AW: local_recipient_maps with LDAP
Ok I removed that * now from the request an used mail as result_attribute. This works now for the local domain but not for the others. I added all the non-local domains to the parameter virtual_alias_domains and set virtual_alias_maps to ldap:/etc/postfix/virtual.cf I tested it with postmap -q nad it worked. But if I send a message to that domain I get the message back: User unknown in virtual alias table As you wished... Postconf -n: alias_maps = hash:/etc/aliases biff = no canonical_maps = hash:/etc/postfix/canonical command_directory = /usr/sbin config_directory = /etc/postfix content_filter = daemon_directory = /usr/lib/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debug_peer_list = 192.168.8.111 defer_transports = delay_warning_time = 1h disable_dns_lookups = no disable_mime_output_conversion = no header_checks = regexp:/etc/postfix/header_checks html_directory = /usr/share/doc/packages/postfix-doc/html inet_protocols = all local_recipient_maps = ldap:/etc/postfix/local_recipient_maps.cf unix:passwd.byname mail_owner = postfix mail_spool_directory = /var/mail mailbox_command = mailbox_size_limit = 0 mailbox_transport = cyrus mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = root message_size_limit = 0 message_strip_characters = \0 mydestination = $myhostname, localhost, $mydomain myhostname = mx-rel.unimatrix0.ch mynetworks = 192.168.8.0/24, 127.0.0.0/8 newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix-doc/README_FILES relay_domains = $mydestination, hash:/etc/postfix/relay relayhost = smtp.hispeed.ch relocated_maps = hash:/etc/postfix/relocated sample_directory = /usr/share/doc/packages/postfix-doc/samples sender_canonical_maps = hash:/etc/postfix/sender_canonical sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtp_enforce_tls = no smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd smtp_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache smtp_tls_session_cache_timeout = 3600s smtp_use_tls = yes smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = smtpd_recipient_restrictions = permit_mynetworks,reject_unauth_destination smtpd_sasl_auth_enable = no smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_use_tls = no strict_8bitmime = no strict_rfc821_envelopes = no transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_domains = sinus-elektro.ch spinsch.ch virtual_alias_maps = ldap:/etc/postfix/virtual.cf And the content of virtual.cf bind_dn = j...@hive.loc bind_pw = * server_host = 192.168.8.254 #Global Catalog port server_port = 3268 search_base = DC=hive, DC=loc query_filter = proxyAddresses=smtp:%s result_attribute = mail -Ursprüngliche Nachricht- Von: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] Im Auftrag von Victor Duchovni Gesendet: Montag, 30. August 2010 21:54 An: postfix-users@postfix.org Betreff: Re: local_recipient_maps with LDAP On Mon, Aug 30, 2010 at 09:46:26PM +0200, Marco Rebsamen wrote: search_base = DC=hive, DC=loc query_filter = proxyAddresses=smtp:*...@unimatrix0.ch result_attribute = proxyAddresses What is that pesky * doing in your query filter!!! It's a damn wildcard! I thought I would need it because when I tried to find the right parameters for this LDAP request I could not find find anything until I used this star! Get rid of it. With the smtp: prefix properly set to match the actual data in Microsoft's AD, you no longer need the * and using it lowers performance and creates backscatter when you accept invalid names that are prefixes of valid names. Why is proxyAddresses the right result attribute. I would use mail. I don't know ?! Is it not ?! from where should I know that ?! By understanding what you are doing... :-( Why do I need an email address as return anyway ?! You need some non-empty attribute as a result, ideally a single-valued one that keeps the result-set small. Using mail makes sense. -- Viktor.
AW: local_recipient_maps with LDAP
I added all the non-local domains to the parameter virtual_alias_domains and set virtual_alias_maps to ldap:/etc/postfix/virtual.cf Do you understand what virtua alias domains are for? I thought I would... I tested it with postmap -q and it worked. What does worked mean? I got the same address back as I searched for... But if I send a message to that domain I get the message back: User unknown in virtual alias table That means that the recipient address did NOT get rewritten into a real (not virtual alias) domain. message_size_limit = 0 Generally unwise. mydestination = $myhostname, localhost, $mydomain myhostname = mx-rel.unimatrix0.ch relay_domains = $mydestination, hash:/etc/postfix/relay relayhost = smtp.hispeed.ch sender_canonical_maps = hash:/etc/postfix/sender_canonical Generally unwise to use sender_canonical_maps. Use smtp_generic_maps instead to rewrite outbound email. smtp_enforce_tls = no Obsolete. smtp_use_tls = yes smtpd_use_tls = no Obsolete, use smtp_tls_security_level = may smtpd_tls_security_level = none Well... I thought that the guys from opensuse did a good job with the out of the box settings. Obviously they didn't... transport_maps = hash:/etc/postfix/transport virtual_alias_domains = sinus-elektro.ch spinsch.ch virtual_alias_maps = ldap:/etc/postfix/virtual.cf These domains can't host real recipients, all recipients must be rewritten to a real domain. And the content of virtual.cf search_base = DC=hive, DC=loc query_filter = proxyAddresses=smtp:%s result_attribute = mail Probably mail is the original address in most cases. Where is such mail routed? If to another server, these are relay domains, not virtual alias domains, unless you rewrite the address in transit... The Messages should be forwarded to the MS Exchange Server from which I request the LDAP information. I had this working on an older system. What I did there was, adding the domains sinus-elektro.ch and spinsch.ch to relay_domains and then I had a perl-script which updated the local_receipient_maps table. If I now add these domains to relay_domains, postfix just delivers every message to one of these domains to the exchange without checking if the address realy exists... -- Viktor.
AW: local_recipient_maps with LDAP
Hm, looks like some things changed since I set up the last system. I mean why did it work before ? I guess i buy the newest version of Peer Heinlein's book :-P Anyway, it works now the way I wanted it. Thank you for your patience. -Ursprüngliche Nachricht- Von: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] Im Auftrag von Victor Duchovni Gesendet: Dienstag, 31. August 2010 21:29 An: postfix-users@postfix.org Betreff: Re: local_recipient_maps with LDAP On Tue, Aug 31, 2010 at 08:07:52PM +0200, Marco Rebsamen wrote: Probably mail is the original address in most cases. Where is such mail routed? If to another server, these are relay domains, not virtual alias domains, unless you rewrite the address in transit... The Messages should be forwarded to the MS Exchange Server from which I request the LDAP information. Then these are relay domains not virtual alias domains, unless you rewrite the address to an internal domain specific to Exchange in transit. I had this working on an older system. What I did there was, adding the domains sinus-elektro.ch and spinsch.ch to relay_domains Which was the right thing to do. and then I had a perl-script which updated the local_receipient_maps table. Which is the wrong thing to do, since for relay domains, the validation table is relay_recipient_maps not local_recipient_maps. You can use LDAP and skip the need to generate flat file tables, unless you want to protect AD from the query load... If I now add these domains to relay_domains, postfix just delivers every message to one of these domains to the exchange without checking if the address realy exists... Because you are not setting relay_recipient_maps. http://www.postfix.org/ADDRESS_CLASS_README.html -- Viktor.
AW: local_recipient_maps with LDAP
Ok, I'm really confused about that LDAP lookup stuff :-/ What I want to do is to check if an address to which a message is addressed really exists. I'm currently using this script for local receipient checks: bind_dn = j...@hive.loc bind_pw = server_host = 192.168.8.254 #Global Catalog port server_port = 3268 search_base = DC=hive, DC=loc query_filter = proxyAddresses=smtp:*...@unimatrix0.ch result_attribute = proxyAddresses the result is the complete list of all addresses a user has. But I'm not sure if this is right. I delivered a test message by hand through telnet and somehow it got delivered to any address in the result even in the system. So I guess I really missed something... :-/ -Ursprüngliche Nachricht- Von: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] Im Auftrag von Victor Duchovni Gesendet: Montag, 30. August 2010 17:17 An: postfix-users@postfix.org Betreff: Re: local_recipient_maps with LDAP On Mon, Aug 30, 2010 at 04:58:48PM +0200, Patrick Ben Koetter wrote: * Victor Duchovni postfix-users@postfix.org: Is smtp:%s sufficient? IIRC the main mail address is noted as SMTP:%s. A query that catches those too would be this: The proxyAddresses field is matched case-insensitively. No fancy gymnastics required: query_filter = (|(proxyAddresses=smtp:%s)(proxyAddresses=SMTP:%s)) The first string matches both. Case-insensitive because the matching rule for proxyAddresses is case-insensitive? Yes, naturally. The case of the smtp prefix only matters when it is used as a result value, not when it is a lookup key. -- Viktor.
AW: local_recipient_maps with LDAP
-Ursprüngliche Nachricht- Von: Victor Duchovni [mailto:victor.ducho...@morganstanley.com] Gesendet: Montag, 30. August 2010 21:18 An: Marco Rebsamen Cc: postfix-users@postfix.org Betreff: Re: local_recipient_maps with LDAP On Mon, Aug 30, 2010 at 08:50:33PM +0200, Marco Rebsamen wrote: Ok, I'm really confused about that LDAP lookup stuff :-/ What I want to do is to check if an address to which a message is addressed really exists. I'm currently using this script for local receipient checks: bind_dn = j...@hive.loc bind_pw = server_host = 192.168.8.254 #Global Catalog port server_port = 3268 search_base = DC=hive, DC=loc query_filter = proxyAddresses=smtp:*...@unimatrix0.ch result_attribute = proxyAddresses What is that pesky * doing in your query filter!!! It's a damn wildcard! I thought I would need it because when I tried to find the right parameters for this LDAP request I could not find find anything until I used this star! Why is proxyAddresses the right result attribute. I would use mail. I don't know ?! Is it not ?! from where should I know that ?! Why do I need an email address as return anyway ?! I would say the address is already written in the message ? It makes no sense to me to return an email address maybe I just don't understand the whole thing and someone should tell me what I should do?! Report problems accurately with supporting postconf -n output, table definitions AND logs! ...same as above -- Viktor.
