Re: Transport maps with LDAP.

[Lauro Costa G. Borges]

Citando Victor Duchovni <victor.ducho...@morganstanley.com>:
Make sure you have a robust, low-latency LDAP infrastructure. The
trivial-rewrite service will query LDAP to determine the address class of
each domain, and qmgr(8) uses trivial-rewrite to resolve every recipient,
so LDAP becomes performance critical.

Suppose I relay for both domain1.org and domain2.org.

Mail arrives to b...@domain1.org (and b...@domain1.org has an alias to
bla...@domain2.org).

What do you mean by "has an alias"?

   I'll try to explain with an example:


    I have these 2 domains:

     region1.company.com

     company.com

   Suppose every email to sa...@region1.company.com should also go to
sa...@company.com, then sa...@region1.company.com sends a copy to
sa...@company.com.



 I would like the result to the query to be the domain I searched, AND the
other domains, since, in the case I have an alias, domain2.org also needs
to be listed as a domain a relay for.

You are confused. Transport lookups are single valued. The lookup result
in relay_domains is entirely ignored, ony the existence of the lookup
key in the table is signficant.

   Ok, but what happens is this:

   A new email arrives to sa...@region1.company.com, when it enters the
mail system, 2 messages are put in the queue, right? One for
sa...@region1.company.com, and another to sa...@company.com. But the
transport map lookup is executed only for "region1.company.com", so
the mail to "sa...@company.com" does not have a transport, I guess.



If you want to relay for a domain, make sure that a lookup for that
domain returns a result when queried against the table that implements
relay_domains.

   This is working ok, to every domain I relay for. The only problem  
is when aliases are used.


I think when Postfix notices it also has to deliver to
bla...@domain2.org, it does NOT make another search, and the only transport
it knows about at that moment, is "domain1.org relay:[1.2.3.10]". It seems
Postfix doesn't know about the transport to domain2.org

This is completely wrong. First, you have to explain what you mean by
an "alias", where you want the mail to be delivered, what actually
happens (detailed unmangled logs) and show your configuration.

    http://www.postfix.org/DEBUG_README.html#mail


   ldap-transport.cf

   version = 3
server_host = ldap://ldap.company.com:389
search_base=ou=mail,ou=services,dc=company,dc=com
result_attribute=associatedDomain
result_format=%s relay:[150.170.6.15]  #COMMENT (THIS IS the IMAP  
machine's ip)
query_filter=(&(objectclass=domainRelatedObject)(associatedDomain=%s))
scope = sub

----- ldap-users.cf

version = 3
server_host = ldap://ldap.company.com:389
search_base=ou=%d,ou=mail,ou=services,dc=company,dc=com
result_attribute=rfc822MailMember
query_filter=(& (cn=%u)(objectclass=nisMailAlias)(AccountActive=TRUE) )
scope = sub

----- ldap-domains.cf

version = 3
server_host = ldap://ldap.company.com:389
search_base=ou=mail,ou=services,dc=company,dc=com
result_attribute=associatedDomain
query_filter=(&(objectclass=domainRelatedObject)(associatedDomain=%u))
scope = sub


----- main.cf

append_dot_mydomain = no
readme_directory = no
transport_maps = ldap:/etc/postfix/ldap-transport.cf
myhostname = mx.company.com
alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-users.cf
local_recipient_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-users.cf
virtual_alias_maps = ldap:/etc/postfix/ldap-users.cf
virtual_alias_domains = hash:/etc/postfix/virtual
virtual_maps = ldap:/etc/postfix/ldap-users.cf
relay_recipient_maps = ldap:/etc/postfix/ldap-users.cf
mydestination = $myhostname, localhost.$mydomain,
ldap:/etc/postfix/ldap-domains.cf
relay_domains = ldap:/etc/postfix/ldap-domains.cf
smtpd_recipient_restrictions =  permit_mynetworks,
                                check_policy_service inet:127.0.0.1:10023,
                                reject_unauth_destination
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 150.170.6.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
home_mailbox =
smtpd_sasl_auth_enable = no
smtpd_sasl_type = cyrus
smtpd_sasl_path = smtpd
smtpd_sasl_authenticated_header = no
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = no
smtpd_sender_restrictions =
mailbox_command =
smtp_use_tls = no
smtpd_tls_received_header = no
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_auth_only = no
tls_random_source = dev:/dev/urandom
content_filter=smtp-amavis:[127.0.0.1]:10024
message_size_limit = 30000000


--- LOGS


 lauro1...@gmail.com sent a message to sa...@region1.company.com.

 All mail to sa...@region1.company.com should also be sent to  
sa...@company.com (which I relay for), and externalem...@yahoo.com,  
which I do not relay for. Message to externalem...@yahoo.com is sent  
with success, but to sa...@company.com not!

Jan 10 17:40:48 mx amavis[1030]: (01030-02) Passed CLEAN,  
[150.170.6.10] [150.170.6.215] <lauro1...@gmail.com> ->  
<sa...@region1.company.com>,<sa...@company.com>,<externalem...@yahoo.com>  
Message-ID: <20110110175657.plw0cbr6dc04w...@webmail.grad.ufsc.br>,  
mail_id: u5bOonU8dtsS, Hits: -, size: 1745, queued_as: 9C50A4263A,  
2307 ms
Jan 10 17:40:48 mx postfix/smtp[15908]: C55844226C:  
to=<sa...@region1.company.com>, relay=127.0.0.1[127.0.0.1]:10024,  
delay=3.4, delays=0.75/0.28/0.37/2, dsn=2.0.0, status=sent (250 2.0.0  
Ok, id=01030-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as  
9C50A4263A)
Jan 10 17:40:48 mx postfix/smtp[15908]: C55844226C:  
to=<sa...@company.com>, orig_to=<sa...@region1.company.com>,  
relay=127.0.0.1[127.0.0.1]:10024, delay=3.4, delays=0.75/0.28/0.37/2,  
dsn=2.0.0, status=sent (250 2.0.0 Ok, id=01030-02, from  
MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 9C50A4263A)
Jan 10 17:40:48 mx postfix/smtp[15908]: C55844226C:  
to=<externalem...@yahoo.com>, orig_to=<sa...@region1.company.com>,  
relay=127.0.0.1[127.0.0.1]:10024, delay=3.4, delays=0.75/0.28/0.37/2,  
dsn=2.0.0, status=sent (250 2.0.0 Ok, id=01030-02, from  
MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 9C50A4263A)
Jan 10 17:40:48 mx postfix/qmgr[14897]: C55844226C: removed
Jan 10 17:40:49 mx postfix/qmgr[14897]: warning: connect to transport  
private/company.com relay: No such file or directory


 If mail is sent to sa...@company.com directly (the sender did not  
send to sa...@region1.company.com, he sent to sa...@company.com  
directly), it arrives ok. The only problem is when mail is sent to an  
address which is aliased, and copies should be sent to  
sa...@company.com.


 I hope I'm clear this time, it's a bit complicated scenario.

 thanks in advance,

 Lauro


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.