Sunday, November 17, 2013

[Debug] Postfix, Dovecot, OpenLDAP

Vài khái niệm/ câu lệnh quan trọng khi debug stack : postfix - dovecot - openldap, với dovecot là imap server đồng thời thực hiện SASL authenticate sử dụng backend LDAP.

1. Tắt hết TLS / SSL option đi.
2. Kiểm tra xem LDAP có hoạt động bình thường không
NOTE: nếu dùng TLS, LDAP vẫn listen ở port 389
Dùng SSL mới listen 636.

$ ldapsearch -x -H ldap://127.0.0.1 -D 'uid=hvn@example.com,ou=people,dc=example,dc=com' -W -ZZ -b'dc=example,dc=com' # (bỏ -ZZ nếu chỉ dùng LDAP không SSL/TLS)

3. Bật verbose cho slapd: đặt oldLog = 16383

Sau khi ldap đã hoạt động bình thường, kiểm tra dovecot.

Dùng dovecot -a để xem cấu hình của dovecot hiện tại.


4. Thử telnet với postfix:

root@u1204: ~ () # telnet localhost 25                                                                                                               
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 example.com ESMTP Postfix
ehlo example.com
250-example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN
250-AUTH=PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth plain
334
AGh2bkBleGFtcGxlLmNvbQBodm5odm4= #output của $ echo -en "\000hvn@example.com\000hvnhvn" | base64
235 2.7.0 Authentication successful
MAIL FROM: <hvn@example.com>
250 2.1.0 Ok
RCPT TO: <hvn@example.com>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
ihihihihihi
.
250 2.0.0 Ok: queued as A199E60D72

5. Thử telnet với dovecot

root@u1204: ~ () # telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready.
a1 login hvn@example.com hvnhvn
a1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in
b1 list "" "*"
* LIST (\HasNoChildren) "/" "INBOX"
b1 OK List completed.
c1 examine INBOX
* FLAGS (\Answered \Flagged \Deleted \Seen \Draft)
* OK [PERMANENTFLAGS ()] Read-only mailbox.
* 0 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1384754818] UIDs valid
* OK [UIDNEXT 1] Predicted next UID
* OK [HIGHESTMODSEQ 1] Highest
c1 OK [READ-ONLY] Select completed.
^]
telnet>


 # tcpdump -ni any 'tcp port 389'
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)