Deliver mail to virtual users with sendmail and dovecot lda

I'm trying to migrate our linux system user based post system to virtual users.

I have

sendmail with procmail delivery
dovecot
system users with different uids
roundcube web interface

Sendmail handles all mail delivery to user mailboxes, dovecot handles pop3 and imap interraction with users, everything is working like a charm

Now we start to implement active directory globally and i want to refuse from linux system email users prior to ldap virutal users.

I enabled sendmail ldap_routing

define(`confLDAP_DEFAULT_SPEC', `-h "10.1.0.1" -b "ou=portal,dc=univ,dc=priv" -d "cn=portal admin,ou=portal,dc=univ,dc=priv" -MLDAP_AUTH_SIMPLE -P/etc/mail/ldap_pass')dnl

LDAPROUTE_DOMAIN_FILE(`/etc/mail/ldap_route_domains')dnl

FEATURE(`ldap_routing', `null', `ldap -1 -T -v sAMAccountName -k (&(|(objectclass=user)(objectclass=group))(|(mail=%0)(proxyAddresses=smtp:%0)))',`passthru')dnl

created simple alias file for ldap users via perl script. File initially looked like this

sAMAccountName1:    vmail
sAMAccountName2:    vmail
....
sAMAccountNameN:    vmail

enabled dovecot-lda using this howto

Unfortunately sendmail passes real system user name ("vmail" in my case) as -d argument, not sAMAccountName of virtial user with this configuration.

After that i modify my alias file in something like this (inspired by this topic)

sAMAccountName1:    "|/usr/libexec/dovecot/dovecot-lda -d sAMAccountName1"
sAMAccountName2:    "|/usr/libexec/dovecot/dovecot-lda -d sAMAccountName1"
....
sAMAccountNameN:    "|/usr/libexec/dovecot/dovecot-lda -d sAMAccountName1"

This solution fails because of system right problem i can't solve. Here's log messages

Fatal: setgid(5000(vmail) from userdb lookup) failed with euid=8(mail), gid=12(mail), egid=12(mail): Operation not permitted (This binary should probably be called with process group set to 5000(vmail) instead of 12(mail))

dovecot deliver agent defined in sendmail.cf with U=vmail:vmail

Mdovecot,      P=/usr/libexec/dovecot/dovecot-lda,
           F=l59DFMPhnu,
           S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
           M=51200000,
           U=vmail:vmail,
           T=DNS/RFC822/X-Unix,
           A=/usr/libexec/dovecot/dovecot-lda -d $u

dovecot-lda has same owner and group

-rwxr-x--- 1 vmail vmail 28512 апр.   5  2013 /usr/libexec/dovecot/dovecot-lda

If i use system user mail instead vmail everything starts working fine.
But this config seems to me less secure and i want use user vmail with uid > 100 instead of user mail.

So mail delivery fails. I appreciate any help solving this problem.

Best Answer

Skip reading if you are not determined :-)
Make vmail special to sendmail (no DNS lookups for destination)
```
LOCAL_CONFIG
CPvmail
```
Use FEATURE(ldap_routing) to select mailHost not mailRoutingAddress
Use FEATURE(mailertable) to select delivery method (mailer)

mailertable
```
vmail  dovecot:dummy
```
Do not make dovecot the local mailer - FEATURE(local_procmail,...)
In dovecot mailer definition use xSMTP rules not xL (local) rules

http://wiki2.dovecot.org/LDA/Sendmail

Best Answer

Related Solutions

LDAP based virtual domain set-up for Dovecot

Ubuntu – Dovecot not used as LDA by Postfix

Related Topic