Hi,

Background info:

I have an email server setup consisting of postfix and Cyrus IMAPd. I'm using
LDAP virtual_maps to do my virtual accounts. I have several domains working
fine and thought I had the process of adding new domains relatively refined.
Generally, what I do is: add a new IP address to the mail server, setup another
instance of the Cyrus IMAP server, add the virtual_map to my postfix config
file, add the domain I'm going to support in /etc/postfix/virtual, and add the
transport map in /etc/postfix/transport. Generally, the domains I'm hosting are
actually ones that currently exist and someone is migrating their mail server to
ours. Since their mail server is currently active, I usually setup our server
as mail2.<whateverdomain> until the time of the migration and adjust my setup
accordingly. This basically means I change my transport and virtual maps and
replace <whateverdomain> with mail2.<whateverdomain>. I also modify my
ldap_domain map line and change it from <whateverdomain> to mail2.<whateverdomain>.

By sending mail to <test_user>mail2.<whateverdomain>, I can test the setup and
make sure all the components are working, while making sure that any mail
addressed to that domain still gets delivered to the old mail server. So
basically, all I'm doing is setting up a server to handle mail for a subdomain.

Problem:

The account I'm testing is kevin_myermail2.hempfield.k12.pa.us.

This setup has worked fine for testing in the past. However, I setup another
domain this past week and tried to deliver mail to it. Everything keeps
bouncing back to me with "Unknown user" error messages. So I started running
some of the services within postfix verbosely and I still haven't nailed down
what is going on. Here is what I know: qmgr is initiallizing the LDAP maps
properly - I can see it reading the config for the six or so maps that I have
and caching a connection for each (including the new domain I want to test).
Mail comes in and I can see trivial-rewrite consulting the LDAP server, looking
for info about kevin_myer...., which does result in a connection to the LDAP
server. The mail gets passed back to qmgr and the results of resolve_clnt_query
are:

postfix/qmgr[9771]: resolve_clnt_query: `kevin_myerdmail2.hempfield.k12.pa.us'
-> t=`lmtp' h=`unix:/var/imap/hempfield/socket/lmtp'
r=`kevin_myermail2.hempfield.k12.pa.us'

qmgr executes the match_string function and this is where things fall apart.
Whereas with all my other domains, qmgr also consults dict_ldap_lookup, with
this domain, it just stops after checking against the values of $mydestination
and bounces the message. The info needed for LDAP routing of the mail is there too:

/usr/sbin/postmap -q kevin_myermail2.hempfield.k12.pa.us ldap:hempfield
kevin_myermail2.hempfield.k12.pa.us

I'm sure the solution is embarrasingly simple but I keep going around in circles
as to what the problem is. Maybe a fresh set of eyes can point out what I'm
doing wrong. As I said, I've used this methodology (of creating a server for a
subdomain of a domain we're migrating) and things have worked fine in the past.
 But I've either got a typo somewhere or something else is subtly different this
time because its just not working. It seems like qmgr has all the info it needs
to invoke lmtp to deliver the mail but for some reason, it would seem that it
doesn't think that it should deliver mail for mail2.hempfield.k12.pa.us so it
bounces it without checking the LDAP maps (someone correct me if I've got my
understanding of how everything interoperates).

/usr/sbin/postconf -n:

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases, ldap:iu13
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
header_checks = regexp:/etc/postfix/header_checks
mail_owner = mail
mail_spool_directory = /var/mail
mailbox_command = /usr/bin/procmail
mydestination = $myhostname, localhost.$mydomain,$mydomain, mail.$mydomain
mydomain = iu13.org
myhostname = relay.iu13.org
mynetworks = <removed>
queue_directory = /var/spool/postfix
relay_domains = /etc/postfix/relay_domains
sender_canonical_maps = hash:/etc/postfix/sender_canonical
transport_maps = hash:/etc/postfix/transport
virtual_maps = hash:/etc/postfix/virtual,<some removed>,ldap:hempfield

The LDAP config portion for hempfield:

hempfield_server_host = directory.iu13.k12.pa.us
hempfield_search_base = ou=People,dc=hempfield,dc=k12,dc=pa,dc=us
hempfield_domain = mail2.hempfield.k12.pa.us
hempfield_scope = one
hempfield_result_attribute = mailRoutingAddress
hempfield_query_filter = (mailAlternateAddress=%s)

Relevant parts of /etc/postfix/transport:
mail2.hempfield.k12.pa.us lmtp:unix:/var/imap/hempfield/socket/lmtp

Relevant parts of /etc/postfix/virtual:
mail2.hempfield.k12.pa.us VIRTUAL_DOMAIN

Relevant parts of /etc/postfix/relay_domains
mail2.hempfield.k12.pa.us

I have run postmap on transport and virtual as well.

Finally, the LDIF for the user I'm trying to deliver to:

dn: uid=kevin_myer,ou=People,dc=hempfield,dc=k12,dc=pa,dc=us
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: inetLocalMailRecipient
cn: Kevin Myer
uid: kevin_myer
mail: kevin_myerhempfield.k12.pa.us
sn: Myer
givenname: Kevin
mailhost: mail2.hempfield.k12.pa.us
mailalternateaddress: kevin_myerhempfield.k12.pa.us
mailalternateaddress: kevin_myermail2.hempfield.k12.pa.us
mailroutingaddress: kevin_myermail2.hempfield.k12.pa.us
title: Test
l: IU13

The mail box exists and using the cyrus deliver agent to manually deliver to
that mailbox works as well.

Thanks for any help or sharp eyes.

Kevin

-- 
Kevin M. Myer
Systems Administrator
Lancaster-Lebanon Intermediate Unit 13
(717)-560-6140
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]