我在 Ubuntu 23.10 上安装了 Postfix 3.8.1、Dovecot 2.3.20 和 OpenLDAP。Postfix 通过 LMTP 将本地邮件传输到 Dovecot。在某些情况下,从外部看到的邮件地址(例如[email protected])和用于 SASL 身份验证和主目录的用户名不匹配。尽管如此,SASL 和用户名也遵循模式,[email protected]以区分不同虚拟托管域之间的用户名。
LDAP 条目如下所示
dn: uid=user-name, ou=users, o=some-domain.tld, dc=mailserver, dc=server-domain, dc=tld
uid: user-name
mailAccount: [email protected]
Postfix 将邮件发送[email protected]到 Dovecot,因为这是它的邮件地址。但是,Dovevot 必须将这封邮件存储在其中,/var/spool/mail/vmail/some-domain.tld/user-name/因为这是用户的虚拟邮件主目录。
然而,Dovecots 会把通过 LMTP 从 Postfix 收到的邮件错误地放入/var/spool/mail/vmail/some-domain.tld/user-local-mail-part/。因此,当用户通过 IMAP 登录时,找不到这些邮件。
我的 Dovecot 配置
root@mailserver:~ # cat /etc/dovecot/conf.d/auth-ldap.conf.ext
passdb {
driver = ldap
# Path for LDAP configuration file, see example-config/dovecot-ldap.conf.ext
args = /etc/dovecot/dovecot-ldap-passdb.conf.ext
}
userdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
default_fields = uid=vmail gid=vmail home=/var/spool/mail/vmail/%d/%n
}
root@mailserver:~ # cat /etc/dovecot/dovecot-ldap-passdb.conf.ext
uris = ldapi:///var/run/slapd/ldapi
auth_bind = yes
auth_bind_userdn = uid=%n,ou=users,o=%d,dc=mailserver,dc=server-domain,dc=tld
base = ou=users,o=%d,dc=mailserver,dc=server-domain,dc=tld
root@mailserver:~ # cat /etc/dovecot/dovecot-ldap-userdb.conf.ext
uris = ldapi:///var/run/slapd/ldapi
dn = uid=dovecot,ou=users,o=mailserver.server-domain.tld,dc=mailserver,dc=server-domain,dc=tld
dnpass = dovecot
base = ou=users,o=%d,dc=h2917298,dc=stratoserver,dc=net
# Change user to uid (suffixed with domain) regardless whether the user
# was found by uid or mailAccount, see
# https://doc.dovecot.org/configuration_manual/authentication/ldap_backend_configuration/
user_attrs = \
=user=%{ldap:uid}@%d \
=home=/var/spool/mail/vmail/%d/%{ldap:uid}
user_filter = (&(objectClass=mailAccount)(|(uid=%n)(mailAccount=%u)))
邮件日志是
mailserver.server-domain.tld postfix/smtpd[352703]: connect from mout02.posteo.de[185.67.36.66]
mailserver.server-domain.tld postfix/smtpd[352703]: Anonymous TLS connection established from mout02.posteo.de[185.67.36.66]: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature EC>
mailserver.server-domain.tld policyd-spf[352708]: : prepend Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=185.67.36.66; helo=mout02.posteo.de; [email protected]; receiver=some-domain.tld
mailserver.server-domain.tld postfix/smtpd[352703]: EA8098130E: client=mout02.posteo.de[185.67.36.66]
mailserver.server-domain.tld postfix/cleanup[352709]: EA8098130E: message-id=<5725552.DvuYhMxLoT@posteo>
mailserver.server-domain.tld postfix/qmgr[350847]: EA8098130E: from=<[email protected]>, size=2026, nrcpt=1 (queue active)
mailserver.server-domain.tld postfix/smtpd[352703]: disconnect from mout02.posteo.de[185.67.36.66] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
mailserver.server-domain.tld dovecot[352659]: lmtp(352711): Connect from local
mailserver.server-domain.tld dovecot[352659]: lmtp([email protected] =home=/var/spool/mail/vmail/some-domain.tld/user-name)<352711><3soFD7lgRmXHYQUAg2lwgA>: msgid=<5725552.DvuYhMxLoT@posteo>: saved mail to INBOX
mailserver.server-domain.tld postfix/lmtp[352710]: EA8098130E: to=<[email protected]>, relay=mailserver.server-domain.tld[private/dovecot-lmtp], delay=0.37, delays=0.36/0.01/0.01/0, dsn=2.0.0, status=sent (250 2.0.0 <>
mailserver.server-domain.tld dovecot[352659]: lmtp(352711): Disconnect from local: Logged out (state=READY)
mailserver.server-domain.tld postfix/qmgr[350847]: EA8098130E: removed
注意:Posteo 是我用来向我的邮件服务器发送测试邮件的邮件服务。
第 9 行内容
dovecot[352659]: lmtp([email protected] =home=/var/spool/mail/vmail/some-domain.tld/user-name)<...><...>: msgid=<...@posteo>: saved mail to INBOX
第十行是
postfix/lmtp[352710]: EA8098130E: to=<[email protected]>, relay=mailserver.server-domain.tld[private/dovecot-lmtp], delay=0.37, delays=0.36/0.01/0.01/0, dsn=2.0.0, status=sent (250 2.0.0 <>
这实际上看起来好像重写会按照预期的方式发生。Postfix 为 发送邮件[email protected],但 Dovecot 知道用户[email protected]在主目录中/var/spool/mail/vmail/some-domain.tld/user-name。
尽管如此,邮件仍保存为
root@mailserver:~ # find /var/spool/mail/vmail/ -name 'u.?'
/var/spool/mail/vmail/some-domain.tld/user-local-mail-part/Maildir/mailboxes/INBOX/dbox-Mails/u.2
/var/spool/mail/vmail/some-domain.tld/user-local-mail-part/Maildir/mailboxes/INBOX/dbox-Mails/u.3
/var/spool/mail/vmail/some-domain.tld/user-local-mail-part/Maildir/mailboxes/INBOX/dbox-Mails/u.1
为什么?
答案1
这是一个微不足道的疏忽,缺少一个逗号。
代替
root@mailserver:~ # cat /etc/dovecot/dovecot-ldap-userdb.conf.ext
user_attrs = \
=user=%{ldap:uid}@%d \
=home=/var/spool/mail/vmail/%d/%{ldap:uid}
user_filter = (&(objectClass=mailAccount)(|(uid=%n)(mailAccount=%u)))
应该是
root@mailserver:~ # cat /etc/dovecot/dovecot-ldap-userdb.conf.ext
user_attrs = \
=user=%{ldap:uid}@%d, \ ### <-- COMMA WAS MISSING HERE
=home=/var/spool/mail/vmail/%d/%{ldap:uid}
user_filter = (&(objectClass=mailAccount)(|(uid=%n)(mailAccount=%u)))
由于缺少逗号,因此仅user设置了变量。因此,Dovecot 不会抱怨找不到用户。但home变量仍未设置。
有时,我讨厌 Linux 守护进程 ;-) Dovecot 不会抱怨配置文件无效,而是简单地忽略=home ...缺少逗号后的行。