Golfreeze.packetlove.com: Life style of Golfreeze Canon400D Family kammtan.com Jazz Freebsd Unix Linux System Admin guitar Music

All about unix linux freebsd and FAQ for Packetlove.com Web hosting , Mail hosting , VoIP + IP PBX server => Mail issue , problem , configuration => Topic started by: golfreeze on มกราคม 23, 2011, 12:58:17 AM

Title: postfix + opendap + dovecot on debian + warning: dict_ldap_lookup: vacation
Post by: golfreeze on มกราคม 23, 2011, 12:58:17 AM
http://www.howtoforge.com/postfix-virtual-hosting-with-ldap-and-dovecot-on-ubuntu8.04-p4
Title: Re: postfix + แอลdap + dovecot on debian + warning: dict_ldap_lookup: vacation
Post by: golfreeze on มกราคม 23, 2011, 12:58:49 AM
deb http://ftp.debianclub.org/debian/lenny main
deb-src http://ftp.debianclub.org/debian/lenny main

#deb http://security.debian.org/lenny/updates main
#deb-src http://security.debian.org/lenny/updates main

#deb http://volatile.debian.org/debian-volatilelenny/volatile main
#deb-src http://volatile.debian.org/debian-volatilelenny/volatile main

deb http://mirror1.ku.ac.th/debian/lenny main contrib non-free
deb http://mirror1.ku.ac.th/debian/lenny-proposed-updates main contrib non-free
deb http://mirror1.ku.ac.th/debian-security/lenny/updates main contrib non-free
Title: Re: postfix + แอลdap + dovecot on debian + warning: dict_ldap_lookup: vacation
Post by: golfreeze on มกราคม 23, 2011, 12:59:03 AM
##IRED
http://www.howtoforge.com/iredmail-mail-server-with-ldap-postfix-roundcube-squirrelmail-dovecot-clamav-spamassassin-amavisd-debian-5.0.1

deb http://mirrors.163.com/debianlenny main contrib non-free
deb http://security.debian.org/lenny/updates main contrib non-free
Title: Re: postfix + แอลdap + dovecot on debian + warning: dict_ldap_lookup: vacation
Post by: golfreeze on มกราคม 23, 2011, 01:00:11 AM
* For OpenLDAP backend:

# cd /path/to/iRedMail-x.y.z/tools/
# sh create_mail_user_OpenLDAP.sh domain.ltd user01 user02 user03

It will create domain 'domain.ltd' and there new accounts: user01@domain.ltd,
user02@domain.ltd, user03.domain.ltd. The password is there username.

##Doc Iredmail
http://code.google.com/p/iredmail/wiki/Admin_Guide#How_to_set_default_login_domain?

##Doc
http://code.google.com/p/iredmail/wiki/Installation_on_Debian

#postfix ldap
http://www.boobah.info/howto/postfix-ldap.html

#postfix courier
http://www.root-it.fiberworld.nl/vriesman.tk/postfix-courier-ldap-howto.html
Title: Re: postfix + แอลdap + dovecot on debian + warning: dict_ldap_lookup: vacation
Post by: golfreeze on มกราคม 23, 2011, 01:00:16 AM
วันนี้ ได้ลองลงตัว phamm กับ postfix + postfix-ldap ครับ

ตอน testing

#telnet localhost 25

ถ้าตามดู log จะมีปัญหาดังนี้ คือ

Nov 10 09:38:20 pop00 postfix/trivial-rewrite[14838]: warning: dict_ldap_lookup: vacationforward:
Search base 'o=mail,dc=xxx,dc=com' not found: 32: No such object
Nov 10 09:38:20 pop00 postfix/trivial-rewrite[14838]: fatal: ldap:vacationforward(0,lock|fold_fix):
table lookup problem
Nov 10 09:38:21 pop00 postfix/master[14527]: warning: process /usr/lib/postfix/trivial-rewrite pid
14838 exit status 1
Nov 10 09:38:22 pop00 postfix/trivial-rewrite[14839]: warning: dict_ldap_lookup: vacationforward:
Search base 'o=mail,dc=xxx,dc=com' not found: 32: No such object
Nov 10 09:38:22 pop00 postfix/trivial-rewrite[14839]: fatal: ldap:vacationforward(0,lock|fold_fix):
table lookup problem
Nov 10 09:38:23 pop00 postfix/master[14527]: warning: process /usr/lib/postfix/trivial-rewrite pid
14839 exit status 1
Nov 10 09:38:23 pop00 postfix/smtpd[14836]: warning: problem talking to service rewrite: Success
Nov 10 09:38:23 pop00 postfix/master[14527]: warning: /usr/lib/postfix/trivial-rewrite: bad command
startup -- throttling

แสดงว่า user ที่กำหนดใน config ของ main.cf ไม่สามารถ query ข้อมูลได้

##LDAP Connector
ldap_bind_dn = cn=phamm,o=mail,dc=xxx,dc=com
ldap_bind_pw = xxx

cn=phamm,o=mail,dc=xxx,dc=com ไม่สามารถเรียกได้

เปลี่ยนเป็น user admin ที่สามารถใช้งานเรียก query ได้

##LDAP Connector
ldap_bind_dn = cn=admin,dc=xxx,dc=com
ldap_bind_pw = xxx

เมื่อลอง telnet อีกรอบก็สามารถ ส่งเมลได้ครับผม
Title: Re: postfix + แอลdap + dovecot on debian + warning: dict_ldap_lookup: vacation
Post by: golfreeze on มกราคม 23, 2011, 01:00:28 AM
ถ้า ตอน test login ส่งเมล แล้วเกิดปัญหาตาม log แบบนี้

Nov 10 16:45:59 pop00 postfix/pipe[17855]: 025CD4C805E: to=<golf@example.com>;, relay=maildrop,
delay=11, delays=11/0/0/0.04, dsn=5.1.1, status=bounced (user unknown. Command output: ERR:
authdaemon: s_connect() failed: Permission denied Invalid user specified. )

แก้ไขโดย

chmod 755 /var/run/courier/authdaemon
แล้ว restart postfix 1 รอบครับ ก็สามารถ create account แล้วก็สร้าง
mailbox ให้ละ
Title: Re: postfix + แอลdap + dovecot on debian + warning: dict_ldap_lookup: vacation
Post by: golfreeze on มกราคม 23, 2011, 01:00:34 AM
## ถ้าเราส่งเมลแล้วขึ้น error "temporary failure. Command output: /usr/bin/maildrop: Unable
to create a dot-lock at example.com/xxx/6994.0.pop01."

##ถ้าเราใช้ maildrop ใน postfix ด้วยให้ config ที่ไฟล์ดังนี้

#vi /etc/maildroprc

############# Begin #############

MAILDIR=$HOME/$DEFAULT
`test -d "$MAILDIR"` # check if dir exist
if ($RETURNCODE != 0)
{
`mkdir -p $MAILDIR` # create dirs with parents
`rmdir $MAILDIR` # remove dir for init
`/usr/bin/maildirmake $MAILDIR` # create maildir
}

############ Finish ##############

#/etc/init.d/postfix restart

แล้วลองส่งอีกรอบ ครับ
Title: Re: postfix + แอลdap + dovecot on debian + warning: dict_ldap_lookup: vacation
Post by: golfreeze on มกราคม 24, 2011, 11:24:30 AM
###authdaemon และ การลง postfix + sasl authentication

    http://workaround.org/articles/ispmail-sarge/index.shtml.en#postfix-sasl
    http://nsrc.org/workshops/2005/pre-SANOG-VI/bc/mail/courier.htm
Title: Re: postfix + แอลdap + dovecot on debian + warning: dict_ldap_lookup: vacation
Post by: golfreeze on มกราคม 24, 2011, 12:16:11 PM
setting up DKIM

DKIM (DomainKeys Identified Mail) is a method for email authentication that allows an organization
to take responsibility for a message in a way that can be validated by a recipient. Read more about
it at the wikipedia entry

ingredients used: FreeBSD 7.x, Postfix 2.6.2, dkim-milter 2.8.3, Bind 9.6.1
prerequisites: a working Postfix and Bind installation
instructions for windows here

1. install dkim $ cd /usr/ports/mail/dkim-milter
$ make install clean
$ echo "milterdkim_enable='YES'" >> /etc/rc.conf
$ echo "milterdkim_uid='postfix'" >> /etc/rc.conf # use the same uid
as the postfix service

2. setup keys $ mkdir -p /var/db/dkim/domains/example.com
$ cd /var/db/dkim
$ dkim-genkey # this creates a key and domain record file
$ mv default.private domains/example.com/my_awesome_selector
$ cat default.txt >> /etc/named/your_example.com_zone_file
$ echo
"*@example.com:example.com:/var/db/dkim/domains/example.com/my_awesome_selector"
>> keylist repeat these steps for additional domains
see the man page dkim-filter.conf(5) for more info on the keylist content format

3. edit /usr/local/etc/mail/dkim-filter.conf
I used mostly default settings with the following exceptions DNSTimeout 5 # this should be
lower than postfix's timeout
Domain example.com # this may not be necessary given the use of a keylist file
KeyList /var/db/dkim/keylist
On-Default accept # shit happens, don't freak out on DNS lookups, etc...
Socket local:/var/run/milterdkim/sock
Syslog yes # the default syslog facility is 'mail'

4. configure postfix
add the following lines to main.cf milter_default_action = accept
milter_protocol = 3
smtpd_milters = unix:/var/milter-greylist/milter-greylist.sock unix:/var/run/milterdkim/sock
non_smtpd_milters = unix:/var/run/milterdkim/sock

5. re/start services /etc/rc.d/named reload
/usr/local/etc/rc.d/milter-dkim start
/usr/local/etc/rc.d/postfix reload

make sure it works! you can send a test mail to check- auth@verifier.port25.com and you will receive
a report including DKIM info.
Title: Re: postfix + แอลdap + dovecot on debian + warning: dict_ldap_lookup: vacation
Post by: golfreeze on มกราคม 24, 2011, 12:16:21 PM
##icez on centos
http://www.icez.net/blog/398/postfix-domainkeys-dkim
##ฝรั่ง
http://blog.munkyboy.com/
Title: Re: postfix + แอลdap + dovecot on debian + warning: dict_ldap_lookup: vacation
Post by: golfreeze on มกราคม 24, 2011, 12:17:55 PM
##############install saslauthd on debian

##### ลง sasl ใน debian
apt-get install libsasl2-modules
apt-get install sasl2-bin

To have the the sasl authentication daemon listening where Postfix will be looking for it,
we&#8217;ll need to edit the init script for saslauthd. Open the /etc/init.d/saslauthd file in
your favorite editor and enter the following line in the header (under PWDIR):
PARAMS="-m /var/spool/postfix/var/run/saslauthd"


ff:/etc/init.d# chown -R root:sasl /var/spool/postfix/var/
ffi:/etc/init.d# adduser postfix sasl

To enable saslauthd to start, edit the /etc/default/saslauthd file and add this:
START=yes
MECHANISMS="pam"

Start saslauthd and check that is running. Issue the following command:
ps waux | grep saslauthd

You should see:
root 6143 0.0 0.2 5916 1432 ? S 08:53 0:00 /usr/sbin/saslauthd -m
/var/spool/postfix/var/run/saslauthd -a pam

NOTE! Many people have had problems with sasl not working correctly. This is almost always due to
sasl not shuting down or acceptting the new settings. If you have problems with sasl, kill -9 all of
its PID's or simply reboot.
See this: http://www.fatofthelan.com/forums/viewtopic.php?t=86

To check that sasl is indeed working, use the testsaslauthd command with your username and
password:
testsaslauthd -u username -p password -f /var/spool/postfix/var/run/saslauthd/mux

If everything is setup correctly, you should see:
0: OK "Success."

To have Postfix use sasl, you need to add this (preserving the spaces and commas!) to your main.cf:

smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
Title: Re: postfix + แอลdap + dovecot on debian + warning: dict_ldap_lookup: vacation
Post by: golfreeze on พฤษภาคม 18, 2011, 11:55:27 AM
Mail flow ของตัว Iredmail ครับ

(http://www.iredmail.org/images/process.png)
Title: Re: postfix + แอลdap + dovecot on debian + warning: dict_ldap_lookup: vacation
Post by: golfreeze on พฤษภาคม 23, 2011, 11:49:13 AM
ตัว iredapd มีปัญหาขึ้น error 127.0.0.1:7777 Connection refused เป็นบ่อยมาก
ทำให้ใช้งาน email ไม่ได้ ต้อง restart เครื่องถึงจะหา แล้วสักพักก็เป็นอีก

จาก log

Mar 19 15:43:48 eve postfix/smtpd[2121]: warning: connect to 127.0.0.1:7777: Connection refused
Mar 19 15:43:48 eve postfix/smtpd[2121]: warning: problem talking to server 127.0.0.1:7777: Connection refused
Mar 19 15:43:49 eve postfix/smtpd[2121]: warning: connect to 127.0.0.1:7777: Connection refused
Mar 19 15:43:49 eve postfix/smtpd[2121]: warning: problem talking to server 127.0.0.1:7777: Connection refused
Mar 19 15:43:49 eve postfix/smtpd[2121]: NOQUEUE: reject: RCPT from mail-iy0-f173.google.com[209.85.210.173]: 451 4.3.5 Server configuration problem; from=<____@gmail.com> to=<_____@servix.pl> proto=ESMTP helo=<mail-iy0-f173.google.com>
Mar 19 15:43:49 eve postfix/smtpd[2121]: disconnect from mail-iy0-f173.google.com[209.85.210.173]

ลองหาอ่านไปเจอว่าต้องอัฟตัว hotfix ของตัว iredapd ที่มีการติดต่อกับ sql ครับ

- Download these two files:

http://iredapd.iredmail.googlecode.com/hg/src/iredapd.py
http://iredapd.iredmail.googlecode.com/hg/src/plugins/sql_alias_access_policy.py

- Replace /opt/iredapd/src/iredapd.py with downloaded "iredapd.py".
- Replace /opt/iredapd/src/plugins/sql_alias_access_policy.py with downloaded
"sql_alias_access_policy.py".

- Set correct file permission on these two new files:

# chown iredapd:iredapd /opt/iredapd/src/iredapd.py
# chown iredapd:iredapd /opt/iredapd/src/plugins/sql_alias_access_policy.py
# chmod 0700 /opt/iredapd/src/iredapd.py
# chmod 0700 /opt/iredapd/src/plugins/sql_alias_access_policy.py

- Restart iRedAPD service.

# /etc/init.d/iredapd restart

อ่านเพิ่มเติมที่
http://www.iredmail.org/forum/topic1972-hotfix-for-iredmail071-mysql-backend-iredapd-stops-suddenly.html
Title: Re: postfix + แอลdap + dovecot on debian + warning: dict_ldap_lookup: vacation
Post by: golfreeze on กรกฎาคม 20, 2011, 10:32:27 AM
เพิ่มเติมในส่วนของ iredmail ครับ

เราทำการเพิ่ม config ตัว check blacklist ip spam ได้ดังนี้ ครับ เพิ่มที่ไฟล์ /etc/postfix/main.cf

ในส่วนของ smtpd_recipient_restrictions เพิ่มเป็นดังนี้ ครับ

smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname,reject_rbl_client list.dsbl.org, reject_rbl_client sbl-xbl.spamhaus.org, reject_rbl_client dnsbl.njabl.org, reject_rbl_client dnsbl.sorbs.net, reject_rbl_client zen.spamhaus.org, reject_rbl_client l1.spews.dnsbl.sorbs.net,reject_rhsbl_sender rhsbl.sorbs.net,reject_rhsbl_client rhsbl.sorbs.net, check_policy_service inet:127.0.0.1:10031

เสร็จแล้วทำการ reload postfix
#/etc/init.d/postfix reload

แล้วดูจาก maillog ได้ครับ ว่าจะเห็นมีการ block black list ให้ดังนี้