ZhangHuangbin 写道:

letsencrypt 的集成暂时还没有计划。

了解.

但是否可在 iRedMail doc 上 , 加上教學文檔? 讓新安裝iRedMAil的人有一參考範例.

Thanks.

102

(10 篇回复,发表在 iRedMail 技术支持)

是從 wget https://bitbucket.org/zhb/iredmail/down … .6.tar.bz2 下載

ZhangHuangbin 写道:

CSS 文件的位置找不到导致的。

你需要把所有 /iredadmin 这个 url 都替换为你要的 /ccc。

location ~ ^/ccc/static/(.*)\.(png|jpg|gif|css|js) {
    alias /var/www/iredadmin/static/$1.$2;
}

# Python scripts
#location ~ ^/iredadmin(.*) {
location ~ ^/ccc(.*) {
    rewrite ^/iredadmin(/.*)$ $1 break;

    include /etc/nginx/templates/hsts.tmpl;

    include uwsgi_params;
    uwsgi_pass unix:/run/uwsgi/iredadmin.socket;
    uwsgi_param UWSGI_CHDIR /var/www/iredadmin;
    uwsgi_param UWSGI_SCRIPT iredadmin;
    uwsgi_param SCRIPT_NAME /iredadmin;

    # Access control
    #allow 127.0.0.1;
    #allow 192.168.1.10;
    #allow 192.168.1.0/24;
    #deny all;
}

# iRedAdmin: redirect /iredadmin to /iredadmin/
#location = /iredadmin {
location = /ccc {
    rewrite ^ /iredadmin/;
}

版主 ,  再改為如上面 ; 會出現 "404 Not Found"

/var/log/nginx/error.log
2017/03/16 14:15:51 [error] 5339#0: *1 "/var/www/html/iredadmin/index.php" is not found (2: No such file or directory), client: 192.168.1.66, server: _, request: "GET /ccc HTTP/1.1", host: "mail.mydoamin.com"

我已再重裝 iRedMail 一次 了,問題一樣; 可請版主明示.

Thanks.

104

(10 篇回复,发表在 iRedMail 技术支持)

==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:0.9.6
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):LDAP
- 使用的 Linux/BSD 发行版名称及版本号:CentOS7.3
- 与您的问题相关的日志信息:
====

先前出現的錯誤訊息 ,目前還是出現
* Removing plain LDIF file: /var/vmail/backup/ldap/2017/03/2017-03-16-14-07-41.ldif...  [DONE]
ERROR 1045 (28000): Access denied for user 'iredadmin'@'localhost' (using password: YES)
* File size:

cron jab 或手動執行 bash /var/vmail/backup/backup_openldap.sh

會出現上面 ERROR 訊息

Thanks

==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:0.9.6
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):LDAP
- 使用的 Linux/BSD 发行版名称及版本号:CentOS7.3
- 与您的问题相关的日志信息:
====
今安裝 iredmail 後要登入主控台或 webmail無法登入:

出現 您的連線並不安全 ; 用了無效的安全憑證。 該憑證未受信任,因為憑證是自己簽署的憑證。 錯誤代碼: SEC_ERROR_UNKNOWN_ISSUER


不知有人有此現象?
iRedmail 安裝完成 , 需再自己安裝免費的Let's Encrypt ; 才可使用

版主 ; iRedMail 是否能把Let's Encrypt 當成預設安裝?

106

(0 篇回复,发表在 iRedMail 技术支持)

==== ==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:0.9.6
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):P-2.7.0 (LDAP)
- 使用的 Linux/BSD 发行版名称及版本号:CentOS7 Nginx
- 与您的问题相关的日志信息:
====
58c6ec31 mdb_monitor_db_open: monitoring disabled; configure monitor database to enable
* Starting backup at 2017-03-14-03-00-01
* Backup directory: /var/vmail/backup/ldap/2017/03.
* Dumping LDAP data into file: /var/vmail/backup/ldap/2017/03/2017-03-14-03-00-01.ldif...
* Compressing LDIF file with command: 'bzip2 -9' ...
* [DONE]
* Removing plain LDIF file: /var/vmail/backup/ldap/2017/03/2017-03-14-03-00-01.ldif...    [DONE]
ERROR 1045 (28000): Access denied for user 'iredadmin'@'localhost' (using password: YES)
* File size:
=================
4.0K    /var/vmail/backup/ldap/2017/03/2017-03-14-03-00-01.ldif.bz2
=================
* [ OK ] Backup completes successfully.

/root/.my.cnf
[client]
user=root
password="xxxxxxxxxxxx"

重啟動 mariadb ;
錯誤消失

此post 可關閉

ZhangHuangbin 写道:

/etc/nginx/templates/iredadmin.tmpl 里改。

# static files under /iredadmin/static
#location ~ ^/iredadmin/static/(.*)\.(png|jpg|gif|css|js) {
location ~ ^/ccc/static/(.*)\.(png|jpg|gif|css|js) {
    alias /var/www/iredadmin/static/$1.$2;
}
# Python scripts
location ~ ^/iredadmin(.*) {
   rewrite ^/iredadmin(/.*)$ $1 break;

    include /etc/nginx/templates/hsts.tmpl;

    include uwsgi_params;
    uwsgi_pass unix:/run/uwsgi/iredadmin.socket;
    uwsgi_param UWSGI_CHDIR /var/www/iredadmin;
    uwsgi_param UWSGI_SCRIPT iredadmin;
    uwsgi_param SCRIPT_NAME /iredadmin;
}
# iRedAdmin: redirect /iredadmin to /iredadmin/
#location = /iredadmin {
location = /ccc {
   rewrite ^ /iredadmin/;
}

設定後出現附檔 ; 非正常顏色顯示 ; 是哪裡設錯?

/var/log/nginx/access.log

192.168.1.66 - - [14/Mar/2017:10:57:33 +0800] "GET /ccc HTTP/1.1" 200 1420 "-" "Mozilla/5.0 (Windows NT 5.1;rv:52.0) Gecko/20100101 Firefox/52.0"
192.168.1.66 - - [14/Mar/2017:10:57:33 +0800] "GET /iredadmin/static/roundcube_logo.png HTTP/1.1" 404 40 "https://mail.mydomain.com/ccc" "Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0"
192.168.1.66 - - [14/Mar/2017:10:57:34 +0800] "GET /iredadmin/static/default/css/reset.css HTTP/1.1" 404 40  "https://mail.mydomain.com/ccc" "Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0"
192.168.1.66 - - [14/Mar/2017:10:57:34 +0800] "GET /iredadmin/static/default/css/screen.css HTTP/1.1" 404 40   "https://mail.mydomain.com/ccc" "Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0"
192.168.1.66 - - [14/Mar/2017:10:57:35 +0800] "GET /iredadmin/static/roundcube_logo.png HTTP/1.1" 404 40 "https://mail.mydomain.com/ccc" "Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0"

/var/log/nginx/error.log
無資料.

Thanks.

==== ==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:0.9.6
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):Pro2.7.0(LDAP)
- 使用的 Linux/BSD 发行版名称及版本号:CentOS7.3 Nginx
- 与您的问题相关的日志信息:
====
第一次使用nginx安裝 iredmail
一般登入控制平台為 https://mail.mydomain.com/iredadmin
要更改為 https://mail.mydomain.com/ccc
應如何更改?

在Apache : 只要更改下面即可:
/etc/httpd/conf.d/ssl.conf
#Alias /iredadmin/static "/var/www/iredadmin/static/"
Alias /ccc/static "/var/www/iredadmin/static/"
#WSGIScriptAlias /iredadmin "/var/www/iredadmin/iredadmin.py/"
WSGIScriptAlias /ccc "/var/www/iredadmin/iredadmin.py/"

感謝幫忙,
ssh 登入等下寄出 zhb@iredmail.org

Thanks

# postmap -v -q '1@mydomain.com' ldap:/etc/postfix/ldap/sender_bcc_maps_user.cf
postmap: name_mask: all
postmap: inet_addr_local: configured 2 IPv4 addresses
postmap: inet_addr_local: configured 2 IPv6 addresses
postmap: dict_ldap_open: Using LDAP source /etc/postfix/ldap/sender_bcc_maps_user.cf
postmap: cfg_get_str: /etc/postfix/ldap/sender_bcc_maps_user.cf: server_host = 127.0.0.1
postmap: cfg_get_int: /etc/postfix/ldap/sender_bcc_maps_user.cf: server_port = 389
postmap: cfg_get_int: /etc/postfix/ldap/sender_bcc_maps_user.cf: version = 3
postmap: dict_ldap_open: /etc/postfix/ldap/sender_bcc_maps_user.cf server_host URL is ldap://127.0.0.1:389
postmap: cfg_get_str: /etc/postfix/ldap/sender_bcc_maps_user.cf: scope = one
postmap: cfg_get_str: /etc/postfix/ldap/sender_bcc_maps_user.cf: search_base = ou=Users,domainName=%d,o=domains,dc=mydomain,dc=com
postmap: cfg_get_int: /etc/postfix/ldap/sender_bcc_maps_user.cf: timeout = 10
postmap: cfg_get_str: /etc/postfix/ldap/sender_bcc_maps_user.cf: query_filter = (&(|(mail=%s)(&(enabledService=shadowaddress)(shadowAddress=%s)))(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=senderbcc))
postmap: cfg_get_str: /etc/postfix/ldap/sender_bcc_maps_user.cf: result_format = <NULL>
postmap: cfg_get_str: /etc/postfix/ldap/sender_bcc_maps_user.cf: result_filter = %s
postmap: cfg_get_str: /etc/postfix/ldap/sender_bcc_maps_user.cf: domain =
postmap: cfg_get_str: /etc/postfix/ldap/sender_bcc_maps_user.cf: terminal_result_attribute =
postmap: cfg_get_str: /etc/postfix/ldap/sender_bcc_maps_user.cf: leaf_result_attribute =
postmap: cfg_get_str: /etc/postfix/ldap/sender_bcc_maps_user.cf: result_attribute = userSenderBccAddress
postmap: cfg_get_str: /etc/postfix/ldap/sender_bcc_maps_user.cf: special_result_attribute =
postmap: cfg_get_str: /etc/postfix/ldap/sender_bcc_maps_user.cf: bind = yes
postmap: cfg_get_str: /etc/postfix/ldap/sender_bcc_maps_user.cf: bind_dn = cn=vmail,dc=mydomain,dc=com
postmap: cfg_get_str: /etc/postfix/ldap/sender_bcc_maps_user.cf: bind_pw = bXXXXXXXXXXXXXXXXXXXXXXXXXXXX
postmap: cfg_get_bool: /etc/postfix/ldap/sender_bcc_maps_user.cf: cache = off
postmap: cfg_get_int: /etc/postfix/ldap/sender_bcc_maps_user.cf: cache_expiry = -1
postmap: cfg_get_int: /etc/postfix/ldap/sender_bcc_maps_user.cf: cache_size = -1
postmap: cfg_get_int: /etc/postfix/ldap/sender_bcc_maps_user.cf: recursion_limit = 1000
postmap: cfg_get_int: /etc/postfix/ldap/sender_bcc_maps_user.cf: expansion_limit = 0
postmap: cfg_get_int: /etc/postfix/ldap/sender_bcc_maps_user.cf: size_limit = 0
postmap: cfg_get_int: /etc/postfix/ldap/sender_bcc_maps_user.cf: dereference = 0
postmap: cfg_get_bool: /etc/postfix/ldap/sender_bcc_maps_user.cf: chase_referrals = off
postmap: cfg_get_bool: /etc/postfix/ldap/sender_bcc_maps_user.cf: start_tls = off
postmap: cfg_get_bool: /etc/postfix/ldap/sender_bcc_maps_user.cf: tls_require_cert = off
postmap: cfg_get_str: /etc/postfix/ldap/sender_bcc_maps_user.cf: tls_ca_cert_file =
postmap: cfg_get_str: /etc/postfix/ldap/sender_bcc_maps_user.cf: tls_ca_cert_dir =
postmap: cfg_get_str: /etc/postfix/ldap/sender_bcc_maps_user.cf: tls_cert =
postmap: cfg_get_str: /etc/postfix/ldap/sender_bcc_maps_user.cf: tls_key =
postmap: cfg_get_str: /etc/postfix/ldap/sender_bcc_maps_user.cf: tls_random_file =
postmap: cfg_get_str: /etc/postfix/ldap/sender_bcc_maps_user.cf: tls_cipher_suite =
postmap: cfg_get_int: /etc/postfix/ldap/sender_bcc_maps_user.cf: debuglevel = 0
postmap: dict_open: ldap:/etc/postfix/ldap/sender_bcc_maps_user.cf
postmap: dict_ldap_lookup: In dict_ldap_lookup
postmap: dict_ldap_lookup: No existing connection for LDAP source /etc/postfix/ldap/sender_bcc_maps_user.cf, reopening
postmap: dict_ldap_connect: Connecting to server ldap://127.0.0.1:389
postmap: dict_ldap_connect: Actual Protocol version used is 3.
postmap: dict_ldap_connect: Binding to server ldap://127.0.0.1:389 with dn cn=vmail,dc=mydomain,dc=com
postmap: dict_ldap_connect: Successful bind to server ldap://127.0.0.1:389 with dn cn=vmail,dc=mydomain,dc=com
postmap: dict_ldap_connect: Cached connection handle for LDAP source /etc/postfix/ldap/sender_bcc_maps_user.cf
postmap: dict_ldap_lookup: /etc/postfix/ldap/sender_bcc_maps_user.cf: Searching with filter (&(|(mail=1@mydomain.com)(&(enabledService=shadowaddress)(shadowAddress=1@mydomain.com)))(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=senderbcc))
postmap: dict_ldap_get_values[1]: Search found 1 match(es)
postmap: dict_ldap_get_values[1]: search returned 1 value(s) for requested result attribute userSenderBccAddress
postmap: dict_ldap_get_values[1]: Leaving dict_ldap_get_values
postmap: dict_ldap_lookup: Search returned admin@mydomain.com
admin@mydomain.com
postmap: dict_ldap_close: Closed connection handle for LDAP source /etc/postfix/ldap/sender_bcc_maps_user.cf

ZhangHuangbin 写道:

但目前 iRedAdmin-Pro 没有加入这个功能,所以作为管理员,你只能用 '--force-all' 参数来强制检查所有用户的隔离邮件并发送通知。

了解.

这个错误似乎是 python 连接 ldap 服务器出错了。先试下这个 patch,让它能打印出更详细的错误:

cd /var/www/iredadmin
# patch -b -p0 tools/ira_tool_lib.py<ira_tool_lib.patch
# systemctl restart amavisd
# systemctl restart slapd.service
# systemctl restart httpd.service

# python tools/notify_quarantined_recipients.py
* << ERROR >> Error while querying mail users: LDAPError('LDAP connection invalid',)
# python tools/notify_quarantined_recipients.py --force-all
* << ERROR >> Error while querying mail users: LDAPError('LDAP connection invalid',)

/var/log/openldap.log 如下:
Feb 15 14:16:34 mail slapd[29652]: => access_allowed: result not in cache (userPassword)
Feb 15 14:16:34 mail slapd[29652]: => access_allowed: auth access to "cn=vmailadmin,dc=l,dc=techlins,dc=com" "userPassword" requested
Feb 15 14:16:34 mail slapd[29652]: => acl_get: [1] attr userPassword
Feb 15 14:16:34 mail slapd[29652]: => acl_mask: access to entry "cn=vmailadmin,dc=l,dc=techlins,dc=com", attr "userPassword" requested
Feb 15 14:16:34 mail slapd[29652]: => acl_mask: to value by "", (=0)
Feb 15 14:16:34 mail slapd[29652]: <= check a_dn_pat: anonymous
Feb 15 14:16:34 mail slapd[29652]: <= acl_mask: [1] applying auth(=xd) (stop)
Feb 15 14:16:34 mail slapd[29652]: <= acl_mask: [1] mask: auth(=xd)
Feb 15 14:16:34 mail slapd[29652]: => slap_access_allowed: auth access granted by auth(=xd)
Feb 15 14:16:34 mail slapd[29652]: => access_allowed: auth access granted by auth(=xd)
Feb 15 14:16:51 mail slapd[29652]: => access_allowed: result not in cache (userPassword)
Feb 15 14:16:51 mail slapd[29652]: => access_allowed: auth access to "cn=vmailadmin,dc=l,dc=techlins,dc=com" "userPassword" requested
Feb 15 14:16:51 mail slapd[29652]: => acl_get: [1] attr userPassword
Feb 15 14:16:51 mail slapd[29652]: => acl_mask: access to entry "cn=vmailadmin,dc=l,dc=techlins,dc=com", attr "userPassword" requested
Feb 15 14:16:51 mail slapd[29652]: => acl_mask: to value by "", (=0)
Feb 15 14:16:51 mail slapd[29652]: <= check a_dn_pat: anonymous
Feb 15 14:16:51 mail slapd[29652]: <= acl_mask: [1] applying auth(=xd) (stop)
Feb 15 14:16:51 mail slapd[29652]: <= acl_mask: [1] mask: auth(=xd)
Feb 15 14:16:51 mail slapd[29652]: => slap_access_allowed: auth access granted by auth(=xd)
Feb 15 14:16:51 mail slapd[29652]: => access_allowed: auth access granted by auth(=xd)

結果一樣 .
我找不到 iredadmin.log 檔

patch 的檔案和原始檔比較:
# diff ira_tool_lib.py ira_tool_lib.py.20170215
39a40,43
> def print_error(msg):
>     print '< ERROR > ' + msg
>
>
48d51
<
61c64
<         logger.error(e)
---
>         print_error(e)

Thanks.

1).
# postconf sender_bcc_maps
sender_bcc_maps = proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_user.cf proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_domain.cf

2). 1@mydomain.com 的 ldif
dn: mail=1@mydomain.com,ou=Users,domainName=mydomain.com,o=domains,dc=mydomain,dc=com
accountStatus: active
amavisLocal: TRUE
cn: 1
enabledService: internal
enabledService: doveadm
enabledService: lib-storage
enabledService: indexer-worker
enabledService: mail
enabledService: dsync
enabledService: smtp
enabledService: smtpsecured
enabledService: pop3
enabledService: pop3secured
enabledService: imap
enabledService: imapsecured
enabledService: deliver
enabledService: lda
enabledService: lmtp
enabledService: recipientbcc
enabledService: senderbcc
enabledService: managesieve
enabledService: managesievesecured
enabledService: sieve
enabledService: sievesecured
enabledService: forward
enabledService: shadowaddress
enabledService: displayedInGlobalAddressBook
enabledService: sogo
homeDirectory: /var/vmail/vmail1/mydomain.com/1/1/1/1-2017.02.14.10.44.59/
mail: 1@mydomain.com
mailMessageStore: vmail1/mydomain.com/1/1/1/1-2017.02.14.10.44.59/
mailQuota: 5242880000
objectClass: inetOrgPerson
objectClass: mailUser
objectClass: shadowAccount
objectClass: amavisAccount
preferredLanguage: en_US
shadowLastChange: 0
sn: 1
storageBaseDirectory: /var/vmail
uid: 1
userPassword: {SSHA}wNa/70FM6vgd4LOvw7TLCIcHoU0VQNmNrIayjQ==
userRecipientBccAddress: admin@mydomain.com
userSenderBccAddress: admin@mydomain.com

在 /var/www/iredadmin/tools/notify_quarantined_recipients.py有
# How it works:
#
#   - Mail user login to iRedAdmin-Pro (self-service) and choose to receive
#     notification email when there's email quarantined.
#
#       - OpenLDAP: user will be assigned `enabledService=quar_notify`.

此enabledService=quar_notify 如何加入?

在 phpldapadmin
伺服器:    Distinguished Name: domainName=mydomain.com,o=domains,dc=mydomain,dc=com
下的enabledService 加入 quar_notify

還是在
伺服器:    Distinguished Name: mail=1@mydomain.com,ou=Users,domainName=mydomain.com,o=domains,dc=mydomain,dc=com
下的enabledService 加入 quar_notify
這樣變成是每一個user 皆須手動來加

/var/www/iredadmin/settings.py
再加入:
# SMTP server address, port, username, password used to send notification mail.
NOTIFICATION_SMTP_SERVER = 'localhost'
NOTIFICATION_SMTP_PORT = 587
NOTIFICATION_SMTP_STARTTLS = True
#NOTIFICATION_SMTP_USER = 'no-reply@localhost.local'
#NOTIFICATION_SMTP_PASSWORD = ''
NOTIFICATION_SMTP_USER = 'spam@mydomain.com'
NOTIFICATION_SMTP_PASSWORD = 'xxxxxxxxx'
NOTIFICATION_SMTP_DEBUG_LEVEL = 0
NOTIFICATION_IREDADMIN_URL = 'https://mail.mydoamin.com/iredadmin/'
NOTIFICATION_QUARANTINE_MAIL_SUBJECT = '[Attention] You have emails quarantined and not delivered to mailbox'

執行# python notify_quarantined_recipients.py
* << ERROR >> Error while querying mail users: LDAPError('LDAP connection invalid',)

還是錯誤.
log: /var/log/openldap.log

Feb 15 10:27:28 mail slapd[23549]: daemon: shutdown requested and initiated.
Feb 15 10:27:28 mail slapd[23549]: slapd shutdown: waiting for 0 operations/tasks to finish
Feb 15 10:27:28 mail slapd[23549]: slapd stopped.
Feb 15 10:27:28 mail slapd[24438]: @(#) $OpenLDAP: slapd 2.4.40 (Nov  6 2016 01:21:28) $#012#011mockbuild@worker1.bsys.centos.org:/builddir/build/BUILD/openldap-2.4.40/openldap-2.4.40/servers/slapd
Feb 15 10:27:28 mail slapd[24440]: config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context
Feb 15 10:27:28 mail slapd[24440]: mdb_monitor_db_open: monitoring disabled; configure monitor database to enable
Feb 15 10:27:28 mail slapd[24440]: slapd starting
Feb 15 10:27:48 mail slapd[24440]: => access_allowed: result not in cache (userPassword)
Feb 15 10:27:48 mail slapd[24440]: => access_allowed: auth access to "cn=vmailadmin,dc=mydomain,dc=com" "userPassword" requested
Feb 15 10:27:48 mail slapd[24440]: => acl_get: [1] attr userPassword
Feb 15 10:27:48 mail slapd[24440]: => acl_mask: access to entry "cn=vmailadmin,dc=mydomain,dc=com", attr "userPassword" requested
Feb 15 10:27:48 mail slapd[24440]: => acl_mask: to value by "", (=0)
Feb 15 10:27:48 mail slapd[24440]: <= check a_dn_pat: anonymous
Feb 15 10:27:48 mail slapd[24440]: <= acl_mask: [1] applying auth(=xd) (stop)
Feb 15 10:27:48 mail slapd[24440]: <= acl_mask: [1] mask: auth(=xd)
Feb 15 10:27:48 mail slapd[24440]: => slap_access_allowed: auth access granted by auth(=xd)
Feb 15 10:27:48 mail slapd[24440]: => access_allowed: auth access granted by auth(=xd)

logwatch 部分內容:
Warnings
--------
  cleanup (total: 20)
        10   proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_user.cf lookup err...
         1   21CD2C0000132: sender_bcc_maps lookup problem
         1   8E342C0000132: sender_bcc_maps lookup problem
         1   8E7DCC0000132: sender_bcc_maps lookup problem
         1   B8A53C0000132: sender_bcc_maps lookup problem
         1   B8CE6C0000132: sender_bcc_maps lookup problem
         1   B8E57C0000132: sender_bcc_maps lookup problem
         1   B8F7EC0000132: sender_bcc_maps lookup problem
         1   C3188C0000132: sender_bcc_maps lookup problem
         1   C3630C0000132: sender_bcc_maps lookup problem
         1   C37E4C0000132: sender_bcc_maps lookup problem
  pickup (total: 10)
         1   maildrop/4C99CD009E58C: error writing 8E7DCC0000132: queue file...
         1   maildrop/4C99CD009E58C: error writing C3630C0000132: queue file...
         1   maildrop/4C99CD009E58C: error writing B8CE6C0000132: queue file...
         1   maildrop/6997BD009E58B: error writing 8E342C0000132: queue file...
         1   maildrop/6997BD009E58B: error writing B8A53C0000132: queue file...
         1   maildrop/6997BD009E58B: error writing C3188C0000132: queue file...
         1   maildrop/6997BD009E58B: error writing 21CD2C0000132: queue file...
         1   maildrop/9B2F1D009E58E: error writing B8F7EC0000132: queue file...
         1   maildrop/AE391D009E58D: error writing B8E57C0000132: queue file...
         1   maildrop/AE391D009E58D: error writing C37E4C0000132: queue file...
  proxymap (total: 12)
        12   dict_ldap_connect: Unable to bind to server ldap://127.0.0.1:38...
  trivial-rewrite (total: 2)
         2   proxy:ldap:/etc/postfix/ldap/transport_maps_user.cf lookup erro...

其sender_bcc_maps_user.cf 及transport_maps_user.cf  出錯

ps: iRedMail 版本号:0.9.6, 才對;  寫錯為0.6.0

ZhangHuangbin 写道:

可否将以下两个文件里的 LDAP query 语句贴一下,
. . . .
/etc/postfix/ldap/sender_bcc_maps_domain.cf
/etc/postfix/ldap/sender_bcc_maps_user.cf

除CentOS7.3的  bind_dn及search_base 多出 dc=sub ,其他
在CentOS6.8 及 CentOS7.3 兩台內容格式皆一樣,

# cat /etc/postfix/ldap/sender_bcc_maps_domain.cf
server_host     = 127.0.0.1
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=mydomain,dc=com
bind_pw         = VXXXXXXXXXXXXXXXXXXXXXXXX
search_base     = o=domains,dc=mydomain,dc=com
scope           = one
query_filter    = (&(objectClass=mailDomain)(|(domainName=%d)(domainAliasName=%d))(accountStatus=active)(enabledService=mail)(enabledService=senderbcc))
result_attribute= domainSenderBccAddress
debuglevel      = 0

# cat /etc/postfix/ldap/sender_bcc_maps_user.cf
server_host     = 127.0.0.1
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=mydomain,dc=com
bind_pw         = VXXXXXXXXXXXXXXXXXXXXXXXX
search_base     = ou=Users,domainName=%d,o=domains,dc=mydomain,dc=com
scope           = one
query_filter    = (&(|(mail=%s)(&(enabledService=shadowaddress)(shadowAddress=%s)))(objectClass=mailUser)(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=senderbcc))
result_attribute= userSenderBccAddress
debuglevel      = 0


ps: 我的iRedMail 版本号:為0.9.6 , 我寫錯了(0.6.0)

==== ==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:0.6.0
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):Prp-2.7.0(LDAP)
- 使用的 Linux/BSD 发行版名称及版本号:CentOS7.3
- 与您的问题相关的日志信息:
====
參照:http://www.iredmail.org/docs/quarantining.html#notify-users-about-quarantined-mails

1).
# vi /var/www/iredadmin/settings.py
NOTIFICATION_IREDADMIN_URL = 'https://mail.mydomain.com/iredadmin/'

NOTIFICATION_QUARANTINE_MAIL_SUBJECT = '[Attention] You have emails quarantined and not delivered to mailbox'

2).
#1 */12 * * * python /var/www/iredadmin/tools/notify_quarantined_recipients.py >/dev/null
*/5 * * * * python /var/www/iredadmin/tools/notify_quarantined_recipients.py >/dev/null
改5分鐘 也沒有動作

3).
# python /var/www/iredadmin/tools/notify_quarantined_recipients.py
出現:
* << ERROR >> Error while querying mail users: LDAPError('LDAP connection invalid',)

self-service 已啟用.
哪裡未設定好呢?

Thanks

116

(1 篇回复,发表在 iRedMail 技术支持)

按照:
http://www.iredmail.org/forum/post54587.html#p54587
方法.
現已解決.

Thanks

==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:0.6.0
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):Pro-LDAP(2.7.0)
- 使用的 Linux/BSD 发行版名称及版本号:CentOS7.3
- 与您的问题相关的日志信息:
====
per-user 啟用 incoming 及outgoing 的BCC功能
在 admin@ 收不到 user 外寄的信件 ;
也就是說 outgoing 無動作 , incoming 正常,可收到monitor 信件. 

Thanks.

118

(1 篇回复,发表在 iRedMail 技术支持)

==== ==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:0.6.0
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):Pro-LDAP(2.7.0)
- 使用的 Linux/BSD 发行版名称及版本号:CentOS7.3
- 与您的问题相关的日志信息:
====
self-service user  無法登入

參考:http://www.iredmail.org/forum/post54565.html#p54565
的patch 檔, 應如何上patch.
這是我測試的指令 ; 有問題, 正確指令要如何下?
/var/www/iredadmin]# patch --dry-run -p3 <b74802e23fb2.patch

Thanks

119

(5 篇回复,发表在 iRedMail 技术支持)

ZhangHuangbin 写道:

暂时无法实现。

了解. 感謝回覆.

那 Profile of domain: mydomain.com 下的 "BCC" 似乎就可不用 了. 操控平台 BCC 可省掉.

因設定 bcc 例外 user :
只需在 Users =>Advanced 下不打勾
BCC incoming emails to other address
BCC outgoing emails to other address
即可做到


另第一次 post 文
有關 outgoing 的monitor , admin@ 無法收到 user 發出信件,
要如何設定. incoming 功能正常可收到.

Thanks.

120

(5 篇回复,发表在 iRedMail 技术支持)

ZhangHuangbin 写道:

不同账号类型的 BCC 优先级不通:Per-user BCC settings > Per-domain。即:

我目前思緒卡在 "不通"  及 "Per-user BCC settings > Per-domain" 的 ">"
1). "不通"指 Per-domain BCC 權限不會繼承給 Per-user .
2). ">"  指優先或大於.   所以Per-user BCC 的啟用或不啟用
皆不會受 Per-domain BCC 引響.

上面兩疑惑 , 若成立(正確).

- 如果有 per-user bcc,则使用 per-user bcc。

接受

- 如果无 per-user bcc,则查询 per-domain bcc。如果有则使用 Per-domain bcc,如无责则此邮件不会做任何 bcc 处理。

卡住了, per-user bcc 不啟動 , 那 per-domain bcc 應無作用; 因它們 "不通"">" .

如果 per-user bcc 的设置处没有打勾,意思是使用 per-domain bcc(如有)。而不是 explicitly 表示不对该用户的邮件做 bcc 处理。

卡住了 ,同上.

其實我只是想設定iRedMail 為:
per-domain bcc 啟用 , per-user bcc 啟用 ; 某例外 user bcc 不啟用, 應如何設定?

目前 per-domain bcc 會繼承給 新建per-user bcc , 我只要去 per-user bcc 設不啟用 , 即可 . 但卻不符上面的解釋 , 所以這步驟不正確.

但因 per-domain bcc 已啟用 , per-user bcc 不啟用 , 結果admin@ 會收到 .
但系統 "Per-user BCC settings > Per-domain" ; 應當Per-user 設定不啟用 時 , admin@ 不收到才對?

121

(5 篇回复,发表在 iRedMail 技术支持)

==== ==== ==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:0.6.0
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):OpenLDAP-2.7.0
- 使用的 Linux/BSD 发行版名称及版本号:CentOS6.8 & 7.3
- 与您的问题相关的日志信息:
====

BCC :設定如下: user  不啟用 BCC
兩個帳號皆設在同一台PC上(pc在外網不同網段)及用TB測試

mydomain.com 為CentOS6.8 OpenLDAP-Pro-2.7.0 , iRedAPD-2.0
sub.domain.com 為 CentOS7.3 OpenLDAP-Pro-2.7.0, iRedAPD-2.0
(按iRedMail-0.6.0 版更文檔升級為最新版後 ,
出現 admin@mydomain.com 收到 users未啟動BCC的信件;
做降版本一樣出現問題, 才提出此問題)

a). 網域: BCC
Monitor incoming emails via BCC => 打勾
Monitor outgoing emails via BCC => 打勾
BCC incoming emails to other address  => admin@mydomain.com
BCC outgoing emails to other address  => admin@mydomain.com
(subdomain 設定差異處)
BCC incoming emails to other address  => admin@sub.mydomain.com
BCC outgoing emails to other address  => admin@sub.mydomain.com

b). users : Advanced
BCC incoming emails to other address =>清除不填(預設會繼承網域BCC)
BCC outgoing emails to other addres  =>清除不填(預設會繼承網域BCC)

Enabled-services
不打勾 =>BCC incoming emails to other address
不打勾 =>BCC outgoing emails to other address

以上設定是否有問題?

c). 內部網域互相測試
區網 (2個host server 為domain 及subdomain 關係, 在同網段10.10.10.xx )
現測試 test4@mydomain.com =>給 test4@sub.mydomain.com 信件,

incoming  (sub.mydomain.com 錯誤)
不啟用BCC的user (test4@sub.mydomain.com),仍會被監控admin@sub.mydomain.com 會收到 使用者(test4@sub.mydomain.com)信件.
(會monitor sub.mydomain.com , 因users 的設定無效),

outgoing  (mydomain.com 無效)
monitor mydomain.com無作用, 因admin@mydomain.com 無紀錄

d). 從Gmail 寄信測試
再測試 xx@gmail.com => 給 test4@mydomain.com 或test4@sub.mydomain.com ,
incoming錯誤 (兩網域的admin@ 皆有紀錄 ; 因users BCC 未啟用)

當test4@mydomain.com 或 test4@sub.mydomain.com => 給 xx@gmail.com ,
outgoing正常 (admin@ 皆沒有紀錄 , 因 userBCC未啟用)

e).
最後測試, 更改上面設定為如下:
(取消在網域的設定, 由users 來分別設定後 )
網域: BCC
Monitor incoming emails via BCC =>  打勾
Monitor outgoing emails via BCC =>   打勾

變為下面問題:
區網互寄或給Gmail信件 , users啟用BCC.
outgoing  (mydomain.com 或 sub.domain.com 無效)
未給admin@ 保留信件
雖然在 System>Mail Logs > Send Mails 留有紀錄,
但實體信件內容未能保存.

版主, 說了一大推希望看得懂.

此错误信息表示使用的 bind dn 或密码不正确。请重新确认。

經查3年前的資料 ; 測試 phpLDAPadmin 的 Password 使用SSHA 或SSHA512 時,
有變更 Manager 的密碼 ; 使用新密碼後, 更新正常 .

Thank's

sql> GRANT ALL ON iredadmin.* TO iredadmin@localhost;
sql> FLUSH PRIVILEGES;
sql> USE iredadmin;
sql> SOURCE /var/www/iredadmin/SQL/iredadmin.mysql;

新年好,公司現已放年假了 . 感謝回覆 ;

執行以上指令;再移除 /vaw/www/iRedAdmin-Pro-LDAP-2.7.0 ,恢復為2.6.1版 連結
/root/iRedAdmin-Pro-LDAP-2.7.0/tools# bash upgrade_iredadmin.sh
執行升級 正常.

但在自己家裡連結 iredadmin 無法登入, 出現
219.80.xxx.xxx - - [26/Jan/2017:13:51:25 +0800] "GET /imail HTTP/1.1" 500 656
以前在公司是可連結登入

在 /etc/httpd/conf.d/iredadmin.conf
加入紅色字即可登入
<Directory /var/www/iredadmin/>
    Order allow,deny
    Allow               from all
    #Require all granted
    Require ip 192.168.1.0/24
    Require ip 219.80.xxx.xxx
    #Require valid-user
    Satisfy Any
</Directory>

==== 必填信息。没有填写将不予回复 ====
- iRedMail 版本号:iRedMail 0.6
- 使用哪个数据库存储用户帐号(OpenLDAP,MySQL,PostgreSQL):iRedAdmin-Pro-LDAP-2.7.0
- 使用的 Linux/BSD 发行版名称及版本号:CentOS6.8
- 与您的问题相关的日志信息:
====
1).
CentOS7.3 ok
~]# python updateLDAPValues_095_1_to_096.py
* Connecting to LDAP server: ldap://127.0.0.1:389
* Authenticate as dn: cn=Manager,dc=l,dc=mydomain,dc=com
* Get all disabled mail domains ...
* No disabled domain. Exit.

2).
CentOS6.8 出現錯誤:
cn=vmailadmin 或 Manager一樣出錯

~]# python  updateLDAPValues_095_1_to_096.py
* Connecting to LDAP server: ldap://127.0.0.1:389
* Authenticate as dn: cn=vmailadmin,dc=mydomain,dc=com
Traceback (most recent call last):
  File "updateLDAPValues_095_1_to_096.py", line 25, in <module>
    conn.bind_s(bind_dn, bind_pw)
  File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 221, in bind_s
    return self.result(msgid,all=1,timeout=self.timeout)
  File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 436, in result
    res_type,res_data,res_msgid = self.result2(msgid,all,timeout)
  File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 440, in result2
    res_type, res_data, res_msgid, srv_ctrls = self.result3(msgid,all,timeout)
  File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 446, in result3
    ldap_result = self._ldap_call(self._l.result3,msgid,all,timeout)
  File "/usr/lib64/python2.6/site-packages/ldap/ldapobject.py", line 96, in _ldap_call
    result = func(*args,**kwargs)
ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}

雖然不知為什麼會出現前面錯誤訊息,
但iRedMail 的運作正常 ,
可登入 iRedAdmin 控制平台
顯示為 v2.7.0 (LDAP)