LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 04-14-2008, 11:55 PM   #1
aravind1024004
Member
 
Registered: Mar 2008
Posts: 47

Rep: Reputation: 15
Integrating LDAP with postfix mailserver


hi

i had mailserver and mailbox server are in two different machines.
Both are having the same domain (linux.com)
In my mailserver i configured all the mails to relay to my mailbox
server.
SMTP authentication is also enabled


The problem is I configured LDAP in my mailserver to store user
information.
I created all the users in the ldap database.


So when i try to send a mail to a user exists in ldap database, where
as only mailbox
is present in the mailbox server without user, my mail is not
delivering to the recipient it
was bouncing back to the sender.When i check the log i found that
it was not checking the ldap database itself.


My main.cf file:


alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldapaliases.cf
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
fallback_relay = $mydomain
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = 151.2.119.150
mydomain = linux.com
myhostname = experts.linux.com
mynetworks = 151.2.0.0/16, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
relay_domains = $mydestination
sample_directory = /usr/share/doc/postfix-2.2.10/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_sasl_authenticated,
reject_unauth_destination, check_relay_domains
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 550


ldapaliases_server_host = localhost
ldapaliases_server_port = 389
ldapaliases_search_base = dc=linux,dc=com
ldapaliases_scope = sub
ldapaliases_query_filter = (uid=%s)
ldapaliases_result_attribute = maildrop


My /etc/postfix/ldapaliases.cf file


server_host = 127.0.0.1
search_base = dc=linux,dc=com
server_port = 389
scope = sub
bind = no
query_filter = (maillocaladdress=%s)
result_attribute = maildrop
dereference = 3


My /etc /openldap/slapd.conf


include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema


allow bind_v2


pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args


database bdb
suffix "dc=linux,dc=com"
rootdn "cn=Manager,dc=linux,dc=com"


rootpw {SSHA}BJbifO2zEGwJXoyx63QkeiCwdVE7b1eJ


directory /var/lib/ldap/linux.com


access to attrs=userPassword
by self write
by dn="cn=syncuser,dc=linux,dc=com" read
by anonymous auth
by * none


access to *
by dn="cn=syncuser,dc=linux,dc=com" read
by * read


# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
index default sub


The LDIF file which i added in ldap


dn: uid=saurav,ou=solution,dc=linux,dc=com
cn: Manaager
sn: ganguly
uid: saurav
mail: sau...@linux.com
description: Indian Team
telephoneNumber: 012101012
userPassword: password
uidNumber: 1023
homeDirectory: /home/saurav/
gidNumber: 10023
objectClass: person
objectClass: top
objectClass: inetOrgperson
objectClass: posixAccount


dn: uid=anil,ou=solution,dc=linux,dc=com
cn: Manager
sn: kumble
uid: anil
mail: a...@linux.com
description: Indian Team
telephoneNumber: 0212101012
userPassword: password
uidNumber: 1024
homeDirectory: /home/anil/
gidNumber: 1034
objectClass: person
objectClass: top
objectClass: inetOrgperson
objectClass: posixAccount


This is the logs which are taken when i send mail from client to the
user who has added in ldap database.


Apr 12 17:20:32 experts postfix/smtpd[6010]: connect from
unknown[151.2.117.166]
Apr 12 17:20:32 experts postfix/smtpd[6010]: match_list_match:
unknown: no match
Apr 12 17:20:32 experts postfix/smtpd[6010]: match_list_match:
151.2.117.166: no match
Apr 12 17:20:32 experts postfix/smtpd[6010]: match_list_match:
unknown: no match
Apr 12 17:20:32 experts postfix/smtpd[6010]: match_list_match:
151.2.117.166: no match
Apr 12 17:20:32 experts postfix/smtpd[6010]: match_hostname: unknown
~? 151.2.0.0/16
Apr 12 17:20:32 experts postfix/smtpd[6010]: match_hostaddr:
151.2.117.166 ~? 151.2.0.0/16


Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]:
220 experts.linux.com ESMTP Postfix
Apr 12 17:20:32 experts postfix/smtpd[6010]: < unknown[151.2.117.166]:
EHLO aravind
Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]:
250-experts.linux.com
Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]:
250-PIPELINING
Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]:
250-SIZE 10240000
Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]:
250-VRFY
Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]:
250-ETRN


Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]:
250-AUTH LOGIN CRAM-MD5 NTLM GSSAPI DIGEST-MD5 PLAIN
Apr 12 17:20:32 experts postfix/smtpd[6010]: match_list_match:
unknown: no match
Apr 12 17:20:32 experts postfix/smtpd[6010]: match_list_match:
151.2.117.166: no match
Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]:
250-AUTH=LOGIN CRAM-MD5 NTLM GSSAPI DIGEST-MD5 PLAIN
Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]:
250 8BITMIME
Apr 12 17:20:32 experts postfix/smtpd[6010]: < unknown[151.2.117.166]:
AUTH NTLM
Apr 12 17:20:32 experts postfix/smtpd[6010]: smtpd_sasl_authenticate:
sasl_method NTLM
Apr 12 17:20:32 experts postfix/smtpd[6010]: smtpd_sasl_authenticate:
uncoded challenge:
Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]:
334
Apr 12 17:20:32 experts postfix/smtpd[6010]: < unknown[151.2.117.166]:
TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==
Apr 12 17:20:32 experts postfix/smtpd[6010]: smtpd_sasl_authenticate:
decoded response: NTLMSSP
Apr 12 17:20:32 experts postfix/smtpd[6010]: smtpd_sasl_authenticate:
uncoded challenge: NTLMSSP
Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]:
334
TlRMTVNTUAACAAAAIgAiADAAAAAFggIAPnghBvgGfvEAAAAAAAAAAAAAAAAAAAAARQBYAFAARQB*SAFQAUwAuAEwASQBOAFUAWAA uAEMATwBNAA==
Apr 12 17:20:32 experts postfix/smtpd[6010]: < unknown[151.2.117.166]:
TlRMTVNTUAADAAAAGAAYAF4AAAAYABgAdgAAAAAAAABIAAAACAAIAEgAAAAOAA4AUAAAAAAAAAC*OAAAABYIAAgUBKAoAAAAPcwB hAGoAdQBBAFIAQQBWAEkATgBEAFJPl9ZLA1BtNohiKVmLgNtBPl*0/
zPjlEjMgU4lgCqJ5FET4UeQQCdR/uCK1hQRvew==
Apr 12 17:20:32 experts postfix/smtpd[6010]: smtpd_sasl_authenticate:
decoded response: NTLMSSP
Apr 12 17:20:32 experts postfix/smtpd[6010]: > unknown[151.2.117.166]:
235 Authentication successful


Apr 12 17:20:32 experts postfix/smtpd[6010]: < unknown[151.2.117.166]:
MAIL FROM: <s...@linux.com>
Apr 12 17:20:32 experts postfix/smtpd[6010]: extract_addr: input:
<s...@linux.com>
Apr 12 17:20:32 experts postfix/smtpd[6010]: smtpd_check_addr:
addr=s...@linux.com
Apr 12 17:20:32 experts postfix/smtpd[6010]: connect to subsystem
private/rewrite
Apr 12 17:20:32 experts postfix/smtpd[6010]: send attr request =
rewrite
Apr 12 17:20:32 experts postfix/smtpd[6010]: send attr rule = local
Apr 12 17:20:32 experts postfix/smtpd[6010]: send attr address =
s...@linux.com
Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket:
wanted attribute: flags
Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name:
flags
Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value: 0
Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket:
wanted attribute: address
Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name:
address
Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value:
s...@linux.com
Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket:
wanted attribute: (list terminator)
Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name:
(end)
Apr 12 17:20:32 experts postfix/smtpd[6010]: rewrite_clnt: local:
s...@linux.com -> s...@linux.com
Apr 12 17:20:32 experts postfix/smtpd[6010]: send attr request =
resolve
Apr 12 17:20:32 experts postfix/smtpd[6010]: send attr address =
s...@linux.com
Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket:
wanted attribute: flags
Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name:
flags
Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value: 0
Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket:
wanted attribute: transport
Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name:
transport
Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value:
smtp
Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket:
wanted attribute: nexthop
Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name:
nexthop
Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value:
linux.com
Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket:
wanted attribute: recipient
Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name:
recipient
Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value:
s...@linux.com
Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket:
wanted attribute: flags
Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute name:
flags
Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute value:
4096
Apr 12 17:20:32 experts postfix/smtpd[6010]: private/rewrite socket:
wanted attribute: (list terminator)
Apr 12 17:20:32 experts postfix/smtpd[6010]: input attribute ...
 
Old 04-15-2008, 12:02 AM   #2
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
I'm not reading all that, but are your postfix config files from the mailserver or mailbox server? I'd have thought the latter since that sounds like where your problem is, but isn't your ldap server remote from the mailbox server? If so, ldapaliases_server_host = localhost doesn't look correct. Ditto server_host = 127.0.0.1
 
Old 04-15-2008, 12:48 AM   #3
aravind1024004
Member
 
Registered: Mar 2008
Posts: 47

Original Poster
Rep: Reputation: 15
hi

my postfix config files is from mailserver not from mailbox server.
In my mailbox server only mailboxes are available not even user,since
users are available in ldap directory.

In my setup smtp and ldap are in one machine and mailbox is in different machine.

so when i send mail from client like outlook,it must go to mailserver for smtp authentication and look ldap for user information and mailbox location and deliver the mail to mailbox location which is in another machine.this is requirement,i have been trying this for long time.

Did i want to mention my mailbox server ip address in ldapaliases_server_host=
or
my mailserver ip where ldap is located?
plz help me with this one.
 
Old 04-15-2008, 01:02 AM   #4
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Can you explain what you mean by mailbox server? Is it just a file server or is it running postfix as well?

Assuming the latter, how is the mailbox server meant to know where to put mail?
 
Old 04-15-2008, 01:23 AM   #5
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Did you postmap your ldapaliases.cf file?

It looks to me as if the initial error is on authentication. What user are you trying to authenticate as and which are you trying to send to?

Did you consider that perhaps Indian cricketers just can't play Postfix (a little joke there)?
 
Old 04-15-2008, 03:05 AM   #6
aravind1024004
Member
 
Registered: Mar 2008
Posts: 47

Original Poster
Rep: Reputation: 15
hi,

my mailbox server is running postfix.
Only postfix service will be running in mmailbox server.

In mailbox server i will create different users so automatically
mailbox will be created for particular users in /var/spool/mail/ directory.

So when i send mail from cilent such as outlook, mail will go to smtp server ie. mailserver in that i will mention my mailbox server its an openrelay,so mail will reach the destination mailbox.

By using LDAP

Now at present setup,am using ldap in my mailserver i wont create any user in mailbox server,instead i will create only the mailbox in a
particular location /var/spool/mail/saurav and user location and mailaddress(saurav@linux.com) will be in my ldap directory.

So when i send mail from client(outlook) it will go to mailserver and it must want to check the ldap directory get the recipent address and mailbox location and mail should be delivered in mailbox folder of that user.
 
Old 04-15-2008, 04:19 AM   #7
aravind1024004
Member
 
Registered: Mar 2008
Posts: 47

Original Poster
Rep: Reputation: 15
billy say me whether i had mention my mailbox server ip in
ldapaliases_server_host =
or
my ldap server ip?
 
Old 04-15-2008, 04:36 AM   #8
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
I'm not sure where ldapaliases_server_host even comes from (I can't see it on the postfix site), but I'd bet on it being the ldap server. Use a fully qualified domain name rather than localhoast if you can

Go back to basics a bit. Kill the authentication first - you may want to add permit_mynetworks to smtpd_recipient_restrictions, and let's see what the logs say. The reason for this is it's too hard to fix postfix if you are trying to d otoo much at one time.
 
Old 04-15-2008, 06:49 AM   #9
aravind1024004
Member
 
Registered: Mar 2008
Posts: 47

Original Poster
Rep: Reputation: 15
billy can you just say me the procedure for integrating ldap with postfix

I will tell what i have done,plz check wheather i have done any mistake

I created one file called ldapaliases.cf in /etc/postfix/ and in that i added these parameters

server_host = experts.linux.com
search_base = dc=linux,dc=com
server_port = 389
scope = sub
bind = no
query_filter = (maillocaladdress=%s)
result_attribute = maildrop
dereference = 3


then i execute postmap /etc/postfix/ldapaliases.cf

And this is my main.cf file whether it is correct.

[root@experts ~]# postconf -n

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldapaliases.cfbroken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
fallback_relay = $mydomain
html_directory = no
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = 151.2.119.150
mydomain = linux.com
myhostname = experts.linux.com
mynetworks = 151.2.0.0/16, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
relay_domains = $mydestination
sample_directory = /usr/share/doc/postfix-2.2.10/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination, check_relay_domains
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
unknown_local_recipient_reject_code = 550
ldapaliases_server_host = experts.linux.com
ldapaliases_server_port = 389
ldapaliases_search_base = dc=linux,dc=com
ldapaliases_scope = sub
ldapaliases_query_filter = (&(mail=%s))
ldapaliases_result_attribute = maildrop
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Integrating ldap, dns and dhcp Blue_Ice Linux - Server 3 10-22-2007 06:21 AM
LXer: Integrating amavisd-new Into Postfix For Spam- And Virus-Scanning LXer Syndicated Linux News 0 03-18-2007 10:46 AM
Apache: How do I use Postfix if I'm not a mailserver? tethysgods Linux - Software 1 09-07-2004 07:50 PM
need help with Postfix mailserver Lleb_KCir Linux - Software 1 03-31-2004 11:11 PM
integrating WEBDAV and LDAP apache modules jasongonella Linux - Networking 0 10-30-2001 04:51 AM


All times are GMT -5. The time now is 04:50 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration