Re: Migrate Mailserver from sendmail/Curier/LDAP to OpenSMTP/Dovecot/LDAP
Hi Craig, I will check it out, for now Im glad about the input I got here from all of you :) The list ist in a lot of cases the right place to get help! For me its hard to battle with some of these things because its not my main focus. In the end I try to write some code in c# or python. But since I'm the only guy that wants to battle the the cmd on a openBSD box, in a world surrounded by windows environments ... I try to do my best ;) I will take all the input I got and try to make something out of it :) if someone whats to share more insights plz do so ;) regards Markus Am 28.01.2017 um 15:05 schrieb Craig Skinner: Hi Markus, On 2017-01-27 Fri 12:24 PM |, Markus Rosjat wrote: I dont like the idea of one single virtual user handling all the traffic to the maildirectories. Me neither. Here, all users have proper shell accounts & SSH access, for mutt, etc. Stop Dovecot, unmount /var/mail (where mail stays), dump(1). No SQL "spool". There is no LDAP nor SQL, it is all simple stuff;- *) The MTA delivers via LMTP to Dovecot - which sieves mail. (Thunderbird & other mail clients have a sieve plugin.) *) Users IMAP/POP/SMTP auth via an individual passwd file, which they change via a script (which calls pwqcheck(1) in ports). /etc/passwd is _NOT_ used for mail authentication. (MTA SMTP submission port auth relaying is validated by Dovecot too.) No webmail; everybody is expected to have their own IMAP/POP/SSH device.$ doveconf -n # 2.2.24 (a82c823): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.14 (099a97c) # OS: OpenBSD 6.0 i386 ffs auth_mechanisms = cram-md5 apop auth_username_format = %Ln first_valid_uid = 1000 listen = * mail_location = maildir:/var/mail/%u managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext mbox_write_locks = fcntl mmap_disable = yes namespace inbox { inbox = yes location = mailbox Archive { auto = subscribe special_use = \Archive } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Templates { auto = subscribe } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / type = private } passdb { args = /var/dovecot/auth.d/%u/passwd.CRAM-MD5 driver = passwd-file } passdb { args = /var/dovecot/auth.d/%u/passwd.CLEAR driver = passwd-file skip = authenticated } plugin { sieve = file:/var/mail/%u/sieve/;active=active.sieve } protocols = imap pop3 lmtp sieve service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = _postfix mode = 0660 user = _postfix } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = _postfix mode = 0660 user = _postfix } } service managesieve-login { inet_listener sieve { port = 4190 } } ssl = no userdb { args = blocking=no driver = passwd result_failure = return-fail } protocol lmtp { mail_plugins = " sieve" postmaster_address = postmaster } In the future I hope to be able to deploy OpenSMTPd, when the filtering & other work has stabilised. Cheers, -- Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: Migrate Mailserver from sendmail/Curier/LDAP to OpenSMTP/Dovecot/LDAP
Hi Markus, On 2017-01-27 Fri 12:24 PM |, Markus Rosjat wrote: > I dont like the idea of one single virtual user handling all the traffic to > the maildirectories. Me neither. Here, all users have proper shell accounts & SSH access, for mutt, etc. Stop Dovecot, unmount /var/mail (where mail stays), dump(1). No SQL "spool". There is no LDAP nor SQL, it is all simple stuff;- *) The MTA delivers via LMTP to Dovecot - which sieves mail. (Thunderbird & other mail clients have a sieve plugin.) *) Users IMAP/POP/SMTP auth via an individual passwd file, which they change via a script (which calls pwqcheck(1) in ports). /etc/passwd is _NOT_ used for mail authentication. (MTA SMTP submission port auth relaying is validated by Dovecot too.) No webmail; everybody is expected to have their own IMAP/POP/SSH device.$ doveconf -n # 2.2.24 (a82c823): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.14 (099a97c) # OS: OpenBSD 6.0 i386 ffs auth_mechanisms = cram-md5 apop auth_username_format = %Ln first_valid_uid = 1000 listen = * mail_location = maildir:/var/mail/%u managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext mbox_write_locks = fcntl mmap_disable = yes namespace inbox { inbox = yes location = mailbox Archive { auto = subscribe special_use = \Archive } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Templates { auto = subscribe } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / type = private } passdb { args = /var/dovecot/auth.d/%u/passwd.CRAM-MD5 driver = passwd-file } passdb { args = /var/dovecot/auth.d/%u/passwd.CLEAR driver = passwd-file skip = authenticated } plugin { sieve = file:/var/mail/%u/sieve/;active=active.sieve } protocols = imap pop3 lmtp sieve service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = _postfix mode = 0660 user = _postfix } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = _postfix mode = 0660 user = _postfix } } service managesieve-login { inet_listener sieve { port = 4190 } } ssl = no userdb { args = blocking=no driver = passwd result_failure = return-fail } protocol lmtp { mail_plugins = " sieve" postmaster_address = postmaster } In the future I hope to be able to deploy OpenSMTPd, when the filtering & other work has stabilised. Cheers, -- Craig Skinner | http://linkd.in/yGqkv7
Re: Migrate Mailserver from sendmail/Curier/LDAP to OpenSMTP/Dovecot/LDAP
On 2017-01-27, Markus Rosjatwrote: > Hi Kim, > > I dont like the idea of one single virtual user handling all the traffic > to the maildirectories. I did read about it but it feels strange to me. It makes things a lot simpler in some cases (e.g. if you share some folders between users, or if you're using dsync-over-ssh and don't want to give it root). >>> - is it possible to migrate old maildirs to use with dovecot >> It is possible, Maildir can be used directly, mbox transferred. >> There also exists an courier-dovecot-migrate script that rewrites >> couriers index et. al. for dovecot. >> (https://wiki2.dovecot.org/Migration/Courier) Or you can use "doveadm sync" with an imap source. If you want to convert to something other than Maildir (for example mdbox, which works well) then that would let you do it in a single step.
Re: Migrate Mailserver from sendmail/Curier/LDAP to OpenSMTP/Dovecot/LDAP
Hello, ros...@ghweb.de (Markus Rosjat), 2017.01.27 (Fri) 09:44 (CET): > so my question is what is the best strategy to migrate an exsiting LDAP > directory from a system that has sendmail and courier running to a system > with openSMTP and Dovecot. > > Old system: > > - Has systemaccount that match LDAP account > - system accounts to handle access to the filesystem > - LDAP account to auth with courier/sendmail This system wasn't OpenBSD? > New Sytem should: > > - use old system accounts > - use old LDAP dir to auth with OpenSMTP/Dovecot I think ypldap(8) is what you are looking for. > Additional Questions: > > - is it possible to migrate old maildirs to use with dovecot > > I dont want to set up just one virtual user to handle dovecot delivery since > I already have the LDAP users. I tested to set permissions on directories > and files for a LDAP user that has no systemaccount counterpart and it seems > to work but it doesn't feel right to do so in a production environement :) Please elaborate... user foobar did not exist in passwd(5) and you did a 'chown foobar /home/foobar'? Without ypldap(8)? Marcus > If someone could give some advice or point in the right direction it would > be much appreciated. > > > Regards > > -- > Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de > > G+H Webservice GbR Gorzolla, Herrmann > K??nigsbr??cker Str. 70, 01099 Dresden > > http://www.ghweb.de > fon: +49 351 8107220 fax: +49 351 8107227 > > Bitte pr??fen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before > you print it, think about your responsibility and commitment to the > ENVIRONMENT > > > !DSPAM:588b088d24847776135!
Re: Migrate Mailserver from sendmail/Curier/LDAP to OpenSMTP/Dovecot/LDAP
Hi Kim, I dont like the idea of one single virtual user handling all the traffic to the maildirectories. I did read about it but it feels strange to me. On the other hand I'm only the guy who has topick up old things and gets tasked to maked them working with new parts :( Am 27.01.2017 um 10:48 schrieb Kim Zeitler: Hi Markus On 01/27/17 09:44, Markus Rosjat wrote: Hi there, so my question is what is the best strategy to migrate an exsiting LDAP directory from a system that has sendmail and courier running to a system with openSMTP and Dovecot. Couple of years ago we changed from Courier to Dovecot and in short we wouldn't go back. As setup we hold all our users in LDAP except for system users (_*, root, ...) and have a dedicated server for mail running postfix as MTA and dovecot. We started from Postfix+Courier with the LDAP users as system users. The users could log into their accounts via ssh and do what ever they wanted. This configuration caused some problems with performance and also caused some permission problems as the dovecot process had to run as the user. Now Dovecot has direct access to the LDAP using the users as virtual users, all maildirs belong to the dovecot user _vmail. Postfix distinguishes between local users and ldap users, local users are directly delivered via local delivery, ldap users relayed to dovecot's lmtp server. - is it possible to migrate old maildirs to use with dovecot It is possible, Maildir can be used directly, mbox transferred. There also exists an courier-dovecot-migrate script that rewrites couriers index et. al. for dovecot. (https://wiki2.dovecot.org/Migration/Courier) You might want to move courier's flat maildir format to a file system format I dont want to set up just one virtual user to handle dovecot delivery since I already have the LDAP users. I tested to set permissions on directories and files for a LDAP user that has no systemaccount counterpart and it seems to work but it doesn't feel right to do so in a production environement :) See my comment further up to using an _vmail user Cheers Kim [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s] -- Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: Migrate Mailserver from sendmail/Curier/LDAP to OpenSMTP/Dovecot/LDAP
Hi Markus On 01/27/17 09:44, Markus Rosjat wrote: > Hi there, > > so my question is what is the best strategy to migrate an exsiting LDAP > directory from a system that has sendmail and courier running to a > system with openSMTP and Dovecot. > Couple of years ago we changed from Courier to Dovecot and in short we wouldn't go back. As setup we hold all our users in LDAP except for system users (_*, root, ...) and have a dedicated server for mail running postfix as MTA and dovecot. We started from Postfix+Courier with the LDAP users as system users. The users could log into their accounts via ssh and do what ever they wanted. This configuration caused some problems with performance and also caused some permission problems as the dovecot process had to run as the user. Now Dovecot has direct access to the LDAP using the users as virtual users, all maildirs belong to the dovecot user _vmail. Postfix distinguishes between local users and ldap users, local users are directly delivered via local delivery, ldap users relayed to dovecot's lmtp server. > - is it possible to migrate old maildirs to use with dovecot It is possible, Maildir can be used directly, mbox transferred. There also exists an courier-dovecot-migrate script that rewrites couriers index et. al. for dovecot. (https://wiki2.dovecot.org/Migration/Courier) You might want to move courier's flat maildir format to a file system format > > I dont want to set up just one virtual user to handle dovecot delivery > since I already have the LDAP users. I tested to set permissions on > directories and files for a LDAP user that has no systemaccount > counterpart and it seems to work but it doesn't feel right to do so in a > production environement :) See my comment further up to using an _vmail user Cheers Kim [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Migrate Mailserver from sendmail/Curier/LDAP to OpenSMTP/Dovecot/LDAP
Hi there, so my question is what is the best strategy to migrate an exsiting LDAP directory from a system that has sendmail and courier running to a system with openSMTP and Dovecot. Old system: - Has systemaccount that match LDAP account - system accounts to handle access to the filesystem - LDAP account to auth with courier/sendmail New Sytem should: - use old system accounts - use old LDAP dir to auth with OpenSMTP/Dovecot Additional Questions: - is it possible to migrate old maildirs to use with dovecot I dont want to set up just one virtual user to handle dovecot delivery since I already have the LDAP users. I tested to set permissions on directories and files for a LDAP user that has no systemaccount counterpart and it seems to work but it doesn't feel right to do so in a production environement :) If someone could give some advice or point in the right direction it would be much appreciated. Regards -- Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT