From: Aleksandar Vukovic (vualekscg.ac.yu)
Date: Thu Jan 24 2008 - 06:09:10 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,

I'm trying to make a postfix & ldap database combination so that all
mailboxes are owned by one system user and postfix smtpd daemon should
lookup from LDAP for local recipient table and location of mailboxes
upon receiving mail. Delivering is done by dovecot and it worked ok
while acctual users were in /etc/passwd, but when I removed them
form /etc/passwd and expected lookup from ldap i got 'unknown user:
"username"' error. Is this kind of setup possible at all because mailbox
locations also need to be read from LDAP (I'm not sure :)? There are no
virtual domains here, everything is for localdomain, but maybe this is
done by some kind of virtual users setup? Here is how i tried to make it work.
I replaced private things with bogus, but its clean enough.

This is my postconf -n:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap.cf
append_dot_mydomain = no
biff = no
body_checks_size_limit = 10485760
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
home_mailbox = .maildir/
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
local_recipient_maps = $alias_maps
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
message_size_limit = 10485760
mydestination = mail.mydomain.com, localhost.mydomain.com, localhost , mydomain.com
myhostname = mail.mydomain.com
mynetworks = 127.0.0.0/8,
myorigin = /etc/mailname
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
smtpd_banner = $myhostname ESMTP $mail_name (Linux Almighty)
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_tls_auth_only = no

/etc/postfix/ldap.cf:

server_host = ldap-server...
search_base = ldap-base...
query_filter = (mail=%s)
#query_filter = (&(mail=%s)(uid=%u))
domain = mydomain.com
result_attribute = mail
#result_format = %u
version = 3

My guess is that changes are needed here. I have mail attribute containing real email address for every user in LDAP so with this setup when I try :

postmap -q usermydomain.com ldap:/etc/postfix/ldap.cf

response is :

usermydomain.com

and when I try only username for query i get nothing. I dont really know what response should acctualy be there, maybe mailbox location?

Here is verbose mail.log while trying to send a message from usermydomain.com to the same address:

Jan 24 12:04:47 mail postfix/smtpd[4123]: dict_ldap_connect: Connecting to server ldap://ldap.myserver:389
Jan 24 12:04:47 mail postfix/smtpd[4123]: dict_ldap_connect: Actual Protocol version used is 3.
Jan 24 12:04:47 mail postfix/smtpd[4123]: dict_ldap_connect: Binding to server ldap://ldap.myserver:389 as dn
Jan 24 12:04:47 mail postfix/smtpd[4123]: dict_ldap_connect: Successful bind to server ldap://ldap.myserver:389 as
Jan 24 12:04:47 mail postfix/smtpd[4123]: dict_ldap_connect: Cached connection handle for LDAP source /etc/postfix/ldap.cf
Jan 24 12:04:47 mail postfix/smtpd[4123]: dict_ldap_lookup: /etc/postfix/ldap.cf: Searching with filter (mail=vualeksmydomain.com)
Jan 24 12:04:47 mail postfix/smtpd[4123]: dict_ldap_get_values[1]: Search found 1 match(es)
Jan 24 12:04:47 mail postfix/smtpd[4123]: dict_ldap_get_values[1]: search returned 1 value(s) for requested result attribute mail
Jan 24 12:04:47 mail postfix/smtpd[4123]: dict_ldap_get_values[1]: Leaving dict_ldap_get_values
Jan 24 12:04:47 mail postfix/smtpd[4123]: dict_ldap_lookup: Search returned vualeksmydomain.com
Jan 24 12:04:47 mail postfix/smtpd[4123]: maps_find: local_recipient_maps: ldap:/etc/postfix/ldap.cf(0,lock|fold_fix): vualeksmydomain.com = vualeksmydomain.com
Jan 24 12:04:47 mail postfix/smtpd[4123]: mail_addr_find: vualeksmydomain.com -> vualeksmydomain.com
Jan 24 12:04:47 mail postfix/smtpd[4123]: smtpd_check_rewrite: trying: permit_inet_interfaces
Jan 24 12:04:47 mail postfix/smtpd[4123]: permit_inet_interfaces: localhost 127.0.0.1
Jan 24 12:04:47 mail postfix/smtpd[4123]: before input_transp_cleanup: cleanup flags = enable_header_body_filter enable_automatic_bcc enable_address_mapping enable_milters
Jan 24 12:04:47 mail postfix/smtpd[4123]: after input_transp_cleanup: cleanup flags = enable_header_body_filter enable_automatic_bcc enable_address_mapping
Jan 24 12:04:47 mail postfix/smtpd[4123]: connect to subsystem public/cleanup
Jan 24 12:04:47 mail postfix/smtpd[4123]: public/cleanup socket: wanted attribute: queue_id
Jan 24 12:04:47 mail postfix/smtpd[4123]: input attribute name: queue_id
Jan 24 12:04:47 mail postfix/smtpd[4123]: input attribute value: 31C544C354
Jan 24 12:04:47 mail postfix/smtpd[4123]: public/cleanup socket: wanted attribute: (list terminator)
Jan 24 12:04:47 mail postfix/smtpd[4123]: input attribute name: (end)
Jan 24 12:04:47 mail postfix/smtpd[4123]: send attr flags = 50
Jan 24 12:04:47 mail postfix/smtpd[4123]: 31C544C354: client=localhost[127.0.0.1]
Jan 24 12:04:47 mail postfix/smtpd[4123]: > localhost[127.0.0.1]: 250 2.1.5 Ok
Jan 24 12:04:47 mail postfix/smtpd[4123]: < localhost[127.0.0.1]: DATA
Jan 24 12:04:47 mail postfix/smtpd[4123]: > localhost[127.0.0.1]: 354 End data with <CR><LF>.<CR><LF>
Jan 24 12:04:47 mail postfix/cleanup[4125]: 31C544C354: message-id=<1465.............1201172687.squirrelwww.mail.mydomain.com>
Jan 24 12:04:47 mail postfix/qmgr[4122]: 31C544C354: from=<vualeksmydomain.com>, size=754, nrcpt=1 (queue active)
Jan 24 12:04:47 mail postfix/smtpd[4123]: public/cleanup socket: wanted attribute: status
Jan 24 12:04:47 mail postfix/smtpd[4123]: input attribute name: status
Jan 24 12:04:47 mail postfix/smtpd[4123]: input attribute value: 0
Jan 24 12:04:47 mail postfix/smtpd[4123]: public/cleanup socket: wanted attribute: reason
Jan 24 12:04:47 mail postfix/smtpd[4123]: input attribute name: reason
Jan 24 12:04:47 mail postfix/smtpd[4123]: input attribute value: (end)
Jan 24 12:04:47 mail postfix/smtpd[4123]: public/cleanup socket: wanted attribute: (list terminator)
Jan 24 12:04:47 mail postfix/smtpd[4123]: input attribute name: (end)
Jan 24 12:04:47 mail postfix/smtpd[4123]: > localhost[127.0.0.1]: 250 2.0.0 Ok: queued as 31C544C354
Jan 24 12:04:47 mail postfix/smtpd[4123]: < localhost[127.0.0.1]: QUIT
Jan 24 12:04:47 mail postfix/smtpd[4123]: > localhost[127.0.0.1]: 221 2.0.0 Bye
Jan 24 12:04:47 mail postfix/smtpd[4123]: match_hostname: localhost ~? 127.0.0.0/8
Jan 24 12:04:47 mail postfix/smtpd[4123]: match_hostaddr: 127.0.0.1 ~? 127.0.0.0/8
Jan 24 12:04:47 mail postfix/smtpd[4123]: disconnect from localhost[127.0.0.1]
Jan 24 12:04:47 mail postfix/smtpd[4123]: master_notify: status 1
Jan 24 12:04:47 mail postfix/smtpd[4123]: connection closed
Jan 24 12:04:47 mail postfix/local[4127]: 31C544C354: to=<vualeksmydomain.com>, relay=local, delay=0.16, delays=0.09/0.01/0/0.07, dsn=5.1.1, status=bounced (unknown user: "vualeks")
Jan 24 12:04:47 mail postfix/cleanup[4125]: 562624C3D4: message-id=<20080124110447.562624C3D4mail.mydomain.com>
Jan 24 12:04:47 mail postfix/qmgr[4122]: 562624C3D4: from=<>, size=2468, nrcpt=1 (queue active)
Jan 24 12:04:47 mail postfix/bounce[4128]: 31C544C354: sender non-delivery notification: 562624C3D4
Jan 24 12:04:47 mail postfix/qmgr[4122]: 31C544C354: removed
Jan 24 12:04:47 mail postfix/local[4127]: 562624C3D4: to=<vualeksmydomain.com>, relay=local, delay=0.15, delays=0.06/0/0/0.08, dsn=5.1.1, status=bounced (unknown user: "vualeks")
Jan 24 12:04:47 mail postfix/qmgr[4122]: 562624C3D4: removed

It seems that user is found in ldap but message is still bounced, probably because mailbox location is not found/read or sth else, I dont know.

Thanks in advance.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]