1 (edited by Clouseau 2020-02-10 18:53:19)

Topic: mlmmj user unknown

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.0
- Deployed with iRedMail Easy or the downloadable installer? installer
- Linux/BSD distribution name and version: Debian 8
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

When I create mailing list and add members, subscription confirmation is sent. When user reply to that invite he gets a bounce stating uset unknown

I have rechecked the mlmmj integration tutorial and all configs are ok. Also checked the other topics here and what fixed it for others, I allready have in my config. This is the error from postfix log:

Feb  6 12:29:40 hostname amavis[42987]: (42987-01) Passed CLEAN {RelayedInternal}, LOCAL [IP]:50652 [IP] <USER@DOMAIN.COM> -> <testna+confsub-6ad5a266072567c7-USER=DOMAIN.COM@DOMAIN.COM>, Queue-ID: 3B5262DC24DE, Message-ID: <1fc3a9ba-2f91-710b-82ca-6ca785375cd
4@domain.com>, mail_id: 0ab02DqPGPeM, Hits: -1.629, size: 758, queued_as: 8D5972DC24E2, dkim_new=dkim:hidden, 2357 ms
Feb  6 12:29:40 hostname postfix/smtp[41519]: 3B5262DC24DE: to=<testna+confsub-6ad5a266072567c7-USER=DOMAIN.COM@DOMAIN.COM>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.4, delays=0.04/0/0.01/2.4, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued
 as 8D5972DC24E2)
Feb  6 12:29:40 hostname postfix/qmgr[3450]: 3B5262DC24DE: removed
Feb  6 12:29:40 hostname postfix/pipe[41087]: 8D5972DC24E2: to=<testna+confsub-6ad5a266072567c7-USER=DOMAIN.COM@DOMAIN.COM>, relay=dovecot, delay=0.1, delays=0.04/0/0/0.06, dsn=5.1.1, status=bounced (user unknown)

Should this be ok? testna+confsub-6ad5a266072567c7-USER=DOMAIN.COM@DOMAIN.COM - I see two domain.com here...

Also if I add user to list without previous subscription and then user sends an email to testna@domain.com list, also there will be a user uknown for testna@domain.com account... Should I create testna@doman.com email account or?

Regards,
Clouseau

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 (edited by Clouseau 2020-02-06 20:09:24)

Re: mlmmj user unknown

Btw mailman is also installed on the server. Could that be the problem? I doubt it as:

mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list
  argv=/var/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${mailbox}

my lists are all name@lists.domain.com and I have alias created for name@doman.com to deliver to name@lists.domain.com.

3

Re: mlmmj user unknown

It’s probably conflict with your mailman configuration. You need to figure out whether it’s mailman or mlmmj handling that mailing list account.

4

Re: mlmmj user unknown

This list testna@domain.com doesn't exist in mailman lists, it is created through iredadmin-pro

5

Re: mlmmj user unknown

Try to create same mailing list account in mailman and send test email to the list. Then you will know whether it’s mailman handling the mailing list and no chance to reach mlmmj.

6

Re: mlmmj user unknown

I cannot as mailman lists are all in a form of listname@lists.domain.com. iredadmin creates listname@domain.com.

How can I recheck ldap search used by postfix for testna@domain.com list to see if it returns correct string?

7 (edited by Clouseau 2020-02-07 22:37:07)

Re: mlmmj user unknown

This works and returns result

 postmap -vq testna@domain.com  ldap:/etc/postfix/ldap_virtual_group_maps.cf
...
postmap: dict_ldap_get_values[1]: Search found 1 match(es)
postmap: dict_ldap_get_values[1]: search returned 1 value(s) for requested result attribute mail
postmap: dict_ldap_get_values[1]: Leaving dict_ldap_get_values
postmap: dict_ldap_lookup: Search returned testna@domain.com
testna@domain.com
postmap: dict_ldap_close: Closed connection handle for LDAP source /etc/postfix/ldap_virtual_group_maps.cf


postmap -vq listmember@domain.com ldap:/etc/postfix/ldap_transport_maps_user.cf
...
postmap: dict_ldap_get_values[1]: Search found 1 match(es)
postmap: dict_ldap_get_values[1]: search returned 1 value(s) for requested result attribute mtaTransport
postmap: dict_ldap_get_values[1]: Leaving dict_ldap_get_values
postmap: dict_ldap_lookup: Search returned dovecot
dovecot
postmap: dict_ldap_close: Closed connection handle for LDAP source /etc/postfix/ldap_transport_maps_user.cf

This is what user looks in ldap that is in testna@domain.com list

dn: mail=listmember@domain.com,ou=Users,domainName=domain.com,o=domains,dc=domain,dc=com
objectClass: inetOrgPerson
objectClass: mailUser
objectClass: shadowAccount
objectClass: amavisAccount
mail: listmember@domain.com
userPassword:: q23234....
uid: listmember
storageBaseDirectory: /var/vmail
mailMessageStore: vmail01/domain.com/l/i/s/etc.
homeDirectory: /var/vmail/vmail01/domain.com/l/i/s/etc.
shadowLastChange: 0
amavisLocal: TRUE
structuralObjectClass: inetOrgPerson
entryUUID: somestring
creatorsName: cn=vmailadmin,dc=domain,dc=com
createTimestamp: 2015...
mailForwardingAddress: 
cn: Something
givenName: listmember
sn: listmember
preferredLanguage: en_US
title:: szczdsffgi
mailQuota: 1073741824
accountStatus: active
enabledService: mail
enabledService: deliver
enabledService: lda
enabledService: smtp
enabledService: smtpsecured
enabledService: pop3
enabledService: pop3secured
enabledService: imap
enabledService: imapsecured
enabledService: managesieve
enabledService: managesievesecured
enabledService: sieve
enabledService: sievesecured
enabledService: forward
enabledService: senderbcc
enabledService: recipientbcc
enabledService: internal
enabledService: lib-storage
enabledService: shadowaddress
enabledService: displayedInGlobalAddressBook
enabledService: lmtp
enabledService: indexer-worker
enabledService: sogo
enabledService: imaptls
enabledService: pop3tls
enabledService: smtptls
enabledService: quota-status
shadowAddress: listmember@subdomain.domain.com
entryCSN: 20200205152448.623476Z#000000#000#000000
modifiersName: cn=vmailadmin,dc=domain,dc=com
modifyTimestamp: 202002052342...

I do not see mtaTransport in the above LDIF. Also some user do not have that set. This could be due to a version of iRedAdmin free panel, at some point in time before some version started adding mtaTransport attribute. Could be that very old users don't have that set. I guess for those user mtaTransport defaults to dovecot as that one is set for domain.

But I tested sending from list user to testna@domain.com list that has mtaTransport attribute set to dovecot, and the result is the same.

Also sending from moderator mail account to list testna@domain.com responds with

The mail system

<testna@domain.com>: user unknown

Looks like mta dovecot doesn't know who testna@domain.com is and he interprets it as a USER and not a LIST and replies with user unknow. Shouldn't mjmml take care of delivery?

8

Re: mlmmj user unknown

Clouseau wrote:

I do not see mtaTransport in the above LDIF. Also some user do not have that set. This could be due to a version of iRedAdmin free panel, at some point in time before some version started adding mtaTransport attribute. Could be that very old users don't have that set. I guess for those user mtaTransport defaults to dovecot as that one is set for domain.

If no mtaTransport in user object, per-domain mtaTransport will be used. so it's normal that user doesn't have it.

*) Please show us output of commands below:

cd /etc/postfix/ldap/
for i in $(ls *cf); do echo $i; postmap -q testna@domain.com ldap:./$i; done

*) I think there's some conflict in your Postfix configuration which causes mailman tries to handle this account instead of mlmmj. Please show us output of command "postconf -n".

9

Re: mlmmj user unknown

I tried to comment out mailman in master.cf and retest, result is the same. Mailman uses aliases in /etc/postfix/aliases to map emails to mailman commands, he doesn't handle that list but it could be some interference, I don't know.

for i in $(ls *cf); do echo $i; postmap -q testna@domain.com ldap:./$i; done

dynamicmaps.cf
postmap: fatal: ./dynamicmaps.cf, line 1-8: missing '=' after attribute name: "tcp?/usr/lib/postfix/dict_tcp.so??dict_tcp_open?"
ldap_catch_all_maps.cf
ldap_recipient_bcc_maps_domain.cf
ldap_recipient_bcc_maps_user.cf
ldap_relay_domains.cf
ldap_sender_bcc_maps_domain.cf
ldap_sender_bcc_maps_user.cf
ldap_sender_login_maps.cf
ldap_transport_maps_domain.cf
ldap_transport_maps_user.cf
mlmmj:domain.com/lista5
ldap_virtual_alias_maps.cf
ldap_virtual_group_maps.cf
testna@domain.com
ldap_virtual_group_members_maps.cf
ldap_virtual_mailbox_domains.cf
ldap_virtual_mailbox_maps.cf
main.cf
postmap: warning: dict_ldap_lookup: ./main.cf: Search base '' not found: 32: No such object
postmap: fatal: table ldap:./main.cf: query error: Success
master.cf
postmap: fatal: ./master.cf, line 1-16: missing '=' after attribute name: "smtp      inet  n       -       -       -       -       smtpd"

postconf -n

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
append_at_myorigin = yes
append_dot_mydomain = yes
biff = no
bounce_queue_lifetime = 5d
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
default_destination_concurrency_limit = 30
delay_warning_time = 0h
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
hash_queue_depth = 3
home_mailbox =
in_flow_delay = 2s
inet_interfaces = 127.0.0.1, x.x.95.4
inet_protocols = ipv4
initial_destination_concurrency = 10
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
mail_name = Postfix
mail_version = 0.6.1
mailbox_command =
mailbox_size_limit = 26214400
masquerade_domains = $mydomain
maximal_backoff_time = 4000s
maximal_queue_lifetime = 5d
message_size_limit = 26214400
minimal_backoff_time = 300s
mlmmj_destination_recipient_limit = 1
mydestination = $myhostname, mail.domain.com, lists.domain.com, localhost, localhost.localdomain, localhost.$myhostname, localhost.$mydomain
mydomain = domain.com
myhostname =hostname.domain.com
mynetworks = 127.0.0.0/8, x.x.95.0/24
mynetworks_style = subnet
myorigin = hostname.domain.com
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps
queue_run_delay = 300s
readme_directory = no
recipient_bcc_maps = proxy:ldap:/etc/postfix/ldap_recipient_bcc_maps_user.cf, proxy:ldap:/etc/postfix/ldap_recipient_bcc_maps_domain.cf
recipient_delimiter = +
relay_domains = $mydestination, proxy:ldap:/etc/postfix/ldap_relay_domains.cf, lists.domain.com
relayhost =
sender_bcc_maps = proxy:ldap:/etc/postfix/ldap_sender_bcc_maps_user.cf, proxy:ldap:/etc/postfix/ldap_sender_bcc_maps_domain.cf
smtp_tls_session_cache_database = sdbm:/var/lib/postfix/smtp_scache
smtp_tls_session_cache_timeout = 3600s
smtp_use_tls = yes
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated check_helo_access pcre:/etc/postfix/helo_access.pcre reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname
smtpd_recipient_limit = 400
smtpd_recipient_restrictions = reject_invalid_hostname, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, check_policy_service inet:127.0.0.1:12340, permit
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:ldap:/etc/postfix/ldap_sender_login_maps.cf
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access, reject_non_fqdn_sender, permit_mynetworks, reject_sender_login_mismatch, reject_unknown_sender_domain, permit_sasl_authenticated
smtpd_tls_CAfile = /xxx/chain-.crt
smtpd_tls_cert_file = /xxx/CERTS/cert.crt
smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem
smtpd_tls_exclude_ciphers = aNULL
smtpd_tls_key_file = /xxx/CERTS/keyfile.key
smtpd_tls_loglevel = 0
smtpd_tls_mandatory_exclude_ciphers = aNULL
smtpd_tls_mandatory_protocols = !SSLv3
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = sdbm:/var/lib/postfix/smtpd_scache
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap_virtual_alias_maps.cf, proxy:ldap:/etc/postfix/ldap_virtual_group_maps.cf, proxy:ldap:/etc/postfix/ldap_virtual_group_members_maps.cf, proxy:ldap:/etc/postfix/ldap_catch_all_maps.cf
virtual_gid_maps = static:2058
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap_virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf
virtual_minimum_uid = 2058
virtual_transport = dovecot
virtual_uid_maps = static:2058

10

Re: mlmmj user unknown

Please show us /etc/dovecot/dovecot-mysql.conf also. NOTE: remove password before pasting here.

11 (edited by Clouseau 2020-02-11 17:42:59)

Re: mlmmj user unknown

I don't have that file, we are on LDAP backend. I will send you here dovecot.conf and dovecot-ldap.conf.

dovecot.conf

# Listen addresses.
#   - '*' means all available IPv4 addresses.
#   - '[::]' means all available IPv6 addresses.
# Listen on all available addresses by default
listen = *

#base_dir = /var/run/dovecot
mail_plugins = quota

# Enabled mail protocols.
protocols = pop3 imap sieve

# User/group who owns the message files:
mail_uid = 2058
mail_gid = 2058

# Assign uid to virtual users.
first_valid_uid = 2058
last_valid_uid = 2058

# Logging. Reference: [url]http://wiki2.dovecot.org/Logging[/url]
log_path = /var/log/dovecot.log
mail_debug = no
auth_verbose = no
auth_debug = no
auth_debug_passwords = no
# Possible values: no, plain, sha1.
auth_verbose_passwords = no

# SSL: Global settings.
# Refer to wiki site for per protocol, ip, server name SSL settings:
# [url]http://wiki2.dovecot.org/SSL/DovecotConfiguration[/url]
ssl = required
verbose_ssl = no
ssl_key = </root/CERTS/star.key
ssl_cert = </root/CERTS/star.bundled.crt
ssl_protocols = !SSLv2 !SSLv3

#http://www.iredmail.org/docs/upgrade.iredmail.0.9.1-0.9.2.html#fix-the-logjam-attack
ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:!DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

ssl_prefer_server_ciphers = yes
ssl_dh_parameters_length = 2048

# With disable_plaintext_auth=yes AND ssl=required, STARTTLS is mandatory.
# Set disable_plaintext_auth=no AND ssl=yes to allow plain password transmitted
# insecurely.
disable_plaintext_auth = yes
# Allow plain text password per IP address/net
#remote 192.168.0.0/24 {
#   disable_plaintext_auth = no
#}

# Mail location and mailbox format.
mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/

# Authentication related settings.
# Append this domain name if client gives empty realm.
auth_default_realm = domain.com

# Authentication mechanisms.
auth_mechanisms = PLAIN LOGIN

service auth {
    unix_listener /var/spool/postfix/private/dovecot-auth {
        user = postfix
        group = postfix
        mode = 0666
    }
    unix_listener auth-master {
        user = vmail
        group = vmail
        mode = 0666
    }
    unix_listener auth-userdb {
        user = vmail
        group = vmail
        mode = 0660
    }
}

# Virtual mail accounts.
userdb {
    args = /etc/dovecot/dovecot-ldap.conf
    driver = ldap
}
passdb {
    args = /etc/dovecot/dovecot-ldap.conf
    driver = ldap
}

plugin {
    auth_socket_path = /var/run/dovecot/auth-master

    quota = dict:user::proxy::quotadict
    quota_rule = *:storage=100M
    #quota_rule2 = *:messages=0
    #quota_rule3 = Trash:storage=1G
    #quota_rule4 = Junk:ignore

    # Quota warning.
    # If user suddenly receives a huge mail and the quota jumps from
    # 85% to 95%, only the 95% script is executed.
    quota_warning = storage=95%% quota-warning 95 %u
    quota_warning2 = storage=90%% quota-warning 90 %u
    quota_warning3 = storage=85%% quota-warning 85 %u

    # Used by quota-status service
    quota_status_success = DUNNO
    quota_status_nouser = DUNNO
    quota_status_overquota = "552 5.2.2 Mailbox is full"

    # Plugin: expire.
    expire = Trash 7 Trash/* 7 Junk 30
    expire_dict = proxy::expire

    # ACL and share folder
    acl = vfile
    acl_shared_dict = proxy::acl

    # By default Dovecot doesn't allow using the IMAP "anyone" or
    # "authenticated" identifier, because it would be an easy way to spam
    # other users in the system. If you wish to allow it,
    #acl_anyone = allow
# Pigeonhole managesieve service.
    # Reference: [url]http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration[/url]
    # Per-user sieve settings.
    sieve_dir = /var/vmail/sieve/%Ld/%Ln
    sieve = /var/vmail/sieve/%Ld/%Ln/dovecot.sieve

    # Global sieve settings.
    sieve_global_dir = /var/vmail/sieve
    sieve_global_path = /var/vmail/sieve/dovecot.sieve
    #sieve_before =
    #sieve_after =
}

service quota-warning {
    executable = script /usr/local/bin/dovecot-quota-warning.sh
    unix_listener quota-warning {
        user = vmail
        group = vmail
        mode = 0660
    }
}

service dict {
    unix_listener dict {
        mode = 0660
        user = vmail
        group = vmail
    }
}

dict {
    expire = db:/var/lib/dovecot/expire/expire.db
    quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf
    acl = mysql:/etc/dovecot/dovecot-share-folder.conf
}

protocol lda {
    # Reference: [url]http://wiki2.dovecot.org/LDA[/url]
    mail_plugins = $mail_plugins sieve
    auth_socket_path = /var/run/dovecot/auth-master
    log_path = /var/log/sieve.log
    lda_mailbox_autocreate = yes
    postmaster_address = root
}
protocol imap {
    imap_client_workarounds = tb-extra-mailbox-sep
    mail_plugins = $mail_plugins imap_quota
}
protocol pop3 {
    mail_plugins = $mail_plugins
    pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
    pop3_uidl_format = %08Xu%08Xv
}


# Login processes. Refer to Dovecot wiki for more details:
# [url]http://wiki2.dovecot.org/LoginProcess[/url]
service imap-login {
    service_count = 1

    # To avoid startup latency for new client connections, set process_min_avail
    # to higher than zero. That many idling processes are always kept around
    # waiting for new connections.
    #process_min_avail = 0

    # Process limit. 
    # Increase it if you got similar error message in Dovecot log file:
    # 
    # "master: Warning: service(imap-login): process_limit (100) reached,
    # client connections are being dropped"
    #
    #process_limit = $default_process_limit
    process_limit = 500

    # vsz_limit should be fine at its default 64MB value
    #vsz_limit = 64M
}
service pop3-login {
    service_count = 1
}

namespace {
    type = private
    separator = /
    prefix =
    #location defaults to mail_location.
    inbox = yes

    mailbox Sent {
        auto = subscribe
        special_use = \Sent
    }
    mailbox Drafts {
        auto = subscribe
        special_use = \Drafts
    }
    mailbox Trash {
        auto = subscribe
        special_use = \Trash
    }
    mailbox Junk {
        auto = subscribe
        special_use = \Junk
    }

    mailbox "Sent Items" {
        auto = no
        special_use = \Sent
    }

    mailbox "Deleted Messages" {
        auto = no
        special_use = \Trash
    }

    mailbox "Deleted Items" {
        auto = no
        special_use = \Trash
    }

    # Archive
    mailbox Archive {
        auto = no
        special_use = \Archive
    }
    mailbox Archives {
        auto = no
        special_use = \Archive
    }
}
namespace {
    type = shared
    separator = /
    prefix = Shared/%%u/
    location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
    # this namespace should handle its own subscriptions or not.
    subscriptions = yes
    list = children
}

# Public mailboxes.
# Refer to Dovecot wiki page for more details:
# [url]http://wiki2.dovecot.org/SharedMailboxes/Public[/url]
#namespace {
#    type = public
#    separator = /
#    prefix = Public/
#
#    # CONTROL=: Mark this public folder as read-only mailbox
#    # INDEX=: Per-user \Seen flag
#    location = maildir:/var/vmail/public/:CONTROL=~/Maildir/public:INDEX=~/Maildir/public
#
#    # Allow users to subscribe to the public folders.
#    subscriptions = yes
#}

service quota-status {
    executable = quota-status -p postfix
    client_limit = 1
    inet_listener {
        address = 127.0.0.1
        port = 12340
    }
}

dovecot-ldap.conf

hosts           = 127.0.0.1:489
ldap_version    = 3
auth_bind       = yes
dn              = cn=vmail,dc=domain,dc=com
dnpass          = SOMESTRING
base            = o=domains,dc=domain,dc=com
scope           = subtree
deref           = never
user_filter     = (&(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=%Ls%L(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
pass_filter     = (&(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=%Ls%L(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
pass_attrs      = mail=user,userPassword=password,allowNets=allow_nets
default_pass_scheme = CRYPT
user_attrs      = mail=master_user,mail=user,=home=%L{ldap:homeDirectory},=mail=%{ldap:mailboxFormat:maildir}:~/%{ldap:mailboxFolderaildir}/,mailQuota=quota_rule=*:bytes=%$

iterate_attrs   = mail=user
iterate_filter  = (&(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail))

Do you know is there any tool for dovecot like postfix has postmap to test the ldap query that dovecot uses?

12 (edited by Clouseau 2020-02-11 17:49:33)

Re: mlmmj user unknown

Also this

Normal user:

doveadm user -u johndoe
userdb: johndoe
  master_user: johndoe@domain.com
  home      : /var/vmail/vmail01/domain.com/etc.
  mail      : maildir:~/Maildir/
  quota_rule: *:bytes=4294967296

List

doveadm user -u testna@domain.com
userdb lookup: user testna@domain.com doesn't exist

13

Re: mlmmj user unknown

Clouseau wrote:

postmap -vq listmember@domain.com ldap:/etc/postfix/ldap_transport_maps_user.cf
...
postmap: dict_ldap_get_values[1]: Search found 1 match(es)
postmap: dict_ldap_get_values[1]: search returned 1 value(s) for requested result attribute mtaTransport
postmap: dict_ldap_get_values[1]: Leaving dict_ldap_get_values
postmap: dict_ldap_lookup: Search returned dovecot
dovecot

i found the issue: the transport returned for testna@domain.com should be something like “mlmmj:domain.com/testna”, not dovecot.

Did you set the transport manually?

14

Re: mlmmj user unknown

The above query is for a user that is member of a list for example john.smith@domain.com. User is in LDAP and has mailbox so he is a user of the domain.com. Checkout post no 7. listmember@domain.com is a real user so his mta is set to dovecot automatically upon creation by iredadmin.

I just created a list in iRedAdmin-Pro. In LDAP mtaTransport for list testna@domain.com  is set properly. Could it be it is ignored and it is using global value for domain?

Check out the slapcat for list testna@domain.com:

dn: mail=testna@domain.com,ou=Groups,domainName=domain.com,o=domains,dc=domain,dc=com
objectClass: mailList
mail: testna@domain.com
mtaTransport: mlmmj:domain.com/testna
mailingListID: b2f4926a-7e67-409b-a78a-b1e046ed3725
enabledService: mail
enabledService: deliver
enabledService: mlmmj
accountStatus: active
cn: testna
accessPolicy: public
shadowAddress: testna@domain2.domain.com
structuralObjectClass: mailList
entryUUID:string
creatorsName: cn=...
createTimestamp: ...
entryCSN: ...
modifiersName: ...
modifyTimestamp: ....

15

Re: mlmmj user unknown

Do me a favor, run command below with your mailing list address:

 cd /etc/postfix/ldap/
for i in $(ls *cf); do echo $i; postmap -q list@domain.com ldap:./$i; done

16

Re: mlmmj user unknown

Here is the output:

for i in $(ls *cf); do echo $i; postmap -q testna@domain.com ldap:./$i; done
dynamicmaps.cf
postmap: fatal: ./dynamicmaps.cf, line 1-8: missing '=' after attribute name: "tcp?/usr/lib/postfix/dict_tcp.so??dict_tcp_open?"
ldap_catch_all_maps.cf
ldap_recipient_bcc_maps_domain.cf
ldap_recipient_bcc_maps_user.cf
ldap_relay_domains.cf
ldap_sender_bcc_maps_domain.cf
ldap_sender_bcc_maps_user.cf
ldap_sender_login_maps.cf
ldap_transport_maps_domain.cf
ldap_transport_maps_user.cf
mlmmj:domain.com/testna
ldap_virtual_alias_maps.cf
ldap_virtual_group_maps.cf
testna@domain.com
ldap_virtual_group_members_maps.cf
ldap_virtual_mailbox_domains.cf
ldap_virtual_mailbox_maps.cf
main.cf
postmap: warning: dict_ldap_lookup: ./main.cf: Search base '' not found: 32: No such object
postmap: fatal: table ldap:./main.cf: query error: Success
master.cf
postmap: fatal: ./master.cf, line 1-16: missing '=' after attribute name: "smtp      inet  n       -       -       -       -       smtpd"

17

Re: mlmmj user unknown

Looks fine.

Please run the same postmap command (in post #15) for address “testna+confsub-6ad5a266072567c7-USER=DOMAIN.COM@DOMAIN.COM”. Replace the USER and DOMAIN.COM by the real username and domain name.

18

Re: mlmmj user unknown

Here you go:

for i in $(ls *cf); do echo $i; postmap -q testna+confsub-4f843a55497f5c48-johndoe=domain.com@domain.com ldap:./$i; done
dynamicmaps.cf
postmap: fatal: ./dynamicmaps.cf, line 1-8: missing '=' after attribute name: "tcp?/usr/lib/postfix/dict_tcp.so??dict_tcp_open?"
ldap_catch_all_maps.cf
ldap_recipient_bcc_maps_domain.cf
ldap_recipient_bcc_maps_user.cf
ldap_relay_domains.cf
ldap_sender_bcc_maps_domain.cf
ldap_sender_bcc_maps_user.cf
ldap_sender_login_maps.cf
ldap_transport_maps_domain.cf
ldap_transport_maps_user.cf
ldap_virtual_alias_maps.cf
ldap_virtual_group_maps.cf
ldap_virtual_group_members_maps.cf
ldap_virtual_mailbox_domains.cf
ldap_virtual_mailbox_maps.cf
main.cf
postmap: warning: dict_ldap_lookup: ./main.cf: Search base '' not found: 32: No such object
postmap: fatal: table ldap:./main.cf: query error: Success
master.cf
postmap: fatal: ./master.cf, line 1-16: missing '=' after attribute name: "smtp      inet  n       -       -       -       -       smtpd"

19

Re: mlmmj user unknown

- Why your "ldap_*.cf" files are stored under /etc/postfix/ instead of /etc/postfix/ldap/? Is this server upgraded from a very old iRedMail release, or you moved the files manually?
- When you run "postmap -q testna+confsub-4f843a55497f5c48-johndoe=domain.com@domain.com ..." against ldap_*.cf files, i expect it to return same result as "testna@domain.com" since you have "recipient_delimiter = +" in Postfix main.cf:

ldap_transport_maps_user.cf
mlmmj:domain.com/testna

ldap_virtual_group_maps.cf
testna@domain.com

Please compare your "ldap_transport_maps_user.cf" and "ldap_virtual_group_maps.cf" with our default settings here:
https://github.com/iredmail/iRedMail/tr … stfix/ldap

20 (edited by Clouseau 2020-02-17 18:57:45)

Re: mlmmj user unknown

ZhangHuangbin wrote:

- Why your "ldap_*.cf" files are stored under /etc/postfix/ instead of /etc/postfix/ldap/? Is this server upgraded from a very old iRedMail release, or you moved the files manually?

It is like that from the start (10 years ago). 10 years ago iRedMail was installed and the upgrade tutorials were done over the years along the distro Debian upgrades.

- When you run "postmap -q testna+confsub-4f843a55497f5c48-johndoe=domain.com@domain.com ..." against ldap_*.cf files, i expect it to return same result as "testna@domain.com" since you have "recipient_delimiter = +" in Postfix main.cf:

ldap_transport_maps_user.cf
mlmmj:domain.com/testna

ldap_virtual_group_maps.cf
testna@domain.com

Please compare your "ldap_transport_maps_user.cf" and "ldap_virtual_group_maps.cf" with our default settings here:
https://github.com/iredmail/iRedMail/tr … stfix/ldap

I did and all is good. I rechecked those files three times and I did it one more. There are identical.

Btw my transport.db file is from 2011. Could that be somehow related?

21

Re: mlmmj user unknown

Just to add, maybe you will detect is something missing:

grep ldap main.cf
relay_domains = $mydestination, proxy:ldap:/etc/postfix/ldap_relay_domains.cf, lists.domain.com
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap_virtual_alias_maps.cf, proxy:ldap:/etc/postfix/ldap_virtual_group_maps.cf, proxy:ldap:/etc/postfix/ldap_virtual_group_members_maps.cf, proxy:ldap:/etc/postfix/ldap_catch_all_maps.cf
virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap_virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf
sender_bcc_maps = proxy:ldap:/etc/postfix/ldap_sender_bcc_maps_user.cf, proxy:ldap:/etc/postfix/ldap_sender_bcc_maps_domain.cf
recipient_bcc_maps = proxy:ldap:/etc/postfix/ldap_recipient_bcc_maps_user.cf, proxy:ldap:/etc/postfix/ldap_recipient_bcc_maps_domain.cf
smtpd_sender_login_maps = proxy:ldap:/etc/postfix/ldap_sender_login_maps.cf

22

Re: mlmmj user unknown

Clouseau wrote:

Btw my transport.db file is from 2011. Could that be somehow related?

Not sure, better check its content to make sure it won't match and return unexpected transport.

Clouseau wrote:

I did and all is good. I rechecked those files three times and I did it one more. There are identical.

Please show us the "query_filter" in file "ldap_transport_maps_user.cf" and "ldap_virtual_group_maps.cf".

23 (edited by Clouseau 2020-02-20 19:03:09)

Re: mlmmj user unknown

ZhangHuangbin wrote:
Clouseau wrote:

Btw my transport.db file is from 2011. Could that be somehow related?

Not sure, better check its content to make sure it won't match and return unexpected transport.

If I "cat transport.db":

�������eэh^mailman:lists.agr.hr

ldap_transport_maps_user.cf
...
search_base     = domainName=%d,o=domains,dc=mydomain,dc=tld
scope           = sub
query_filter    = (&(|(objectClass=mailUser)(&(objectClass=mailList)(enabledService=mlmmj)))(|(mail=%s)(shadowAddress=%s))(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail))
result_attribute= mtaTransport
debuglevel      = 0


ldap_virtual_group_maps.cf
...
search_base     = o=domains,dc=mydomain,dc=tld
scope           = sub
query_filter    = (&(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=deliver)(|(&(|(memberOfGroup=%s)(shadowAddress=%s))(|(objectClass=mailUser)(objectClass=mailExternalUser)))(&(memberOfGroup=%s)(!(shadowAddress=%s))(|(objectClass=mailAlias)(&(objectClass=mailList)(!(enabledService=mlmmj)))))(&(objectClass=mailList)(enabledService=mlmmj)(|(mail=%s)(shadowAddress=%s)))))
result_attribute= mail
debuglevel      = 0

24

Re: mlmmj user unknown

Clouseau wrote:

If I "cat transport.db":

Check "transport", not "transport.db".

I have no idea right now right debugging it myself with direct ssh access. sad
If you need such assistance, please buy a support ticket for this:
https://www.iredmail.org/support.html

25

Re: mlmmj user unknown

Hhm, there is no file "transport" only:

ldap_transport_maps_domain.cf
ldap_transport_maps_user.cf
transport.db

Could that be the culprit?