Configuration question regarding postfix and djigzo

Stefan_Gunther · July 20, 2011, 8:28am

Hello,

we have installed the groupware Zarafa (together with Postfix) on a
Ubuntu 10.04 System.
Zarafa has its own user management, therefore postfix doesn't know
anything about the users it should deliver mail for, but it works.

We have now integrated djigzo into the mail flow.

The interesting thing now is, that whenI send an email from the command
line, the mail will be delivered. When I use fetchmail to poll a mail
and forward it to the same user, postfix tells me, that this user
doesn't exist. This was possible before adding the djigzo configuration.

My question now is: How does the djigzo configuration change the
configuration of postfix, so that postfix wants to check the user?
Or the other way round: How do I tell postfix to just forward the email
to a local transport (in this case it is mailbox_transport = zarafa)?

Thanks for any suggstions or hints,

Stefan

martijn · July 20, 2011, 8:38am

Hello,

we have installed the groupware Zarafa (together with Postfix) on a
Ubuntu 10.04 System.
Zarafa has its own user management, therefore postfix doesn't know
anything about the users it should deliver mail for, but it works.

We have now integrated djigzo into the mail flow.

With "integrated" you mean using the same Postfix instance? i.e., is
Djigzo using the same Postfix instance as Zarafa?

The interesting thing now is, that whenI send an email from the command
line, the mail will be delivered. When I use fetchmail to poll a mail
and forward it to the same user, postfix tells me, that this user
doesn't exist. This was possible before adding the djigzo configuration.

The command line probably uses postdrop and fetchmail sends it to the
SMTP port.

My question now is: How does the djigzo configuration change the
configuration of postfix, so that postfix wants to check the user?
Or the other way round: How do I tell postfix to just forward the email
to a local transport (in this case it is mailbox_transport = zarafa)?

If you are using just one Postfix instance for Zarafa and Djigzo, can
you post the Postfix main and master config file?

Kind regards,

Martijn Brinkers

···

On 07/20/2011 10:28 AM, Stefan-Michael Guenther wrote:

--
Djigzo open source email encryption

Stefan_Gunther · July 20, 2011, 2:21pm

Hi,

With "integrated" you mean using the same Postfix instance? i.e., is
Djigzo using the same Postfix instance as Zarafa?

yes.

The command line probably uses postdrop and fetchmail sends it to the
SMTP port.

yes.

If you are using just one Postfix instance for Zarafa and Djigzo, can
you post the Postfix main and master config file?

of course, here are the files. By the way, we are also using Amavis,
therefore we have changed the ports that Djigzo uses.

master.cf

···

-------------
smtp inet n - - - - smtpd
-o message_size_limit=${djigzo_before_filter_message_size_limit}
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
zarafa unix - n n - 10 pipe
flags= user=vmail argv=/usr/bin/zarafa-dagent ${user}

djigzo unix - - n - 4 smtp
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o smtp_generic_maps=

127.0.0.1:10026 inet n - n - 10 smtpd
-o content_filter=
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_authorized_xclient_hosts=127.0.0.0/8

127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000

main.cf
--------
readme_directory = no
myorigin = /etc/mailname
mydestination = ${djigzo_mydestination}, in-put.de, zarafaserver.in-put.de,
localhost
inet_interfaces = all
virtual_mailbox_maps = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_transport = lmtp:127.0.0.1:2003
mailbox_transport = zarafa
zarafa_destination_recipient_limit = 1
djigzo_after_filter_message_size_limit = 512000000
djigzo_mailbox_size_limit = 512000000
djigzo_smtp_helo_name =
djigzo_relay_transport_host = 192.168.0.101
djigzo_relay_transport_host_mx_lookup =
djigzo_relay_transport_host_port = 25
djigzo_reject_unverified_recipient =
djigzo_unverified_recipient_reject_code = 450
djigzo_parent_domain_matches_subdomains =
smtpd_banner = ESMTP
biff = no
append_dot_mydomain = no
myhostname = ${djigzo_myhostname}
mynetworks = 127.0.0.0/8, ${djigzo_mynetworks}
relayhost =
${djigzo_relayhost_mx_lookup:${djigzo_relayhost?[}}${djigzo_relayhost}${djigzo_relayhost_mx_lookup:${djigzo_relayhost?]}}${djigzo_relayhost?:${djigzo_relayhost_port}}
relay_domains = ${djigzo_relay_domains}
message_size_limit = ${djigzo_after_filter_message_size_limit}
mailbox_size_limit = ${djigzo_mailbox_size_limit}
smtp_helo_name =
${djigzo_smtp_helo_name?$djigzo_smtp_helo_name}${djigzo_smtp_helo_name:$myhostname}
relay_transport =
relay${djigzo_relay_transport_host?:${djigzo_relay_transport_host_mx_lookup:[}$djigzo_relay_transport_host${djigzo_relay_transport_host_mx_lookup:]}:$djigzo_relay_transport_host_port}
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
${djigzo_reject_unverified_recipient?, reject_unverified_recipient}
unverified_recipient_reject_code = $djigzo_unverified_recipient_reject_code
parent_domain_matches_subdomains = $djigzo_parent_domain_matches_subdomains
smtpd_discard_ehlo_keywords = silent-discard, dsn, etrn
smtpd_etrn_restrictions = reject
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
recipient_delimiter = +
smtpd_authorized_xforward_hosts = 127.0.0.1/32
content_filter = djigzo:127.0.0.1:10023
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_key_file = /etc/zarafa/gateway/privkey.pem
smtpd_tls_cert_file = /etc/zarafa/gateway/cert.pem
smtpd_use_tls = yes
smtpd_tls_loglevel = 2
tls_random_source = dev:/dev/urandom
djigzo_mynetworks = 127.0.0.0/8, 192.168.0.0/24
djigzo_myhostname = zarafaserver.in-put.de
djigzo_relayhost = 192.168.0.101
djigzo_relayhost_mx_lookup =
djigzo_relayhost_port = 25
djigzo_before_filter_message_size_limit = 10240000

Thanks for your help.

Best regards,

Stefan

martijn · July 20, 2011, 2:42pm

Hi,

With "integrated" you mean using the same Postfix instance? i.e., is
Djigzo using the same Postfix instance as Zarafa?

yes.

The command line probably uses postdrop and fetchmail sends it to the
SMTP port.

yes.

If you are using just one Postfix instance for Zarafa and Djigzo, can
you post the Postfix main and master config file?

of course, here are the files. By the way, we are also using Amavis,
therefore we have changed the ports that Djigzo uses.

It seems you didn't provide any value for the "local_recipient_maps"
setting and therefore the default value will be used which means that
local users are looked up using the passwd file. If you set
local_recipient_maps to an empty value you disable local recipient checking.

"To turn off local recipient checking in the Postfix SMTP server,
specify "local_recipient_maps =" (i.e. empty)."

According to the Zarafa Wiki, they tell you to set local_recipient_maps
to an empty value, i.e.,

local_recipient_maps =

See http://www.zarafa.com/wiki/index.php/MTA_integration

I'm not sure how Zarafa handles email for non-existing users to prevent
back-scatter. It might be that you need to check against an ldap or
something similar.

Kind regards,

Martijn Brinkers

···

On 07/20/2011 04:21 PM, Stefan-Michael Guenther wrote:
From: Postfix Configuration Parameters

master.cf
-------------
smtp inet n - - - - smtpd
-o message_size_limit=${djigzo_before_filter_message_size_limit}
pickup fifo n - - 60 1 pickup
cleanup unix n - - - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - - 300 1 oqmgr
tlsmgr unix - - - 1000? 1 tlsmgr
rewrite unix - - - - - trivial-rewrite
bounce unix - - - - 0 bounce
defer unix - - - - 0 bounce
trace unix - - - - 0 bounce
verify unix - - - - 1 verify
flush unix n - - 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - - - - showq
error unix - - - - - error
retry unix - - - - - error
discard unix - - - - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - - - - lmtp
anvil unix - - - - 1 anvil
scache unix - - - - 1 scache
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail
($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender
$recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
${nexthop} ${user}
zarafa unix - n n - 10 pipe
flags= user=vmail argv=/usr/bin/zarafa-dagent ${user}

djigzo unix - - n - 4 smtp
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o smtp_generic_maps=

127.0.0.1:10026 inet n - n - 10 smtpd
-o content_filter=
-o
receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_authorized_xclient_hosts=127.0.0.0/8

127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000

main.cf
--------
readme_directory = no
myorigin = /etc/mailname
mydestination = ${djigzo_mydestination}, in-put.de, zarafaserver.in-put.de,
localhost
inet_interfaces = all
virtual_mailbox_maps = hash:/etc/postfix/virtual
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_transport = lmtp:127.0.0.1:2003
mailbox_transport = zarafa
zarafa_destination_recipient_limit = 1
djigzo_after_filter_message_size_limit = 512000000
djigzo_mailbox_size_limit = 512000000
djigzo_smtp_helo_name =
djigzo_relay_transport_host = 192.168.0.101
djigzo_relay_transport_host_mx_lookup =
djigzo_relay_transport_host_port = 25
djigzo_reject_unverified_recipient =
djigzo_unverified_recipient_reject_code = 450
djigzo_parent_domain_matches_subdomains =
smtpd_banner = ESMTP
biff = no
append_dot_mydomain = no
myhostname = ${djigzo_myhostname}
mynetworks = 127.0.0.0/8, ${djigzo_mynetworks}
relayhost =
${djigzo_relayhost_mx_lookup:${djigzo_relayhost?[}}${djigzo_relayhost}${djigzo_relayhost_mx_lookup:${djigzo_relayhost?]}}${djigzo_relayhost?:${djigzo_relayhost_port}}
relay_domains = ${djigzo_relay_domains}
message_size_limit = ${djigzo_after_filter_message_size_limit}
mailbox_size_limit = ${djigzo_mailbox_size_limit}
smtp_helo_name =
${djigzo_smtp_helo_name?$djigzo_smtp_helo_name}${djigzo_smtp_helo_name:$myhostname}
relay_transport =
relay${djigzo_relay_transport_host?:${djigzo_relay_transport_host_mx_lookup:[}$djigzo_relay_transport_host${djigzo_relay_transport_host_mx_lookup:]}:$djigzo_relay_transport_host_port}
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
${djigzo_reject_unverified_recipient?, reject_unverified_recipient}
unverified_recipient_reject_code = $djigzo_unverified_recipient_reject_code
parent_domain_matches_subdomains = $djigzo_parent_domain_matches_subdomains
smtpd_discard_ehlo_keywords = silent-discard, dsn, etrn
smtpd_etrn_restrictions = reject
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
recipient_delimiter = +
smtpd_authorized_xforward_hosts = 127.0.0.1/32
content_filter = djigzo:127.0.0.1:10023
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
smtpd_sasl_security_options = noanonymous
smtpd_tls_key_file = /etc/zarafa/gateway/privkey.pem
smtpd_tls_cert_file = /etc/zarafa/gateway/cert.pem
smtpd_use_tls = yes
smtpd_tls_loglevel = 2
tls_random_source = dev:/dev/urandom
djigzo_mynetworks = 127.0.0.0/8, 192.168.0.0/24
djigzo_myhostname = zarafaserver.in-put.de
djigzo_relayhost = 192.168.0.101
djigzo_relayhost_mx_lookup =
djigzo_relayhost_port = 25
djigzo_before_filter_message_size_limit = 10240000

Thanks for your help.

Best regards,

Stefan

--
Djigzo open source email encryption

Topic		Replies	Views
Postfix-Djigzo Communication Gateway	0	45	February 24, 2011
Djigzo doesn't forward Emails Gateway	4	53	August 16, 2011
Postfix-Djigzo Communication Gateway	1	71	February 24, 2011
Summary of findings after Djigzo tests Gateway	0	56	November 10, 2009
Some security related questions Gateway	1	39	December 3, 2009

Configuration question regarding postfix and djigzo

Related Topics