free...@noboost.org wrote:
Hi All,

Server:
ipa-server-2.1.3-9.el6.x86_64
sssd-1.5.1-66.el6_2.3

Client:
ipa-client-2.1.3-9.el6.x86_64


I've got Postfix working with IPA and to be honest it was actually very
easy. I simply setup a standard postfix server, configured the IPA
client and when mail was delivered, postfix detected the UID's from IPA
and delivered the mail.

So I thought to myself, this is one of the most important services we
have. What would happen if the SSSD client failed for some reason on the
postfix server?

As expected the postfix server bounces the email back to it's sender.
-------------------------------------------------------------------------
This is the mail system at host pan.example.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                    The mail system

<cr...@safevm-craig.example.com> (expanded from
     <cr...@example.com>): host
     safevm-craig.example.com[192.168.0.28] said: 550 5.1.1
     <cr...@safevm-cht.example.com>: Recipient address rejected:
User
     unknown in local recipient table (in reply to RCPT TO command)
-------------------------------------------------------------------------

Before I start investigating backup mail servers, different posfix
queues. Just thought I'd ask if anyone else has setup their one solution
to ensure the safety of mail delivery with IPA?

I think this would apply to any non-file-based nss provider (ldap, nis, etc). What does your nsswitch.conf look like?

I wonder if something clever can be done like [!UNAVAIL=return]. My nss knowledge is limited though so I'm not sure what gets returned to the lookup call though, whether it is distinguishable from a notfound.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to