qmail-ldap integration trick

[ari]

Hey,

I was working today with a sysadmin who is replacing squirrelmail/qmail-ldap/openldap with Zimbra. His requirement is that he's able to move a few users at a time, while running both systems in parallel.

With the following backend changes the end user doesn't need to change IMAP/SMTP settings in Thunderbird/Outlook/etc.: the qmail server will forward smtp and imap connections over to the Zimbra server. The Zimbra server will accept the connections using qmqpd.

Once the system-wide config change is made, individual users can be switched back and forth between qmail and Zimbra simply by modifying their mailHost in LDAP.

Disclaimers:

- This will not migrate/sync old mail.

- Mail for end user will be delivered to either qmail or zimbra, not both. Getting a local copy into qmail before handoff to Zimbra is left as an excercise for the reader...

- Your Schema May Vary!

- This is for SMTP/IMAP only: webmail users must go to a new URL. Or perhaps you can figure out how to make "Login" button of legacy system do an ldap query and redirect to Zimbra on a per-user basis...

Here's what he did:

In Zimbra postfix:

master.cf
-----------
628 inet n - n - - qmqpd

(just uncomment the existing line)

main.cf
---------
qmqpd_authorized_clients = 10.10.10.0/24
qmqpd_error_delay = 1s
qmqpd_timeout = 300s

(Add at bottom, set clients to qmail mta's)


For each users qmail-ldap ldap entry (mailHost is key part):

dn: cn=customer@example.com,dc=example,dc=com
cn: customer@example.com
sn: customer@example.com
objectClass: qmailUser
objectClass: exampleUser
objectClass: person
mail: customer@example.com
mailHost: zimbra.example.com
uid: customer@example.com
deliveryMode: nolocal
deliveryProgramPath: /usr/local/bin/maildrop -d customer@example.com
mailQuotaSize: 104857600
mailQuotaCount: 10000
mailMessageStore: /home/example/a/customer@example.com
userPassword:: e2NyeXB0fSQxJHJvJHpuSEQwbmlXb2JselZiNTVhbkpFWC4=
customerId: 222236

[graffiti]

Hi folks,

I want to migrate from courier-imap/qmail-ldap/squirrelmail to Zimbra so I follow your trick to migrate my own account (graffiti@example.com) but it didnt work.

For SMTP, for any message sent to graffiti@example.com, I got a bounced message containing "Unable to cluster-forward message: mail server permanently rejected message (#5.3.0).". Tcpdump saw qmail-ldap server connect and push data to Zimbra-Postfix's qmqpd.

For IMAP, whenever I tried to login in to SquirrelMail, which I suppose it will connect to Zimbra IMAP (in fact, qmail-ldap will forward my request to zimbra imap through qmqpd), I got in /opt/zimbra/log/zimbra.log (192.168.2.2 is my courier-imap/qmail-ldap server).

2005-12-22 14:47:54,309 INFO [ImapServer-17] [] imap - [192.168.2.2] connected
2005-12-22 14:47:54,312 INFO [ImapServer-17] [] ProtocolHandler - Handler exiting normally
2005-12-22 14:47:58,691 INFO [ImapServer-18] [] imap - [192.168.2.2] connected
2005-12-22 14:47:58,701 INFO [ImapServer-18] [] ProtocolHandler - Handler exiting normally
2005-12-22 14:48:02,520 INFO [ImapServer-19] [] imap - [192.168.2.2] connected
2005-12-22 14:48:02,533 INFO [ImapServer-19] [] ProtocolHandler - Handler exiting normally

I tried again with Evolution and it works.

Besides graffiti@example.com, I also migrate another account, admin@example.com to Zimbra. These two accounts can send and recieve mail from each other well but they can not send to other @example.com emails that means when you migrate a user, he can not communicate with other users anymore!

My qmail-ldap's schema:

# Entry 1: uid=graffiti,ou=People,dc=example,dc=com
dn: uid=graffiti,ou=People,dc=example,dc=com
uidNumber: 1195
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: qmailUser
cn: graffiti
mail: graffiti@example.com
accountStatus: active
mailQuotaSize: 209715200
sn: graffiti
givenName: graffiti
homeDirectory: /home/graffiti
loginShell: /sbin/nologin
userPassword: {CRYPT}$1$VOdIdXiZ$FnCa6KDdIB8FhDiOCkxHB1
mailHost: zimbra.example.com
uid: graffiti

Please help.

TIA,

-g

[marcmac]

Hi folks,

I want to migrate from courier-imap/qmail-ldap/squirrelmail to Zimbra so I follow your trick to migrate my own account (graffiti@example.com) but it didnt work.

For SMTP, for any message sent to graffiti@example.com, I got a bounced message containing "Unable to cluster-forward message: mail server permanently rejected message (#5.3.0).". Tcpdump saw qmail-ldap server connect and push data to Zimbra-Postfix's qmqpd.

Could it be the user name? Is the username your delivering to provisioned on the zimbra system?

For IMAP, whenever I tried to login in to SquirrelMail, which I suppose it will connect to Zimbra IMAP (in fact, qmail-ldap will forward my request to zimbra imap through qmqpd), I got in /opt/zimbra/log/zimbra.log (192.168.2.2 is my courier-imap/qmail-ldap server).

It looks like it's connecting fine. Have you told it to monitor a particular folder on the IMAP server?

I tried again with Evolution and it works.

Besides graffiti@example.com, I also migrate another account, admin@example.com to Zimbra. These two accounts can send and recieve mail from each other well but they can not send to other @example.com emails that means when you migrate a user, he can not communicate with other users anymore!

This is probably DNS - do you have an MX record for example.com pointing to your server? If not, disable DNS lookups and set up an external smtp relay in the MTA settings. Search the forums on this, it's been covered a million times.

My qmail-ldap's schema:



Please help.

TIA,

-g

[graffiti]

Could it be the user name? Is the username your delivering to provisioned on the zimbra system?

Dun know what "provisioned" means, anyway here something I think useful:

[zimbra@zimbra ~]$ zmprov ga graffiti@example.com
# name graffiti@example.com
cn: graffiti
mail: graffiti@example.com
mail: root@example.com
mail: postmaster@example.com
objectClass: organizationalPerson
objectClass: zimbraAccount
objectClass: amavisAccount
sn: graffiti
uid: graffiti
userPassword: {SSHA}nna8J376Cu9zzCbW6d73BwAfVU5OZrHL
zimbraAccountStatus: active
....

[zimbra@zimbra ~]$ /opt/zimbra/postfix/sbin/postmap -q graffiti@example.com ldap:/opt/zimbra/conf/ldap-vmm.cf
graffiti@example.com

[zimbra@zimbra ~]$ /opt/zimbra/postfix/sbin/postmap -q graffiti@example.com ldap:/opt/zimbra/conf/ldap-vam.cf
graffiti@example.com

I have turned off "Enabled Authentication" and "TLS Authentication only" but still no luck.

It looks like it's connecting fine. Have you told it to monitor a particular folder on the IMAP server?

Yeah, dun know why but when I reconnect today it works like a charm. Maybe because I have turned on "Enable cleartext login"?

This is probably DNS - do you have an MX record for example.com pointing to your server? If not, disable DNS lookups and set up an external smtp relay in the MTA settings. Search the forums on this, it's been covered a million times.

Thx for the trick. BTW, I set the webmail MTA to the qmail-ldap server and I can send mail from graffiti@example.com to others not-yet-migrated @example.com accounts. Mails sent from graffiti@example.com to admin@example.com are lost until we solve the first problem.

-g

[graffiti]

It has been two months from the last time I struggled with this problem. Today when I take a look at /var/log/zimbra.log, I see something like "mail.example.com [192.168.2.2]: netstring format error while receiving QMQP packet header". This is probably the reason why Postfix qmqpd doest accept email forwarded by my qmail-ldap's qmqpd. I have spended hours searching on Google but still no luck. I'm using qmail-ldap Release 20050401a. Please help.

-g

[marcmac]

You try cranking up the debug peer level? I assume you've got the server in your qmqpd_authorized_clients list in postfix.

[graffiti]

You try cranking up the debug peer level? I assume you've got the server in your qmqpd_authorized_clients list in postfix.

I try to increase debug peer level to 5 and got something like below:

Feb 24 15:43:08 innos postfix/qmqpd[21980]: connect from mail.example.com[192.168.2.2]
Feb 24 15:43:08 innos postfix/qmqpd[21980]: match_hostname: mail.example.com ~? 192.168.2.2
Feb 24 15:43:08 innos postfix/qmqpd[21980]: match_hostaddr: 192.168.2.2 ~? 192.168.2.2
Feb 24 15:43:08 innos postfix/qmqpd[21980]: before input_transp_cleanup: cleanup flags = enable_header_body_filter enable_automatic_bcc enable_address_mapping
Feb 24 15:43:08 innos postfix/qmqpd[21980]: after input_transp_cleanup: cleanup flags = enable_header_body_filter enable_automatic_bcc enable_address_mapping
Feb 24 15:43:08 innos postfix/qmqpd[21980]: connect to subsystem public/cleanup
Feb 24 15:43:08 innos postfix/qmqpd[21980]: public/cleanup socket: wanted attribute: queue_id
Feb 24 15:43:08 innos postfix/qmqpd[21980]: vstream_buf_get_ready: fd 10 got 22
Feb 24 15:43:08 innos postfix/qmqpd[21980]: input attribute name: queue_id
Feb 24 15:43:08 innos postfix/qmqpd[21980]: input attribute value: 603C71EB161
Feb 24 15:43:08 innos postfix/qmqpd[21980]: public/cleanup socket: wanted attribute: (list terminator)
Feb 24 15:43:08 innos postfix/qmqpd[21980]: input attribute name: (end)
Feb 24 15:43:08 innos postfix/qmqpd[21980]: send attr flags = 50
Feb 24 15:43:08 innos postfix/qmqpd[21980]: 603C71EB161: client=mail.example.com[192.168.2.2]
Feb 24 15:43:08 innos postfix/qmqpd[21980]: rec_put: type T len 10 data 1140770588
Feb 24 15:43:08 innos postfix/qmqpd[21980]: vstream_buf_get_ready: fd 9 got 931
Feb 24 15:43:08 innos postfix/qmqpd[21980]: netstring_put: write netstring len 58 data Dnetstring format error while
Feb 24 15:43:09 innos postfix/qmqpd[21980]: vstream_fflush_some: fd 9 flush 62
Feb 24 15:43:09 innos postfix/qmqpd[21980]: 603C71EB161: mail.example.com[192.168.2.2]: netstring format error while receiving QMQP packet header
Feb 24 15:43:09 innos postfix/qmqpd[21980]: disconnect from mail.example.com[192.168.2.2]

Please help.

-g

[marcmac]

I'm getting nothing from google (this thread actually shows up

Any errors on the sending side?

[satish patel]

Dear all

I have qmail-ldap setup and its runing last 2 years now i want to implement zimbra on existing qmail-ldap setup means my all user will be in qmail-ldap and zimbra working like a webmail.

[phoenix]

Dear all

I have qmail-ldap setup and its runing last 2 years now i want to implement zimbra on existing qmail-ldap setup means my all user will be in qmail-ldap and zimbra working like a webmail.

It's not possible. Zimbra is a complete collaboration suite and has it's own mail server, it's designed to be installed as a complete package. You can't use part of the package as a front-end to other MTAs.