Re: ADVICE: Best Practice - Usernames with Domain components

[Matteo Cazzador]

Thank Dima, i make some changes in yuoi suggest:

I use

"sender_dependent_default_transport_maps"

and not

"sender_dependent_relayhost_maps"


#Main.cf part

sender_dependent_default_transport_maps = hash:/etc/postfix/sender_relay

#sender_relay content

@example1.com smtp:[gw1.gateway.com]


Thanks a lot.


Il 26/05/2020 14:49, mj ha scritto:
Attenzione: Questa e` la prima volta che ricevi un'email da questo 
mittente.

Attenzione: Assicurati che sia qualcuno di cui ti fidi.

Hi,

There is some misunderstanding in your setup. If you host 3 domains
then you will rather want to send mails FROM these domains into outer
world through different gateways. But your transport maps work when
postfix work with mail TO this domains.

If I am right you should remove transport map and add 
sender_dependent_relayhost_maps = hash:/usr/pkg/etc/postfix/bysender

to main.cf, create bysender like:
@example1.com smtp:gw1.gateway.com
@example2.com smtp:gw2.gateway.com
@example3.com smtp:gw3.gateway.com

run postmap /usr/pkg/etc/postfix/bysender
and reload postfix

On Wed, May 27, 2020 at 06:13:46PM +0200, Matteo Cazzador wrote:



example1.com smtp:gw1.gateway.com
example2.com smtp:gw2.gateway.com
example3.com smtp:gw3.gateway.com

than i use make "postmap transport".



--
Rispetta l'ambiente: se non ti è necessario, non stampare questa mail.

Le informazioni contenute in questa e-mail e nei files eventualmente allegati 
sono destinate unicamente ai destinatari della stessa e
sono da considerarsi strettamente riservate. E' proibito copiare, salvare, 
utilizzare,  inoltrare a terzi e diffondere il contenuto della presente
senza il preventivo consenso, ai sensi dell'articolo 616 c.p. e della Legge n. 
196/2003. Se avete ricevuto questo messaggio per errore siete
pregati di comunicarlo immediatamente all'indirizzo mittente, nonché di 
cancellarne il contenuto senza procedere ad ulteriore o differente trattamento.


**
Ing. Matteo Cazzador
NetLite snc di Cazzador Gagliardi
Corso Vittorio Emanuele II, 188 37069
Villafranca di Verona VR
Tel 0454856656
Fax 0454856655
Email: mat...@netlite.it
Web: http://www.netlite.it
**

Re: ADVICE: Best Practice - Usernames with Domain components

[mj]

Hi,

So, do I understand correctly that you are running postfix/mailutils etc 
directly on your ADDC, and you are using 'local' (=winbind) users?


Then probably I ould change that: not use local users, but make 
everything mail-related talk to ldap only, and don't use local users.


Also...perhaps consider running it on a seperate machine. (perhaps even 
a VM on your samba ADDC)


MJ

On 5/27/20 12:40 PM, Nick Piggott wrote:

Hi,

I'm not able to suppress the DOMAIN element of the username part on 
*this* machine.


All the machines in the AD have a directive in their /etc/samba/smb.conf 
file

winbind use default domain = yes
however this doesn't work on this machine acting as the AD-DC, and 
looking at the Samba mailing lists, this is by design, and unlikely to 
change. It does work on the workstations (where users are just shown as 
their username).


So one "workaround" would be to work out how to suppress the DOMAIN 
through Samba / Winbind on this machine. But I have not been able to 
achieve that at all, so that's why I'm looking to fix it around postfix.


Nick


On Tue, 26 May 2020 at 13:49, mj > wrote:


Hi,

I have read your mail, and we're using a setup similar to yours (samba,
postfix, debian) and we're using 'regular' usernames, without the
domain
prefix.

Sometimes, but only in windows, we specify a domain name to make clear
to windows that we mean the DOMAIN account username, and not a local
account, or DOMAINB\username.

But in common practise, we never login anywhere with DOMAIN\username

And we also never have the issues you are describing, and no need fotr
mappings of any kind.

Are you *sure* you need your usernames in that format?

MJ


On 26/05/2020 13:50, Nick Piggott wrote:
 > Hello,
 >
 > Here's my setup:
 > * Ubuntu 18.04 LTS
 > * Postfix 3.3.0
 > * Mailutils 3.4
 > * Samba 4.7.6
 > * Active Directory (provided by Samba)
 >
 > My usernames are of the format:
 > * DOMAIN\username
 >
 > I can separately maintain a list of mappings between DOMAIN\username
 > and username.
 >
 > Here are the problems I'm looking to solve appropriately:
 > * mail - sends the origination user as "DOMAIN\username", which
 > postfix provides onto the destination mail exchanger, which
rejects it
 > as being an incorrect format
 > * postfix - is configured with:
 > local_recipient_maps = proxy:unix:passwd.byname $alias_maps
 > which flattens the return address to "domain\username", and creates a
 > mailbox in /var/mail as "domain\username". When the user types "mail"
 > to read their email, it opens "DOMAIN\username", so they never see
 > their newly received messages.
 >
 > Things I have tried:
 > * Using
 > sender_canonical_maps = hash:\etc\postfix\sender_canonical
 > to change a specific DOMAIN\username to username. It didn't work,
 > although I could see it parsing sender_canonical.db when sending. The
 > exact line was
 > DOMAIN\\username : username
 > Postfix still provided "DOMAIN\username" as the originator to the
 > destination mail exchanger.
 > * Using
 > recipient_canonical_maps = hash:\etc\postfix\recipient_canonical
 > to convert a specific username back to DOMAIN\username. That failed
 > because the output is still casefolded to domain\username before
 > writing to the mailbox file.
 >
 > Questions:
 > * Am I trying the right approach to rewriting the originating email
 > address from DOMAIN\username to username? What am I potentially
 > missing to get it working?
 > * As postfix will always fold the return address to lowercase
(because
 > of the local_recipient_maps filter), should I just softlink together
 > the mailbox files DOMAIN\username and domain\username in
/var/mail, or
 > is there a solution I can put into postfix to revert back to
 > DOMAIN\username before outputting to the mail file?
 >
 > Thanks in advance,
 >



--
Nick

Re: ADVICE: Best Practice - Usernames with Domain components

[Nick Piggott]

Hi,

I'm not able to suppress the DOMAIN element of the username part on *this*
machine.

All the machines in the AD have a directive in their /etc/samba/smb.conf
file
winbind use default domain = yes
however this doesn't work on this machine acting as the AD-DC, and looking
at the Samba mailing lists, this is by design, and unlikely to change. It
does work on the workstations (where users are just shown as their
username).

So one "workaround" would be to work out how to suppress the DOMAIN through
Samba / Winbind on this machine. But I have not been able to achieve that
at all, so that's why I'm looking to fix it around postfix.

Nick


On Tue, 26 May 2020 at 13:49, mj  wrote:

> Hi,
>
> I have read your mail, and we're using a setup similar to yours (samba,
> postfix, debian) and we're using 'regular' usernames, without the domain
> prefix.
>
> Sometimes, but only in windows, we specify a domain name to make clear
> to windows that we mean the DOMAIN account username, and not a local
> account, or DOMAINB\username.
>
> But in common practise, we never login anywhere with DOMAIN\username
>
> And we also never have the issues you are describing, and no need fotr
> mappings of any kind.
>
> Are you *sure* you need your usernames in that format?
>
> MJ
>
>
> On 26/05/2020 13:50, Nick Piggott wrote:
> > Hello,
> >
> > Here's my setup:
> > * Ubuntu 18.04 LTS
> > * Postfix 3.3.0
> > * Mailutils 3.4
> > * Samba 4.7.6
> > * Active Directory (provided by Samba)
> >
> > My usernames are of the format:
> > * DOMAIN\username
> >
> > I can separately maintain a list of mappings between DOMAIN\username
> > and username.
> >
> > Here are the problems I'm looking to solve appropriately:
> > * mail - sends the origination user as "DOMAIN\username", which
> > postfix provides onto the destination mail exchanger, which rejects it
> > as being an incorrect format
> > * postfix - is configured with:
> > local_recipient_maps = proxy:unix:passwd.byname $alias_maps
> > which flattens the return address to "domain\username", and creates a
> > mailbox in /var/mail as "domain\username". When the user types "mail"
> > to read their email, it opens "DOMAIN\username", so they never see
> > their newly received messages.
> >
> > Things I have tried:
> > * Using
> > sender_canonical_maps = hash:\etc\postfix\sender_canonical
> > to change a specific DOMAIN\username to username. It didn't work,
> > although I could see it parsing sender_canonical.db when sending. The
> > exact line was
> > DOMAIN\\username : username
> > Postfix still provided "DOMAIN\username" as the originator to the
> > destination mail exchanger.
> > * Using
> > recipient_canonical_maps = hash:\etc\postfix\recipient_canonical
> > to convert a specific username back to DOMAIN\username. That failed
> > because the output is still casefolded to domain\username before
> > writing to the mailbox file.
> >
> > Questions:
> > * Am I trying the right approach to rewriting the originating email
> > address from DOMAIN\username to username? What am I potentially
> > missing to get it working?
> > * As postfix will always fold the return address to lowercase (because
> > of the local_recipient_maps filter), should I just softlink together
> > the mailbox files DOMAIN\username and domain\username in /var/mail, or
> > is there a solution I can put into postfix to revert back to
> > DOMAIN\username before outputting to the mail file?
> >
> > Thanks in advance,
> >
>


-- 
Nick

Re: ADVICE: Best Practice - Usernames with Domain components

[mj]

Hi,

I have read your mail, and we're using a setup similar to yours (samba, 
postfix, debian) and we're using 'regular' usernames, without the domain 
prefix.


Sometimes, but only in windows, we specify a domain name to make clear 
to windows that we mean the DOMAIN account username, and not a local 
account, or DOMAINB\username.


But in common practise, we never login anywhere with DOMAIN\username

And we also never have the issues you are describing, and no need fotr 
mappings of any kind.


Are you *sure* you need your usernames in that format?

MJ


On 26/05/2020 13:50, Nick Piggott wrote:

Hello,

Here's my setup:
* Ubuntu 18.04 LTS
* Postfix 3.3.0
* Mailutils 3.4
* Samba 4.7.6
* Active Directory (provided by Samba)

My usernames are of the format:
* DOMAIN\username

I can separately maintain a list of mappings between DOMAIN\username
and username.

Here are the problems I'm looking to solve appropriately:
* mail - sends the origination user as "DOMAIN\username", which
postfix provides onto the destination mail exchanger, which rejects it
as being an incorrect format
* postfix - is configured with:
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
which flattens the return address to "domain\username", and creates a
mailbox in /var/mail as "domain\username". When the user types "mail"
to read their email, it opens "DOMAIN\username", so they never see
their newly received messages.

Things I have tried:
* Using
sender_canonical_maps = hash:\etc\postfix\sender_canonical
to change a specific DOMAIN\username to username. It didn't work,
although I could see it parsing sender_canonical.db when sending. The
exact line was
DOMAIN\\username : username
Postfix still provided "DOMAIN\username" as the originator to the
destination mail exchanger.
* Using
recipient_canonical_maps = hash:\etc\postfix\recipient_canonical
to convert a specific username back to DOMAIN\username. That failed
because the output is still casefolded to domain\username before
writing to the mailbox file.

Questions:
* Am I trying the right approach to rewriting the originating email
address from DOMAIN\username to username? What am I potentially
missing to get it working?
* As postfix will always fold the return address to lowercase (because
of the local_recipient_maps filter), should I just softlink together
the mailbox files DOMAIN\username and domain\username in /var/mail, or
is there a solution I can put into postfix to revert back to
DOMAIN\username before outputting to the mail file?

Thanks in advance,

ADVICE: Best Practice - Usernames with Domain components

[Nick Piggott]

Hello,

Here's my setup:
* Ubuntu 18.04 LTS
* Postfix 3.3.0
* Mailutils 3.4
* Samba 4.7.6
* Active Directory (provided by Samba)

My usernames are of the format:
* DOMAIN\username

I can separately maintain a list of mappings between DOMAIN\username
and username.

Here are the problems I'm looking to solve appropriately:
* mail - sends the origination user as "DOMAIN\username", which
postfix provides onto the destination mail exchanger, which rejects it
as being an incorrect format
* postfix - is configured with:
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
which flattens the return address to "domain\username", and creates a
mailbox in /var/mail as "domain\username". When the user types "mail"
to read their email, it opens "DOMAIN\username", so they never see
their newly received messages.

Things I have tried:
* Using
sender_canonical_maps = hash:\etc\postfix\sender_canonical
to change a specific DOMAIN\username to username. It didn't work,
although I could see it parsing sender_canonical.db when sending. The
exact line was
DOMAIN\\username : username
Postfix still provided "DOMAIN\username" as the originator to the
destination mail exchanger.
* Using
recipient_canonical_maps = hash:\etc\postfix\recipient_canonical
to convert a specific username back to DOMAIN\username. That failed
because the output is still casefolded to domain\username before
writing to the mailbox file.

Questions:
* Am I trying the right approach to rewriting the originating email
address from DOMAIN\username to username? What am I potentially
missing to get it working?
* As postfix will always fold the return address to lowercase (because
of the local_recipient_maps filter), should I just softlink together
the mailbox files DOMAIN\username and domain\username in /var/mail, or
is there a solution I can put into postfix to revert back to
DOMAIN\username before outputting to the mail file?

Thanks in advance,

-- 
Nick