All, Four things I have noticed while installing/using Postfix 2.7.2:
1. Does the install script not set the correct permissions/ownerships on installed files? From the logs: Jun 19 01:58:16 localhost postfix/postfix-script[10742]: warning: not owned by root: /usr/local/var/spool/postfix//pid Jun 19 01:58:16 localhost postfix/postfix-script[10748]: warning: not owned by postfix: /usr/local/var/lib/postfix//. Jun 19 01:58:16 localhost postfix/postfix-script[10756]: warning: not owned by group postdrop: /usr/local/sbin//postqueue Jun 19 01:58:16 localhost postfix/postfix-script[10757]: warning: not owned by group postdrop: /usr/local/sbin//postdrop Jun 19 01:58:16 localhost postfix/postfix-script[10758]: warning: not owned by group postdrop: /usr/local/var/spool/postfix//public Jun 19 01:58:16 localhost postfix/postfix-script[10759]: warning: not owned by group postdrop: /usr/local/var/spool/postfix//maildrop Jun 19 01:58:16 localhost postfix/postfix-script[10761]: warning: not set-gid or not owner+group+world executable: /usr/local/sbin//postqueue Jun 19 01:58:16 localhost postfix/postfix-script[10762]: warning: not set-gid or not owner+group+world executable: /usr/local/sbin//postdrop I saw this after a fresh install. Did I miss something out? 2. Why is local(8) trying to expand search_base from ldap_table(5)? >From the logs: Jun 22 00:25:01 localhost postfix/local[14185]: dict_update: version = 3 Jun 22 00:25:01 localhost postfix/local[14185]: dict_update: server_host = auth.example.net Jun 22 00:25:01 localhost postfix/local[14185]: dict_update: search_base = ou=People,dc=example,dc=net Jun 22 00:25:01 localhost postfix/local[14185]: dict_update: scope = one Jun 22 00:25:01 localhost postfix/local[14185]: dict_update: query_filter = mail=%u@%d Jun 22 00:25:01 localhost postfix/local[14185]: dict_update: result_attribute = mail ... Jun 22 00:25:01 localhost postfix/local[14185]: deliver_alias: hash:/usr/local/etc/postfix/aliases(0,lock|no_regsub|no_proxy|no_unauth|fold_fix): root = blubb Jun 22 00:25:01 localhost postfix/local[14185]: deliver_alias[3]: reset user_attr Jun 22 00:25:01 localhost postfix/local[14185]: dict_ldap_lookup: In dict_ldap_lookup Jun 22 00:25:01 localhost postfix/local[14185]: dict_ldap_lookup: No existing connection for LDAP source /usr/local/etc/postfix/aliases-ldap, reopening Jun 22 00:25:01 localhost postfix/local[14185]: dict_ldap_connect: Connecting to server ldap://auth.example.net:389 Jun 22 00:25:01 localhost postfix/local[14185]: dict_ldap_connect: Actual Protocol version used is 3. Jun 22 00:25:01 localhost postfix/local[14185]: dict_ldap_connect: Binding to server ldap://auth.example.net:389 as dn uid=auth,ou=People,dc=example,dc=net Jun 22 00:25:01 localhost postfix/local[14185]: dict_ldap_connect: Successful bind to server ldap://auth.example.net:389 as uid=auth,ou=People,dc=example,dc=net Jun 22 00:25:01 localhost postfix/local[14185]: dict_ldap_connect: Cached connection handle for LDAP source /usr/local/etc/postfix/aliases-ldap Jun 22 00:25:01 localhost postfix/local[14185]: dict_ldap_lookup: /usr/local/etc/postfix/aliases-ldap: Empty expansion for ou=People,dc=example,dc=net In particular the last line worries me as it only appears if I set query_filter to mail=%u@%d. If I set it to mail=%s or even uid=%s, is does not attempt this expansion. 3a. Do LDAP users need to exist as local UNIX users as well? >From the logs: Jun 22 01:02:01 localhost postfix/local[15050]: dict_ldap_lookup: In dict_ldap_lookup Jun 22 01:02:01 localhost postfix/local[15050]: dict_ldap_lookup: Using existing connection for LDAP source /usr/local/etc/postfix/aliases-ldap Jun 22 01:02:01 localhost postfix/local[15050]: dict_ldap_lookup: /usr/local/etc/postfix/aliases-ldap: Searching with filter uid=blubb Jun 22 01:02:01 localhost postfix/local[15050]: dict_ldap_get_values[1]: Search found 1 match(es) Jun 22 01:02:01 localhost postfix/local[15050]: dict_ldap_get_values[1]: search returned 1 value(s) for requested result attribute mail Jun 22 01:02:01 localhost postfix/local[15050]: dict_ldap_get_values[1]: Leaving dict_ldap_get_values Jun 22 01:02:01 localhost postfix/local[15050]: dict_ldap_lookup: Search returned bl...@example.net Jun 22 01:02:01 localhost postfix/local[15050]: deliver_alias: ldap:/usr/local/etc/postfix/aliases-ldap(0,lock|no_regsub|no_proxy|no_unauth|fold_fix): blubb = bl...@example.net Jun 22 01:02:01 localhost postfix/local[15050]: deliver_alias[7]: reset user_attr Jun 22 01:02:01 localhost postfix/local[15050]: dict_ldap_lookup: In dict_ldap_lookup Jun 22 01:02:01 localhost postfix/local[15050]: dict_ldap_lookup: Using existing connection for LDAP source /usr/local/etc/postfix/aliases-ldap Jun 22 01:02:01 localhost postfix/local[15050]: dict_ldap_lookup: /usr/local/etc/postfix/aliases-ldap: Searching with filter uid=owner-blubb Jun 22 01:02:01 localhost postfix/local[15050]: dict_ldap_get_values[1]: Search found 0 match(es) Jun 22 01:02:01 localhost postfix/local[15050]: dict_ldap_get_values[1]: Leaving dict_ldap_get_values Jun 22 01:02:01 localhost postfix/local[15050]: dict_ldap_lookup: Search returned nothing ... Jun 22 01:02:01 localhost postfix/local[15050]: deliver_switch[10]: local blubb recip bl...@example.net exten deliver root@localhost.localdomain exp_from blubb Jun 22 01:02:01 localhost postfix/local[15050]: deliver_alias[11]: local blubb recip bl...@example.net exten deliver root@localhost.localdomain exp_from blubb Jun 22 01:02:01 localhost postfix/local[15050]: deliver_dotforward[11]: local blubb recip bl...@example.net exten deliver root@localhost.localdomain exp_from blubb Jun 22 01:02:01 localhost postfix/local[15050]: deliver_mailbox[11]: local blubb recip bl...@example.net exten deliver root@localhost.localdomain exp_from blubb Jun 22 01:02:01 localhost postfix/local[15050]: been_here: mailbox blubb: 0 Jun 22 01:02:01 localhost postfix/local[15050]: deliver_unknown[11]: local blubb recip bl...@example.net exten deliver root@localhost.localdomain exp_from blubb User blubb does exist as LDAP user, but not as local UNIX user. However, local(8) would look up user blubb on the local passwd database and bail out since it does not exist there. 3b. Why does local(8) lookup owner-blubb even if the search for blubb succeeds? See above log. I can hack these things out myself in the Postfix code (essentially creating a branch for myself), I just wanted to know if there is anybody on this list who has observed these quirks him-/herself, or is it just me who missed out something. Thanks. Chong