qmail-ldap integration trick

15436ari · Post by **15436ari** » Tue Sep 13, 2005 8:50 pm

Hey,
I was working today with a sysadmin who is replacing squirrelmail/qmail-ldap/openldap with Zimbra. His requirement is that he's able to move a few users at a time, while running both systems in parallel.
With the following backend changes the end user doesn't need to change IMAP/SMTP settings in Thunderbird/Outlook/etc.: the qmail server will forward smtp and imap connections over to the Zimbra server. The Zimbra server will accept the connections using qmqpd.
Once the system-wide config change is made, individual users can be switched back and forth between qmail and Zimbra simply by modifying their mailHost in LDAP.
Disclaimers:
- This will not migrate/sync old mail.
- Mail for end user will be delivered to either qmail or zimbra, not both. Getting a local copy into qmail before handoff to Zimbra is left as an excercise for the reader...
- Your Schema May Vary!
- This is for SMTP/IMAP only: webmail users must go to a new URL. Or perhaps you can figure out how to make "Login" button of legacy system do an ldap query and redirect to Zimbra on a per-user basis...

Here's what he did:
In Zimbra postfix:
master.cf

-----------

628 inet n - n - - qmqpd
(just uncomment the existing line)
main.cf

---------

qmqpd_authorized_clients = 10.10.10.0/24

qmqpd_error_delay = 1s

qmqpd_timeout = 300s
(Add at bottom, set clients to qmail mta's)

For each users qmail-ldap ldap entry (mailHost is key part):
dn: cn=customer@example.com,dc=example,dc=com

cn: customer@example.com

sn: customer@example.com

objectClass: qmailUser

objectClass: exampleUser

objectClass: person

mail: customer@example.com

mailHost: zimbra.example.com

uid: customer@example.com

deliveryMode: nolocal

deliveryProgramPath: /usr/local/bin/maildrop -d customer@example.com

mailQuotaSize: 104857600

mailQuotaCount: 10000

mailMessageStore: /home/example/a/customer@example.com

userPassword:: e2NyeXB0fSQxJHJvJHpuSEQwbmlXb2JselZiNTVhbkpFWC4=

customerId: 222236

7323graffiti · Post by **7323graffiti** » Thu Dec 22, 2005 3:26 am

Hi folks,
I want to migrate from courier-imap/qmail-ldap/squirrelmail to Zimbra so I follow your trick to migrate my own account (graffiti@example.com) but it didnt work.
For SMTP, for any message sent to graffiti@example.com, I got a bounced message containing "Unable to cluster-forward message: mail server permanently rejected message (#5.3.0).". Tcpdump saw qmail-ldap server connect and push data to Zimbra-Postfix's qmqpd.
For IMAP, whenever I tried to login in to SquirrelMail, which I suppose it will connect to Zimbra IMAP (in fact, qmail-ldap will forward my request to zimbra imap through qmqpd), I got in /opt/zimbra/log/zimbra.log (192.168.2.2 is my courier-imap/qmail-ldap server).
[quote]

2005-12-22 14:47:54,309 INFO [ImapServer-17] [] imap - [192.168.2.2] connected

2005-12-22 14:47:54,312 INFO [ImapServer-17] [] ProtocolHandler - Handler exiting normally

2005-12-22 14:47:58,691 INFO [ImapServer-18] [] imap - [192.168.2.2] connected

2005-12-22 14:47:58,701 INFO [ImapServer-18] [] ProtocolHandler - Handler exiting normally

2005-12-22 14:48:02,520 INFO [ImapServer-19] [] imap - [192.168.2.2] connected

2005-12-22 14:48:02,533 INFO [ImapServer-19] [] ProtocolHandler - Handler exiting normally

[/quote]
I tried again with Evolution and it works.
Besides graffiti@example.com, I also migrate another account, admin@example.com to Zimbra. These two accounts can send and recieve mail from each other well but they can not send to other @example.com emails that means when you migrate a user, he can not communicate with other users anymore!
My qmail-ldap's schema:
[quote]

# Entry 1: uid=graffiti,ou=People,dc=example,dc=com

dn: uid=graffiti,ou=People,dc=example,dc=com

uidNumber: 1195

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: inetOrgPerson

objectClass: posixAccount

objectClass: shadowAccount

objectClass: qmailUser

cn: graffiti

mail: graffiti@example.com

accountStatus: active

mailQuotaSize: 209715200

sn: graffiti

givenName: graffiti

homeDirectory: /home/graffiti

loginShell: /sbin/nologin

userPassword: {CRYPT}$1$VOdIdXiZ$FnCa6KDdIB8FhDiOCkxHB1

mailHost: zimbra.example.com

uid: graffiti

[/quote]
Please help.
TIA,
-g

marcmac · Post by **marcmac** » Thu Dec 22, 2005 8:43 am

[quote user="7323graffiti"]Hi folks,
I want to migrate from courier-imap/qmail-ldap/squirrelmail to Zimbra so I follow your trick to migrate my own account (graffiti@example.com) but it didnt work.
For SMTP, for any message sent to graffiti@example.com, I got a bounced message containing "Unable to cluster-forward message: mail server permanently rejected message (#5.3.0).". Tcpdump saw qmail-ldap server connect and push data to Zimbra-Postfix's qmqpd.

[/QUOTE]

Could it be the user name? Is the username your delivering to provisioned on the zimbra system?

[quote user="7323graffiti"]
For IMAP, whenever I tried to login in to SquirrelMail, which I suppose it will connect to Zimbra IMAP (in fact, qmail-ldap will forward my request to zimbra imap through qmqpd), I got in /opt/zimbra/log/zimbra.log (192.168.2.2 is my courier-imap/qmail-ldap server).
[/QUOTE]

It looks like it's connecting fine. Have you told it to monitor a particular folder on the IMAP server?

[quote user="7323graffiti"]
I tried again with Evolution and it works.
Besides graffiti@example.com, I also migrate another account, admin@example.com to Zimbra. These two accounts can send and recieve mail from each other well but they can not send to other @example.com emails that means when you migrate a user, he can not communicate with other users anymore!

[/QUOTE]

This is probably DNS - do you have an MX record for example.com pointing to your server? If not, disable DNS lookups and set up an external smtp relay in the MTA settings. Search the forums on this, it's been covered a million times.

[quote user="7323graffiti"]
My qmail-ldap's schema:

Please help.
TIA,
-g[/QUOTE]

7323graffiti · Post by **7323graffiti** » Fri Dec 23, 2005 2:49 am

[quote user="marcmac"]Could it be the user name? Is the username your delivering to provisioned on the zimbra system?

[/quote]

Dun know what "provisioned" means, anyway here something I think useful:
[quote]

[zimbra@zimbra ~]$ zmprov ga graffiti@example.com

# name graffiti@example.com

cn: graffiti

mail: graffiti@example.com

mail: root@example.com

mail: postmaster@example.com

objectClass: organizationalPerson

objectClass: zimbraAccount

objectClass: amavisAccount

sn: graffiti

uid: graffiti

userPassword: {SSHA}nna8J376Cu9zzCbW6d73BwAfVU5OZrHL

zimbraAccountStatus: active

....
[zimbra@zimbra ~]$ /opt/zimbra/postfix/sbin/postmap -q graffiti@example.com ldap:/opt/zimbra/conf/ldap-vmm.cf

graffiti@example.com
[zimbra@zimbra ~]$ /opt/zimbra/postfix/sbin/postmap -q graffiti@example.com ldap:/opt/zimbra/conf/ldap-vam.cf

graffiti@example.com

[/quote]
I have turned off "Enabled Authentication" and "TLS Authentication only" but still no luck.
[quote user="marcmac"]

It looks like it's connecting fine. Have you told it to monitor a particular folder on the IMAP server?

[/quote]
Yeah, dun know why but when I reconnect today it works like a charm. Maybe because I have turned on "Enable cleartext login"?
[quote]

This is probably DNS - do you have an MX record for example.com pointing to your server? If not, disable DNS lookups and set up an external smtp relay in the MTA settings. Search the forums on this, it's been covered a million times.[/QUOTE]
Thx for the trick. BTW, I set the webmail MTA to the qmail-ldap server and I can send mail from graffiti@example.com to others not-yet-migrated @example.com accounts. Mails sent from graffiti@example.com to admin@example.com are lost until we solve the first problem.
-g

7323graffiti · Post by **7323graffiti** » Thu Feb 23, 2006 3:37 am

It has been two months from the last time I struggled with this problem. Today when I take a look at /var/log/zimbra.log, I see something like "mail.example.com [192.168.2.2]: netstring format error while receiving QMQP packet header". This is probably the reason why Postfix qmqpd doest accept email forwarded by my qmail-ldap's qmqpd. I have spended hours searching on Google but still no luck. I'm using qmail-ldap Release 20050401a. Please help.
-g

marcmac · Post by **marcmac** » Thu Feb 23, 2006 9:14 am

You try cranking up the debug peer level? I assume you've got the server in your qmqpd_authorized_clients list in postfix.

7323graffiti · Post by **7323graffiti** » Fri Feb 24, 2006 4:16 am

[quote user="marcmac"]You try cranking up the debug peer level? I assume you've got the server in your qmqpd_authorized_clients list in postfix.[/QUOTE]
I try to increase debug peer level to 5 and got something like below:
[quote]

Feb 24 15:43:08 innos postfix/qmqpd[21980]: connect from mail.example.com[192.168.2.2]

Feb 24 15:43:08 innos postfix/qmqpd[21980]: match_hostname: mail.example.com ~? 192.168.2.2

Feb 24 15:43:08 innos postfix/qmqpd[21980]: match_hostaddr: 192.168.2.2 ~? 192.168.2.2

Feb 24 15:43:08 innos postfix/qmqpd[21980]: before input_transp_cleanup: cleanup flags = enable_header_body_filter enable_automatic_bcc enable_address_mapping

Feb 24 15:43:08 innos postfix/qmqpd[21980]: after input_transp_cleanup: cleanup flags = enable_header_body_filter enable_automatic_bcc enable_address_mapping

Feb 24 15:43:08 innos postfix/qmqpd[21980]: connect to subsystem public/cleanup

Feb 24 15:43:08 innos postfix/qmqpd[21980]: public/cleanup socket: wanted attribute: queue_id

Feb 24 15:43:08 innos postfix/qmqpd[21980]: vstream_buf_get_ready: fd 10 got 22

Feb 24 15:43:08 innos postfix/qmqpd[21980]: input attribute name: queue_id

Feb 24 15:43:08 innos postfix/qmqpd[21980]: input attribute value: 603C71EB161

Feb 24 15:43:08 innos postfix/qmqpd[21980]: public/cleanup socket: wanted attribute: (list terminator)

Feb 24 15:43:08 innos postfix/qmqpd[21980]: input attribute name: (end)

Feb 24 15:43:08 innos postfix/qmqpd[21980]: send attr flags = 50

Feb 24 15:43:08 innos postfix/qmqpd[21980]: 603C71EB161: client=mail.example.com[192.168.2.2]

Feb 24 15:43:08 innos postfix/qmqpd[21980]: rec_put: type T len 10 data 1140770588

Feb 24 15:43:08 innos postfix/qmqpd[21980]: vstream_buf_get_ready: fd 9 got 931

Feb 24 15:43:08 innos postfix/qmqpd[21980]: netstring_put: write netstring len 58 data Dnetstring format error while

Feb 24 15:43:09 innos postfix/qmqpd[21980]: vstream_fflush_some: fd 9 flush 62

Feb 24 15:43:09 innos postfix/qmqpd[21980]: 603C71EB161: mail.example.com[192.168.2.2]: netstring format error while receiving QMQP packet header

Feb 24 15:43:09 innos postfix/qmqpd[21980]: disconnect from mail.example.com[192.168.2.2]

[/quote]
Please help.
-g

marcmac · Post by **marcmac** » Fri Feb 24, 2006 10:35 am

I'm getting nothing from google (this thread actually shows up

Any errors on the sending side?

satish patel · Post by **satish patel** » Mon Feb 18, 2008 7:34 am

Dear all
I have qmail-ldap setup and its runing last 2 years now i want to implement zimbra on existing qmail-ldap setup means my all user will be in qmail-ldap and zimbra working like a webmail.

phoenix · Post by **phoenix** » Mon Feb 18, 2008 7:40 am

[quote user="satish patel"]Dear all
I have qmail-ldap setup and its runing last 2 years now i want to implement zimbra on existing qmail-ldap setup means my all user will be in qmail-ldap and zimbra working like a webmail.[/QUOTE]It's not possible. Zimbra is a complete collaboration suite and has it's own mail server, it's designed to be installed as a complete package. You can't use part of the package as a front-end to other MTAs.