
# File generated by iRedMail (2011.09.05.13.56.30):
#
# Version:  0.7.3
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 41.221.41.2
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = password same as pop
search_base     = o=domains,dc=simbanet,dc=co,dc=tz
scope           = sub
query_filter    = (&(objectClass=mailUser)(accountStatus=active)(|(mail=@%d)(shadowAddress=@%d)))
result_attribute= mailForwardingAddress
debuglevel      = 0
catchall_maps.cf (END)

2.[root@mx1 ldap]# less recipient_bcc_maps_domain.cf
#
# File generated by iRedMail (2011.09.05.13.56.30):
#
# Version:  0.7.3
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 41.221.41.2
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = password same as pop
search_base     = o=domains,dc=simbanet,dc=co,dc=tz
scope           = one
query_filter    = (&(objectClass=mailDomain)(|(domainName=%d)(domainAliasName=%d))(accountStatus=active)(enabledService=mail)(enabledService=recipientbcc))
result_attribute= domainRecipientBccAddress
debuglevel      = 0
recipient_bcc_maps_domain.cf (END)

3.[root@mx1 ldap]# less recipient_bcc_maps_user.cf
#
# File generated by iRedMail (2011.09.05.13.56.30):
#
# Version:  0.7.3
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 41.221.41.2
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = password same as pop
search_base     = ou=Users,domainName=%d,o=domains,dc=simbanet,dc=co,dc=tz
scope           = one
query_filter    = (&(mail=%s)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=recipientbcc))
result_attribute= userRecipientBccAddress
debuglevel      = 0
recipient_bcc_maps_user.cf (END)

4.[root@mx1 ldap]# less relay_domains.cf
#
# File generated by iRedMail (2011.09.05.13.56.30):
#
# Version:  0.7.3
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 41.221.41.2
server_port     = 389
bind            = yes
start_tls       = no
version         = 3
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = password same as pop
search_base     = o=domains,dc=simbanet,dc=co,dc=tz
scope           = one
query_filter    = (&(objectClass=mailDomain)(|(domainName=%s)(&(enabledService=domainalias)(domainAliasName=%s)))(domainBackupMX=yes)(accountStatus=active)(enabledService=mail))
result_attribute= domainName
debuglevel      = 0
relay_domains.cf (END)

5.[root@mx1 ldap]# less sender_bcc_maps_domain.cf
#
# File generated by iRedMail (2011.09.05.13.56.30):
#
# Version:  0.7.3
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 41.221.41.2
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = password same as pop
search_base     = o=domains,dc=simbanet,dc=co,dc=tz
scope           = one
query_filter    = (&(objectClass=mailDomain)(|(domainName=%d)(domainAliasName=%d))(accountStatus=active)(enabledService=mail)(enabledService=senderbcc))
result_attribute= domainSenderBccAddress
debuglevel      = 0
sender_bcc_maps_domain.cf (END)

6.[root@mx1 ldap]# less sender_bcc_maps_user.cf
#
# File generated by iRedMail (2011.09.05.13.56.30):
#
# Version:  0.7.3
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 41.221.41.2
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = password same as pop
search_base     = ou=Users,domainName=%d,o=domains,dc=simbanet,dc=co,dc=tz
scope           = one
query_filter    = (&(mail=%s)(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=senderbcc))
result_attribute= userSenderBccAddress
debuglevel      = 0

7.[root@mx1 ldap]# less sender_login_maps.cf
#
# File generated by iRedMail (2011.09.05.13.56.30):
#
# Version:  0.7.3
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 41.221.41.2
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = password same as pop
search_base     = o=domains,dc=simbanet,dc=co,dc=tz
scope           = sub
query_filter    = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=smtp)(|(mail=%s)(&(enabledService=shadowaddress)(shadowAddress=%s))))
result_attribute= mail
debuglevel      = 0
sender_login_maps.cf (END)

8.[root@mx1 ldap]# less transport_maps_domain.cf
#
# File generated by iRedMail (2011.09.05.13.56.30):
#
# Version:  0.7.3
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 41.221.41.2
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = password same as pop
search_base     = o=domains,dc=simbanet,dc=co,dc=tz
scope           = one
query_filter    = (&(objectClass=mailDomain)(|(domainName=%s)(domainAliasName=%s))(accountStatus=active)(enabledService=mail))
result_attribute= mtaTransport
debuglevel      = 0

9.[root@mx1 ldap]# less transport_maps_user.cf
#
# File generated by iRedMail (2011.09.05.13.56.30):
#
# Version:  0.7.3
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 41.221.41.2
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = password same as pop
search_base     = ou=Users,domainName=%d,o=domains,dc=simbanet,dc=co,dc=tz
scope           = one
query_filter    = (&(objectClass=mailUser)(mail=%s)(accountStatus=active)(enabledService=mail))
result_attribute= mtaTransport
debuglevel      = 0

10.[root@mx1 ldap]# less virtual_alias_maps.cf
#
# File generated by iRedMail (2011.09.05.13.56.30):
#
# Version:  0.7.3
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 41.221.41.2
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = password same as pop
search_base     = o=domains,dc=simbanet,dc=co,dc=tz
scope           = sub
query_filter    = (&(|(mail=%s)(shadowAddress=%s))(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(objectClass=mailAlias)(&(objectClass=mailUser)(enabledService=forward))))
result_attribute= mailForwardingAddress
debuglevel      = 0
virtual_alias_maps.cf (END)

11.[root@mx1 ldap]# less virtual_group_maps.cf
#
# File generated by iRedMail (2011.09.05.13.56.30):
#
# Version:  0.7.3
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 41.221.41.2
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = password same as pop
search_base     = o=domains,dc=simbanet,dc=co,dc=tz
scope           = sub
query_filter    = (&(memberOfGroup=%s)(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(objectClass=mailUser)(objectClass=mailExternalUser)))
result_attribute= mail
debuglevel      = 0
virtual_group_maps.cf (END)

12.[root@mx1 ldap]# less virtual_mailbox_domains.cf
#
# File generated by iRedMail (2011.09.05.13.56.30):
#
# Version:  0.7.3
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 41.221.41.2
server_port     = 389
bind            = yes
start_tls       = no
version         = 3
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = password same as pop
search_base     = o=domains,dc=simbanet,dc=co,dc=tz
scope           = one
query_filter    = (&(objectClass=mailDomain)(|(domainName=%s)(&(enabledService=domainalias)(domainAliasName=%s)))(!(domainBackupMX=yes))(accountStatus=active)(enabledService=mail))
result_attribute= domainName
debuglevel      = 0
virtual_mailbox_domains.cf (END)

13.[root@mx1 ldap]# less virtual_mailbox_maps.cf
#
# File generated by iRedMail (2011.09.05.13.56.30):
#
# Version:  0.7.3
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 41.221.41.2
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=simbanet,dc=co,dc=tz
bind_pw         = password same as pop
search_base     = o=domains,dc=simbanet,dc=co,dc=tz
scope           = sub
query_filter    = (&(objectClass=mailUser)(|(mail=%s)(&(enabledService=shadowaddress)(shadowAddress=%s)))(accountStatus=active)(enabledService=mail)(enabledService=deliver))
result_attribute= mailMessageStore
debuglevel      = 0
virtual_mailbox_maps.cf (END)

1.i changed the /etc/postfix/ldap* .cf in pop as above
2.i changed /etc/openldap/ldap.conf to

BASE    dc=simbanet,dc=co,dc=tz
URI     ldap://41.221.41.2:389

restarted ldap services as well as postfix this is the error i get in mx1

''[root@mx1 /]# tail -f  /var/log/maillog
Sep 20 12:41:42 mx1 postfix/master[3831]: warning: process /usr/libexec/postfix/trivial-rewrite pid 4562 exit status 1
Sep 20 12:42:33 mx1 postfix/proxymap[4424]: warning: dict_ldap_connect: Unable to bind to server ldap://41.221.41.2:389 as cn=vmail,dc=simbanet,dc=co,dc=tz: -1 (Can't contact LDAP server)
Sep 20 12:42:43 mx1 postfix/proxymap[4424]: warning: dict_ldap_connect: Unable to bind to server ldap://41.221.41.2:389 as cn=vmail,dc=simbanet,dc=co,dc=tz: -1 (Can't contact LDAP server)
Sep 20 12:42:53 mx1 postfix/proxymap[3888]: warning: dict_ldap_connect: Unable to bind to server ldap://41.221.41.2:389 as cn=vmail,dc=simbanet,dc=co,dc=tz: -1 (Can't contact LDAP server)
Sep 20 12:42:53 mx1 postfix/proxymap[4424]: warning: dict_ldap_connect: Unable to bind to server ldap://41.221.41.2:389 as cn=vmail,dc=simbanet,dc=co,dc=tz: -1 (Can't contact LDAP server)
Sep 20 12:42:53 mx1 postfix/trivial-rewrite[4563]: fatal: proxy:ldap:/etc/postfix/ldap/virtual_mailbox_domains.cf(0,lock|fold_fix)''

16

Re: Changing iRedMail to POP only server and Gateway Server

on mx1:

*) Get relay domains and recipients in Postfix:

# Verify relay domains and recipients against LDAP queries.
    relay_domains = $mydestinations, proxy:ldap:/etc/postfix/ldap/virtual_mailbox_domains.cf
    relay_recipient_maps = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_maps.cf

    # Use static file as transport map.
    transport_maps = hash:/etc/postfix/transport

Make sure you modified /etc/postfix/ldap/*.cf to query LDAP server running on server "pop" with correct bind dn and password.

*) Create transport map file: /etc/postfix/transport with below content:

*          smtp:[41.221.xx.2]:25

It means all mails arrived on mx1 will be relayed to server 41.221.xx.2 on port 25.
Generate hash file:

bash# postmap hash:/etc/postfix/transport

*) Disable iRedAPD in Postfix.

Remove below config from /etc/postfix/main.cf:

check_policy_service inet:[127.0.0.1]:7777,

##################
On pop server:

*) Allow remote LDAP access from mx1 server in iptables.

Add one more line in /etc/sysconfig/iptables:

# ldap/ldaps
    #-A INPUT -p tcp -m multiport --dport 389,636 -j ACCEPT
    -A INPUT -p tcp -s 41.221.xx.4 -m multiport --dport 389,636 -j ACCEPT

Restart iptables service to make it work.

That's all.

You can now add mail domains/users on pop server with iRedAdmin-Pro, be careful that don't change domain relay setting in domain profile under tab "Relay" (keep LDAP attribute/value "mtaTransport=dovecot" of domain account).