Mail Gateway

[hariskhan]

Also, could you give me a hint for the saslauthd error that I pasted?

I don't understand what Naming Violation (64) would mean;

I have looked searched on google, went to FreeNode, but found no help on this error..

My /etc/postfix/saslauthd.conf is as following;

# cat saslauthd.conf
ldap_servers: ldap://localhost:389/
ldap_search_base: o=Scalix
ldap_auth_method: saslauthd
ldap_filter: omUlAuthid=%u
ldap_version: 3
ldap_bind_dn: cn=user@fusionchicago.net,o=Scalix
ldap_bind_pw: admin-password

[hariskhan]

LISTEN part fixed as mentioned

[Beaujolais]

My /etc/postfix/saslauthd.conf is as following;

# cat saslauthd.conf
ldap_servers: ldap://localhost:389/
ldap_search_base: o=Scalix
ldap_auth_method: saslauthd
ldap_filter: omUlAuthid=%u
ldap_version: 3
ldap_bind_dn: cn=user@fusionchicago.net,o=Scalix
ldap_bind_pw: admin-password

Just follow the WiKi http://www.scalix.com/wiki/index.php?ti ... te_Postfix
You've changed 2 lines:
ldap_auth_method
ldap_bind_dn
and then complaining that the Wiki is incomplete.

Here is how is should look like:

Code: Select all

ldap_servers: ldap://localhost:389/
ldap_search_base: o=Scalix
ldap_auth_method: bind
ldap_filter: omUlAuthid=%u
ldap_version: 3
ldap_bind_dn: cn=sxadmin,o=scalix
ldap_bind_pw: sxadmin-password

[hariskhan]

Somebody has already achieved their target.

Thankyou for your support. I'm grateful


P.S. I was setting it up for someone who made the changes.

[hariskhan]

Not quite I suppose.

They say;

Ok, I found something wrong. It only works on the fusionchicago.net domain. None of the other domains work, please advise what you did to add the fusionchicago.net domain, so we can see if the others can be added the same way.

This Complete/Postfix Howto does not support multiple domains? Does it require additional setup?

[Beaujolais]

Follow this http://www.scalix.com/wiki/index.php?ti ... le_domains
You have to make few modifications to your current setup, mainly in the transport maps area.

[chris]

Hi Everybody,

I just picked up on this thread today. Without expressing too much regret that nobody sent me email saying they were having problems (which I requested at the top of the howto) I'll respond to a few things. Many thanks to Beaujolais for resolving the issues mentioned, but here are a couple further thoughts.

I'm trying (possibly in vain) to set a mail gateway up in front of the scalix box (probably postfix)

This is definitely not a problem.

Beaujolais posted the links a couple posts down, I'll just reference http://www.scalix.com/wiki/index.php?ti ... te_Postfix which I wrote ;p

First off the OP:

I've got a couple of issues I'm struggling with. When a new mail comes in to the gateway I'd need it to check the address against the ldap server on my scalix box to confirm it exists, if not bounce it. I can't believe that is that hard, but I cannot for the life of me find any webpages or howto's on how to do this.

It's not that hard at all. You want to use a transport map (run man transport on a box with postfix installed) running over LDAP.

To do it from a gateway box change the config in the howto to be:

Code: Select all

server_host = ldap://[b]server.company.com[/b]:389
query_filter = mail=%s
bind = no
result_attribute = scalixInstanceMailHost
result_format = smtp:[b]server.company.com[/b]:25
size_limit = 1
domain = scalix.demo


where server.company.com is the Scalix machine. Ensure that postfix can get through any firewall on LDAP (port 389) to the Scalix box.

I'd also like to be able to do smtp auth on this box to allow a small amount of external users to use this box to send through (via mobile devices) as I'm trying to keep the scalix box as far away from the dirty dirty internet as possible. Again this would need to authenticate against the ldap on scalix and I can't for the life of me see how.

This is described in the howto as well. Change /etc/postfix/saslauthd.conf to reflect the server's hostname rather than localhost and it should fly directly.

Did you ever get things working?

Now hariskhan:

1) Its missing alot of *_maps keywords that have to be setup for scalix+postfix to work

I should have been more clear that I expect you to know how to run postfix itself. Setting up postfix is the subject of many howtos, and there's no reason to reinvent the wheel there.

On my personal production server the only map configured is the transport_map, and it's set up exactly as in the howto.

What other maps did you need on your box?

2) My second issue with this setup is that scalix asks for smtp auth from (local) postfix when postfix sends mail to it

The howto assumes that Scalix and Postfix are on the same box - if they're not, then you're not actually replacing sendmail.

The line

Code: Select all

RELAY accept 127.0.0.1

in smtpd.cfg is responsible for accepting mail from localhost.

If you need to accept mail from other hosts without authorization, please add a line of the form:

Code: Select all

RELAY accept 192.168.129.1

replacing the IP address with the IP of the host that's trying to relay.

I'm not going to include that in the howto because normally it's something you need for a mail relay and not for a local installation.

3) saslauth fails. I get a naming violation (64) from scalix (ldap). I checked user/pass with imap, pop3, they work, but saslauthd is unable to. I need a guide to complete working saslauthd for scalix.

Well, I thought that is what I had on the howto. And I'm certain that it works because I've done it a _lot_ of times.

In fact, I'm really certain that it works because I've even scripted the whole thing for RHEL and Debian.

I also have some questions;

From this ( http://www.scalix.com/wiki/index.php?ti ... te_Postfix ) url I have an install minus amavis and clamav.

1) I have 5 IPs set on my box, for eg;

lo has 127.0.0.1
eh0 has 10.1.1.1
eth1 has 203.154.24.32
eth1:0 has 203.154.24.33
eth1:1 has 203.154.24.34
eth1:2 has 203.154.24.35
eth1:1 has 203.154.24.36

a) On which interfaces should postfix listen? I mean to say, what should be in mynetworks?
b) On which interfaces should scalix listen?

Answers:

a) postfix should listen on the interface that you want to receive email on. Whichever interface is behind the A-Entry referenced in your MX record in DNS should be what postfix listens to. You can find this out with #dig -t mx your.domain.name

What is your server using all those IP's for anyway?

b) it doesn't really matter, you just have to configure postfix to deliver to whatever interface you configure scalix's omsmtpd to listen to.

2) Is there a scalix+postfix guide if postfix is installation is done from scratch?

Looking at this ( http://www.postfix.org/STANDARD_CONFIGU ... l#firewall ) url, what else do we need to do to setup scalix+postfix?

As I mentioned above, configuring postfix from scratch is not the purpose of the document. I assumed when I wrote it that you understand postfix.

If you want a simple main.cf take a look at the following on a vanilla RHEL5 install:

Code: Select all

[root@rhel5 ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = localhost
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.3.3/README_FILES
sample_directory = /usr/share/doc/postfix-2.3.3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
unknown_local_recipient_reject_code = 550


That's plenty to get postfix up and running.

3) How can we disable scalix's smtp auth for postfix, so postfix can send mail without any restrictions?

As discussed above, you need to add a RELAY accept <ip address> line to smtpd.cfg - I assume the problem you're having is caused by all those virtual interfaces. The configuration works out of the box on a machine with a single interface correctly bound to a single IP which is resolvable in DNS.

3) In case scalix's smtp auth for postfix is not removable, what user/pass do I need to setup in postfix so it can successfully delivery mail to scalix?

see above

4) Is scalix's community edition similar to its enterprise edition in features, functionalities, configuration, other aspects? I downloaded it to my home test server to try to find out a possible solution as soon as I can.

Check out http://www.scalix.com/enterprise/editions/ for more detail on the differences.

Has anyone done this, or similar to this and if you have do you have a nice little manual on how you did it! :D

Check these two articles:
http://www.scalix.com/wiki/index.php?ti ... te_Postfix
http://www.scalix.com/wiki/index.php?ti ... le_domains

What's frustrating about the above articles is that scalix+postfix does NOT work as they so conveniently point that it does.

For example;

In my /var/opt/scalix/xx/s/sys/smtpd.cfg I have;

#SUBMIT=ON
#LMTP=ON

and at the end of the file I have

LISTEN=FQDN:10025

What makes no sense is, when I restart scalix's smtpd its still listening on port 25 rather than the port I TOLD it to listen on. What the heck is going on?


tcp 0 0 xxx.xxx.xx.xxx:25 0.0.0.0:* LISTEN 21702/omsmtpd SMTP
tcp 0 0 xxx.xxx.xx.xxx:25 0.0.0.0:* LISTEN 21702/omsmtpd SMTP
tcp 0 0 xxx.xxx.xx.xxx:25 0.0.0.0:* LISTEN 21702/omsmtpd SMTP
tcp 0 0 xxx.xxx.xx.xxx:25 0.0.0.0:* LISTEN 21702/omsmtpd SMTP
tcp 0 0 10.x.xxx.xx:25 0.0.0.0:* LISTEN 21702/omsmtpd SMTP

None of the above two tutorials tells that LMTP=ON has to be uncommented for scalix's smtpd to actually listen on FQDN:10025

The LISTEN=FQDN:10025 needs to be above [SUBMIT] - I've updated the howto to reflect that.

We need a complete! setup tutorial for scalix + postfix, which assumes postfix is not yet installed. Install and configure postfix from SCRATCH to the last! bit

At least test it on RH EL or Debian or FreeBSD and be sure that its working before post a tutorial

http://www.scalix.com/wiki/index.php?title=HowTos/Complete_Postfix

This tutorial fails to mention one has to make transport_maps and many more maps in postfix's config to get it working

Actually the tutorial is tested on RHEL4 and Debian. Setting up transport is section 3, with example config for transport maps.

Thanks again to Beaujolais for sorting everything out at the time.

With love to postfix,

Chris