26 rain6966发表

(2 篇回复,发表在 iRedAdmin-Pro 技术支持)

1).
使用  create_mail_user_OpenLDAP.sh 建立帳號 , 下錯格式 , 造成無法刪除.

[~/iRedMail-0.9.8/tools]# bash create_mail_user_OpenLDAP.sh mydomain.com ftp13@mydomain.com

adding new entry "ou=Users,domainName=mydomain.com,o=domains,dc=mydomain,dc=com"
ldap_add: Already exists (68)

adding new entry "ou=Groups,domainName=mydomain.com,o=domains,dc=mydomain,dc=com"
ldap_add: Already exists (68)

adding new entry "ou=Aliases,domainName=mydomain.com,o=domains,dc=mydomain,dc=com"
ldap_add: Already exists (68)

adding new entry "ou=Externals,domainName=mydomain.com,o=domains,dc=mydomain,dc=com"
ldap_add: Already exists (68)

adding new entry "mail=ftp13@mydomain.com@mydomain.com,ou=Users,domainName=mydomain.com,o=domains,dc=mydomain,dc=com"

Send a welcome mail to new user: ftp13@mydomain.com@mydomain.com


2)
查看:
iRedAdmin Pro > Users  under domain:下 ,

ftp13@mydomain.com     ftp13@mydomain.com         0% (0/4.88 GB)

刪除帳號:
現勾選 ftp13@mydomain.com 帳號 > Delete  > Keep mailbox forever  > Apply

出現: Error: Please select at least one account.

前往版面: iRedAdmin-Pro 技术支持

27 rain6966回复

(3 篇回复,发表在 iRedMail 技术支持)

chenzsab 写道:

Nov 21 10:04:13 pop3(hrfw@xxx.com.cn): Error: Timeout (120s) while waiting for shared lock for index file /var/vmail/vmail1/xxx.com.cn/h/r/f/hrfw-2014.08.15.10.41.28//Maildir/dovecot.index

hrfw@xxx.com.cn 账号无法正常接收\发送邮件,之前从来没有过这个问题,请指教.

試試 doveadm index 看看:
# doveadm -D index -A /var/vmail/vmail1/xxx.com.cn/h/r/f/hrfw-2014.08.15.10.41.28
或整個域
# doveadm -D index -A /var/vmail/vmail1

前往版面: iRedMail 技术支持

28 rain6966回复

(9 篇回复,发表在 iRedAdmin-Pro 技术支持)

jimmyfangtw 写道:

Mail Server不在我們辦公室

那主機在哪? 是託管在ISP?
您公司對外使用動態IP? 改固定的可避免被ISP 擋住.

請參考.

前往版面: iRedAdmin-Pro 技术支持

29 rain6966回复

(10 篇回复,发表在 iRedAdmin-Pro 技术支持)

aaaaaaaa@gmail.com to tt@mydomain (tt@mydomain.com 為再新建帳號 , 我個人電腦的 TB, 把 admin@mydomain.com 也重新建立)

log:
Nov 21 17:56:30 mail policyd-spf[7801]: Normal exit
Nov 21 17:56:49 mail postfix/postscreen[15191]: CONNECT from [209.85.160.172]:40436 to [10.10.10.10]:25
Nov 21 17:56:55 mail postfix/postscreen[15191]: PASS NEW [209.85.160.172]:40436
Nov 21 17:56:55 mail postfix/smtpd[15552]: connect from mail-qt1-f172.google.com[209.85.160.172]
Nov 21 17:56:56 mail postfix/smtpd[15552]: Anonymous TLS connection established from mail-qt1-f172.google.com[209.85.160.172]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Nov 21 17:56:57 mail policyd-spf[15617]: Starting
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "request=smtpd_access_policy"
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "protocol_state=RCPT"
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "protocol_name=ESMTP"
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "client_address=209.85.160.172"
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "client_name=mail-qt1-f172.google.com"
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "reverse_client_name=mail-qt1-f172.google.com"
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "helo_name=mail-qt1-f172.google.com"
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "sender=aaaaaaaa@gmail.com"
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "recipient=tt@mydomain.com"
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "recipient_count=0"
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "queue_id="
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "instance=3cc0.5bf52be8.e2c2a.0"
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "size=3552"
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "etrn_domain="
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "stress="
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "sasl_method="
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "sasl_username="
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "sasl_sender="
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "ccert_subject="
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "ccert_issuer="
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "ccert_fingerprint="
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "ccert_pubkey_fingerprint="
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "encryption_protocol=TLSv1.2"
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "encryption_cipher=ECDHE-RSA-AES128-GCM-SHA256"
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: "encryption_keysize=128"
Nov 21 17:56:57 mail policyd-spf[15617]: Read line: ""
Nov 21 17:56:57 mail policyd-spf[15617]: Found the end of entry
Nov 21 17:56:57 mail policyd-spf[15617]: Config: {'Mail_From_reject': 'Fail', 'Void_Limit': 2, 'Header_Type': 'SPF', 'PermError_reject': 'False', 'Lookup_Time': 20, 'Authserv_Id': 'HEADER', 'defaultSeedOnly': 1, 'debugLevel': 5, 'skip_addresses': '127.0.0.0/8,::ffff:127.0.0.0/104,::1,10.192.176.0/24,', 'HELO_reject': 'Fail', 'TempError_Defer': 'False'}
Nov 21 17:56:57 mail policyd-spf[15617]: Cached data for this instance: []
Nov 21 17:56:57 mail policyd-spf[15617]: ERROR:  in skip_addresses not IP network.  Message: . Aborting whitelist processing.
Nov 21 17:56:57 mail policyd-spf[15617]: spfcheck: pyspf result: "['None', '', 'helo']"
Nov 21 17:56:57 mail policyd-spf[15617]: None; identity=helo; client-ip=209.85.160.172; helo=mail-qt1-f172.google.com; envelope-from=aaaaaaaa@gmail.com; receiver=tt@mydomain.com
Nov 21 17:56:57 mail policyd-spf[15617]: Header type: SPF; Authres ID (for AR): HEADER
Nov 21 17:56:57 mail policyd-spf[15617]: spfcheck: pyspf result: "['Pass', 'sender SPF authorized', 'mailfrom']"
Nov 21 17:56:57 mail policyd-spf[15617]: Pass; identity=mailfrom; client-ip=209.85.160.172; helo=mail-qt1-f172.google.com; envelope-from=aaaaaaaa@gmail.com; receiver=tt@mydomain.com
Nov 21 17:56:57 mail policyd-spf[15617]: Header type: SPF; Authres ID (for AR): HEADER
Nov 21 17:56:57 mail policyd-spf[15617]: Action: prepend: Text: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=209.85.160.172; helo=mail-qt1-f172.google.com; envelope-from=aaaaaaaa@gmail.com; receiver=tt@mydomain.com
Nov 21 17:56:58 mail postfix/smtpd[15552]: DE385980000A1: client=mail-qt1-f172.google.com[209.85.160.172]
Nov 21 17:56:59 mail postfix/cleanup[15717]: DE385980000A1: message-id=<CAAuwq4oAzYKo6f1PtmY4ru1e4uVMmpa98YaJMZfdRwfxR2ZPoQ@mail.gmail.com>
Nov 21 17:56:59 mail opendmarc[3479]: DE385980000A1: SPF(mailfrom): aaaaaaaa@gmail.com pass
Nov 21 17:56:59 mail opendmarc[3479]: DE385980000A1: gmail.com pass
Nov 21 17:56:59 mail postfix/qmgr[4018]: DE385980000A1: from=<aaaaaaaa@gmail.com>, size=3980, nrcpt=2 (queue active)
Nov 21 17:56:59 mail postfix/smtpd[15552]: disconnect from mail-qt1-f172.google.com[209.85.160.172]
Nov 21 17:57:03 mail postfix/10025/smtpd[16058]: connect from mail.mydomain.com[127.0.0.1]
Nov 21 17:57:03 mail opendmarc[3479]: ignoring connection from mail.mydomain.com
Nov 21 17:57:03 mail postfix/10025/smtpd[16058]: A27DA9800594D: client=mail.mydomain.com[127.0.0.1]
Nov 21 17:57:03 mail postfix/10025/smtpd[16059]: connect from mail.mydomain.com[127.0.0.1]
Nov 21 17:57:03 mail opendmarc[3479]: ignoring connection from mail.mydomain.com
Nov 21 17:57:03 mail postfix/cleanup[15717]: A27DA9800594D: message-id=<CAAuwq4oAzYKo6f1PtmY4ru1e4uVMmpa98YaJMZfdRwfxR2ZPoQ@mail.gmail.com>
Nov 21 17:57:03 mail postfix/10025/smtpd[16059]: A5C849800594E: client=mail.mydomain.com[127.0.0.1]
Nov 21 17:57:03 mail postfix/cleanup[16062]: A5C849800594E: message-id=<CAAuwq4oAzYKo6f1PtmY4ru1e4uVMmpa98YaJMZfdRwfxR2ZPoQ@mail.gmail.com>
Nov 21 17:57:03 mail postfix/qmgr[4018]: A27DA9800594D: from=<aaaaaaaa@gmail.com>, size=4941, nrcpt=1 (queue active)
Nov 21 17:57:03 mail postfix/10025/smtpd[16058]: disconnect from mail.mydomain.com[127.0.0.1]
Nov 21 17:57:03 mail amavis[19305]: (19305-05) Passed CLEAN {RelayedInbound}, [209.85.160.172]:40436 [209.85.160.172] <aaaaaaaa@gmail.com> -> <admin@mydomain.com>, Queue-ID: DE385980000A1, Message-ID: <CAAuwq4oAzYKo6f1PtmY4ru1e4uVMmpa98YaJMZfdRwfxR2ZPoQ@mail.gmail.com>, mail_id: ftlhIFUb4FVe, Hits: -0.098, size: 4200, queued_as: A27DA9800594D, dkim_sd=20161025:gmail.com, 4191 ms, Tests: [DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,FREEMAIL_FROM=0.001,HTML_MESSAGE=0.001,RCVD_IN_DNSWL_NONE=-0.0001,SPF_PASS=-0.001,URIBL_BLOCKED=0.001]
Nov 21 17:57:03 mail amavis[19305]: (19305-05) Passed CLEAN, <aaaaaaaa@gmail.com> -> <admin@mydomain.com>, Hits: -0.098, tag=0, tag2=6.2, kill=6.9, queued_as: A27DA9800594D, L/Y/0/0
Nov 21 17:57:03 mail postfix/10025/smtpd[16059]: disconnect from mail.mydomain.com[127.0.0.1]
Nov 21 17:57:03 mail postfix/qmgr[4018]: A5C849800594E: from=<aaaaaaaa@gmail.com>, size=4927, nrcpt=2 (queue active)
Nov 21 17:57:03 mail amavis[19314]: (19314-02) Passed CLEAN {RelayedInbound}, [209.85.160.172]:40436 [209.85.160.172] <aaaaaaaa@gmail.com> -> <tt@mydomain.com>, Queue-ID: DE385980000A1, Message-ID: <CAAuwq4oAzYKo6f1PtmY4ru1e4uVMmpa98YaJMZfdRwfxR2ZPoQ@mail.gmail.com>, mail_id: MTm01VsJ4AaN, Hits: -0.098, size: 4200, queued_as: A5C849800594E, dkim_sd=20161025:gmail.com, 4190 ms, Tests: [DKIM_SIGNED=0.1,DKIM_VALID=-0.1,DKIM_VALID_AU=-0.1,FREEMAIL_FROM=0.001,HTML_MESSAGE=0.001,RCVD_IN_DNSWL_NONE=-0.0001,SPF_PASS=-0.001,URIBL_BLOCKED=0.001]
Nov 21 17:57:03 mail amavis[19314]: (19314-02) Passed CLEAN, <aaaaaaaa@gmail.com> -> <tt@mydomain.com>, Hits: -0.098, tag=0, tag2=6.2, kill=6.9, queued_as: A5C849800594E, L/Y/0/0
Nov 21 17:57:03 mail postfix/amavis/smtp[15772]: DE385980000A1: to=<admin@mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=6.8, delays=2.6/0.02/0/4.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as A27DA9800594D)
Nov 21 17:57:03 mail postfix/amavis/smtp[15773]: DE385980000A1: to=<tt@mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=6.8, delays=2.6/0.03/0/4.2, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as A5C849800594E)
Nov 21 17:57:03 mail postfix/qmgr[4018]: DE385980000A1: removed
Nov 21 17:57:03 mail postfix/pipe[16064]: A5C849800594E: to=<admin@mydomain.com>, relay=dovecot, delay=0.2, delays=0.04/0.01/0/0.15, dsn=2.0.0, status=sent (delivered via dovecot service)
Nov 21 17:57:03 mail postfix/pipe[16066]: A5C849800594E: to=<tt@mydomain.com>, relay=dovecot, delay=0.21, delays=0.04/0.02/0/0.15, dsn=2.0.0, status=sent (delivered via dovecot service)
Nov 21 17:57:03 mail postfix/pipe[16063]: A27DA9800594D: to=<admin@mydomain.com>, relay=dovecot, delay=0.22, delays=0.04/0.01/0/0.17, dsn=2.0.0, status=sent (delivered via dovecot service)
Nov 21 17:57:03 mail postfix/qmgr[4018]: A5C849800594E: removed
Nov 21 17:57:03 mail postfix/qmgr[4018]: A27DA9800594D: removed
Nov 21 17:58:39 mail policyd-spf[15617]: Normal exit

前往版面: iRedAdmin-Pro 技术支持

30 rain6966回复

(10 篇回复,发表在 iRedAdmin-Pro 技术支持)

rain6966 写道:

3).
試這把admin@mydomain.com 刪除 ,想再重新建此帳號 ,
此選項最短保留一天, 版主 . 可增加直接刪除的選項?

重新建立 admin@mydomain.com 後,
從 外部 gmail 寄給test@mydomain.com 時,會收到1封,
而admin@mydomain.com 會收到2封相同信件.

PS:
查了admin@ 的Advanced 裡:
BCC incoming emails to other address
BCC outgoing emails to other address
其為空白, 我記的以前我曾反應, 當建立新帳號時 ,上面兩欄會直接套用網域的的設定值
現在的版本有改了?

前往版面: iRedAdmin-Pro 技术支持

31 rain6966回复

(10 篇回复,发表在 iRedAdmin-Pro 技术支持)

1).

ZhangHuangbin 写道:
rain6966 写道:

在 Profile of user > Advanced
取消此選項無效 (save 後, 仍打勾)
BCC incoming emails to other address
BCC outgoing emails to other address

确认是 bug。在开发版本中已经修复。这里是 iRedAdmin-Pro-LDAP-3.1 的 patch:

版主, 我還在處理"無法取消BCC" 的困擾 , 
查LDIF  admin@mydomain.com 有啟動bcc,把其取消 ;
再試著把 Forwarding ,取消掉時, 發現下面的問題:
Profile of user: > Forwarding >Enable mail forwarding 打勾無效
(iRedAdmin 預設值是打勾)下面 , Advance > 預設值是已打勾了.

但在 Profile of user: >Advanced >Forwarding mails to other addresses  ,取消打勾後 ,上面  Forwarding >Enable mail forwarding 直接跟著取消打勾 .

無法在 Forwarding 裡設定 , 需在 Advanced 裡設定.

2).
此台伺服器,我有另外增加安裝 OpenDmarc 及python-policyd-spf .
我試著把這兩項停止掉 , 或把 iRedApd 也停止掉 , 從外面 gmail 帳號寄信測試仍然會bcc給admin@mydomain.com .

3).
試這把admin@mydomain.com 刪除 ,想再重新建此帳號 ,
此選項最短保留一天, 版主 . 可增加直接刪除的選項?

4).
雖此台是測試機台, 我還是想把此問題搞清楚.
Get professional support from iRedMail Team via email or direct ssh access
https://www.paypal.com/cgi-bin/webscr?c … XEZU2Y32Q4

此連結可付費請版主處理?

前往版面: iRedAdmin-Pro 技术支持

32 rain6966回复

(6 篇回复,发表在 iRedMail 技术支持)

無色天空:
感謝.

前往版面: iRedMail 技术支持

33 rain6966回复

(10 篇回复,发表在 iRedAdmin-Pro 技术支持)

1).
find /etc/postfix/ldap/ -name "*bcc*" |xargs grep  "query_filter"

/etc/postfix/ldap/recipient_bcc_maps_domain.cf:query_filter    = (&(objectClass=mailDomain)(|(domainName=%d)(domainAliasName=%d))(accountStatus=active)(enabledService=mail)(enabledService=recipientbcc))

/etc/postfix/ldap/recipient_bcc_maps_user.cf:query_filter    = (&(|(mail=%s)(&(enabledService=shadowaddress)(shadowAddress=%s)))(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=recipientbcc))

/etc/postfix/ldap/sender_bcc_maps_domain.cf:query_filter    = (&(objectClass=mailDomain)(|(domainName=%d)(domainAliasName=%d))(accountStatus=active)(enabledService=mail)(enabledService=senderbcc))

/etc/postfix/ldap/sender_bcc_maps_user.cf:query_filter    = (&(|(mail=%s)(&(enabledService=shadowaddress)(shadowAddress=%s)))(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=senderbcc))

2).
LDIF 數據前文已PO.(打勾不可取消)

我再po一次 (打勾可取消)
dn: mail=test@mydomain.com,ou=Users,domainName=mydomain.com,
o=domains,dc=mydomain,dc=com
accountStatus: active
amavisLocal: TRUE
cn: test
enabledService: managesievetls
enabledService: managesieve
enabledService: imaptls
enabledService: displayedInGlobalAddressBook
enabledService: deliver
enabledService: smtp
enabledService: lda
enabledService: smtpsecured
enabledService: pop3
enabledService: forward
enabledService: lmtp
enabledService: lib-storage
enabledService: sieve
enabledService: imap
enabledService: dsync
enabledService: shadowaddress
enabledService: sogo
enabledService: imapsecured
enabledService: pop3tls
enabledService: pop3secured
enabledService: internal
enabledService: doveadm
enabledService: managesievesecured
enabledService: mail
enabledService: indexer-worker
enabledService: sievesecured
homeDirectory: /var/vmail/vmail1/mydomain.com/t/e/s/test-2018.08.09.11.43.16/
mail: test@mydomain.com
mailMessageStore: vmail1/mydomain.com/t/e/s/test-2018.08.09.11.43.16/
mailQuota: 1073741824
objectClass: inetOrgPerson
objectClass: mailUser
objectClass: shadowAccount
objectClass: amavisAccount
preferredLanguage: en_US
shadowLastChange: 17752
sn: test
storageBaseDirectory: /var/vmail/
uid: test
userPassword: {SSHA}mxxxxxxxxxxYg==
userRecipientBccAddress: admin@mydomain.com
userSenderBccAddress: admin@mydomain.com

##另一個帳號xxxxalert@mydomain.com (一樣會BCC給 admin@mydomain.com)

在Profile of user >Advanced >
BCC incoming emails to other address
BCC outgoing emails to other address
此兩欄未填 ,保持空白

BCC incoming emails to other address
BCC outgoing emails to other address
未打勾

dn: mail=xxxxalert@mydomain.com,ou=Users,domainName=mydomain.com,
o=domains,dc=mydomain,dc=com
accountStatus: active
amavisLocal: TRUE
cn: xxxxalert
enabledService: managesievetls
enabledService: managesieve
enabledService: imaptls
enabledService: displayedInGlobalAddressBook
enabledService: deliver
enabledService: smtp
enabledService: lda
enabledService: smtpsecured
enabledService: pop3
enabledService: forward
enabledService: lmtp
enabledService: lib-storage
enabledService: sieve
enabledService: imap
enabledService: dsync
enabledService: shadowaddress
enabledService: sogo
enabledService: imapsecured
enabledService: pop3tls
enabledService: pop3secured
enabledService: internal
enabledService: doveadm
enabledService: managesievesecured
enabledService: mail
enabledService: indexer-worker
enabledService: sievesecured
homeDirectory: /var/vmail/vmail1/mydomain.com/x/x/x/xxxxalert-2018.08.03.08.32.33/
mail: xxxxalert@mydomain.com
mailMessageStore: vmail1/mydomain.com/x/x/x/xxxxalert-2018.08.03.08.32.33/
mailQuota: 10737418240
objectClass: inetOrgPerson
objectClass: mailUser
objectClass: shadowAccount
objectClass: amavisAccount
shadowLastChange: 0
sn: xxxxalert
storageBaseDirectory: /var/vmail/
uid: xxxxalert
userPassword: {SSHA}vxxxxxxxxxxxvw==


謝謝

前往版面: iRedAdmin-Pro 技术支持

34 rain6966回复

(10 篇回复,发表在 iRedAdmin-Pro 技术支持)

感謝回覆, patch 檔可修正此"取消打勾"的bug.

取消打勾後,
admin@mydomain.com 及 test@mydomain.com 還是皆會收到信.
取消BCC的功能無動作.

# postconf -n|grep -i bcc
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions $sender_dependent_relayhost_maps
recipient_bcc_maps = proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_user.cf proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_domain.cf
sender_bcc_maps = proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_user.cf proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_domain.cf

# postconf -Mf|grep -i6 ^submission
discard    unix  -       -       n       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       n       -       -       lmtp
anvil      unix  -       -       n       -       1       anvil
scache     unix  -       -       n       -       1       scache
submission inet  n       -       n       -       -       smtpd
    -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o content_filter=smtp-amavis:[127.0.0.1]:10026
465        inet  n       -       n       -       -       smtpd
    -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes

謝謝

前往版面: iRedAdmin-Pro 技术支持

35 rain6966发表

(10 篇回复,发表在 iRedAdmin-Pro 技术支持)

iRedMail     0.9.8
iRedAdmin-Pro     3.1 (LDAP)
CentOS7
########

在 Profile of user > Advanced
取消此選項無效 (save 後, 仍打勾)
BCC incoming emails to other address
BCC outgoing emails to other address

查看LDIF內容 :
dn: mail=test@mydomain.com,ou=Users,domainName=mydomain.com,o=domains,dc=mydomain,dc=com
accountStatus: active
amavisLocal: TRUE
cn: test
enabledService: managesievetls
enabledService: managesieve
enabledService: imaptls
enabledService: displayedInGlobalAddressBook
enabledService: smtptls
enabledService: lda
enabledService: smtpsecured
enabledService: lib-storage
enabledService: shadowaddress
enabledService: sogo
enabledService: imapsecured
enabledService: pop3tls
enabledService: pop3secured
enabledService: internal
enabledService: forward
enabledService: mail
enabledService: indexer-worker
enabledService: smtp
enabledService: deliver
enabledService: pop3
enabledService: managesievesecured
enabledService: lmtp
enabledService: sieve
enabledService: imap
enabledService: dsync
enabledService: senderbcc
enabledService: recipientbcc
enabledService: doveadm
enabledService: sievesecured
homeDirectory: /var/vmail/vmail1/mydomain.com/t/e/s/test-2018.08.09.11.43.16/
mail: test@mydomain.com
mailMessageStore: vmail1/mydomain.com/t/e/s/test-2018.08.09.11.43.16/
mailQuota: 1073741824
objectClass: inetOrgPerson
objectClass: mailUser
objectClass: shadowAccount
objectClass: amavisAccount
preferredLanguage: en_US
shadowLastChange: 17752
sn: test
storageBaseDirectory: /var/vmail/
uid: test
userPassword: {SSHA}mxxxxxxxxxxYg==
userRecipientBccAddress: admin@mydomain.com
userSenderBccAddress: admin@mydomain.com

前往版面: iRedAdmin-Pro 技术支持

36 rain6966回复

(6 篇回复,发表在 iRedMail 技术支持)

hi, 無色天空 ,版主.
我在 iredMail 0.9.8 版本時, 更改無效:

/etc/nginx/templates/roundcube.tmpl
location ~ ^/webmail/(bin|config|installer|logs|SQL|temp|vendor)($|/.*) { deny all; }

location ~ ^/webmail/(CHANGELOG|composer.json|INSTALL|jsdeps.json|LICENSE|README|UPGRADING)($|.*) { deny all; }

# Block plugin config files and sample config files.
location ~ /mail/plugins/.*/config.inc.php.* { deny all; }

# Block access to plugin data
location ~ /mail/plugins/enigma/home($|/.*) { deny all; }

# Redirect URI `/mail` to `/mail/`.
location = /mail {
    return 301 /mail/;
}

location ~ ^/webmail(.*)\.php$ {         
    include /etc/nginx/templates/hsts.tmpl;
    include /etc/nginx/templates/fastcgi_php.tmpl;
    fastcgi_param SCRIPT_FILENAME /var/www/roundcubemail$1.php;
}

location ~ ^/webmail(.*) {
    alias /var/www/roundcubemail$1;
    index index.php;
}

#不使用自動 redirect webmail網址 ;
location /webmail {
               rewrite ^/* /webmail last;
        }



## 不自動redirect 到 mydomain.com/mail  ; 把index.html 取消
mv /var/www/html/index.html  /var/www/html/index.html.orig


請指導一下 , 願聞其詳.
謝謝.

前往版面: iRedMail 技术支持

37 rain6966回复

(3 篇回复,发表在 iRedAdmin-Pro 技术支持)

版大, 感謝回覆.

不過 "这里 roundcube 没有加上 ldap attribute name" , 我實在不知如何加.

今天再 try 了一下  webmail :
1).
在收件者欄位, 直接key 收件帳號 "a" , 會自動出現 "aaaaa<aaaaa@mydomain.com> "的帳號,選擇自動出現的帳號,寄出信件.
則 log 有異常的, 如下面的 "異常的log"
2).
在收件者欄位 , 是經由左邊 "Global LDAP Adress Book" 選出 "aaaaa" 收件者,寄出信件.
則 log 是正常 , 如最下面"正常log".

3).
a).第7888 和7948 行 , 異常log 為 6 , 正常 log 為 8.

b).config.inc.php 最後一行 ,註解掉
//$config['autocomplete_addressbooks'] = array('sql', 'global_ldap_abook');
log 是正常 ,但key 帳號時不會出現 帳號全名, 須自己整個key才行.

c). 第7884 , 7944  出現不一樣的 欄位
7884  scope [sub] with filter [(&(&(enabledService=mail)...
7944 scope [sub] with filter [(&(enabledService=mail)....

以上是測試結果, 不過還是沒解決.

感謝.


PS:
這是異常log

7880-Jul 10 17:44:40 mail roundcube: <n7te3lf6> C: Connect [127.0.0.1:389]
7881-Jul 10 17:44:40 mail roundcube: <n7te3lf6> S: OK
7882-Jul 10 17:44:40 mail roundcube: <n7te3lf6> C: Bind [dn: mail=bbbbb@mydomain.com,ou=Users,domainName=mydomain.com,o=domains,dc=mydomain,dc=com]
7883-Jul 10 17:44:40 mail roundcube: <n7te3lf6> S: OK
7884-Jul 10 17:44:40 mail roundcube: <n7te3lf6> C: Search base dn: [domainName=mydomain.com,o=domains,dc=mydomain,dc=com] scope [sub] with filter [(&(&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))(|(cn=*a*)(givenname=*a*)(sn=*a*)(mail=*a*)))]
7885-Jul 10 17:44:40 mail roundcube: <n7te3lf6> Using function ldap_search on scope sub ($ns_function is ldap_search)
7886-Jul 10 17:44:40 mail roundcube: <n7te3lf6> C: (Without VLV) Setting a filter of (&(&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))(|(cn=*a*)(givenname=*a*)(sn=*a*)(mail=*a*)))
7887-Jul 10 17:44:40 mail roundcube: <n7te3lf6> Executing search with return attributes: array (#012  0 => 'cn',#012  1 => 'sn',#012  2 => 'givenname',#012  3 => 'title',#012  4 => 'mail',#012  5 => 'telephonenumber',#012  6 => 'mobile',#012  7 => 'facsimiletelephonenumber',#012  8 => 'street',#012  9 => 'postalcode',#012  10 => 'l',#012  11 => 'departmentnumber',#012  12 => 'description',#012  13 => 'jpegphoto',#012  14 => 'objectClass',#012  15 => 'cn',#01 2)
7888-Jul 10 17:44:40 mail roundcube: <n7te3lf6> S: 6 record(s) found
7889-Jul 10 17:44:40 mail roundcube: <n7te3lf6> C: Search base dn: [domainName=mydomain.com,o=domains,dc=mydomain,dc=com] scope [] with filter [(&(=*a*))]
7890-Jul 10 17:44:40 mail roundcube: <n7te3lf6> Using function ldap_list on scope  ($ns_function is ldap_read)
7891-Jul 10 17:44:40 mail roundcube: <n7te3lf6> C: (Without VLV) Setting a filter of (&(=*a*))
7892-Jul 10 17:44:40 mail roundcube: <n7te3lf6> Executing search with return attributes: array (#012  0 => 'dn',#012  1 => 'objectClass',#012  2 => NULL,#012  3 => 'mail',#012)
7893:Jul 10 17:44:40 mail roundcube: <n7te3lf6> PHP Error: LDAP: ldap_list failed for dn=domainName=mydomain.com,o=domains,dc=mydomain,dc=com. Bad search filter (POST /mail/?_task=mail&_action=autocomplete)
7894-Jul 10 17:44:40 mail journal: ool www: <n7te3lf6> C: Close

這是正常 log

7940-Jul 10 17:45:26 mail roundcube: <n7te3lf6> C: Connect [127.0.0.1:389]
7941-Jul 10 17:45:26 mail roundcube: <n7te3lf6> S: OK
7942-Jul 10 17:45:26 mail roundcube: <n7te3lf6> C: Bind [dn: mail=bbbbb@mydomain.com,ou=Users,domainName=mydomain.com,o=domains,dc=mydomain,dc=com]
7943-Jul 10 17:45:26 mail roundcube: <n7te3lf6> S: OK
7944-Jul 10 17:45:26 mail roundcube: <n7te3lf6> C: Search base dn: [domainName=mydomain.com,o=domains,dc=mydomain,dc=com] scope [sub] with filter [(&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))]
7945-Jul 10 17:45:26 mail roundcube: <n7te3lf6> Using function ldap_search on scope sub ($ns_function is ldap_search)
7946-Jul 10 17:45:26 mail roundcube: <n7te3lf6> C: (Without VLV) Setting a filter of (&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
7947-Jul 10 17:45:26 mail roundcube: <n7te3lf6> Executing search with return attributes: array (#012  0 => 'cn',#012  1 => 'sn',#012  2 => 'givenname',#012  3 => 'title',#012  4 => 'mail',#012  5 => 'telephonenumber',#012  6 => 'mobile',#012  7 => 'facsimiletelephonenumber',#012  8 => 'street',#012  9 => 'postalcode',#012  10 => 'l',#012  11 => 'departmentnumber',#012  12 => 'description',#012  13 => 'jpegphoto',#012  14 => 'objectClass',#012  15 => 'cn',#01 2)
7948-Jul 10 17:45:26 mail roundcube: <n7te3lf6> S: 8 record(s) found
7949-Jul 10 17:45:26 mail journal: ool www: <n7te3lf6> C: Close
7950-Jul 10 17:45:26 mail roundcube: <n7te3lf6> C: Connect [127.0.0.1:389]
7951-Jul 10 17:45:26 mail roundcube: <n7te3lf6> S: OK
7952-Jul 10 17:45:26 mail roundcube: <n7te3lf6> C: Bind [dn: mail=bbbbb@mydomain.com,ou=Users,domainName=mydomain.com,o=domains,dc=mydomain,dc=com]
7953-Jul 10 17:45:26 mail roundcube: <n7te3lf6> S: OK
7954-Jul 10 17:45:26 mail roundcube: <n7te3lf6> C: Search base dn: [domainName=mydomain.com,o=domains,dc=mydomain,dc=com] scope [sub] with filter [(&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))]
7955-Jul 10 17:45:26 mail roundcube: <n7te3lf6> Using function ldap_search on scope sub ($ns_function is ldap_search)
7956-Jul 10 17:45:26 mail roundcube: <n7te3lf6> C: (Without VLV) Setting a filter of (&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))
7957-Jul 10 17:45:26 mail roundcube: <n7te3lf6> Executing search with return attributes: array (#012  0 => 'cn',#012  1 => 'sn',#012  2 => 'givenname',#012  3 => 'title',#012  4 => 'mail',#012  5 => 'telephonenumber',#012  6 => 'mobile',#012  7 => 'facsimiletelephonenumber',#012  8 => 'street',#012  9 => 'postalcode',#012  10 => 'l',#012  11 => 'departmentnumber',#012  12 => 'description',#012  13 => 'jpegphoto',#012  14 => 'objectClass',#012  15 => 'cn',#01 2)
7958-Jul 10 17:45:26 mail roundcube: <n7te3lf6> S: 8 record(s) found

前往版面: iRedAdmin-Pro 技术支持

38 rain6966回复

(3 篇回复,发表在 iRedAdmin-Pro 技术支持)

啟動
$config['log_logins'] = true;
$config['ldap_debug'] = true;
所得到log

Jul  9 17:51:01 mail roundcube: <pij0jmsk> C: Connect [127.0.0.1:389]
Jul  9 17:51:01 mail roundcube: <pij0jmsk> S: OK
Jul  9 17:51:01 mail roundcube: <pij0jmsk> C: Bind [dn: mail=bbbb@mydomain.com,ou=Users,domainName=mydomain.com,o=domains,dc=mydomain,dc=com]
Jul  9 17:51:01 mail roundcube: <pij0jmsk> S: OK
Jul  9 17:51:01 mail roundcube: <pij0jmsk> C: Search base dn: [domainName=mydomain.com,o=domains,dc=mydomain,dc=com] scope [sub] with filter [(&(&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))(|(cn=*aaa*)(givenname=*aaa*)(sn=*aaa*)(mail=*aaa*)))]
Jul  9 17:51:01 mail roundcube: <pij0jmsk> Using function ldap_search on scope sub ($ns_function is ldap_search)
Jul  9 17:51:01 mail roundcube: <pij0jmsk> C: (Without VLV) Setting a filter of (&(&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))(|(cn=*aaa*)(givenname=*aaa*)(sn=*aaa*)(mail=*aaa*)))
Jul  9 17:51:01 mail roundcube: <pij0jmsk> Executing search with return attributes: array (#012  0 => 'cn',#012  1 => 'sn',#012  2 => 'givenname',#012  3 => 'title',#012  4 => 'mail',#012  5 => 'telephonenumber',#012  6 => 'mobile',#012  7 => 'facsimiletelephonenumber',#012  8 => 'street',#012  9 => 'postalcode',#012  10 => 'l',#012  11 => 'departmentnumber',#012  12 => 'description',#012  13 => 'jpegphoto',#012  14 => 'objectClass',#012  15 => 'cn',#012)
Jul  9 17:51:01 mail roundcube: <pij0jmsk> S: 1 record(s) found
Jul  9 17:51:01 mail roundcube: <pij0jmsk> C: Search base dn: [domainName=mydomain.com,o=domains,dc=mydomain,dc=com] scope [] with filter [(&(=*aaa*))]
Jul  9 17:51:01 mail roundcube: <pij0jmsk> Using function ldap_list on scope  ($ns_function is ldap_read)
Jul  9 17:51:01 mail roundcube: <pij0jmsk> C: (Without VLV) Setting a filter of (&(=*aaa*))
Jul  9 17:51:01 mail roundcube: <pij0jmsk> Executing search with return attributes: array (#012  0 => 'dn',#012  1 => 'objectClass',#012  2 => NULL,#012  3 => 'mail',#012)
Jul  9 17:51:01 mail roundcube: <pij0jmsk> PHP Error: LDAP: ldap_list failed for dn=domainName=mydomain.com,o=domains,dc=mydomain,dc=com. Bad search filter (POST /mail/?_task=mail&_action=autocomplete)
Jul  9 17:51:01 mail journal: ool www: <pij0jmsk> C: Close
Jul  9 17:51:02 mail roundcube: <pij0jmsk> C: Connect [127.0.0.1:389]
Jul  9 17:51:02 mail roundcube: <pij0jmsk> S: OK
Jul  9 17:51:02 mail roundcube: <pij0jmsk> C: Bind [dn: mail=bbbb@mydomain.com,ou=Users,domainName=mydomain.com,o=domains,dc=mydomain,dc=com]
Jul  9 17:51:02 mail roundcube: <pij0jmsk> S: OK
Jul  9 17:51:02 mail roundcube: <pij0jmsk> C: Search base dn: [domainName=mydomain.com,o=domains,dc=mydomain,dc=com] scope [sub] with filter [(&(&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))(|(cn=*aaaa*)(givenname=*aaaa*)(sn=*aaaa*)(mail=*aaaa*)))]
Jul  9 17:51:02 mail roundcube: <pij0jmsk> Using function ldap_search on scope sub ($ns_function is ldap_search)
Jul  9 17:51:02 mail roundcube: <pij0jmsk> C: (Without VLV) Setting a filter of (&(&(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=mailUser)(objectClass=mailList)(objectClass=mailAlias)))(|(cn=*aaaa*)(givenname=*aaaa*)(sn=*aaaa*)(mail=*aaaa*)))
Jul  9 17:51:02 mail roundcube: <pij0jmsk> Executing search with return attributes: array (#012  0 => 'cn',#012  1 => 'sn',#012  2 => 'givenname',#012  3 => 'title',#012  4 => 'mail',#012  5 => 'telephonenumber',#012  6 => 'mobile',#012  7 => 'facsimiletelephonenumber',#012  8 => 'street',#012  9 => 'postalcode',#012  10 => 'l',#012  11 => 'departmentnumber',#012  12 => 'description',#012  13 => 'jpegphoto',#012  14 => 'objectClass',#012  15 => 'cn',#012)
Jul  9 17:51:02 mail roundcube: <pij0jmsk> S: 1 record(s) found
Jul  9 17:51:02 mail roundcube: <pij0jmsk> C: Search base dn: [domainName=mydomain.com,o=domains,dc=mydomain,dc=com] scope [] with filter [(&(=*aaaa*))]
Jul  9 17:51:02 mail roundcube: <pij0jmsk> Using function ldap_list on scope  ($ns_function is ldap_read)
Jul  9 17:51:02 mail roundcube: <pij0jmsk> C: (Without VLV) Setting a filter of (&(=*aaaa*))
Jul  9 17:51:02 mail roundcube: <pij0jmsk> Executing search with return attributes: array (#012  0 => 'dn',#012  1 => 'objectClass',#012  2 => NULL,#012  3 => 'mail',#012)
Jul  9 17:51:02 mail roundcube: <pij0jmsk> PHP Error: LDAP: ldap_list failed for dn=domainName=mydomain.com,o=domains,dc=mydomain,dc=com. Bad search filter (POST /mail/?_task=mail&_action=autocomplete)
Jul  9 17:51:02 mail journal: ool www: <pij0jmsk> C: Close
Jul  9 17:51:05 mail postfix/submission/smtpd[41063]: connect from mail.mydomain.com[127.0.0.1]
Jul  9 17:51:05 mail postfix/submission/smtpd[41063]: Anonymous TLS connection established from mail.mydomain.com[127.0.0.1]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Jul  9 17:51:05 mail postfix/submission/smtpd[41063]: E9E6B9800154E: client=mail.mydomain.com[127.0.0.1], sasl_method=LOGIN, sasl_username=bbbb@mydomain.com
Jul  9 17:51:05 mail postfix/cleanup[41065]: E9E6B9800154E: message-id=<c1ef861d81420e129912a9c376b4b305@mydomain.com>
Jul  9 17:51:05 mail opendmarc[1382]: E9E6B9800154E: SPF(mailfrom): bbbb@mydomain.com pass
Jul  9 17:51:05 mail opendmarc[1382]: E9E6B9800154E: mydomain.com pass
Jul  9 17:51:06 mail roundcube: <pij0jmsk> User bbbb@mydomain.com [203.xx.xx.xx]; Message for aaaa@mydomain.com; 250: 2.0.0 Ok: queued as E9E6B9800154E
Jul  9 17:51:06 mail postfix/qmgr[2054]: E9E6B9800154E: from=<bbbb@mydomain.com>, size=2642, nrcpt=2 (queue active)
Jul  9 17:51:06 mail postfix/submission/smtpd[41063]: disconnect from mail.mydomain.com[127.0.0.1]
Jul  9 17:51:06 mail amavis[34781]: (34781-13) ESMTP [127.0.0.1]:10026 /var/spool/amavisd/tmp/amavis-20180709T171257-34781-Olayc3aO: <bbbb@mydomain.com> -> <aaaa@mydomain.com> Received: from mail.mydomain.com ([127.0.0.1]) by mail.mydomain.com (mail.mydomain.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP for <aaaa@mydomain.com>; Mon,  9 Jul 2018 17:51:06 +0800 (CST)
Jul  9 17:51:06 mail amavis[19793]: (19793-15) ESMTP [127.0.0.1]:10026 /var/spool/amavisd/tmp/amavis-20180709T115847-19793-Td1pZR5X: <bbbb@mydomain.com> -> <mydomainadmin@mydomain.com> Received: from mail.mydomain.com ([127.0.0.1]) by mail.mydomain.com (mail.mydomain.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP for <mydomainadmin@mydomain.com>; Mon,  9 Jul 2018 17:51:06 +0800 (CST)
Jul  9 17:51:06 mail amavis[34781]: (34781-13) Checking: 9DZ0CO5LmDxK ORIGINATING/MYNETS [127.0.0.1] <bbbb@mydomain.com> -> <aaaa@mydomain.com>
Jul  9 17:51:06 mail clamd[2649]: SelfCheck: Database status OK.
Jul  9 17:51:06 mail amavis[19793]: (19793-15) Checking: 9_YNk6W7qsys ORIGINATING/MYNETS [127.0.0.1] <bbbb@mydomain.com> -> <mydomainadmin@mydomain.com>
Jul  9 17:51:07 mail postfix/10025/smtpd[41075]: connect from mail.mydomain.com[127.0.0.1]
Jul  9 17:51:07 mail postfix/10025/smtpd[41075]: 515379800154F: client=mail.mydomain.com[127.0.0.1]
Jul  9 17:51:07 mail postfix/cleanup[41065]: 515379800154F: message-id=<c1ef861d81420e129912a9c376b4b305@mydomain.com>
Jul  9 17:51:07 mail postfix/10025/smtpd[41076]: connect from mail.mydomain.com[127.0.0.1]
Jul  9 17:51:07 mail postfix/10025/smtpd[41076]: 54AE498001550: client=mail.mydomain.com[127.0.0.1]
Jul  9 17:51:07 mail postfix/cleanup[41079]: 54AE498001550: message-id=<c1ef861d81420e129912a9c376b4b305@mydomain.com>
Jul  9 17:51:07 mail opendmarc[1382]: 515379800154F: SPF(mailfrom): bbbb@mydomain.com pass
Jul  9 17:51:07 mail opendmarc[1382]: 515379800154F: mydomain.com pass
Jul  9 17:51:07 mail opendmarc[1382]: 54AE498001550: SPF(mailfrom): bbbb@mydomain.com pass
Jul  9 17:51:07 mail opendmarc[1382]: 54AE498001550: mydomain.com pass
Jul  9 17:51:07 mail postfix/10025/smtpd[41075]: disconnect from mail.mydomain.com[127.0.0.1]
Jul  9 17:51:07 mail postfix/qmgr[2054]: 515379800154F: from=<bbbb@mydomain.com>, size=4001, nrcpt=1 (queue active)
Jul  9 17:51:07 mail amavis[19793]: (19793-15) 9_YNk6W7qsys FWD from <bbbb@mydomain.com> -> <mydomainadmin@mydomain.com>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 515379800154F
Jul  9 17:51:07 mail amavis[19793]: (19793-15) Passed CLEAN {RelayedInternal}, ORIGINATING/MYNETS LOCAL [127.0.0.1]:6130 <bbbb@mydomain.com> -> <mydomainadmin@mydomain.com>, Queue-ID: E9E6B9800154E, Message-ID: <c1ef861d81420e129912a9c376b4b305@mydomain.com>, mail_id: 9_YNk6W7qsys, Hits: 0.213, size: 3010, queued_as: 515379800154F, dkim_new=dkim:mydomain.com, 1367 ms, Tests: [ALL_TRUSTED=-1,SPF_PASS=-0.001,TVD_RCVD_SINGLE=1.213,URIBL_BLOCKED=0.001]
Jul  9 17:51:07 mail amavis[19793]: (19793-15) Passed CLEAN, <bbbb@mydomain.com> -> <mydomainadmin@mydomain.com>, Hits: 0.213, tag=2, tag2=6.2, kill=6.9, queued_as: 515379800154F, L/0/0/0
Jul  9 17:51:07 mail amavis[34781]: (34781-13) 9DZ0CO5LmDxK FWD from <bbbb@mydomain.com> -> <aaaa@mydomain.com>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 54AE498001550
Jul  9 17:51:07 mail postfix/qmgr[2054]: 54AE498001550: from=<bbbb@mydomain.com>, size=3985, nrcpt=1 (queue active)
Jul  9 17:51:07 mail amavis[34781]: (34781-13) Passed CLEAN {RelayedInternal}, ORIGINATING/MYNETS LOCAL [127.0.0.1]:6130 <bbbb@mydomain.com> -> <aaaa@mydomain.com>, Queue-ID: E9E6B9800154E, Message-ID: <c1ef861d81420e129912a9c376b4b305@mydomain.com>, mail_id: 9DZ0CO5LmDxK, Hits: 0.213, size: 3010, queued_as: 54AE498001550, dkim_new=dkim:mydomain.com, 1387 ms, Tests: [ALL_TRUSTED=-1,SPF_PASS=-0.001,TVD_RCVD_SINGLE=1.213,URIBL_BLOCKED=0.001]
Jul  9 17:51:07 mail amavis[34781]: (34781-13) Passed CLEAN, <bbbb@mydomain.com> -> <aaaa@mydomain.com>, Hits: 0.213, tag=2, tag2=6.2, kill=6.9, queued_as: 54AE498001550, L/0/0/0
Jul  9 17:51:07 mail postfix/10025/smtpd[41076]: disconnect from mail.mydomain.com[127.0.0.1]
Jul  9 17:51:07 mail postfix/amavis/smtp[41070]: E9E6B9800154E: to=<mydomainadmin@mydomain.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=1.6, delays=0.13/0.03/0/1.4, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 515379800154F)
Jul  9 17:51:07 mail postfix/amavis/smtp[41067]: E9E6B9800154E: to=<aaaa@mydomain.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=1.6, delays=0.13/0.02/0/1.4, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 54AE498001550)
Jul  9 17:51:07 mail postfix/qmgr[2054]: E9E6B9800154E: removed
Jul  9 17:51:07 mail postfix/pipe[41080]: 515379800154F: to=<mydomainadmin@mydomain.com>, relay=dovecot, delay=0.29, delays=0.13/0.02/0/0.14, dsn=2.0.0, status=sent (delivered via dovecot service)
Jul  9 17:51:07 mail postfix/qmgr[2054]: 515379800154F: removed
Jul  9 17:51:07 mail postfix/pipe[41081]: 54AE498001550: to=<aaaa@mydomain.com>, relay=dovecot, delay=0.29, delays=0.13/0.01/0/0.15, dsn=2.0.0, status=sent (delivered via dovecot service)
Jul  9 17:51:07 mail postfix/qmgr[2054]: 54AE498001550: removed

前往版面: iRedAdmin-Pro 技术支持

39 rain6966发表

(3 篇回复,发表在 iRedAdmin-Pro 技术支持)

外部 ip ,以webmail 登入域內帳號寄給域內另一user
出現下面錯誤訊息, 但信件是可正常寄達, 只是稍感疑惑.
maillog:

Jul  9 14:27:05 mail roundcube: <omro80ij> PHP Error: Detected 'temp_dir' change. Access to '/var/www/roundcubemail-1.3.6/temp' restricted by filesystem permissions or open_basedir in /var/www/roundcubemail-1.3.6/plugins/filesystem_attachments/filesystem_attachments.php on line 219 (POST /mail/?_task=mail&_action=remove-attachment)
Jul  9 14:27:12 mail roundcube: <omro80ij> PHP Error: LDAP: ldap_list failed for dn=domainName=mydomain.com,o=domains,dc=mydomain,dc=com. Bad search filter (POST /mail/?_task=mail&_action=autocomplete)
Jul  9 14:27:12 mail roundcube: <omro80ij> PHP Error: LDAP: ldap_list failed for dn=domainName=mydomain.com,o=domains,dc=mydomain,dc=com. Bad search filter (POST /mail/?_task=mail&_action=autocomplete)
Jul  9 14:27:16 mail roundcube: <omro80ij> PHP Error: Detected 'temp_dir' change. Access to '/var/www/roundcubemail-1.3.6/temp' restricted by filesystem permissions or open_basedir in /var/www/roundcubemail-1.3.6/plugins/filesystem_attachments/filesystem_attachments.php on line 219 (POST /mail/?_task=mail&_unlock=loading1531117639174&_lang=en&_framed=1&_action=send)
Jul  9 14:27:16 mail postfix/submission/smtpd[28483]: connect from mail.mydomain.com[127.0.0.1]
Jul  9 14:27:16 mail postfix/submission/smtpd[28483]: Anonymous TLS connection established from mail.mydomain.com[127.0.0.1]: TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)
Jul  9 14:27:16 mail postfix/submission/smtpd[28483]: 2B86598000084: client=mail.mydomain.com[127.0.0.1], sasl_method=LOGIN, sasl_username=aaaa@mydomain.com
Jul  9 14:27:16 mail postfix/cleanup[28487]: 2B86598000084: message-id=<60a0b3add421f0d96a522700a2070b55@mydomain.com>
Jul  9 14:27:16 mail opendmarc[1382]: 2B86598000084: SPF(mailfrom): aaaa@mydomain.com pass
Jul  9 14:27:16 mail opendmarc[1382]: 2B86598000084: mydomain.com pass
Jul  9 14:27:16 mail roundcube: <omro80ij> User aaaa@mydomain.com [203.xx.xx.xx]; Message for bbbb@mydomain.com; 250: 2.0.0 Ok: queued as 2B86598000084
Jul  9 14:27:16 mail postfix/qmgr[2054]: 2B86598000084: from=<aaaa@mydomain.com>, size=8989, nrcpt=2 (queue active)
Jul  9 14:27:16 mail postfix/submission/smtpd[28483]: disconnect from mail.mydomain.com[127.0.0.1]
Jul  9 14:27:16 mail amavis[21122]: (21122-02) ESMTP [127.0.0.1]:10026 /var/spool/amavisd/tmp/amavis-20180709T120453-21122-TbD2HXhi: <aaaa@mydomain.com> -> <mydomainadmin@mydomain.com> Received: from mail.mydomain.com ([127.0.0.1]) by mail.mydomain.com (mail.mydomain.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP for <mydomainadmin@mydomain.com>; Mon,  9 Jul 2018 14:27:16 +0800 (CST)
Jul  9 14:27:16 mail amavis[18322]: (18322-12) ESMTP [127.0.0.1]:10026 /var/spool/amavisd/tmp/amavis-20180709T114651-18322-7dfvXkCC: <aaaa@mydomain.com> -> <bbbb@mydomain.com> Received: from mail.mydomain.com ([127.0.0.1]) by mail.mydomain.com (mail.mydomain.com [127.0.0.1]) (amavisd-new, port 10026) with ESMTP for <bbbb@mydomain.com>; Mon,  9 Jul 2018 14:27:16 +0800 (CST)
Jul  9 14:27:16 mail amavis[21122]: (21122-02) Checking: uBa9qCBrCldU ORIGINATING/MYNETS [127.0.0.1] <aaaa@mydomain.com> -> <mydomainadmin@mydomain.com>
Jul  9 14:27:16 mail amavis[18322]: (18322-12) Checking: R9lD7_1-1v70 ORIGINATING/MYNETS [127.0.0.1] <aaaa@mydomain.com> -> <bbbb@mydomain.com>
Jul  9 14:27:17 mail postfix/10025/smtpd[28496]: connect from mail.mydomain.com[127.0.0.1]
Jul  9 14:27:17 mail postfix/10025/smtpd[28496]: 085369800081B: client=mail.mydomain.com[127.0.0.1]
Jul  9 14:27:17 mail postfix/10025/smtpd[28497]: connect from mail.mydomain.com[127.0.0.1]
Jul  9 14:27:17 mail postfix/cleanup[28487]: 085369800081B: message-id=<60a0b3add421f0d96a522700a2070b55@mydomain.com>
Jul  9 14:27:17 mail postfix/10025/smtpd[28497]: 0B9439800082F: client=mail.mydomain.com[127.0.0.1]
Jul  9 14:27:17 mail postfix/cleanup[28500]: 0B9439800082F: message-id=<60a0b3add421f0d96a522700a2070b55@mydomain.com>
Jul  9 14:27:17 mail opendmarc[1382]: 085369800081B: SPF(mailfrom): aaaa@mydomain.com pass
Jul  9 14:27:17 mail opendmarc[1382]: 085369800081B: mydomain.com pass
Jul  9 14:27:17 mail opendmarc[1382]: 0B9439800082F: SPF(mailfrom): aaaa@mydomain.com pass
Jul  9 14:27:17 mail opendmarc[1382]: 0B9439800082F: mydomain.com pass
Jul  9 14:27:17 mail postfix/10025/smtpd[28496]: disconnect from mail.mydomain.com[127.0.0.1]
Jul  9 14:27:17 mail postfix/qmgr[2054]: 085369800081B: from=<aaaa@mydomain.com>, size=10160, nrcpt=1 (queue active)
Jul  9 14:27:17 mail amavis[21122]: (21122-02) uBa9qCBrCldU FWD from <aaaa@mydomain.com> -> <mydomainadmin@mydomain.com>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 085369800081B
Jul  9 14:27:17 mail amavis[21122]: (21122-02) Passed CLEAN {RelayedInternal}, ORIGINATING/MYNETS LOCAL [127.0.0.1]:58417 <aaaa@mydomain.com> -> <mydomainadmin@mydomain.com>, Queue-ID: 2B86598000084, Message-ID: <60a0b3add421f0d96a522700a2070b55@mydomain.com>, mail_id: uBa9qCBrCldU, Hits: 0.212, size: 9204, queued_as: 085369800081B, dkim_new=dkim:mydomain.com, 855 ms, Tests: [ALL_TRUSTED=-1,SPF_PASS=-0.001,TVD_RCVD_SINGLE=1.213]
Jul  9 14:27:17 mail postfix/10025/smtpd[28497]: disconnect from mail.mydomain.com[127.0.0.1]
Jul  9 14:27:17 mail amavis[21122]: (21122-02) Passed CLEAN, <aaaa@mydomain.com> -> <mydomainadmin@mydomain.com>, Hits: 0.212, tag=2, tag2=6.2, kill=6.9, queued_as: 085369800081B, L/0/0/0
Jul  9 14:27:17 mail amavis[18322]: (18322-12) R9lD7_1-1v70 FWD from <aaaa@mydomain.com> -> <bbbb@mydomain.com>, BODY=7BIT 250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 0B9439800082F
Jul  9 14:27:17 mail postfix/qmgr[2054]: 0B9439800082F: from=<aaaa@mydomain.com>, size=10144, nrcpt=1 (queue active)
Jul  9 14:27:17 mail amavis[18322]: (18322-12) Passed CLEAN {RelayedInternal}, ORIGINATING/MYNETS LOCAL [127.0.0.1]:58417 <aaaa@mydomain.com> -> <bbbb@mydomain.com>, Queue-ID: 2B86598000084, Message-ID: <60a0b3add421f0d96a522700a2070b55@mydomain.com>, mail_id: R9lD7_1-1v70, Hits: 0.212, size: 9204, queued_as: 0B9439800082F, dkim_new=dkim:mydomain.com, 854 ms, Tests: [ALL_TRUSTED=-1,SPF_PASS=-0.001,TVD_RCVD_SINGLE=1.213]
Jul  9 14:27:17 mail amavis[18322]: (18322-12) Passed CLEAN, <aaaa@mydomain.com> -> <bbbb@mydomain.com>, Hits: 0.212, tag=2, tag2=6.2, kill=6.9, queued_as: 0B9439800082F, L/0/0/0
Jul  9 14:27:17 mail postfix/amavis/smtp[28489]: 2B86598000084: to=<mydomainadmin@mydomain.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=1, delays=0.13/0.01/0/0.88, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 085369800081B)
Jul  9 14:27:17 mail postfix/amavis/smtp[28491]: 2B86598000084: to=<bbbb@mydomain.com>, relay=127.0.0.1[127.0.0.1]:10026, delay=1.1, delays=0.13/0.02/0/0.95, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as 0B9439800082F)
Jul  9 14:27:17 mail postfix/qmgr[2054]: 2B86598000084: removed
Jul  9 14:27:17 mail postfix/pipe[28502]: 0B9439800082F: to=<bbbb@mydomain.com>, relay=dovecot, delay=0.33, delays=0.13/0.01/0/0.18, dsn=2.0.0, status=sent (delivered via dovecot service)
Jul  9 14:27:17 mail postfix/qmgr[2054]: 0B9439800082F: removed
Jul  9 14:27:17 mail postfix/pipe[28501]: 085369800081B: to=<mydomainadmin@mydomain.com>, relay=dovecot, delay=0.34, delays=0.13/0.02/0/0.19, dsn=2.0.0, status=sent (delivered via dovecot service)
Jul  9 14:27:17 mail postfix/qmgr[2054]: 085369800081B: removed

/var/log/nginx/access.log

203.xx.xx.xx - - [09/Jul/2018:14:26:37 +0800] "GET /mail/?_task=mail&_action=compose&_id=14210552895b43001ccace0 HTTP/1.1" 200 11329 "https://mail.mydomain.com/mail/?_task=mail&_mbox=INBOX" "Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0"
203.xx.xx.xx - - [09/Jul/2018:14:27:05 +0800] "POST /mail/?_task=mail&_action=remove-attachment HTTP/1.1" 200 123 "https://mail.mydomain.com/mail/?_task=mail&_action=compose&_id=14210552895b43001ccace0" "Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0"
203.xx.xx.xx - - [09/Jul/2018:14:27:12 +0800] "POST /mail/?_task=mail&_action=autocomplete HTTP/1.1" 200 276 "https://mail.mydomain.com/mail/?_task=mail&_action=compose&_id=14210552895b43001ccace0" "Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0"
203.xx.xx.xx - - [09/Jul/2018:14:27:12 +0800] "POST /mail/?_task=mail&_action=autocomplete HTTP/1.1" 200 276 "https://mail.mydomain.com/mail/?_task=mail&_action=compose&_id=14210552895b43001ccace0" "Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0"
84.246.149.65 - - [09/Jul/2018:14:27:13 +0800] "GET / HTTP/1.0" 301 178 "-" "-"
203.xx.xx.xx - - [09/Jul/2018:14:27:16 +0800] "POST /mail/?_task=mail&_unlock=loading1531117639174&_lang=en&_framed=1 HTTP/1.1" 200 355 "https://mail.mydomain.com/mail/?_task=mail&_action=compose&_id=14210552895b43001ccace0" "Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0"
203.xx.xx.xx - - [09/Jul/2018:14:27:20 +0800] "GET /mail/?_task=mail&_refresh=1&_mbox=INBOX HTTP/1.1" 200 11014 "https://mail.mydomain.com/mail/?_task=mail&_action=compose&_id=14210552895b43001ccace0" "Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0"

1).
PHP Error: Detected 'temp_dir' change. Access to '/var/www/roundcubemail-1.3.6/temp' restricted by filesystem permissions or open_basedir in /var/www/roundcubemail-1.3.6/plugins/filesystem_attachments/filesystem_attachments.php on line 219 (POST /mail/?_task=mail&_action=remove-attachment)

這一個問題,我是解決掉了.
a).mkdir -p /var/run/roundcube/tmp
b).chown -R nginx:nginx  /var/run/roundcube/tmp
c)./var/www/roundcubemail/config/config.inc.php
// use this folder to store temp files
// must be writeable for the user who runs PHP process (Apache user if mod_php is being used)
//$config['temp_dir'] = RCUBE_INSTALL_PATH . 'temp/';
$config['temp_dir'] = '/var/run/roundcube/temp/';

2). 但下面問題我無法處理.
PHP Error: LDAP: ldap_list failed for dn=domainName=mydomain.com,o=domains,dc=mydomain,dc=com. Bad search filter (POST /mail/?_task=mail&_action=autocomplete)

前往版面: iRedAdmin-Pro 技术支持

40 rain6966发表

(0 篇回复,发表在 iRedAdmin-Pro 技术支持)

fresh install ,CentOS7,
RedAdmin-Pro 3.1 (LDAP)
mlmmjadmin-1.4

查看Mailling Lists 的群組已包含該user ,
在該user 的 profile 內 , Mailing Lists 未打勾.
再手動打勾, save change , 仍出現 未打勾

把 Pro 3.0 upload 到伺服器 ,改為 3.0 版,則無上面現象.
打勾的更動動作正常.

PS:
user profile 的 advanced內的選項打勾也是無法更動.

前往版面: iRedAdmin-Pro 技术支持

41 rain6966发表

(1 篇回复,发表在 iRedMail 技术支持)

# amavisd -c /etc/amavisd/amavisd.conf testkeys
TESTING#1 mydomain.com: dkim._domainkey.mydomain.com => fail (OpenSSL error: data too small for key size)

# amavisd -c /etc/amavisd/amavisd.conf showkeys
; key#1 1024 bits, i=dkim, d=mydomain.com, /var/lib/dkim/mydomain.com.pem
dkim._domainkey.mydomain.com.   3600 TXT (
  "v=DKIM1; p="  "MIGfMA0GCSqGsIb3DQEBAQUAA4GNADCBiQKBgQC+5GTYBsiC8lDtw0UW9NQ3QOme"  "Xz4h3ebaA5NqQpNc+JnRQjJZ3KGTotqILNnMaPIcM1eR+AFF9Hx2z7ktXx0LdlGa"  "EQKkt6X3yFkL31Z935bXyk+nV22YrFF0HmCkba7vg8NMNoseOIQe7dZSnSExZw1m"
  "qcAtXYT8Y/1b4h5g7QIDAQAB")

iRedMail 預設安裝1024 , 是否修改2048?

Thanks.

前往版面: iRedMail 技术支持

42 rain6966回复

(2 篇回复,发表在 iRedMail 技术支持)

補充一下 :
1).

youliang 写道:

Tests: [ALL_TRUSTED=-1

這IP 您TRUSTED?  >> 92.52.207.55

2)."from=<zh***@s***.com>" ,這帳戶若被黑 ,通知92.52.207.55的管理員,請user改改密碼.

前往版面: iRedMail 技术支持

43 rain6966回复

(8 篇回复,发表在 iRedAdmin-Pro 技术支持)

感謝版主回覆及提醒.

openldap 需在renew 後重起, 這我倒沒有注意這點.

前往版面: iRedAdmin-Pro 技术支持

44 rain6966回复

(8 篇回复,发表在 iRedAdmin-Pro 技术支持)

rain6966 写道:

openldap 不採用 letsencrypt 的憑証

事後想想,應不是好方法.

google 搜尋後,採用下面步驟,請版主(或版內高手)幫幫忙,有哪些地方需修正:

1).#新增 group 並把 ldap 加入ssl-cert  Group 內

useradd  ssl-cert
chown root:ssl-cert -R /etc/letsencrypt/{live,archive}
chmod 0650 -R {live,archive}
usermod -a -G ssl-cert ldap

2).#force renewal

certbot renew /etc/letsencrypt/certbot renew --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"  --force-renewal

#權限被更改
ll /etc/letsencrypt/archive/mail.mydomain.com/
總計 32

-rw-r-x---. 1 root ssl-cert 2163  5月 16 18:21 cert1.pem
-rw-r--r--. 1 root root     2159  5月 21 16:49 cert2.pem
-rw-r-x---. 1 root ssl-cert 1647  5月 16 18:21 chain1.pem
-rw-r--r--. 1 root root     1647  5月 21 16:49 chain2.pem
-rw-r-x---. 1 root ssl-cert 3810  5月 16 18:21 fullchain1.pem
-rw-r--r--. 1 root root     3806  5月 21 16:49 fullchain2.pem
-rw-r-x---. 1 root ssl-cert 1708  5月 16 18:21 privkey1.pem
-rw-r--r--. 1 root root     1704  5月 21 16:49 privkey2.pem

3).#使用--deploy-hook 修改權限

chmod 0650 -R /etc/letsencrypt/renewal-hooks/deploy

#新增: ssl-cert.sh 

#!/bin/sh
chown root:ssl-cert /etc/letsencrypt/archive/mail.mydomain.com/*
chmod 0650 /etc/letsencrypt/archive/mail.mydomain.com/*

#重新產生 

/etc/letsencrypt/certbot renew --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx" --force-renewal --deploy-hook  /etc/letsencrypt/renewal-hooks/deploy/ssl-cert.sh

4). #更改cron job

#10  1 * * 1 /etc/letsencrypt/certbot  renew --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"

10  1 * * 1 /etc/letsencrypt/certbot  renew --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"  --deploy-hook  /etc/letsencrypt/renewal-hooks/deploy/ssl-cert.sh

前往版面: iRedAdmin-Pro 技术支持

45 rain6966回复

(1 篇回复,发表在 iRedAdmin-Pro 技术支持)

FYI:http://www.361way.com/postfix-mail-filter/4695.html

前往版面: iRedAdmin-Pro 技术支持

46 rain6966回复

(8 篇回复,发表在 iRedAdmin-Pro 技术支持)

問題我找到了只不過原先的 mail server 被我敲掉了!!!
是letsencrypt 引起的.

安裝過程:

mv /etc/pki/tls/private/iRedMail.key /etc/pki/tls/private/iRedMail.key.bak
mv /etc/pki/tls/certs/iRedMail.crt   /etc/pki/tls/certs/iRedMail.crt.bak


ln -s /etc/letsencrypt/live/mail.mydomain.com/privkey.pem   /etc/pki/tls/private/iRedMail.key
ln -s /etc/letsencrypt/live/mail.mydomain.com/cert.pem  /etc/pki/tls/certs/iRedMail.crt
ln -s /etc/letsencrypt/live/mail.mydomain.com/fullchain.pem  /etc/pki/tls/certs/fullchain.pem

/etc/openldap/slapd.conf

#TLSCACertificateFile /etc/pki/tls/certs/iRedMail.crt
TLSCACertificateFile /etc/pki/tls/certs/fullchain.pem
TLSCertificateFile /etc/pki/tls/certs/iRedMail.crt
TLSCertificateKeyFile /etc/pki/tls/private/iRedMail.key

/etc/openldap/ldap.conf

#TLS_CACERT /etc/pki/tls/certs/iRedMail.crt.bak
TLS_CACERT /etc/pki/tls/certs/fullchain.pem

openldap 不採用 letsencrypt 的憑証

slapd.conf 改回剛才mv的 iRedMail.key.bak 及iRedMail.crt.bak

不管在openldap 的正確設定為何?但不再出現下面的log

May 16 18:32:49 mail slapd[6690]: @(#) $OpenLDAP: slapd 2.4.44 (Apr 12 2018 19:17:38) $#012#011mockbuild@x86-01.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.44/openldap-2.4.44/servers/slapd
May 16 18:32:49 mail slapd[6690]: main: TLS init def ctx failed: -1
May 16 18:32:49 mail slapd[6690]: slapd stopped.

前往版面: iRedAdmin-Pro 技术支持

47 rain6966发表

(0 篇回复,发表在 iRedMail 技术支持)

iRedMail 0.9.8
# ll /etc/nginx/conf-enabled/
總計 0
lrwxrwxrwx. 1 root root 27  5月 14 18:44 \ -> /etc/nginx/conf-available/\
lrwxrwxrwx. 1 root root 36  5月 14 18:44 cache.conf -> /etc/nginx/conf-available/cache.conf
lrwxrwxrwx. 1 root root 51  5月 14 18:44 client_max_body_size.conf -> /etc/nginx/conf-available/client_max_body_size.conf
lrwxrwxrwx. 1 root root 43  5月 14 18:44 default_type.conf -> /etc/nginx/conf-available/default_type.conf
lrwxrwxrwx. 1 root root 35  5月 14 18:44 gzip.conf -> /etc/nginx/conf-available/gzip.conf
lrwxrwxrwx. 1 root root 34  5月 14 18:44 log.conf -> /etc/nginx/conf-available/log.conf
lrwxrwxrwx. 1 root root 41  5月 14 18:44 mime_types.conf -> /etc/nginx/conf-available/mime_types.conf
lrwxrwxrwx. 1 root root 38  5月 14 18:44 php-fpm.conf -> /etc/nginx/conf-available/php-fpm.conf
lrwxrwxrwx. 1 root root 39  5月 14 18:44 sendfile.conf -> /etc/nginx/conf-available/sendfile.conf
lrwxrwxrwx. 1 root root 44  5月 14 18:44 server_tokens.conf -> /etc/nginx/conf-available/server_tokens.conf
lrwxrwxrwx. 1 root root 50  5月 14 18:44 types_hash_max_size.conf -> /etc/nginx/conf-available/types_hash_max_size.conf

紅色的檔案是否為安裝異常造成.

前往版面: iRedMail 技术支持

48 rain6966发表

(0 篇回复,发表在 iRedMail 技术支持)

CentOS7 :

May 14 18:45:43 mail systemd: Configuration file /opt/iredapd/rc_scripts/iredapd.service is marked executable. Please remove executable permission bits. Proceeding anyway.
May 14 18:45:43 mail systemd: Configuration file /opt/iredapd/rc_scripts/iredapd.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.

# ll /opt/iredapd/rc_scripts

總計 20
-r-x------. 1 root root 2112  6月 28  2017 iredapd.debian
-r-x------. 1 root root 2095  6月 28  2017 iredapd.freebsd
-r-x------. 1 root root   96  6月 28  2017 iredapd.openbsd
-r-x------. 1 root root 1982  6月 28  2017 iredapd.rhel
-r-x------. 1 root root  292  6月 28  2017 iredapd.service

iRedMail 0.9.7
# ll /usr/lib/systemd/system/irqbalance.service

-rw-r--r-- 1 root root 209  4月 11 14:55 /usr/lib/systemd/system/irqbalance.service

iRedMail 0.9.8
ll /usr/lib/systemd/system/iredapd.service

lrwxrwxrwx. 1 root root 39  5月 14 18:45 /usr/lib/systemd/system/iredapd.service -> /opt/iredapd/rc_scripts/iredapd.service

當更改權限:
chmod 0644 /opt/iredapd/rc_scripts/iredapd.service
修正: 0444

上面異常消除.

前往版面: iRedMail 技术支持

49 rain6966回复

(8 篇回复,发表在 iRedAdmin-Pro 技术支持)

回復 VM 機 ;並比較兩台差異:
故障機
多出:
/etc/openldap/slapd.d/cn=config/cn=module{0}.ldif
/etc/openldap/slapd.d/cn=config/olcDatabase={1}mdb
/etc/openldap/slapd.d/cn=config/olcDatabase={1}mdb/olcOverlay={0}syncprov.ldif
/usr/lib/debug/usr/sbin/sogo-slapd-sockd.debug
缺少:
/etc/systemd/system/multi-user.target.wants/slapd.service

缺少: 下 ln -s 後 ;  仍不行

多出: 應是 實體機及VM 機; 先前做 replication 時所產生的 ldif資料 .
但在做 yum update 時, 是早已關掉,不做同步了.
但那是去年時的測試 ; 之後yum update也做過至少一次kernel 更新.
所以問題應也不是這個.

在做yum update時, 有在做使用者信箱郵件搬移;
使用 TB ,搬移 pop 帳號到某 imap 帳號的信箱裡,
update 完成後, 發現 slapd 未啟動 , 此有可能造成 slapd 啟動失敗?

前往版面: iRedAdmin-Pro 技术支持

50 rain6966回复

(3 篇回复,发表在 iRedAdmin-Pro 技术支持)

# logwatch --service cron --range 20180509

     User amavis:
       personal crontab edited: 1 Time(s)
       touch /var/spool/amavisd/quarantine; find /var/spool/amavisd/quarantine/ -mtime +15 | xargs rm -rf {}: 1 Time(s)
       touch /var/spool/amavisd/quarantine; find /var/spool/amavisd/quarantine/ -mtime +25 | xargs rm -rf {}: 1 Time(s)

改為 -mtime +66
# logwatch --service cron --range 20180511

       touch /var/spool/amavisd/quarantine; find /var/spool/amavisd/quarantine/ -mtime +15 | xargs rm -rf {}: 1 Time(s)
       touch /var/spool/amavisd/quarantine; find /var/spool/amavisd/quarantine/ -mtime +66 | xargs rm -rf {}: 1 Time(s)

查看:
/var/log/cron
這兩天的紀錄,是沒有
touch /var/spool/amavisd/quarantine; find /var/spool/amavisd/quarantine/ -mtime +15 | xargs rm -rf {}: 1 Time(s)

-mtime +25 及 +66 是有紀錄;
這實在說不過去 , logwatch 會抓以前的log 資料.

前往版面: iRedAdmin-Pro 技术支持