Staff email group

[sgreen]

I do not have an initial in my CN, also I can see the teststaff pdl in the search.

That value is the same as the one omshowu gives, correct?

and what is the level I should turn it back down too once testing is done?

[sgreen]

The name was correct, but I even removed it and readded it with the same permissons as Scalix admins have:

omshowaci -l teststaff
Steven Green /scalix/CN=Steven Green config modify read remove

Scalix Administrators config modify read remove
Local Users modify read remove
Default none


I still get the error in SWA.

[sgreen]

What would I turn the logging up on to see where it "decides" that I cannot send this message?

[mikethebike]

The format should be the result of "omsearch -e s=green/g=steven -x"

I would suggest leaving the audit logging for router at 9.

Other place you could check is in the event log. Set router and local delivery to 9, send the email then omshowlog -p 5 -l9
It may even show up the the fatal log (tail -50 ~scalix/logs/fatal)

Mick

[sgreen]

Thanks Mike, but no luck. It still blocks it and gives no reason.

[mikethebike]

odd!!
I wonder if you give "deafult" read capabilities, and remove read capabilities for local users?

[sgreen]

That let everyone mail teststaff.

Is there some way to reorder the aci? Wondering if order matters.

[sgreen]

The read permission does allow me to see it in the list, so I know I have my name correct but with modify and read I cannot send. Even with config modify read and remove it still fails.

[LeslieW]

If you send a message to some other PDL or user (not the one you're having troubles with, obviously), what does the audit log show for that message as it goes through the service router? It will be a block of text beginning with the word
router

[mikethebike]

have you tried sending from a MAPI client rather than SWA? I wonder if the format of the "from" address is funky in SWA?

Mick

[sgreen]

This does indeed work for MAPI connected users. Any idea what I should start looking at to make this work for SWA and other imap users?

[sgreen]

For Leslie


routing
time 1239033007 Mon Apr 6 11:50:07 2009 -240
type 0 message
priority 0 normal
sensitivity 0 normal
importance 0 normal
created-locally 0
hop-count 1
ua-message-id 18852183.311041239033002603.JavaMail.root(a)scalix.installs.com
mta-message-id 18852183.311041239033002603.JavaMail.root(a)scalix.installs.com
originator Steven Green / scalix/CN=Steven Green
recipient-to it / scalix/CN=it
ack-req 0 none
queue LOCAL
message-size 2933
delivered-count 1

[jangi]

Without knowing the details of your setup, my guess would be that email going through Scalix's SMTP server is being routed through sendmail. Restrict your ACI (delete default and local users, leaving only admins), then run this command:

sendmail -bv pdladdr@domain.com

If it waits a couple seconds and kicks back "User unknown", then it can't figure out what to do with emails destined for that address. Not sure the best way to resolve that... If you confirm this is the issue, I'll think about it. Maybe Leslie can chime in.

[sgreen]

I am indeed using sendmail and it could not deliver to my teststaff pdl. Gave me a user unknown.

[jangi]

sendmail uses ldapmapper to lookup scalix address, which in turn hits against the scalix ldap server (slapd). By default it does an anonymous bind, which won't work once you restrict the aci. Here's how to get ldapmapper to authenticate with credentials:

create ~/s/sys/ldapmapper.cfg with the following:
DN=CN=sxadmin
PASSWD=letmein

If you'd rather, create a ldaplookup account, give it a password, and give it access to your pdl. Then you can use that instead of an admin account. In the end, just make sure sendmail -bv pdladdress@domain.com works.

After creating that file restart ldapmapper:
service ldapmapper restart

Also, if the scalix ldap server gets pissy restart it with:
omoff -d0 ldap
<wait>
omon ldap