1

Topic: cachall issue - getting "user unknown" errors

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.8.5
- Linux/BSD distribution name and version: CentOS 6.4
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? YES

====

Hi

i've created a new domain, created a user account, and configured the catchall functionality to the newly created account.

If I now send to an email address which is not existing in this domain I'll get a "#< #5.1.1 x-unix; user unknown> #SMTP#" back.

So, what could be the problem?

Cheers,
Marcel

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 (edited by Marcel F. 2017-11-16 19:57:00)

Re: cachall issue - getting "user unknown" errors

LDAP Snip:

dn: mail=@SYSTEMNAME.DOMAIN.de,ou=Users,domainName=SYSTEMNAME
 .DOMAIN.de,o=domains,dc=dev,dc=ldapdomain,dc=com
objectClass: inetOrgPerson
objectClass: mailUser
mail: @SYSTEMNAME.DOMAIN.de
accountStatus: active
cn: Catch-all account
sn: Catch-all account
uid: catchall
mailForwardingAddress: haendler-alias@SYSTEMNAME.DOMAIN.de
structuralObjectClass: inetOrgPerson
entryUUID: 2870e864-5efc-1037-91f5-1d872897926a
creatorsName: cn=vmailadmin,dc=dev,dc=ldapdomain,dc=com
createTimestamp: 20171116092749Z
entryCSN: 20171116092749.734370Z#000000#000#000000
modifiersName: cn=vmailadmin,dc=dev,dc=ldapdomain,dc=com
modifyTimestamp: 20171116092749Z

maillog snip:

Nov 16 10:59:02 mailserver01 amavis[6623]: (06623-17) Passed CLEAN {RelayedInternal}, MYNETS LOCAL [10.0.200.18]:48752 [10.0.200.18] <some.sender@otherdomain.com> -> <haendler-alias@SYSTEMNAME.DOMAIN.de>, Queue-ID: 50E005479A6, Message-ID: <286F2A0632829A4485EA7471C053E8800235393A60@edata03.DOMAIN.de>, mail_id: hxPr4aLF_IOf, Hits: -9.999, size: 5923, queued_as: 13A615487D4, 1754 ms
Nov 16 10:59:02 mailserver01 postfix/smtp[7154]: 50E005479A6: to=<haendler-alias@SYSTEMNAME.DOMAIN.de>, relay=127.0.0.1[127.0.0.1]:10024, delay=1.8, delays=0.02/0/0/1.8, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 13A615487D4)
Nov 16 10:59:02 mailserver01 postfix/pipe[7158]: 13A615487D4: to=<haendler-alias@SYSTEMNAME.DOMAIN.de>, relay=dovecot, delay=0.06, delays=0.01/0.01/0/0.04, dsn=5.1.1, status=bounced (user unknown)
ca^C

postconf -n:

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
allow_percent_hack = no
biff = no
bounce_queue_lifetime = 4h
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
delay_warning_time = 0h
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
enable_original_recipient = no
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
mail_owner = postfix
mailbox_command = /usr/libexec/dovecot/deliver
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_backoff_time = 4000s
maximal_queue_lifetime = 4h
message_size_limit = 15728640
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
mydomain = dev.otherdomain.com
myhostname = mailserver01.otherdomain.com
mynetworks = 127.0.0.0/8, 10.0.23.220/32, 10.0.23.221/32, 10.0.23.222/32, 10.8.5.100/32
mynetworks_style = host
myorigin = mailserver01.otherdomain.com
newaliases_path = /usr/bin/newaliases.postfix
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_directory = /var/spool/postfix
queue_run_delay = 300s
readme_directory = /usr/share/doc/postfix-2.11.0/README_FILES
recipient_bcc_maps = proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_user.cf, proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_domain.cf
recipient_delimiter = -+
relay_domains = $mydestination, proxy:ldap:/etc/postfix/ldap/relay_domains.cf
sample_directory = /usr/share/doc/postfix-2.11.0/samples
sender_bcc_maps = proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_user.cf, proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_domain.cf
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp-amavis_destination_recipient_limit = 1
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_recipient_restrictions = check_recipient_access hash:/etc/postfix/relay_recipients, check_policy_service inet:127.0.0.1:7777, check_policy_service inet:127.0.0.1:10031, reject
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = ./dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:ldap:/etc/postfix/ldap/sender_login_maps.cf
smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access
smtpd_tls_CAfile = /etc/httpd/conf/ssl.crt/mailserver01.otherdomain.com-rootCA.pem
smtpd_tls_cert_file = /etc/httpd/conf/ssl.crt/mailserver01.otherdomain.com-cert.pem
smtpd_tls_key_file = /etc/httpd/conf/ssl.key/mailserver01.otherdomain.com-key.pem
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
swap_bangpath = no
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport, proxy:ldap:/etc/postfix/ldap/transport_maps_user.cf, proxy:ldap:/etc/postfix/ldap/transport_maps_domain.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap/virtual_alias_maps.cf, proxy:ldap:/etc/postfix/ldap/virtual_group_maps.cf, proxy:ldap:/etc/postfix/ldap/virtual_group_members_maps.cf, proxy:ldap:/etc/postfix/ldap/catchall_maps.cf
virtual_gid_maps = static:2000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_maps.cf
virtual_minimum_uid = 2000
virtual_transport = dovecot
virtual_uid_maps = static:2000

3

Re: cachall issue - getting "user unknown" errors

Marcel F. wrote:

Nov 16 10:59:02 mailserver01 postfix/pipe[7158]: 13A615487D4: to=<haendler-alias@SYSTEMNAME.DOMAIN.de>, relay=dovecot, delay=0.06, delays=0.01/0.01/0/0.04, dsn=5.1.1, status=bounced (user unknown)

This means Dovecot cannot find the user.
What's the content of /etc/dovecot/dovecot-ldap.conf?

Marcel F. wrote:

- iRedMail version (check /etc/iredmail-release): 0.8.5

This version is too old, you may check updates which needed to be applied to this version.
https://docs.iredmail.org/iredmail.releases.html

4 (edited by Marcel F. 2017-11-17 16:43:27)

Re: cachall issue - getting "user unknown" errors

Hi,

thanks for your response.
Yeah, i know it's a bit old. It's uese'd as an internal test system with an "do not touch a running system" character.
But yes, we should update it..

So, the output of /etc/dovecot/dovecot-ldap.conf

hosts           = 127.0.0.1:389
ldap_version    = 3
auth_bind       = yes
dn              = cn=vmail,dc=dev,dc=otherdomain,dc=com
dnpass          = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
base            = o=domains,dc=dev,dc=otherdomain,dc=com
scope           = subtree
deref           = never

# Below two are required by command 'doveadm mailbox ...'
iterate_attrs   = mail=user
iterate_filter  = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail))

user_filter     = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
user_attrs      = mail=user,homeDirectory=home,=mail=maildir:~/Maildir/,mailQuota=quota_rule=*:bytes=%$
pass_filter     = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
pass_attrs      = mail=user,userPassword=password
default_pass_scheme = CRYPT

thanks,
Marcel

5

Re: cachall issue - getting "user unknown" errors

Try to query LDAP (with command "ldapsearch") with the filter defined in "user_filter =" in dovecot-ldap.conf, does it return user "haendler-alias@SYSTEMNAME.DOMAIN.de"?

6

Re: cachall issue - getting "user unknown" errors

ldapsearch -h 127.0.0.1 -x -b o=domains,dc=dev,dc=otherdomain,dc=com -D cn=vmail,dc=dev,dc=otherdomain,dc=com -w XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX "(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))"
# extended LDIF
#
# LDAPv3
# base <o=domains,dc=dev,dc=otherdomain,dc=com> with scope subtree
# filter: (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

ldapsearch -h 127.0.0.1 -x -b o=domains,dc=dev,dc=otherdomain,dc=com -D cn=vmail,dc=dev,dc=otherdomain,dc=com -w XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
[....]

# haendler-alias@SYSTEMNAME.DOMAIN.de, Users, SYSTEMNAME.DOM
 AIN.de, domains, dev.mgm-tp.com
dn: mail=haendler-alias@SYSTEMNAME.DOMAIN.de,ou=Users,domainName=1-hy
 bris-dhltestvm.DOMAIN.de,o=domains,dc=dev,dc=mgm-tp,dc=com
objectClass: inetOrgPerson
objectClass: mailUser
objectClass: shadowAccount
objectClass: amavisAccount
mail: haendler-alias@SYSTEMNAME.DOMAIN.de
userPassword:: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 =
sn: haendler-alias
uid: haendler-alias
storageBaseDirectory: /var/vmail
mailMessageStore: vmail1/SYSTEMNAME.DOMAIN.de/h/a/e/haendler-alias-20
 17.11.16.10.27.29/
homeDirectory: /var/vmail/vmail1/SYSTEMNAME.DOMAIN.de/h/a/e/haendler-
 alias-2017.11.16.10.27.29/
accountStatus: active
enabledService: internal
enabledService: doveadm
enabledService: lib-storage
enabledService: mail
enabledService: smtp
enabledService: smtpsecured
enabledService: pop3
enabledService: pop3secured
enabledService: imap
enabledService: imapsecured
enabledService: deliver
enabledService: lda
enabledService: recipientbcc
enabledService: senderbcc
enabledService: managesieve
enabledService: managesievesecured
enabledService: sieve
enabledService: sievesecured
enabledService: forward
enabledService: shadowaddress
enabledService: displayedInGlobalAddressBook
preferredLanguage: en_US
shadowLastChange: 0
amavisLocal: TRUE
mailQuota: 2147483648
cn: haendler-alias

[...]

7

Re: cachall issue - getting "user unknown" errors

Marcel F. wrote:

ldapsearch -h 127.0.0.1 -x -b o=domains,dc=dev,dc=otherdomain,dc=com -D cn=vmail,dc=dev,dc=otherdomain,dc=com -w XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX "(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u))))"

you must replace the '%u' by the real email address. Also, remove '(enabledService=%Ls%Lc)' for testing temporarily.

8

Re: cachall issue - getting "user unknown" errors

ldapsearch -h 127.0.0.1 -x -b o=domains,dc=dev,dc=otherdomain,dc=com -D cn=vmail,dc=dev,dc=otherdomain,dc=com -w XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX "(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=haendler-alias@SYSTEMNAME.DOMAIN.de))))"
# extended LDIF
#
# LDAPv3
# base <o=domains,dc=dev,dc=otherdomain,dc=com> with scope subtree
# filter: (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=haendler-alias@SYSTEMNAME.DOMAIN.de))))
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

9

Re: cachall issue - getting "user unknown" errors

There're multiple '%u' in the ldap filter ...

10

Re: cachall issue - getting "user unknown" errors

Yeah.... sorry

 ldapsearch -h 127.0.0.1 -x -b o=domains,dc=dev,dc=otherdomain,dc=com -D cn=vmail,dc=dev,dc=otherdomain,dc=com -w XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX "(&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(|(mail=haendler-alias@SYSTEMNAME.DOMAIN.de)(&(enabledService=shadowaddress)(shadowAddress=haendler-alias@SYSTEMNAME.DOMAIN.de))))"
# extended LDIF
#
# LDAPv3
# base <o=domains,dc=dev,dc=otherdomain,dc=com> with scope subtree
# filter: (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(|(mail=haendler-alias@SYSTEMNAME.DOMAIN.de)(&(enabledService=shadowaddress)(shadowAddress=haendler-alias@SYSTEMNAME.DOMAIN.de))))
# requesting: ALL
#

# haendler-alias@SYSTEMNAME.DOMAIN.de, Users, SYSTEMNAME.DOM
 AIN.de, domains, dev.otherdomain.com
dn: mail=haendler-alias@SYSTEMNAME.DOMAIN.de,ou=Users,domainName=1-hy
 bris-dhltestvm.DOMAIN.de,o=domains,dc=dev,dc=otherdomain,dc=com
objectClass: inetOrgPerson
objectClass: mailUser
objectClass: shadowAccount
objectClass: amavisAccount
mail: haendler-alias@SYSTEMNAME.DOMAIN.de
userPassword:: e1NTSEF9QjBLVE9wZlpMMTlWV3IvSzRONXl3RkJFL0NIbDd3WSsxQmRDYlE9PQ=
 =
sn: haendler-alias
uid: haendler-alias
storageBaseDirectory: /var/vmail
mailMessageStore: vmail1/SYSTEMNAME.DOMAIN.de/h/a/e/haendler-alias-20
 17.11.16.10.27.29/
homeDirectory: /var/vmail/vmail1/SYSTEMNAME.DOMAIN.de/h/a/e/haendler-
 alias-2017.11.16.10.27.29/
accountStatus: active
enabledService: internal
enabledService: doveadm
enabledService: lib-storage
enabledService: mail
enabledService: smtp
enabledService: smtpsecured
enabledService: pop3
enabledService: pop3secured
enabledService: imap
enabledService: imapsecured
enabledService: deliver
enabledService: lda
enabledService: recipientbcc
enabledService: senderbcc
enabledService: managesieve
enabledService: managesievesecured
enabledService: sieve
enabledService: sievesecured
enabledService: forward
enabledService: shadowaddress
enabledService: displayedInGlobalAddressBook
preferredLanguage: en_US
shadowLastChange: 0
amavisLocal: TRUE
mailQuota: 2147483648
cn: haendler-alias

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

11

Re: cachall issue - getting "user unknown" errors

If LDAP query returns correct data, i have no idea why Dovecot cannot find this user.

Please turn on debug mode in Dovecot, monitor its log file to find the LDAP filter it uses to query user, then compare the ldap filter conditions with the real LDIF data, you should figure out why it cannot find this user.

FYI: https://docs.iredmail.org/debug.dovecot.html

12 (edited by Marcel F. 2017-12-04 22:43:18)

Re: cachall issue - getting "user unknown" errors

I do not get any entry in the dovecot log when i'm sending a mail for the catchall.

13

Re: cachall issue - getting "user unknown" errors

Marcel F. wrote:

Nov 16 10:59:02 mailserver01 postfix/pipe[7158]: 13A615487D4: to=<haendler-alias@SYSTEMNAME.DOMAIN.de>, relay=dovecot, delay=0.06, delays=0.01/0.01/0/0.04, dsn=5.1.1, status=bounced (user unknown)

As you can see, Postfix piped the mail to Dovecot (relay=dovecot), and Dovecot returned "user unknown" error to Postfix. So there must be some log in Dovecot.

Or, please turn on debug mode in Dovecot and try to reproduce this error again, extract related log from Dovecot log file for troubleshooting.
FYI: https://docs.iredmail.org/debug.dovecot.html

P.S. we offer paid support if you need some assistance:
https://www.iredmail.org/support.html