Re: [Dovecot] lda+ldap multiple users

2014-02-17 Thread Bob Miller 
Hi,

> so not much to do on the qmail side. and thats the reason everything 
> user related is done in dovecot itself.

ok

> ...but if nobody knows if its possible inside the dovecot lookup 
> process, a new/seperate lookup process that calls dovecot-lda with the 
> username instead of the mailaddress might be the only opportunity.

As I understand the original problem, you need one mail to be delivered
to several users, which means you need to figure out how to alias or
forward.  Steffen's approach is a super good idea I intend to stuff into
my back pocket, and is probably worth pursuing given your usage case.  

Other than that, and based on what I know, I would still be inclined to
try and solve this by creating a local user and configuring a .qmail
file to forward the mails to AD users, but tweaking your defaultdelivery
to accommodate a per-user .qmail file might be tricky or impossible in
your situation.  A global sieve script might be another approach to
forwarding mails from a virtual address to valid users, but I haven't
implemented one, so I can't say if it fits your situation or provide
advice on configuring one.  Another approach could be setting up a
mailing list, where the list address is the common address that delivers
to subscribed users.  Perhaps delivery to a single user and a shared
folder might provide a usable end result as well...

Whatever you end up doing, I am interested to hear what works for you in
the end...



> 
> Greetz
> Matze

Re: [Dovecot] lda+ldap multiple users

2014-02-17 Thread matthias lay 

Hi Bob,

On 02/14/2014 07:36 PM, Bob Miller wrote:

I documented my sandbox qmail-ldap/dovecot system here, maybe it is
useful to you:

http://cocnm.computerisms.ca/index.php/Install_Qmail-ldap,_Dovecot,_and_Related_Email_Services




thx for your help and support, but changing stuff in qmail is not what I 
really want.
in my case the system is not the real Mailserver its just an archieve 
sitting in between an smtp proxy and the real server, capturing just the 
mails I want, but deliver *everything* to the real server.


so not much to do on the qmail side. and thats the reason everything 
user related is done in dovecot itself.

we do passwd lookups and user lookups only within dovecot. Filter looks like


user_filter = 
(&(|(objectClass=msExchExchangeServerRecipient)(|(objectClass=group)))(|(proxyAddresses=smtp:%Ln@%Ld)(|(mail=%Ln@%Ld



...but if nobody knows if its possible inside the dovecot lookup 
process, a new/seperate lookup process that calls dovecot-lda with the 
username instead of the mailaddress might be the only opportunity.


Greetz
Matze

Re: [Dovecot] lda+ldap multiple users

2014-02-14 Thread Bob Miller 
Hi,

Integrating qmail and active directory pretty much requires you to use
qmail-ldap.  without it you need to much bubblegum and band aids for it
to be suitable for a (publicly accessible) production environment.  And
I can't see how you wouldn't eventually run into problems without each
user having a unique email address.

In a pure qmail environment, I might work around the problem by giving
each user a unique mailaddress, then create a user XY and use a .qmail
file to override the LDA defaultdelivery and have it forward to the
various users, and not deliver to its own maildir.  But you still miss
important features like validrcptto and smtpauth if qmail can't talk to
AD.

But with qmail-ldap for sure you can set up multiple users with the same
alias and it works.  ie the users are configured with userPrincipal as
mail address with an alias of x...@domain.com, then mails sent to
x...@domain.com will deliver to all users. 

I documented my sandbox qmail-ldap/dovecot system here, maybe it is
useful to you:

http://cocnm.computerisms.ca/index.php/Install_Qmail-ldap,_Dovecot,_and_Related_Email_Services

-- 
Computerisms
Bob Miller  
867-334-7117 / 867-633-3760
http://computerisms.ca


On Fri, 2014-02-14 at 12:07 +0100, Steffen Kaiser wrote:
> On Fri, 14 Feb 2014, matthias lay wrote:
> 
> > On 02/14/2014 08:27 AM, Steffen Kaiser wrote:
> >> On Fri, 7 Feb 2014, matthias lay wrote:
> >> 
> >>> I experienced that if a Mailaddress matches several users the delivery is 
> >>> aborted.
> >>> 
> >>> 
> >>> dovecot: auth: Error: ldap(christian.t...@securepoint.de): LDAP search 
> >>> returned multiple entries
> >>> dovecot: auth: ldap(christian.t...@securepoint.de): unknown user
> >>> dovecot: lda: Error: user christian.t...@securepoint.de: Auth USER lookup 
> >>> failed
> >>> -
> >>> 
> >>> now my question, is there a way to have a mail like that delivered to all 
> >>> users that matches the lookup?
> >>> havent found anything in the docs.
> >> 
> >> This is a job of your MTA.
> >
> > MTA is qmail and doesnt know anything about users. dovecot uses usernames 
> > for 
> > mailboxes. lets say
> >
> > /var/mail/userA/Maildir
> > /var/mail/userB/Maildir
> >
> > both users have mailaddr x...@example.com mapped in Active Directory. Now 
> > when 
> > mails arrive lda is called like
> >
> > dovecot-lda -d x...@example.com  -m INBOX
> >
> > and theres my problem.
> 
> You have implicitly created mail aliases for your users. qmail has to 
> resolve this alias "XY" into the users A and B.
> 
> You could wrap your call to the Dovecot LDA by a script resolving the 
> aliases somehow, e.g.:
> 
> #!/bin/bash
> 
> tmpf=/tmp/split.$$.tmp
> # save the message in case we have multiple recipients
> cat - >$tmpf
> ldapsearch "mailtarget=$1" samaccountname | \
>   awk '$1 == "sAMAccountName:" { print $2 } ' | \
>while read uid; do
> dovecot-lda -d "$uid" . < $tmpf
> rc=$?
> if test $rc -gt 0; then
>  rm -f $tmpf
>  exit $rc
> fi
>done
> rm -f $tmpf
> 
> adjust ldap query and attribute names and call to MDA.
> 
> This is not really nice, because you cannot handle individual problems, 
> e.g. what shall happen if delivery to userB fails? Shall userA get the 
> message, shall delivery to userA succeeded, but to retried to userB?
> Currently the first error is returned to qmail and probably one user gets 
> the same message again and again, because of a problem of another user's 
> mailbox. You could return $rc at the very end, then qmail gets the success 
> status of the delivery attemp to the last user.
> 
> I wouldn't do such stuff in a non-private environment.
>

Re: [Dovecot] lda+ldap multiple users

2014-02-14 Thread Steffen Kaiser 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, 14 Feb 2014, matthias lay wrote:


On 02/14/2014 08:27 AM, Steffen Kaiser wrote:

On Fri, 7 Feb 2014, matthias lay wrote:

I experienced that if a Mailaddress matches several users the delivery is 
aborted.



dovecot: auth: Error: ldap(christian.t...@securepoint.de): LDAP search 
returned multiple entries

dovecot: auth: ldap(christian.t...@securepoint.de): unknown user
dovecot: lda: Error: user christian.t...@securepoint.de: Auth USER lookup 
failed

-

now my question, is there a way to have a mail like that delivered to all 
users that matches the lookup?

havent found anything in the docs.


This is a job of your MTA.


MTA is qmail and doesnt know anything about users. dovecot uses usernames for 
mailboxes. lets say


/var/mail/userA/Maildir
/var/mail/userB/Maildir

both users have mailaddr x...@example.com mapped in Active Directory. Now when 
mails arrive lda is called like


dovecot-lda -d x...@example.com  -m INBOX

and theres my problem.


You have implicitly created mail aliases for your users. qmail has to 
resolve this alias "XY" into the users A and B.


You could wrap your call to the Dovecot LDA by a script resolving the 
aliases somehow, e.g.:


#!/bin/bash

tmpf=/tmp/split.$$.tmp
# save the message in case we have multiple recipients
cat - >$tmpf
ldapsearch "mailtarget=$1" samaccountname | \
 awk '$1 == "sAMAccountName:" { print $2 } ' | \
  while read uid; do
   dovecot-lda -d "$uid" . < $tmpf
   rc=$?
   if test $rc -gt 0; then
rm -f $tmpf
exit $rc
   fi
  done
rm -f $tmpf

adjust ldap query and attribute names and call to MDA.

This is not really nice, because you cannot handle individual problems, 
e.g. what shall happen if delivery to userB fails? Shall userA get the 
message, shall delivery to userA succeeded, but to retried to userB?
Currently the first error is returned to qmail and probably one user gets 
the same message again and again, because of a problem of another user's 
mailbox. You could return $rc at the very end, then qmail gets the success 
status of the delivery attemp to the last user.


I wouldn't do such stuff in a non-private environment.

- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUv341HD1/YhP6VMHAQJ+Kgf5ARPwP6QhGJrHfbNhjc901i8eZzmSxRc6
UrmRnc/Z3n2MwepzG4JLaJkI8EYBD2VczKjhOXgZ4uzJEqyGkZeZestqabbs/vCy
ki+FWcL5fnkxQSLEOHdUiop/A+BgWeD8fzOecWTqx4xextwDvbY2Se74Wk1lwBz3
bM2oJtU08hcU7DO+z3E4Au/0HagHddroW7SnCm+HYFcnV8m+laSB77ocgBUNu/a2
tCHe4YUWBOqWIbCiP2LhSfJLiL+OrawZBMGt/JfEfD8SnwBMlBONda0wlUD5MZvs
U/+EKzPJvJn4/Y2k8yWPQjiTiuWzBqT0WlEttbovj9AtiFCu9Dgf2w==
=TKbr
-END PGP SIGNATURE-

Re: [Dovecot] lda+ldap multiple users

2014-02-14 Thread matthias lay 

On 02/14/2014 08:27 AM, Steffen Kaiser wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, 7 Feb 2014, matthias lay wrote:

I experienced that if a Mailaddress matches several users the 
delivery is aborted.



dovecot: auth: Error: ldap(christian.t...@securepoint.de): LDAP 
search returned multiple entries

dovecot: auth: ldap(christian.t...@securepoint.de): unknown user
dovecot: lda: Error: user christian.t...@securepoint.de: Auth USER 
lookup failed

-

now my question, is there a way to have a mail like that delivered to 
all users that matches the lookup?

havent found anything in the docs.


This is a job of your MTA.



Hi Steffen,

MTA is qmail and doesnt know anything about users. dovecot uses 
usernames for mailboxes. lets say


/var/mail/userA/Maildir
/var/mail/userB/Maildir

both users have mailaddr x...@example.com mapped in Active Directory. Now 
when mails arrive lda is called like


dovecot-lda -d x...@example.com  -m INBOX

and theres my problem.

Re: [Dovecot] lda+ldap multiple users

2014-02-13 Thread Steffen Kaiser 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, 7 Feb 2014, matthias lay wrote:

I experienced that if a Mailaddress matches several users the delivery is 
aborted.



dovecot: auth: Error: ldap(christian.t...@securepoint.de): LDAP search 
returned multiple entries

dovecot: auth: ldap(christian.t...@securepoint.de): unknown user
dovecot: lda: Error: user christian.t...@securepoint.de: Auth USER lookup 
failed

-

now my question, is there a way to have a mail like that delivered to all 
users that matches the lookup?

havent found anything in the docs.


This is a job of your MTA.

- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUv3FUnD1/YhP6VMHAQKvnQgAhSLwMXAd7iX2wKU3mQDHtEtRK0764xx4
zVOJboQb5S4ZTx8EGeLv5eE8jyv0IHtUR8i7rcmy3Pk2qfqntJT2omnQMUJWT2Yz
o3eWnAxMhDAXegLAulEYv7ndQHRkzCviDt/KWwx7AKyFM6rBKhwvDPg0LUOFfVaB
/hLsYD4OG21LAkZ7GdquyGNrSAhDHrYNVRXirhzLnJQ/UadRsdv/gJb5FMsMH0Sx
hR4tM5t8Enuu69d0mVt14wRbVEIccLTQR+8GvNWRbVXZjnmRvCr+8OlnU87JIbp0
hhMXlbnoQbtHWOPjU/IveqIPgYj6tp4nibJ+2OtfbdywWXfw64Olog==
=AV6P
-END PGP SIGNATURE-

[Dovecot] lda+ldap multiple users

2014-02-07 Thread matthias lay 

Hi list and timo,


I use dovecot lda with ldap to do a email => user lookup.

I experienced that if a Mailaddress matches several users the delivery 
is aborted.



dovecot: auth: Error: ldap(christian.t...@securepoint.de): LDAP search 
returned multiple entries

dovecot: auth: ldap(christian.t...@securepoint.de): unknown user
dovecot: lda: Error: user christian.t...@securepoint.de: Auth USER 
lookup failed

-

now my question, is there a way to have a mail like that delivered to 
all users that matches the lookup?

havent found anything in the docs.


thx in advance

Matze