It doesn't look like mlmmjadmin is running. Could you try to stop it first, then start it?
Make sure port 7790 is listening, also /var/log/mlmmjadmin/mlmmjadmin.log has some log.
It doesn't look like mlmmjadmin is running. Could you try to stop it first, then start it?
Make sure port 7790 is listening, also /var/log/mlmmjadmin/mlmmjadmin.log has some log.
MariaDB [amavisd]> DESC maddr;
You didn't upgrade iRedMail to the latest iRedMail-0.9.8? This SQL change is mentioned in upgrade tutorial:
https://docs.iredmail.org/upgrade.iredm … xtension_1
Hi, thanks a lot Zhang… I just send you a coffee
HI Zhang,
I haven't gone to emailing part yet as just creating mail lists from command prompt. Once I can create required mail lists using commands I can implement on domain. But I am stuck on mail list creation part through command. It is not allowing unrestricted mail list without only_subscriber_can_post=no and no moderator.
However when I test mail list it bounces back saying only subscriber can send email to list.
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Linux/BSD distribution name and version: Ubuntu 18.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): PGSQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hi,
I follow the doc https://docs.iredmail.org/enable.smtps.html to enable smtps
I copy and paste at the end of /etc/postfix/main.cf the lines starting from 465
#open port 465
465 inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o content_filter=smtp-amavis:[127.0.0.1]:10026
and I add also the line in iptables
# smtp, submission
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 587 -j ACCEPT
-A INPUT -p tcp --dport 465 -j ACCEPT
I restart both services postfix and iptables but Iredmail is not listen on port 465 (Check in netstat) port is closed
What could I check to find where is my mistake ?
Thanks
Thanks Zhang. Thanks for your reply. This is all I see in /var/log/dovecot/dovecot.log after turning on debug mode, restarting Dovecot and trying to add craig@example.net as a member of the list:
[18:12:26 root@server dovecot]# grep craig@example.net dovecot.log
Oct 11 18:10:36 server dovecot: lda(craig@example.net): Debug: Loading modules from directory: /usr/lib64/dovecot
Oct 11 18:10:36 server dovecot: lda(craig@example.net): Debug: Module loaded: /usr/lib64/dovecot/lib01_acl_plugin.so
Oct 11 18:10:36 server dovecot: lda(craig@example.net): Debug: Module loaded: /usr/lib64/dovecot/lib10_quota_plugin.so
Oct 11 18:10:36 server dovecot: lda(craig@example.net): Debug: Module loaded: /usr/lib64/dovecot/lib15_notify_plugin.so
Oct 11 18:10:36 server dovecot: lda(craig@example.net): Debug: Module loaded: /usr/lib64/dovecot/lib20_mail_log_plugin.so
Oct 11 18:10:36 server dovecot: lda(craig@example.net): Debug: Module loaded: /usr/lib64/dovecot/lib20_mailbox_alias_plugin.so
Oct 11 18:10:36 server dovecot: lda(craig@example.net): Debug: Module loaded: /usr/lib64/dovecot/lib90_sieve_plugin.so
Oct 11 18:10:36 server dovecot: lda(craig@example.net): Debug: Module loaded: /usr/lib64/dovecot/lib90_stats_plugin.so
Oct 11 18:10:36 server dovecot: lda(craig@example.net): Debug: auth USER input:
[18:12:31 root@server dovecot]#
Anywhere else I should be looking?
Just to clarify, all of the users and mailing lists involved were added through iRedAdmin-Pro.
Craig
Could you please show us full Postfix log related to this issue? We need the log for troubleshooting.
Here is the part of the Postfix log related to a test : sending test mail from my account p.bauer@austrogate.net to mailinglist@customer.com - a list consisting of 9 mail accounts ( user1 to user9@customer.com ) which all have an external forward
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
dovecot.conf
----------------
disable_plaintext_auth = no
ssl=yes
postfix/main.cf
-------------------
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
#smtpd_tls_auth_only = yes
mail.log
-----------------------
Oct 11 19:51:27 ip-*.*.*.* postfix/postscreen[17286]: CONNECT from [*.*.*.*]:47264 to [*.*.*.*]:25
Oct 11 19:51:27 ip-*.*.*.* postfix/dnsblog[17287]: addr *.*.*.* listed by domain zen.spamhaus.org as 127.0.0.11
Oct 11 19:51:33 ip-*.*.*.* postfix/postscreen[17286]: DNSBL rank 3 for [201.235.10.226]:47264
Oct 11 19:51:33 ip-*.*.*.* postfix/postscreen[17286]: NOQUEUE: reject: RCPT from [201.235.10.226]:47264: 550 5.7.1 Service unavailable; client [*.*.*.*] blocked using zen.spamhaus.org; from=<*@*.com>, to=<*@*.com>, proto=ESMTP, helo=<*>
Oct 11 19:51:33 ip-*.*.*.* postfix/postscreen[17286]: HANGUP after 0.22 from [*.*.*.*]:47264 in tests after SMTP handshake
Oct 11 19:51:33 ip-*.*.*.* postfix/postscreen[17286]: DISCONNECT [*.*.*.*]:47264
How can I allow plaintext thouth 25 port with disbling spam filter?
Thanks!
- Did these forwarding-only mail accounts receive this email and forward to their personal Gmail account?
Yes
- Check Postfix log file, did Amavisd consider this is spam when it enters mail queue?
Will have to investigate. Will let you know.
- Check Postfix log file, did Amavisd consider this is spam when it enters mail queue?
This is what I found in the maillog about a similar message:
Oct 11 16:29:21 mail1 postfix/10025/smtpd[10205]: 57E965DFD9: client=ip6-localhost[127.0.0.1]
Oct 11 16:29:21 mail1 postfix/cleanup[10206]: 57E965DFD9: message-id=<d3fe0cde4b799188ccabaf8a794ca6b5@kohls.com>
Oct 11 16:29:21 mail1 postfix/qmgr[2481]: 57E965DFD9: from=<beier@unikapparel.com>, size=2991, nrcpt=1 (queue active)
Oct 11 16:29:21 mail1 amavis[9852]: (09852-02) Passed SPAM {RelayedTaggedInbound}, [74.63.245.245]:46565 [74.63.245.245] <beier@unikapparel.com> -> <voorzitter.avgm@gmail.com>, Queue-ID: A8F3E5DEEF, Message-ID: <d3fe0cde4b799188ccabaf8a794ca6b5@kohls.com>, mail_id: UgeR57gCVm6U, Hits: 7.171, size: 2116, queued_as: 57E965DFD9, 305 ms, Tests: [DATE_IN_PAST_06_12=1.103,HEADER_FROM_DIFFERENT_DOMAINS=0.25,RDNS_NONE=1.274,SPF_HELO_SOFTFAIL=0.896,URIBL_ABUSE_SURBL=1.948,URIBL_BLACK=1.7]
Oct 11 16:29:21 mail1 postfix/amavis/smtp[10212]: A8F3E5DEEF: to=<voorzitter.avgm@gmail.com>, orig_to=<voorzitter@avgm.nl>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.71, delays=0.38/0.01/0/0.31, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 57E965DFD9)
Oct 11 16:29:21 mail1 postfix/smtp[10148]: 57E965DFD9: host gmail-smtp-in.l.google.com[173.194.76.26] said: 421-4.7.0 [159.69.53.82 15] Our system has detected that this message is 421-4.7.0 suspicious due to the nature of the content and/or the links within. 421-4.7.0 To best protect our users from spam, the message has been blocked. 421-4.7.0 Please visit 421 4.7.0 https://support.google.com/mail/answer/188131 for more information. w73-v6si15570223wme.12 - gsmtp (in reply to end of DATA command)
Hi Zhang,
Sure, the additional attributes I need to add for users are:
14.2 upon enter the ldap that look like vi add the following to every user to make accessible from freenas
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: top
uidNumber: 1004
gidnumber: 505
memberuid: (please change this to iredmail uid like napoleon.lam)
sambaSID: S-1-5-21-1045372319-2979546414-3360713982-3008
sambaLMPassword: 722AC01404A7515648116059303999A (this is generatel when I enter password from phpldapadmin. It can also enter as plain text)
sambaNTPassword: AAF696F5A0CC601A636A0364D5BF882
sambaPwdCanChange: 0
sambaPwdLastSet: 1537512632 (this is date set and should be date before you used this account. Use this converter https://www.epochconverter.com/)
sambaPwdMustChange: 1569048632 (this is the date set and should be set farther than this user can used)
gidNumber: 505
14.3 Also, please set the group first just as below
dn: cn=IT,sambaDomainName=WORKGROUP,dc=mydomain,dc=com
cn: IT
displayName: IT
gidNumber: 505
memberUid: napoleon.lam
memberUid: mario.li
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: top
sambaGroupType: 2
sambaSID: S-1-5-21-1045372319-2979546414-3360713982-2010 <this is autogenerate and I just changes any of it>
Zhang,
This is my research and finding on how to have freenas work with iredmail ldap
1 yum update
2 yum install openssh openssh-client openssh-server
3 yum install vim
4 yum install bzip2
5 systemctl start sshd
6 systemctl enable sshd
7 Install firewall and config
7.1 Yum install firewalld
7.2 firewall-cmd --get-active-zone
7.3 firewall-cmd --zone=iredmail --list-all
7.4 firewall-cmd --add-service={ldap,ldaps} --permanent
7.5 firewall-mcd --reload
8 install iredmail server
8.1 download the latest iRedmail package
8.2 unpack using tar -xvf iRedMail-0.9.8.tar.bz2
8.3 cd iRedMail-0.9.8
8.4 bash iRedMail.sh
9 install iRedAdmin-Pro
9.1 download the latest iRedAdmin-Pro package
9.2 tar xvf iRedAdmin-Pro-LDAP-3.1.tar.bz2
9.3 cd iRedAdmin-Pro-LDAP-3.1
9.4 bash upgrade_iredadmin.sh
10 install samba
10.1 yum install smbldap-tools
10.2 yum install samba*
11 config the server to import samba scheme
11.1 vim /etc/openldap/slapd.conf
11.2 add this on the appropriate line “include /etc/openldap/schema/samba.schema”
11.3 add this on nearly last line
11.4 index sambaSID eq
11.5 index sambaPrimaryGroupSID eq
11.6 index sambaDomainName eq
11.7 index sambaGroupType eq
11.8 index sambaSIDList eq
11.9 to make things simple, you can used plain password for Manager by adding rootpw secret (secret is your password) you can also used the ssha one provided all your connection is using the ssha. I used plain password for more clarity in explanation.
12 the iredmail should have samba schema, you can check using ldap admin (ldap free windows software) but this is a view only software, we need to have one that can edit as the iredadmin did not add the necessary attributes need for freesamba so we install ldapvi
13 install ldapvi
13.1 yum install ldapvi
14 manipulate the ldap using ldapvi
14.1 ldapvi --discover --host ct-mailfree -D, --user cn=Manager,dc=mydomain,dc=com -w, --password secret
14.2 upon enter the ldap that look like vi add the following to every user to make accessible from freenas
14.2.1 objectClass: inetOrgPerson
14.2.2 objectClass: sambaSamAccount
14.2.3 objectClass: posixAccount
14.2.4 objectClass: top
sambaSID: S-1-5-21-1045372319-2979546414-3360713982-3008
uidNumber: 1004
14.2.5 gidnumber: 505
14.2.6 memberuid: (please change this to iredmail uid like napoleon.lam)
14.2.7 sambaLMPassword: 722AC01404A7515648116059303999A (this is generatel when I enter password from phpldapadmin. It can also enter as plain text)
14.2.8 sambaNTPassword: AAF696F5A0CC601A636A0364D5BF882
14.2.9 sambaPwdCanChange: 0
14.2.10 sambaPwdLastSet: 1537512632 (this is date set and should be date before you used this account. Use this converter https://www.epochconverter.com/)
14.2.11 sambaPwdMustChange: 1569048632 (this is the date set and should be set farther than this user can used)
14.2.12 gidNumber: 505
14.3 Also, please set the group first just as below
14.3.1 Use the word “add” in front to add
Add dn: cn=IT,sambaDomainName=WORKGROUP,dc=mydomain,dc=com
cn: IT
displayName: IT
gidNumber: 505
memberUid: napoleon.lam
memberUid: mario.li
objectClass: posixGroup
objectClass: sambaGroupMapping
objectClass: top
sambaGroupType: 2
sambaSID: S-1-5-21-1045372319-2979546414-3360713982-2010 <this is autogenerate and I just changes any of it>
14.4 type :wq! (just like vi for write and quit) then type y to confirm, if some error, press e to edit and correct.
14.5 The command to use ldapvi http://www.lichteblau.com/ldapvi/manual/
15 Check the entry again to verify if the entry is successfully added by ldapvi --discover --host ct-mailfree -D, --user cn=Manager,dc=mydomain,dc=com -w, --password secret
16 systemctl restart slapd (to restart the slapd)
17 ----------------------------------------------on part of freenas------------------------------------------------------------------
18 Download the freenas iso FreeNAS-11.1-U5.iso from websites and upload to pve
19 Should allocate another freespace for freenas data, I used add harddisk with give more, also install to choose bios
20 Create volume and some dataset (first used the default one)
21 Configure the ldap by:
21.1 Choose Directoy->LDAP
21.2 Hostname: <ip of iredmail server>:389
21.3 Base DN: dc=mydomain,dc=com
21.4 Bind DN: cn=Manager,dc=mydomain,dc=com
21.5 Bind password: <use the password found on slapd.conf>
22 Press “Advanced Mode” and check the Samba Schema
23 Press save. (It need around 10 seconds and will display “ldap update successfully” other it will said failed and you should find out why and resolve it.
24 Press the “Rebuild Directory Service Cache” for immediate effect of ldap retrieval from iredmail
25 Please check the success on ldap access from iredmail by
25.1 Using the give permission on dataset
25.1.1 Choose view volumes->share and click “change permission”.
25.1.2 Click the drop down box beside Owner (user) you should see the iredmail user you have process (I means add the samba attributes using ldapvi)
25.1.3 To check the group, click the group drop down box and you should see the group you create using ldapvi, the group is needed for freenas.
25.2 Or using command to check by
25.2.1 click the Shell on freenas gui
25.2.2 type getent passed
25.2.3 it will display the iredmail user.
26 Using this 2 kind of checking. It prove you know how to configure the ldap on iredmail correctly and freenas ldap configuration.
27 -----------------------------------------------configure folder right------------------------------------------------------
28 Create the superuser for folder rights assigned on iredmail (I used postmaster and add its samba attributes)
29 After the necessary users and group have been created in ldap of iredmail.
30 Go to view volumes ->change permission and on user, select the superuser you have created, on group, select the necessary group assign to this folder (group make it more simple on right management)
31 Click on Sharing -> Windows (SMB) and create every share on every dataset, on each share:
31.1 uncheck the Apply Default Permissions, browsable to Network Clients.
31.2 uncheck the Allow Guest Access.
31.3 check the Access Based Share Enumeration and click OK
31.4 Create another top share for top folder which this time
31.4.1 Check the “Apply Default Permissions”
31.4.2 Check the “Browsable to Network Clients”
31.4.3 Uncheck the “Access Based Shared Enumeration” and click OK
32 On windows client, try to access the freenas by type \\<IP address>
33 When it prompt for user and password type <IP address>\superuser (superuser is one you create on step 28 and 30 assigned right on view volume)
34 Click in the top share you created on 31.4 and on every folder you can seen, right click and click “Property”->security->edit remove “everyone” entry and click Apply.
35 After you done, try to login as ordinary user and you can only see folder you have priviledge of.
Hope this can help you
Dear Zhang,
The problem now is that adding user should add this attributes, also iredmail do not have groups object posixGroup, need to add that separately, one suggest is using mail list and add 2 object maillist object and posixGroup object
Napoleon
Hi Zhang,
I now working on the iredldif.py this is a phython script, (i will try) what is the best IDE software to test its syntax?
Thanks
Napoleon
Thanks, i obviously missed that ...
After that, i see now numeric values instead of emailadresses.
Top senders Top recipients
1925 <> 4371
Table looks like this now:
MariaDB [amavisd]> DESC maddr;
+---------------+---------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+---------------+---------------------+------+-----+---------+----------------+
| partition_tag | int(11) | YES | MUL | 0 | |
| id | bigint(20) unsigned | NO | PRI | NULL | auto_increment |
| email | varbinary(255) | NO | MUL | NULL | |
| domain | varchar(255) | NO | MUL | NULL | |
| email_raw | varbinary(255) | NO | MUL | | |
+---------------+---------------------+------+-----+---------+----------------+
Did i crash it?
Dear Zhang,
I have successfully modify the iredldif.py as of follow
ldif = [('objectClass', ['inetOrgPerson', 'mailUser', 'shadowAccount', 'amavisAccount','sambaSamAccount','posixAccount','top']),
('mail', [mail]),
('userPassword', passwd),
('sn', [username]),
('uid', [username]),
#samba need attributes
('sambaSID',['S-1-5-21-1045372319-2979546414-3360713982-1011']),
('uidNumber',['1011']),
('gidNumber',['505']),
('sambaLMPassword',['722AC01404A751564811605930312345']),
('sambaNTPassword',['AAF696F5A0CC601A636A0364D5B67890']),
('sambaPwdCanChange',['0']),
('sambaPwdLastSet',['1537512632']),
('sambaPwdMustChange',['1569048632']),
#end samba attributes
('storageBaseDirectory', [storageBaseDirectory]),
('mailMessageStore', [mailMessageStore]),
('homeDirectory', [homeDirectory]),
('accountStatus', ['active']),
('enabledService', enabled_services),
# shadowAccount integration.
('shadowLastChange', [str(ldaputils.get_days_of_shadow_last_change())]),
I have test by hardcode the data, and it seem this will give the freenas able to see the user once i add.
but i have said hardcode, somedata should be system generate like
('sambaSID',[should be system generate]),
('uidNumber',['should be system generate']),
('gidNumber',['should be system generate']),
('sambaLMPassword',['should be system generate']),
('sambaNTPassword',['should be system generate']),
('sambaPwdCanChange',['should be system generate']),
('sambaPwdLastSet',['should be system generate']),
('sambaPwdMustChange',['should be system generate']),
now i working on it how, please let me know if you have some better code
Napoleon
==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.8
- Linux/BSD distribution name and version: 2.9.0
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): mysql
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
When I sort the domains in the iredadmin pro interface, it sorts them right until the letter n (maybe o, p or q, but I don't have domains with this letter starting)
After the letter n, there are all relay domains listed correctly by alphabet, and after that the normal domains keep getting listed. Also the domains with alias and relay are sorted incorrect.
This is not high priority tho, would just be nice if it would work as it's supposed to do
I'll try that, thanks
My suspicion is SOGo, but we'll see..
Found my mistake… Don't read correctly the doc it is not main.cf but master.cf... apologized.
my bad... yes it creates unrestricted list where anyone can send email to list. I did not test it as admin panel does not show it unrestricted.
However iRedAdmin-Pro shows list as moderated, check attached screenshot. Pro panel does not show list as unrestricted if created using command:
python /opt/mlmmjadmin/tools/maillist_admin.py create list@domain.com disable_archive=yes only_subscriber_can_post=no only_moderator_can_post=no