[Exim] ldap and forward files

Top Page
Delete this message
Reply to this message
Author: Keith Goettert
Date:  
To: exim-users
New-Topics: [Exim] HELP - ldap and forward files
Subject: [Exim] ldap and forward files
I must be missing something. Having read through the spec doc on the forward
director and also I have referenced the O'Reilly Exim book and I still don't
get my .forward problem

Ok, I got my ldap configuration from AKBKHome.com. With a little effort I got
his configuration to work and I can now do successful deliveries via an ldap
lookup to a MailDir. Here is a typical user in the ldap:

dn: uid=dan,ou=People,dc=7fountains,dc=com
givenName: Dan
mail: dan
uid: dan
sn: Figlo
cn: Dan Figlo
userPassword:: N2ZvdW50YWlucw==
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: posixAccount
objectClass: CourierMailAccount
uidNumber: 1003
gidNumber: 1003
homeDirectory: /opt/mail/dan
creatorsName: cn=admin,dc=7fountains,dc=com
createTimestamp: 20030530203821Z
modifiersName: cn=admin,dc=7fountains,dc=com
modifyTimestamp: 20030530203821Z

I am using a single uid and gid for all users and these belong to the
Courier-Imap user. Deliveries work well, and all seems happy.

Now I want to forward this user to his normal email account (almost none of the
users on this system will ever take delivery here). Since he has a "home
directory" I would like to use it to host a .forward file. Yes, I know that
with some ldap magic I can put the forward into the directory, but I won't have
the flexibility of filters (this will be very important in the future).

Here is the director section from my exim.conf file:

-----------------------------------------------------------------------
######################################################################
#                      DIRECTORS CONFIGURATION                       #
#             Specifies how local addresses are handled              #
######################################################################
#                          ORDER DOES MATTER                         #
#   A local address is passed to each in turn until it is accepted.  #
######################################################################


# This looks up the user in the LDAP directory and delivers it to the
# Courier-IMAP Maildir directory for use through SquirrelMail

ldap_user:
driver = aliasfile
search_type = ldapm
query =
"ldap://localhost:389/ou=People,dc=7fountains,dc=com?mail?sub?(&(uid=$
{local_part}))"
expand
errors_to = real-admin
user = courier
group = courier
transport = local_delivery

# This allows local delivery to be forced, avoiding alias files and
# forwarding.

real_local:
prefix = real-
driver = localuser
transport = local_delivery

# This director handles aliasing using a traditional /etc/aliases file.
# If any of your aliases expand to pipes or files, you will need to set
# up a user and a group for these deliveries to run under. You can do
# this by uncommenting the "user" option below (changing the user name
# as appropriate) and adding a "group" option if necessary.

system_aliases:
driver = aliasfile
file_transport = address_file
pipe_transport = address_pipe
file = /etc/aliases
search_type = lsearch
# user = list
# Uncomment the above line if you are running smartlist


# This director handles forwarding using traditional .forward files.
# It also allows mail filtering when a forward file starts with the
# string "# Exim filter": to disable filtering, uncomment the "filter"
# option. The check_ancestor option means that if the forward file
# generates an address that is an ancestor of the current one, the
# current one gets passed on instead. This covers the case where A is
# aliased to B and B has a .forward file pointing to A.

# For standard debian setup of one group per user, it is acceptable---normal
# even---for .forward to be group writable. If you have everyone in one
# group, you should comment out the "modemask" line. Without it, the exim
# default of 022 will apply, which is probably what you want.

userforward:
driver = forwardfile
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
no_verify
check_ancestor
check_local_user = false
file = /opt/mail/$local_part.forward
modemask = 002
filter

# This director runs procmail for users who have a .procmailrc file

procmail:
driver = localuser
transport = procmail_pipe
require_files =
${local_part}:+${home}:+${home}/.procmailrc:+/usr/bin/procmail
no_verify

# This director matches local user mailboxes.

localuser:
driver = localuser
transport = local_delivery

---------------------------------------------------------------------

When I deliver a message, it gets swept up by local_deliver and the forward
director never gets checked. I guess I don't understand how the forward
director really works. It seems strange that I would put it AFTER the other
directors. Still, I have a POP based system running exim without ldap and the
forward director works great even though it is after all the other directors.
(did I miss that paragraph in one of the books?) Anyway, here is the output
of a successful delivery to the users MailDir EVEN THOUGH HE HAD A FORWARD
FILE.

(PS... I had debug set to level 3)

-----------------------------------------------------------------------------
/home/keith# exim -v -d 3 -bd
Exim version 3.35 debug level 3 uid=0 gid=0
Berkeley DB: Sleepycat Software: Berkeley DB 3.2.9: (March 19, 2002)
Caller is an admin user
Caller is a trusted user
LOG: 0 MAIN
Failed to create IPv6 socket for wildcard listening (Address family not
suppor
ted by protocol): falling back to IPv4
pid written to /var/run/exim/exim.pid-bd
LOG: 0 MAIN
exim 3.35 daemon started: pid=28725, no queue runs, listening for SMTP on
port
25
set_process_info: 28725 daemon: no queue runs, port 25
daemon running with uid=8 gid=8 euid=8 egid=8
listening on port 25...
Connection request from 216.136.131.234/22455
1 SMTP accept process running
listening on port 25...
host in rfc1413_hosts? yes (*)
Process 28733 is handling incoming connection from [216.136.131.234]
host in host_lookup? yes (*)
looking up host name for 216.136.131.234
IP address lookup yielded web11404.mail.yahoo.com
set_process_info: 28733 handling incoming connection from
web11404.mail.yahoo.co
m [216.136.131.234]
host in host_reject? no (option unset)
host in host_reject_recipients? no (option unset)
host in auth_hosts? no (option unset)
host in auth_over_tls_hosts? no (option unset)
host in tls_hosts? no (option unset)
host in sender_unqualified_hosts? no (option unset)
host in receiver_unqualified_hosts? no (option unset)
host in helo_verify? no (option unset)
host in helo_accept_junk_hosts? no (option unset)
SMTP>> 220 sevenfountains.7fountains.com ESMTP Exim 3.35 #1 Sat, 31 May 2003

17:
16:53 -0700
set_process_info: 28733 handling incoming connection from
web11404.mail.yahoo.co
m [216.136.131.234]
ready for new message
smtp_setup_msg entered
SMTP<< HELO web11404.mail.yahoo.com
set_process_info: 28733 handling incoming connection from
web11404.mail.yahoo.co
m [216.136.131.234]
SMTP>> 250 sevenfountains.7fountains.com Hello web11404.mail.yahoo.com

[216.136.
131.234]
SMTP<< MAIL FROM:<cakoala@???>
cakoala@??? in sender_reject? no (option unset)
cakoala@??? in sender_reject_recipients? no (option unset)
SMTP>> 250 <cakoala@???> is syntactically correct

SMTP<< RCPT TO:<dan@???>
SMTP>> 250 <dan@???> is syntactically correct

SMTP<< DATA
SMTP>> 354 Enter message, ending with "." on a line by itself

host in ignore_fromline_hosts? no (option unset)
cakoala@??? in *@sevenfountains? no (end of list)
cakoala@??? in *@sevenfountains? no (end of list)
Keith@??? in *@sevenfountains? no (end of list)
Size of headers = 596
LOG: 0 MAIN
<= cakoala@??? H=web11404.mail.yahoo.com [216.136.131.234] P=smtp S=748

id=20030601001653.29470.qmail@???
SMTP>> 250 OK id=19MGWr-0007TR-00

Sender: cakoala@???
Recipients:
dan@???
forked delivery process 28734
set_process_info: 28733 handling incoming connection from
web11404.mail.yahoo.co
m [216.136.131.234]
ready for new message
smtp_setup_msg entered
Exim version 3.35 debug level 3 uid=8 gid=8
Berkeley DB: Sleepycat Software: Berkeley DB 3.2.9: (March 19, 2002)
Caller is an admin user
Caller is a trusted user
set_process_info: 28734 delivering specified messages
delivering message 19MGWr-0007TR-00
set_process_info: 28734 delivering 19MGWr-0007TR-00
ldap_user director: ldapm
query=ldap://localhost:389/ou=People,dc=7fountains,dc=
com?mail?sub?(&(uid=dan))
SMTP<< QUIT
SMTP>> 221 sevenfountains.7fountains.com closing connection

child 28733 ended: status=0x0
0 SMTP accept processes now running
listening on port 25...
------ Verifying errors address real-admin ------
ldap_user director: ldapm
query=ldap://localhost:389/ou=People,dc=7fountains,dc=
com?mail?sub?(&(uid=real-admin))
ldap_user director declined for real-admin: LDAP search: no results
real_local director declined for admin: no such user
system_aliases director: lsearch key=real-admin
file="/etc/aliases"
system_aliases director declined for real-admin:
localuser director declined for real-admin: no such user
------ End verifying errors address real-admin ------
queued for local_delivery transport: local_part=dan domain=7fountains.com
errors_to=NULL
domain_data=NULL local_part_data=NULL
ldap_user director succeeded for dan
>>>>>> Local deliveries >>>>>>

delivering dan@??? as dan using local_delivery:
uid=1003 gid=8 home=NULL current=/
auxiliary group list: <none>
set_process_info: 28736 delivering 19MGWr-0007TR-00 to dan using local_delivery
appendfile yields 0 with errno=0 more_errno=0
LOG: 0 MAIN
=> dan <dan@???> D=ldap_user T=local_delivery
set_process_info: 28734 tidying up after delivering 19MGWr-0007TR-00
Processing retry items
end of retry processing
LOG: 0 MAIN
Completed
end delivery of 19MGWr-0007TR-00
------------------------------------------------------------------------------


The forward file is pretty simple right now and only contains my email address.
Still, I see no attempt to reference the file so I assume that it not a
permission problem. I also noticed from the trace that the home directory is
completely wrong, but it sill manages to deliver to the correct location???

I figure it is something simple, but BEATS ME. Any clues would be greatly
appreciated.



__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com