Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
HOWTO: Open-Xchange on Gentoo
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3 ... 28, 29, 30 ... 37, 38, 39  Next  
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
giulianoz
Tux's lil' helper
Tux's lil' helper


Joined: 11 Oct 2004
Posts: 96

PostPosted: Mon May 09, 2005 12:10 pm    Post subject: Reply with quote

bitwh0re wrote:
giulianoz wrote:
Hi,
I think I've followed closely the guide up to the point where I have to test the tomcat server. if I point to my http://localhost:8080/ page what I receive is a blank pace (contains
Code:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><title></title></head><body></body></html>
. I've checked the logs for tomcat, apache, messages but there's nothing in. tomcat started correctly and the webapps path is set to the right directory.
any idea about this ?


don't use tomcat 5.0.28.


hi,
in unmerged 5.0.28 and the emarged 5.0.27-r5 but the problem hasn't solved. the output page is alqays empty wuth the same html source.

any other idea?

thanks
Back to top
View user's profile Send private message
bitwh0re
Apprentice
Apprentice


Joined: 29 Apr 2004
Posts: 214

PostPosted: Mon May 09, 2005 1:00 pm    Post subject: Reply with quote

giulianoz wrote:
bitwh0re wrote:

don't use tomcat 5.0.28.

in unmerged 5.0.28 and the emarged 5.0.27-r5 but the problem hasn't solved. the output page is alqays empty wuth the same html source.

any other idea?


What happens when you go to http://localhost:8080/manager/html? Do you get a blank page as well? Or does the Tomcat manager login screen appear? What if you go to http://localhost:8080/admin/?
Back to top
View user's profile Send private message
bitwh0re
Apprentice
Apprentice


Joined: 29 Apr 2004
Posts: 214

PostPosted: Mon May 09, 2005 1:11 pm    Post subject: Reply with quote

rickvernam wrote:
init-zero wrote:
Quote:
I saw no mention of it one way or the other in the HowTo, so I haven't a clue.

Yea, the how-to is very short on 'whys'

/me smacks bitwh0re


You know what would be nice, is a link to some informative source of info about the things that are being used by Open-XChange. I am very much familiar with Tomcat, Apache, Perl & Postgre...but found that it was very hard to configure & set something up when I had no clue what it was, what function it served, how it related to the other components...etc...

My problem was that I didn't even know the theory behind ldap, imap (the other things that I don't want to mention for fear that they don't really exist, and I just don't know :oops: )... I'm sure some such document exists...a reference to it (them) needs to exist in this How To as well. Be sure that I'll be keeping my eyes open for such things...should I run across something of interest, I will make mention of it...


I can re-add the references section to the HOWTO. It existed in the PDF version, but was removed to save some space and reading. The HOWTO is currently 59 pages long and that can be a bit overwhelming. Linking to another 15 or so websites with at least 200pgs of documentation each could be enough to make setting up OX seem a monumental task and turn potential users away. If people feel that adding links to the documentation sections on websites such as postfix.org, openldap.org apache.org, etc etc, as well as other tutorials that I've used to help me with OX, please let me know via a private message. If you'd also like to have a certain website added to this section, again, PM me with the link.
Back to top
View user's profile Send private message
giulianoz
Tux's lil' helper
Tux's lil' helper


Joined: 11 Oct 2004
Posts: 96

PostPosted: Mon May 09, 2005 2:13 pm    Post subject: Reply with quote

bitwh0re wrote:
giulianoz wrote:
bitwh0re wrote:

don't use tomcat 5.0.28.

in unmerged 5.0.28 and the emarged 5.0.27-r5 but the problem hasn't solved. the output page is alqays empty wuth the same html source.

any other idea?


What happens when you go to http://localhost:8080/manager/html? Do you get a blank page as well? Or does the Tomcat manager login screen appear? What if you go to http://localhost:8080/admin/?


I got two blank pages :(

giuliano
Back to top
View user's profile Send private message
bitwh0re
Apprentice
Apprentice


Joined: 29 Apr 2004
Posts: 214

PostPosted: Mon May 09, 2005 2:15 pm    Post subject: Reply with quote

giulianoz wrote:
bitwh0re wrote:
giulianoz wrote:
bitwh0re wrote:

don't use tomcat 5.0.28.

in unmerged 5.0.28 and the emarged 5.0.27-r5 but the problem hasn't solved. the output page is alqays empty wuth the same html source.

any other idea?


What happens when you go to http://localhost:8080/manager/html? Do you get a blank page as well? Or does the Tomcat manager login screen appear? What if you go to http://localhost:8080/admin/?


I got two blank pages :(

giuliano


Silly question, but did you do '/etc/init.d/tomcat-5 stop' before unmerging and then after emerging tomcat 5.0.27 use '/etc/init.d/tomcat5 start' (note the lack of a dash)?
Back to top
View user's profile Send private message
ferp2
Tux's lil' helper
Tux's lil' helper


Joined: 13 Aug 2002
Posts: 104

PostPosted: Tue May 10, 2005 3:36 pm    Post subject: Reply with quote

The tutorial has 2 sections called "Encrypting E-Mail Traffic with SSL/TLS" and "SMTP Authentication and Relay Control". These 2 sections have to be implemented before you can get the desired effect. What is the desired effect? To be able to use your OX smtp server as a relay from essentially any client machine anywhere on the internet. Now some of you may find this obvious, but I for one took a bit of time before realizing the implications of these 2 sections. I thought, somehow, that these sections had to do with enabling me to connect my email client (Outlook, Thunderbird) with IMAP on port 993. This is not the case, so don't waste your time as the above mentioned sections have nothing to do with IMAP. Before going further you should understand the concept of relaying and how it applies to securing your system. Here's a quick, excellent read on this subject.

http://www.palomine.net/qmail/relaying.html

Now the reason I'm writing about this subject is that once I understood the concept, I couldn't get it to work. Let's say you want to hook up your Thunderbird email client, which is on a host that postfix does not trust. For instance, I've set the mynetworks_style parameter in /etc/postfix/main.cf to only trust the localhost.

Code:
mynetworks_style = host


This means even hosts on the same subnet can't relay through the OX smtp server without authenticating first.

How do you get, for instance, Thunderbird to authenticate through the OX smtp server? By going to Edit/Account Settings and clicking on Outgoing Server (smtp). Here you enter your mail server (mail.oxdomain.tld), port 25, enter your username and click on TLS. Now if you set up the server as in the tutorial, you should be able to authenticate against the server before being able to. In my case I wasn't able to for 2 reasons:

1) The howto says to "Add '-nodes' to your CA.pl file" where you have "} elsif (/^-newcert$/) {". This is to prevent the password from being encrypted. All very well, but I kept on getting a message that the certificate was corrupted. Finally somebody recommended doing this when you check for TLS support:

Quote:
telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 ox-domain.tld ESMTP Postfix
ehlo whatever
250-max.dfsarchitects.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250 8BITMIME
starttls
220 Ready to start TLS


The important thing is to type in starttls and see whether the server replies with a "Ready to start TLS" message. If you don't get that message, despite the fact that you see 250-STARTTLS, it isn't going to work. In my case the server gave me an error message. To correct it, I added -nodes in CA.pl as in:

Code:
        } elsif (/^-newreq$/) {
            # create a certificate request
            system ("$REQ -new [b]-nodes[/b] -keyout newreq.pem -out newreq.pem $DAYS");
            $RET=$?;
            print "Request (and private key) is in newreq.pem\n";


So that means you put -nodes in 2 places, not 1. Now you should be able to build the certificates and get the Ready to start TLS message when you run telnet.

2) The next problem occured when I tried to authenticate. First I'd accept the server certificate, but when I'd enter my password, it wouldn't work. Looking at my logs I saw the following:

Code:
May  9 22:57:03 max postfix/smtpd[29249]: warning: SASL authentication failure: no secret in database
May  9 22:57:03 max postfix/smtpd[29249]: warning: unknown[66.11.179.71]: SASL CRAM-MD5 authentication failed
May  9 22:57:03 max postfix/smtpd[29249]: warning: SASL authentication failure: no secret in database
May  9 22:57:03 max postfix/smtpd[29249]: warning: unknown[66.11.179.71]: SASL NTLM authentication failed
May  9 22:57:03 max postfix/smtpd[29249]: warning: SASL authentication problem: unknown password verifier
May  9 22:57:03 max postfix/smtpd[29249]: warning: SASL authentication failure: Password verification failed
May  9 22:57:03 max postfix/smtpd[29249]: warning: unknown[66.11.179.71]: SASL PLAIN authentication failed
May  9 22:57:03 max postfix/smtpd[29249]: warning: SASL authentication problem: unknown password verifier
May  9 22:57:03 max postfix/smtpd[29249]: warning: unknown[66.11.179.71]: SASL LOGIN authentication failed


To correct this I edited the smtpd.conf file as follows:

Quote:
cat /etc/sasl2/smtpd.conf
# $Header: /var/cvsroot/gentoo-x86/mail-mta/postfix/files/smtp.sasl,v 1.2 2004/07/18 03:26:56 dragonheart Exp $
#pwcheck_method:pam
pwcheck_method: saslauthd
mech_list: plain login


After correcting these 2 problems I'm able to access the smtp server from any untrusted host.
Back to top
View user's profile Send private message
dashnu
l33t
l33t


Joined: 21 Jul 2004
Posts: 703
Location: Casco Maine

PostPosted: Tue May 10, 2005 4:56 pm    Post subject: Reply with quote

ferp2 wrote:
The tutorial has 2 sections called "Encrypting E-Mail Traffic with SSL/TLS" and "SMTP Authentication and Relay Control". These 2 sections have to be implemented before you can get the desired effect. What is the desired effect? To be able to use your OX smtp server as a relay from essentially any client machine anywhere on the internet. Now some of you may find this obvious, but I for one took a bit of time before realizing the implications of these 2 sections. I thought, somehow, that these sections had to do with enabling me to connect my email client (Outlook, Thunderbird) with IMAP on port 993. This is not the case, so don't waste your time as the above mentioned sections have nothing to do with IMAP. Before going further you should understand the concept of relaying and how it applies to securing your system. Here's a quick, excellent read on this subject.


The section could be called "Encrypting SMTP Traffic with SSL/TLS"
ferp2 wrote:

http://www.palomine.net/qmail/relaying.html

Now the reason I'm writing about this subject is that once I understood the concept, I couldn't get it to work. Let's say you want to hook up your Thunderbird email client, which is on a host that postfix does not trust. For instance, I've set the mynetworks_style parameter in /etc/postfix/main.cf to only trust the localhost.

Code:
mynetworks_style = host


This means even hosts on the same subnet can't relay through the OX smtp server without authenticating first.


Why would you want this? I for example have 5 to 6 different apps that require smtp access. Not all apps support Auth.. Not to mention system mails, i also have 6 gentoo boxes with several users that need to send e-mail via scripts / cron-jobs and such. To add those all to ldap / cyrus would be a mojor pain. why not trust your network?

IMHO this will cause more work then good and is not needed. If user do this make sure you realize what you are doing.

ferp2 wrote:

How do you get, for instance, Thunderbird to authenticate through the OX smtp server? By going to Edit/Account Settings and clicking on Outgoing Server (smtp). Here you enter your mail server (mail.oxdomain.tld), port 25, enter your username and click on TLS. Now if you set up the server as in the tutorial, you should be able to authenticate against the server before being able to. In my case I wasn't able to for 2 reasons:


With smtpd_tls_auth_only set to 'yes' you can not auth againts the server without using tls. I am confused with what your are talking about.
This statement is not correct. Why should you ?

ferp2 wrote:

1) The howto says to "Add '-nodes' to your CA.pl file" where you have "} elsif (/^-newcert$/) {". This is to prevent the password from being encrypted. All very well, but I kept on getting a message that the certificate was corrupted. Finally somebody recommended doing this when you check for TLS support:


Yes I wrote this up several months after actually implementing it... Bitwhore you should add this to the how-to the -nodes is needed in both places.

ferp2 wrote:


2) The next problem occured when I tried to authenticate. First I'd accept the server certificate, but when I'd enter my password, it wouldn't work. Looking at my logs I saw the following:

Code:
May  9 22:57:03 max postfix/smtpd[29249]: warning: SASL authentication failure: no secret in database
May  9 22:57:03 max postfix/smtpd[29249]: warning: unknown[66.11.179.71]: SASL CRAM-MD5 authentication failed
May  9 22:57:03 max postfix/smtpd[29249]: warning: SASL authentication failure: no secret in database
May  9 22:57:03 max postfix/smtpd[29249]: warning: unknown[66.11.179.71]: SASL NTLM authentication failed
May  9 22:57:03 max postfix/smtpd[29249]: warning: SASL authentication problem: unknown password verifier
May  9 22:57:03 max postfix/smtpd[29249]: warning: SASL authentication failure: Password verification failed
May  9 22:57:03 max postfix/smtpd[29249]: warning: unknown[66.11.179.71]: SASL PLAIN authentication failed
May  9 22:57:03 max postfix/smtpd[29249]: warning: SASL authentication problem: unknown password verifier
May  9 22:57:03 max postfix/smtpd[29249]: warning: unknown[66.11.179.71]: SASL LOGIN authentication failed


To correct this I edited the smtpd.conf file as follows:

Quote:
cat /etc/sasl2/smtpd.conf
# $Header: /var/cvsroot/gentoo-x86/mail-mta/postfix/files/smtp.sasl,v 1.2 2004/07/18 03:26:56 dragonheart Exp $
#pwcheck_method:pam
pwcheck_method: saslauthd
mech_list: plain login


This is in the how-to in the relay section.. http://www.mikefetherston.ca/OX/html/index.html#smtpauth
However it should be smtp.conf

good finds

edit* Bitwh0re these sections are in fact needed to get the desired result.. Maybe they should be put into one section and organized a bit better.
Back to top
View user's profile Send private message
bitwh0re
Apprentice
Apprentice


Joined: 29 Apr 2004
Posts: 214

PostPosted: Wed May 11, 2005 12:44 pm    Post subject: Reply with quote

I'll add this to my TODO....
Back to top
View user's profile Send private message
ferp2
Tux's lil' helper
Tux's lil' helper


Joined: 13 Aug 2002
Posts: 104

PostPosted: Wed May 11, 2005 7:27 pm    Post subject: Reply with quote

dashnu wrote:
Why would you want this? I for example have 5 to 6 different apps that require smtp access. Not all apps support Auth.. Not to mention system mails, i also have 6 gentoo boxes with several users that need to send e-mail via scripts / cron-jobs and such. To add those all to ldap / cyrus would be a mojor pain. why not trust your network?

IMHO this will cause more work then good and is not needed. If user do this make sure you realize what you are doing.


Yes, yes, I know. This is just a temporary setting until I establish which hosts I can trust.

dashnu wrote:

With smtpd_tls_auth_only set to 'yes' you can not auth againts the server without using tls. I am confused with what your are talking about.
This statement is not correct. Why should you ?


I should have said, "before being able to send email". IOW, if you're an untrusted host, you have to authenticate using TLS before sending email using the OX smtp server, without exception.

dashnu wrote:
This is in the how-to in the relay section.. http://www.mikefetherston.ca/OX/html/index.html#smtpauth
However it should be smtp.conf


Mike's tutorial wrote:

You will next create a file in /etc/sasl2 called smtp and add the following:

/etc/sasl2/smtp
pwcheck_method: saslauthd
mech_list: LOGIN PLAIN


This doesn't work. It should be

Quote:
Ye shall create a file in /etc/sasl2 called smtpd.conf and add the following:

blahblah...


This is how I have it set up in mine, and it works.
Back to top
View user's profile Send private message
rickvernam
Guru
Guru


Joined: 09 Jul 2004
Posts: 310

PostPosted: Wed May 11, 2005 9:39 pm    Post subject: Reply with quote

I will be setting up DSPAM shortly. I have absolutely no clue what I'm getting into by setting up DSPAM...buy then again I had no clue when starting Open-XChange either (I have never done email stuff...ever...)

So, I will look at DSPAM docs, and search if I have problems...etc...etc..
But does anybody here have any suggestions?

Thanks!
-Rick
Back to top
View user's profile Send private message
bitwh0re
Apprentice
Apprentice


Joined: 29 Apr 2004
Posts: 214

PostPosted: Thu May 12, 2005 12:03 am    Post subject: Reply with quote

rickvernam wrote:
I will be setting up DSPAM shortly. I have absolutely no clue what I'm getting into by setting up DSPAM...buy then again I had no clue when starting Open-XChange either (I have never done email stuff...ever...)

So, I will look at DSPAM docs, and search if I have problems...etc...etc..
But does anybody here have any suggestions?

Thanks!
-Rick


I tried a while back and had troubles with the pgsql driver. Check into the irc channel.. #dspam on freenode i beleive. if you'd like, this is something i've been wanting to add to the HOWTO.. if you'd like to document your steps and findings, I'd be happy to add them in and give you credit.

mike.
Back to top
View user's profile Send private message
rickvernam
Guru
Guru


Joined: 09 Jul 2004
Posts: 310

PostPosted: Thu May 12, 2005 1:32 am    Post subject: Reply with quote

Yeah, I'll do that...it'll be a piece that will fit nicely.
Back to top
View user's profile Send private message
ulwur
n00b
n00b


Joined: 06 Mar 2005
Posts: 17

PostPosted: Thu May 12, 2005 7:32 pm    Post subject: aliases not working Reply with quote

I had problems with aliass on an open-exchange installation from Mike fetherson's howto.

In phpldapadmin I added alias attributes on the users, (so that mail to postmaster and root would go my my mailbox) but I never got it working...

Eventuellay found out I had to tell postfix how to find the aliases. I added this to my postfix's main.cf

virtual_maps = ldap:ldapsource
ldapsource_query_filter = (|(mail=%s)(alias=%s))

Then it works!

/Uwur
Back to top
View user's profile Send private message
bitwh0re
Apprentice
Apprentice


Joined: 29 Apr 2004
Posts: 214

PostPosted: Thu May 12, 2005 9:06 pm    Post subject: Re: aliases not working Reply with quote

ulwur wrote:
I had problems with aliass on an open-exchange installation from Mike fetherson's howto.

In phpldapadmin I added alias attributes on the users, (so that mail to postmaster and root would go my my mailbox) but I never got it working...

Eventuellay found out I had to tell postfix how to find the aliases. I added this to my postfix's main.cf

virtual_maps = ldap:ldapsource
ldapsource_query_filter = (|(mail=%s)(alias=%s))

Then it works!

/Uwur


Thanks for that tip, that's really helpful!!
Back to top
View user's profile Send private message
giulianoz
Tux's lil' helper
Tux's lil' helper


Joined: 11 Oct 2004
Posts: 96

PostPosted: Fri May 13, 2005 9:35 pm    Post subject: Reply with quote

bitwh0re wrote:
giulianoz wrote:
bitwh0re wrote:
giulianoz wrote:
bitwh0re wrote:

don't use tomcat 5.0.28.

in unmerged 5.0.28 and the emarged 5.0.27-r5 but the problem hasn't solved. the output page is alqays empty wuth the same html source.

any other idea?


What happens when you go to http://localhost:8080/manager/html? Do you get a blank page as well? Or does the Tomcat manager login screen appear? What if you go to http://localhost:8080/admin/?


I got two blank pages :(

giuliano


Silly question, but did you do '/etc/init.d/tomcat-5 stop' before unmerging and then after emerging tomcat 5.0.27 use '/etc/init.d/tomcat5 start' (note the lack of a dash)?


yes, I did stop the tomcat5 daemon before the unmerge and restarted it after the emerge :)

giuliano
Back to top
View user's profile Send private message
Braden.Compton
n00b
n00b


Joined: 21 Mar 2005
Posts: 10

PostPosted: Sat May 14, 2005 12:34 am    Post subject: Towards Mike's "One Can Dream" OX-Ecosystem Reply with quote

Hi guys,

After having a look at this pdf document [mikefetherston.ca], which outlines a dream-scenario for windows/linux network integration, it strikes me that this sort of thing is imminently do-able. Has anyone tried?

In light of this, can I make some suggestions for the next version of the OX-on-Gentoo guide?
  • Configuring Gentoo to use LDAP/PAM (with an OX-compatible DIT). This will require some careful planning. Do we use an RFC DIT and change open-xchange accordingly (ala this OX-wikie guide [open-xchange.org]). Or do we go with OX's ldap structure and reconfigure PAM accordingly?
  • Installing SAMBA with LDAP authentication (with an OX-compatible DIT). The OX-wiki has some a rough guide [open-xchange.org] to configuring SAMBA and OPEN-XCHANGE to use a common, compatible DIT. Unfortunately this guide is old, and I couldn't get it to work (mostly because I didn't have time).
  • Configure APACHE2 to do redirection to SSL (ala this OX-wiki guide [open-xchange.org]). An absolute must if you are going to start making intranet docs available over webdav (not to mention having intranet password flying all over the web).
  • Come up with a way to mount webdav documents to a server's filesystem, for NFS and SAMBA export. Again, this should be do-able (albeit difficult). There are several open-source projects that allow webdav mounting under linux (IMHO, davfs2 [sourceforge.net] looks the most promising). The OX-wiki has guides for mounting webdav.documents under windows and MacOSX [open-xchange.org]. Once again, this would require some planning. I don't think you can just use root (on the server) to mount webdav, and then symlink this to people's home directories, because everyone will get root access to the webdav files (please correct me if I'm wrong on this one). One possibility would be to use client-side scripts to mount the webdav share at logon time (ala the aforementioned OX-wiki guides). Another (uglier) option might be to use SU (on the server) to mount webdav, user-by-user, to each home directory. But just the thought of this makes me cringe. Of course, there might be other, more elegant solutions that lie outside the scope of my knowledge.


What this would enable us to do:
  • Deploy a network of mixed clients (linux/windows) that all authenticate against a common source. Passwords changes can be made from any workstation, or even OX umin.
  • Have one centralised documents store, accessible via the home directory on linux and windows workstations, or via the OX web-interface (ie. available anywhere in the world). This means one home directory/documents tree, no matter whether you are sitting in front of a linux terminal, or a windows worksation.


IMHO, such a system, while technically ambitious, would be of considerable use to large organisations. The reason I am floating this idea here is that I want to depoly such a system (as a test-platform) early in July. If anyone has any suggestions that might help reduce the pain of doing so (or, shock/horror, if someone puts together a working HOWTO before then), well, I'd be *EXTREMELY* happy :-).

Thanks for your time. Looking forward to some suggestions!

Regards,
Braden.
Back to top
View user's profile Send private message
Fibbs
Guru
Guru


Joined: 26 Jan 2003
Posts: 448
Location: Forstern near Munich / Germany

PostPosted: Sat May 14, 2005 4:05 pm    Post subject: Reply with quote

Hi folks,

i am having a problem installing openxchange from the HOWTO on http://www.mikefetherston.ca/OX/html/index.html. I'm at the point "Initialize your LDAP tree for Open-Xchange:".

My init_ldap.ldif is the following:
Code:

dn: dc=kdorf,dc=local
objectClass: dcObject
objectClass: organization
dc: kdorf
o: GENTIX

dn: ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: organizationalUnit
ou: OxObjects

dn: ou=Users,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: organizationalUnit
ou: Users

dn: ou=Groups,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: organizationalUnit
ou: Groups

dn: ou=ResourceObjects,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: organizationalUnit
ou: ResourceObjects

dn: ou=ResourceGroups,ou=ResourceObjects,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: organizationalUnit
ou: ResourceGroups

dn: ou=Resources,ou=ResourceObjects,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: organizationalUnit
ou: Resources

dn: ou=AdminObjects,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: organizationalUnit
ou: AdminObjects

dn: ou=SMTPObjects,ou=AdminObjects,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: organizationalUnit
ou: SMTPObjects

dn: ou=DNSObjects,ou=AdminObjects,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: organizationalUnit
ou: DNSObjects

dn: o=AddressBook,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: organization
o: AddressBook

dn: cn=AddressAdmins,o=AddressBook,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: groupOfNames
cn: AddressAdmins
member: uid=mailadmin,ou=Users,ou=OxObjects,dc=kdorf,dc=local

dn: cn=users,ou=Groups,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: posixGroup
cn: users
gidNumber: 500

dn: cn=OXSMTPAdmins,ou=Administration,ou=Groups,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: groupOfNames
member: uid=mailadmin,ou=Users,ou=OxObjects,dc=kdorf,dc=local
cn: OXSMTPAdmins

dn: cn=OXUserAdmins,ou=Administration,ou=Groups,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: groupOfNames
member: uid=mailadmin,ou=Users,ou=OxObjects,dc=kdorf,dc=local
cn: OXUserAdmins

dn: cn=OXGroupAdmins,ou=Administration,ou=Groups,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: groupOfNames
cn: OXGroupAdmins
member: uid=mailadmin,ou=Users,ou=OxObjects,dc=kdorf,dc=local

dn: cn=OXDNSAdmins,ou=Administration,ou=Groups,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: groupOfNames
cn: OXDNSAdmins
member: uid=mailadmin,ou=Users,ou=OxObjects,dc=kdorf,dc=local

dn: cn=OXResourceAdmins,ou=Administration,ou=Groups,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: groupOfNames
cn: OXResourceAdmins
member: uid=mailadmin,ou=Users,ou=OxObjects,dc=kdorf,dc=local

dn: cn=OXIMAPAdmins,ou=Administration,ou=Groups,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: groupOfNames
member: uid=mailadmin,ou=Users,ou=OxObjects,dc=kdorf,dc=local
cn: OXIMAPAdmins

dn: ou=Administration,ou=Groups,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: organizationalUnit
ou: Administration

dn: uid=mailadmin,ou=Users,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: shadowAccount
objectClass: posixAccount
objectClass: person
objectClass: inetOrgPerson
objectClass: OXUserObject
OpenLDAPaci: 1#entry#grant;r,w,s,c;cn,initials,mail,title,ou,l,birthday,description,street,postalcode,st,c,oxtimezone,homephone,mobile,pager,facsimiletelephonenumber,telephonenumber,labeleduri,jpegphoto,loginDestination,sn,givenname,;r,s,c;[all]#self#
uidNumber: 501
homeDirectory: /home/mailadmin/
loginShell: /bin/bash
mailEnabled: OK
gidNumber: 500
mailDomain: kdorf.local
ou: Administration
uid: mailadmin
sn: Admin
preferredLanguage: EN
mail: mailadmin@kdorf.local
o: GENTIX
smtpServer: localhost
imapServer: localhost
alias: postmaster@kdorf.local
alias: root@kdorf.local
givenName: Admin
cn: Admin Admin
shadowMin: 0
shadowMax: 9999
shadowWarning: 7
shadowExpire: 0
userPassword: {CRYPT}TT7Vc9uG64aQY
OXAppointmentDays: 5
OXGroupID: 500
OXTaskDays: 5
OXTimeZone: Europe/Berlin

dn: ou=addr,uid=mailadmin,ou=Users,ou=OxObjects,dc=kdorf,dc=local
ou: addr
objectClass: top
objectClass: organizationalUnit

dn: ou=MailTransports,ou=SMTPObjects,ou=AdminObjects,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: organizationalUnit
ou: MailTransports
dn: smtpDomain=kdorf.local,ou=MailTransports,ou=SMTPObjects,ou=AdminObjects,ou=OxObjects,dc=kdorf,dc=local
smtpDomainTransportNexthop: smtp:192.168.32.134
smtpDomain: kdorf.local
objectClass: top
objectClass: OXMailTransportObject
cn: example transport map entry

dn: ou=AvailableServers,ou=AdminObjects,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: organizationalUnit
ou: AvailableServers
description: List of available Servers for OX

dn: ou=directoryServer,ou=AvailableServers,ou=AdminObjects,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: organizationalUnit
ou: directoryServer

dn: ou=webmailServer,ou=AvailableServers,ou=AdminObjects,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: organizationalUnit
ou: webmailServer

dn: ou=smtpServer,ou=AvailableServers,ou=AdminObjects,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: organizationalUnit
ou: smtpServer

dn: ou=SharedFolder,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: organizationalUnit
ou: SharedFolder

dn: ou=imapServer,ou=AvailableServers,ou=AdminObjects,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: organizationalUnit
ou: imapServer

dn: domainName=kdorf.local,ou=DNSObjects,ou=AdminObjects,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: OXVDomainObject
MTALocaldomain: TRUE
domainName: kdorf.local

dn: ou=groupwareServer,ou=AvailableServers,ou=AdminObjects,ou=OxObjects,dc=kdorf,dc=local
objectClass: top
objectClass: organizationalUnit
ou: groupwareServer


i only edited the password string. Because my machine is a test server i did not change the password string here.

When i try to execute
Code:

slapadd -d 1 -l /usr/local/open-xchange/share/init_ldap.ldif


i get the following debug output:
Code:

....
cal), objectClass "organizationalUnit"
oc_check_allowed type "objectClass"
oc_check_allowed type "ou"
oc_check_allowed type "structuralObjectClass"
=> bdb_tool_entry_put( -1, "ou=Administration,ou=Groups,ou=OxObjects,dc=kdorf,dc=local" )
=> bdb_dn2id( "ou=administration,ou=groups,ou=oxobjects,dc=kdorf,dc=local" )
<= bdb_dn2id: got id=0x0000000e
=> entry_encode(0x0000000e): ou=Administration,ou=Groups,ou=OxObjects,dc=kdorf,dc=local
=> index_entry_add( 14, "ou=Administration,ou=Groups,ou=OxObjects,dc=kdorf,dc=local" )
=> key_change(ADD,e)
<= key_change 0
=> key_change(ADD,e)
<= key_change 0
=> key_change(ADD,e)
<= key_change 0
<= index_entry_add( 14, "ou=Administration,ou=Groups,ou=OxObjects,dc=kdorf,dc=local" ) success
=> str2entry
>>> dnPrettyNormal: <uid=mailadmin,ou=Users,ou=OxObjects,dc=kdorf,dc=local>
<<< dnPrettyNormal: <uid=mailadmin,ou=Users,ou=OxObjects,dc=kdorf,dc=local>, <uid=mailadmin,ou=users,ou=oxobjects,dc=kdorf,dc=local>
<= str2entry: str2ad(OpenLDAPaci): attribute type undefined
slapadd: could not parse entry (line=145)
slapadd shutdown: initiated
====> bdb_cache_release_all
slapadd shutdown: freeing system resources.
====> bdb_cache_release_all


Without the '-d 1' i only get
Code:

groupware open-xchange # slapadd -l /usr/local/open-xchange/share/init_ldap.ldif
slapadd: could not parse entry (line=145)


As i have no idea about ldap yet i don't know how to fix this problem and would be glad if anyone of you could help me...

I am using net-nds/openldap-2.1.30-r4 and OPEN-XCHANGE 0.8.0-2.

Thank you very much in advance!


Fibbs
Back to top
View user's profile Send private message
bitwh0re
Apprentice
Apprentice


Joined: 29 Apr 2004
Posts: 214

PostPosted: Sat May 14, 2005 6:37 pm    Post subject: Reply with quote

Fibbs wrote:
Code:
<= str2entry: str2ad(     OpenLDAPaci     ): attribute type undefined
slapadd: could not parse entry (line=145)
slapadd shutdown: initiated
====> bdb_cache_release_all
slapadd shutdown: freeing system resources.
====> bdb_cache_release_all



Sounds / Looks like you don't have ACI enabled in OpenLDAP.
Back to top
View user's profile Send private message
Fibbs
Guru
Guru


Joined: 26 Jan 2003
Posts: 448
Location: Forstern near Munich / Germany

PostPosted: Mon May 16, 2005 3:06 pm    Post subject: Reply with quote

bitwh0re wrote:
Fibbs wrote:
Code:
<= str2entry: str2ad(     OpenLDAPaci     ): attribute type undefined
slapadd: could not parse entry (line=145)
slapadd shutdown: initiated
====> bdb_cache_release_all
slapadd shutdown: freeing system resources.
====> bdb_cache_release_all



Sounds / Looks like you don't have ACI enabled in OpenLDAP.


This was the error, thank you very much!

Fibbs
Back to top
View user's profile Send private message
rickvernam
Guru
Guru


Joined: 09 Jul 2004
Posts: 310

PostPosted: Mon May 16, 2005 5:18 pm    Post subject: Reply with quote

So, I've gotten dspam to scan messages & keep stats.
Also, mail is no longer being bounced back to the sender :D
From what I can tell, only 2 tasks remain:
1 - Get mail delivered to recipient mailbox (i said it is not being bounced back to sender, never said it was going to destination though...) :!:
2 - Get dspam-web working for nice www stats & also for looking at mail marked as spam.

-Rick
Back to top
View user's profile Send private message
bitwh0re
Apprentice
Apprentice


Joined: 29 Apr 2004
Posts: 214

PostPosted: Mon May 16, 2005 6:42 pm    Post subject: Reply with quote

rickvernam wrote:
So, I've gotten dspam to scan messages & keep stats.
Also, mail is no longer being bounced back to the sender :D
From what I can tell, only 2 tasks remain:
1 - Get mail delivered to recipient mailbox (i said it is not being bounced back to sender, never said it was going to destination though...) :!:
2 - Get dspam-web working for nice www stats & also for looking at mail marked as spam.


Keep me posted rickvernam! This will be a welcome addition to the HOWTO!! You can send your (rough?) notes to my e-mail that you can find on my website.

Thanks!!

Mike.
Back to top
View user's profile Send private message
rickvernam
Guru
Guru


Joined: 09 Jul 2004
Posts: 310

PostPosted: Tue May 17, 2005 9:13 pm    Post subject: Reply with quote

I can't seem to get any mail client to authenticate when trying to send mail. I can send from OX webmail just fine...but if I try to configure Thunderbird, or any other mail client for that matter, I get problems.
If I don't do authentication, I get problems saying no relaying. This is fine, I want all senders to authenticate.
If I set up authentication on the mail client, it comes up and perpetually asks for my password.
Looking at the logs, I get lots of this junk:
Code:
May 17 15:29:27 localhost postfix/smtpd[6769]: connect from unknown[192.168.2.120]
May 17 15:29:31 localhost postfix/smtpd[6769]: warning: SASL authentication failure: no secret in database
May 17 15:29:31 localhost postfix/smtpd[6769]: warning: unknown[192.168.2.120]: SASL CRAM-MD5 authentication failed
May 17 15:29:31 localhost postfix/smtpd[6769]: warning: SASL authentication failure: no secret in database
May 17 15:29:31 localhost postfix/smtpd[6769]: warning: unknown[192.168.2.120]: SASL NTLM authentication failed
May 17 15:29:31 localhost postfix/smtpd[6769]: warning: SASL authentication problem: unknown password verifier
May 17 15:29:31 localhost postfix/smtpd[6769]: warning: SASL authentication failure: Password verification failed
May 17 15:29:31 localhost postfix/smtpd[6769]: warning: unknown[192.168.2.120]: SASL PLAIN authentication failed
May 17 15:29:31 localhost postfix/smtpd[6769]: warning: SASL authentication problem: unknown password verifier
May 17 15:29:31 localhost postfix/smtpd[6769]: warning: unknown[192.168.2.120]: SASL LOGIN authentication failed
May 17 15:34:31 localhost postfix/smtpd[6769]: timeout after AUTH from unknown[192.168.2.120]
May 17 15:34:31 localhost postfix/smtpd[6769]: disconnect from unknown[192.168.2.120]


so...what to do? I'm thinking that since I can send from OX just fine that this problem is related to something else...but what? Maybe I don't have correct config in mail client?
Back to top
View user's profile Send private message
bitwh0re
Apprentice
Apprentice


Joined: 29 Apr 2004
Posts: 214

PostPosted: Wed May 18, 2005 12:39 pm    Post subject: Reply with quote

rickvernam wrote:
I can't seem to get any mail client to authenticate when trying to send mail. I can send from OX webmail just fine...but if I try to configure Thunderbird, or any other mail client for that matter, I get problems.
If I don't do authentication, I get problems saying no relaying. This is fine, I want all senders to authenticate.
If I set up authentication on the mail client, it comes up and perpetually asks for my password.
Looking at the logs, I get lots of this junk:
Code:
May 17 15:29:27 localhost postfix/smtpd[6769]: connect from unknown[192.168.2.120]
May 17 15:29:31 localhost postfix/smtpd[6769]: warning: SASL authentication failure: no secret in database
May 17 15:29:31 localhost postfix/smtpd[6769]: warning: unknown[192.168.2.120]: SASL CRAM-MD5 authentication failed


so...what to do? I'm thinking that since I can send from OX just fine that this problem is related to something else...but what? Maybe I don't have correct config in mail client?


Sounds like either postfix doesn't trust anything but localhost or your mail client isn't sending the proper authentication. Are you trying this after you enabled SSL/TLS, Auth, and Relay control? If so, try backing out those changes and see what happens then.
Back to top
View user's profile Send private message
rickvernam
Guru
Guru


Joined: 09 Jul 2004
Posts: 310

PostPosted: Wed May 18, 2005 5:36 pm    Post subject: Reply with quote

bitwh0re wrote:
rickvernam wrote:
I can't seem to get any mail client to authenticate when trying to send mail. I can send from OX webmail just fine...but if I try to configure Thunderbird, or any other mail client for that matter, I get problems.
If I don't do authentication, I get problems saying no relaying. This is fine, I want all senders to authenticate.
If I set up authentication on the mail client, it comes up and perpetually asks for my password.
Looking at the logs, I get lots of this junk:
Code:
May 17 15:29:27 localhost postfix/smtpd[6769]: connect from unknown[192.168.2.120]
May 17 15:29:31 localhost postfix/smtpd[6769]: warning: SASL authentication failure: no secret in database
May 17 15:29:31 localhost postfix/smtpd[6769]: warning: unknown[192.168.2.120]: SASL CRAM-MD5 authentication failed


so...what to do? I'm thinking that since I can send from OX just fine that this problem is related to something else...but what? Maybe I don't have correct config in mail client?


Sounds like either postfix doesn't trust anything but localhost or your mail client isn't sending the proper authentication. Are you trying this after you enabled SSL/TLS, Auth, and Relay control? If so, try backing out those changes and see what happens then.


Found that if I put into '/etc/sasl2/smtpd.conf' the same as what was in '/etc/sasl2/smtp' that the problem went away & authentication worked like a charm.
Back to top
View user's profile Send private message
rickvernam
Guru
Guru


Joined: 09 Jul 2004
Posts: 310

PostPosted: Fri May 20, 2005 3:43 pm    Post subject: Reply with quote

So, I got DSPAM working with an OX install followed directly from the How-To. It may not be elegant or even a good way to do it...but I really don't know...

First, I made an ebuild for DSPAM 3.4.6 by making a dspam-3.4.6.ebuild in the portage overlay, then digesting it (your overlay may not be /usr/local/portage):
Code:
cd /usr/local/portage
mkdir -p ./mail-filter/dspam
cp /usr/portage/mail-filter/dspam/dspam-3.4.5.ebuild ./mail-filter/dspam/dspam-3.4.6.ebuild
ebuild ./mail-filter/dspam/dspam-3.4.6.ebuild digest

ACCEPT_KEYWORDS="~x86" USE="cyrus virtual-users" emerge dspam -pv should look like this:
Code:
[ebuild  N    ] mail-filter/dspam-3.4.6  +cyrus -debug -exim -large-domain -maildrop -mysql -neural -oci8 +postgres -procmail -sqlite -sqlite3 +virtual-users

If you want, go ahead and merge it. After it's done, run
Code:
ebuild dspam-3.4.6.ebuild config
to setup the database & whatever else it does...

I had to modify /etc/postfix/master.cf with the following:
Code:
dspam-cyrus unix - n n - - pipe user=cyrus:mail argv=dspam --deliver=innocent --user ${user} -e -r ${sender} -m ${extension} ${user}

If you want debugging, add '--debug' after 'argv=dspam'. if you want to deliver spammy emails to the user change '--deliver=innocent' to '--deliver=innocent,spam'
The parameters after '--user ${user} all go to cyrus's deliver, so you can modify those according to deliver's configuration parameters.

I had to modify /etc/postfix/main.cf as such:
Code:
#mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
mailbox_transport = dsapm-cryus
alias_maps = hash:/etc/postfix/dspam.aliases


in /etc/mail/dspam/dspam.conf
Code:
TrustedDeliveryAgent "/usr/lib/cyrus/deliver"
UnTrustedDeliveryAgent "/usr/lib/cyrus/deliver -r %u"

Trust dspam
Trust postfix
Trust cyrus
Trust nobody


Now, unless you have trained DSPAM it won't know what is spam and what is not. One way to train it that works nicely in such a setup is to have everybody specify what they consider spam. To do so, each user will forward their spam to 'spam-[their username]@ox-domain.tld'. However, instead of setting up those email accounts, we'll create an alias file that postfix will use to both recognize these 'addresses' and also to take a different course of action in order to notify dspam that the user considers the given message spam. You can also use the same alias file to specify 'notspam-[theirusername]@ox-domain.tld' to inform dspam if it incorrectly categorized a message as spam when it's really not, but I haven't done that yet...
So, create an alias file where ever you want. I put mine in /etc/postfix/dspam.aliases and fill it with entries as such for each user:
Code:
spam-[username]: "|dspam --user [username] --class=spam --source=error --mode=teft -e -r ${sender} -m {Spam} [username]"

I'd imagine that the notspam-username would look like this, but like I said I have not tested this stuff yet:
Code:
notspam-[username]: "|dspam --user [username] --class=innocent --source=error --mode=teft -e -r ${sender} [username]"

In these example, postfix pipes to dspam which corrects it's data to reflect its mistake. I have also instructed dspam to send spammy messages into the users "Spam" folder, and otherwise into the users mailbox.
You'll also have to do the following to the alias file:
Code:
postalias /etc/postfix/dspam.aliases'


so, reload postfix and you should be on your way (or maybe you'd have to restart, but reload worked for me...)
Code:
/etc/init.d/postfix reload


So, this is coming from somebody who two weeks ago had never done anything with email other than read & write it. I'm expecting that the more seasoned email admin people will advise accordingly should the above be an undesireable configuration.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Goto page Previous  1, 2, 3 ... 28, 29, 30 ... 37, 38, 39  Next
Page 29 of 39

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum