1

Topic: Error send to group 5.1.1

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.9
- Deployed with iRedMail Easy or the downloadable installer? Easy
- Linux/BSD distribution name and version: DEBIAN 9
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  LDAP
- Web server (Apache or Nginx): NGINX
- Manage mail accounts with iRedAdmin-Pro?NO
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hello
I canno't send mail to groups.


postmap -q "tous@domain.com" ldap:/etc/postfix/ldap/virtual_group_maps.cf

S.N@XXX.YYY,S.N2@XXX.YYY,S.N3@XXX.YYY

LDAP return good email.

I receive MAIL DELIVERY SYSTEM message (receive 5 times)
Reporting-MTA: dns; server.domain.com
X-Postfix-Queue-ID: 123456789
X-Postfix-Sender: rfc822; S.N@domain.com
Arrival-Date: Tue, 19 Mar 2019 10:01:31 +0100 (CET)

Final-Recipient: rfc822; tous@domain.com
Original-Recipient: rfc822;tous@domain.com
Action: failed
Status: 5.1.1
Diagnostic-Code: x-unix; user unknown

Do you need:
main.cf
master.cf

In dovecot log: (so many)
Mar 17 07:16:40 server dovecot: auth: Warning: ldap(S.N@domain.com,127.0.0.1,<123456/NN/AAAB>): Multiple values found for 'user', using value S.N@domain.com'
Mar 17 07:16:40 server dovecot: auth: Warning: ldap(S.N@domain.com,127.0.0.1,<123456/NN/AAAB>): Multiple values found for 'master_user', using value S.N@domain.com'

Thank you very much for your help.

Regards

Alex

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Error send to group 5.1.1

Lex wrote:

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.9
- Deployed with iRedMail Easy or the downloadable installer? Easy
- Linux/BSD distribution name and version: DEBIAN 9
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  LDAP
- Web server (Apache or Nginx): NGINX
- Manage mail accounts with iRedAdmin-Pro?NO
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hello
I canno't send mail to groups.


postmap -q "tous@domain.com" ldap:/etc/postfix/ldap/virtual_group_maps.cf

S.N@XXX.YYY,S.N2@XXX.YYY,S.N3@XXX.YYY

LDAP return good email.

I receive MAIL DELIVERY SYSTEM message (receive 5 times)
Reporting-MTA: dns; server.domain.com
X-Postfix-Queue-ID: 123456789
X-Postfix-Sender: rfc822; S.N@domain.com
Arrival-Date: Tue, 19 Mar 2019 10:01:31 +0100 (CET)

Final-Recipient: rfc822; tous@domain.com
Original-Recipient: rfc822;tous@domain.com
Action: failed
Status: 5.1.1
Diagnostic-Code: x-unix; user unknown

Do you need:
main.cf
master.cf

In dovecot log: (so many)
Mar 17 07:16:40 server dovecot: auth: Warning: ldap(S.N@domain.com,127.0.0.1,<123456/NN/AAAB>): Multiple values found for 'user', using value S.N@domain.com'
Mar 17 07:16:40 server dovecot: auth: Warning: ldap(S.N@domain.com,127.0.0.1,<123456/NN/AAAB>): Multiple values found for 'master_user', using value S.N@domain.com'

Thank you very much for your help.

Regards

Alex

I change dovecot-ldap.conf with delete mail=master_user and there is still the issue.
Thanks for your help!

3

Re: Error send to group 5.1.1

Lex wrote:

Mar 17 07:16:40 server dovecot: auth: Warning: ldap(S.N@domain.com,127.0.0.1,<123456/NN/AAAB>): Multiple values found for 'user', using value S.N@domain.com'

Try to query the LDAP with this username manually (with tool like "ldapsearch"), according to this log message, it will return multiple values, but it should return only ONE.

4

Re: Error send to group 5.1.1

ZhangHuangbin wrote:
Lex wrote:

Mar 17 07:16:40 server dovecot: auth: Warning: ldap(S.N@domain.com,127.0.0.1,<123456/NN/AAAB>): Multiple values found for 'user', using value S.N@domain.com'

Try to query the LDAP with this username manually (with tool like "ldapsearch"), according to this log message, it will return multiple values, but it should return only ONE.

Hello,
thanks for your reply, You'll find the command sent and results below:
Everything is OK.
According my first issue how can I give you log or command to close my issue? (sending mail to group)

ldapsearch -x -D 'cn=Manager,dc=XXX,dc=YYY' -W -b "ou=Groups,domainName=XXX.YYY,o=domains,dc=XXX,dc=YYY"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <ou=Groups,domainName=YYY.XXX,o=domains,dc=YYY,dc=XXX> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# Groups, YYY.XXX, domains, YYY.XXX
dn: ou=Groups,domainName=YYY.XXX,o=domains,dc=YYY,dc=XXX
objectClass: organizationalUnit
objectClass: top
ou: Groups

# casa@YYY.XXX, Groups, YYY.XXX, domains, YYY.XXX
dn: mail=casa@YYY.XXX,ou=Groups,domainName=YYY.XXX,o=domains,dc=
YYY,dc=XXX
accountStatus: active
enabledService: mail
enabledService: deliver
enabledService: displayedInGlobalAddressBook
objectClass: mailList
objectClass: top
mail: casa@YYY.XXX
cn: G1

# tous@YYY.XXX, Groups, YYY.XXX, domains, YYY.XXX
dn: mail=tous@YYY.XXX,ou=Groups,domainName=YYY.XXX,o=domains,dc=
YYY,dc=XXX
accountStatus: active
objectClass: mailList
objectClass: top
cn: G2
mail: tous@YYY.XXX
enabledService: mail
enabledService: deliver
enabledService: displayedInGlobalAddressBook
enabledService: shadowaddress


root@mail0:~# ldapsearch -x -D 'cn=Manager,dc=XXX,dc=YYY' -W -b "mail=SN.N                                                                                                                                                                                                                            @XXX.YYY,ou=Users,domainName=XXX.YYY,o=domains,dc=XXX                                                                                                                                                                                                               ,dc=YYY"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <mail=SN.N@XXX.YYY,ou=Users,domainName=XXX.YYY,o=                                                                                                                                                                                                                                             domains,dc=XXX,dc=YYY> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# SN.N@XXX.YYY, Users, XXX.YYY, domains, XXX.YYY
dn: mail=SN.N@XXX.YYY,ou=Users,domainName=XXX.YYY,o=do
mains,dc=XXX,dc=YYY
objectClass: inetOrgPerson
objectClass: mailUser
objectClass: shadowAccount
objectClass: amavisAccount
userPassword:: 123456
123456
uid: SN.N
storageBaseDirectory: /var/vmail
mailMessageStore: vmail1/XXX.YYY/x/x/x/SN.N-1.2.3.4.5.6.
53/
homeDirectory: /var/vmail/vmail1/XXX.YYY/x/x/x/SN.N-1.2.3.4.5.6
123456/
enabledService: mail
enabledService: deliver
enabledService: lda
enabledService: lmtp
enabledService: smtp
enabledService: smtpsecured
enabledService: pop3
enabledService: pop3secured
enabledService: pop3tls
enabledService: imap
enabledService: imapsecured
enabledService: imaptls
enabledService: managesieve
enabledService: managesievesecured
enabledService: sogo
enabledService: sieve
enabledService: sievesecured
enabledService: forward
enabledService: senderbcc
enabledService: recipientbcc
enabledService: internal
enabledService: lib-storage
enabledService: indexer-worker
enabledService: doveadm
enabledService: dsync
enabledService: shadowaddress
enabledService: displayedInGlobalAddressBook
shadowLastChange: 0
amavisLocal: TRUE
mailboxFormat: maildir
cn: SN N
givenName: SN.N
sn: SN.N
preferredLanguage: fr_FR
mailQuota: 123456
accountStatus: active
memberOfGroup: tous@XXX.YYY
memberOfGroup: g2e@XXX.YYY
mail: SN.N@XXX.YYY
mail: 1234@XXX.YYY

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Thanks.

Regards

5

Re: Error send to group 5.1.1

- Did you modify /etc/dovecot/dovecot-ldap.conf?
- Please run "ldapsearch" with ldap filter: "(mail=S.N@domain.com)" (of course you must replace S.N@domain.com by the real email domain reported in Dovecot error:

Mar 17 07:16:40 server dovecot: auth: Warning: ldap(S.N@domain.com,127.0.0.1,<123456/NN/AAAB>): Multiple values found for 'user', using value S.N@domain.com'

Please set the ldap base dn to 'o=domains,dc=xx,dc=xx'.

6

Re: Error send to group 5.1.1

ZhangHuangbin wrote:

- Did you modify /etc/dovecot/dovecot-ldap.conf?
- Please run "ldapsearch" with ldap filter: "(mail=S.N@domain.com)" (of course you must replace S.N@domain.com by the real email domain reported in Dovecot error:

Mar 17 07:16:40 server dovecot: auth: Warning: ldap(S.N@domain.com,127.0.0.1,<123456/NN/AAAB>): Multiple values found for 'user', using value S.N@domain.com'

Please set the ldap base dn to 'o=domains,dc=xx,dc=xx'.

Hello Zhang,
Thanks for your reply.
I confirm you DN is ok.
and
X@mail0:~# ldapsearch -x -D 'cn=Manager,dc=XXX,dc=YYY' -W -b "mail=SN.N@XXX.YYY,ou=Users,domainName=XXX.YYY,o=domains,dc=XXX,dc=YYY"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <mail=SN.N@XXX.YYY,ou=Users,domainName=XXX.YYY,o=domains,dc=XXX,dc=YYY> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# SN.N@XXX.YYY, Users, XXX.YYY, domains, XXX.YYY
dn: mail=SN.N@XXX.YYY,ou=Users,domainName=XXX.YYY,o=do
mains,dc=XXX,dc=YYY
objectClass: inetOrgPerson
objectClass: mailUser
objectClass: shadowAccount
objectClass: amavisAccount
userPassword:: DDDDDD
uid: SN.N
storageBaseDirectory: /var/vmail
mailMessageStore: vmail1/XXX.YYY/x/SN.N-2019.01.11.15.23.
53/
homeDirectory: /var/vmail/vmail1/XXX.YYY/x/SN.N-2019.01.1
1.15.23.53/
enabledService: mail
enabledService: deliver
enabledService: lda
enabledService: lmtp
enabledService: smtp
enabledService: smtpsecured
enabledService: pop3
enabledService: pop3secured
enabledService: pop3tls
enabledService: imap
enabledService: imapsecured
enabledService: imaptls
enabledService: managesieve
enabledService: managesievesecured
enabledService: sogo
enabledService: sieve
enabledService: sievesecured
enabledService: forward
enabledService: senderbcc
enabledService: recipientbcc
enabledService: internal
enabledService: lib-storage
enabledService: indexer-worker
enabledService: doveadm
enabledService: dsync
enabledService: shadowaddress
enabledService: displayedInGlobalAddressBook
shadowLastChange: 0
amavisLocal: TRUE
mailboxFormat: maildir
cn: SN N
givenName: SN.N
sn: SN.N
preferredLanguage: fr_FR
mailQuota: 31457280000
accountStatus: active
memberOfGroup: tous@XXX.YYY
memberOfGroup: aaa@XXX.YYY
mail: SN.N@XXX.YYY
mail: bbb@XXX.YYY

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

My first issue is "canno't send to group…"

Many thanks for your help.

Regards

7

Re: Error send to group 5.1.1

Lex wrote:

My first issue is "canno't send to group…"

I understand, but Dovecot can not deliver email to group member with this error:

Lex wrote:

Mar 17 07:16:40 server dovecot: auth: Warning: ldap(S.N@domain.com,127.0.0.1,<123456/NN/AAAB>): Multiple values found for 'user', using value S.N@domain.com'

The error message is quite obvious to me, that when Dovecot queries the user, it expects to get only one result, but it returned more than 1 ("Multiple values found").

You need to figure out why the LDAP query used by Dovecot returns multiple value, this is not right in iRedMail.
Try to search ldap with same filter and base dn used by dovecot in /etc/dovecot/dovecot-ldap.conf, i believe you will get a hint.

8

Re: Error send to group 5.1.1

Hello Zhang,
Thanks for your reply, I will look for LDAP issue…
I'll give you update!
Regards

9 (edited by Lex 2019-03-28 17:56:22)

Re: Error send to group 5.1.1

Hello Zhang,
I don't know why but I replace:
- main.cf
- master.cf
- virtual_group_maps.cf
- virtual_group-members_maps.cf
- dovecot.conf
- dovecot-ldap.conf

By file extrated from a fresh VM installed with same parameter.

And everything is now OK...

No log with multiple values, alias and groups are working fine.

Perhaps update 0.9.5 to 0.9.9 the script had a problem... (it is since I've make this update the issue was)

Thanks again for all.

Regards
We can close this issue