NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Postfix Discussion> 2008-05

Re: [Fwd: ldap users & aliases config]

From: Wojtek Bogusz (WojtekFrontLineDefenders.org)
Date: Thu May 08 2008 - 11:16:27 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>> virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf
>
> This applies to all recipient addresses, not just those in your domain.

yes. we have just one domain. and i wanted to avoid writing this domain
in all aliases and addresses. so instead i am just checking the user
names / alias names and leave the domain static listed in other settings.

>> $ cat /etc/postfix/ldap-aliases.cf
>> server_host = localhost
>> search_base = ou=EmailAliases,dc=frontline
>> query_filter = (&(objectClass=inetOrgPerson)(sn=%u))
>> result_attribute = cn
>> bind = no
>> version = 3
>
> This ignores the domain part without restricting it. The result is that
> you rewrite <localpart><any.domain> provided the local part is the "sn"
> of one of your users. A terrible idea.

why is it terrible idea?

>> output from
>>
>> $ sudo postmap -q wojtekboguszfrontlinedefenders.org
>> ldap:/etc/postfix/ldap-aliases.cf
>> $ sudo postmap -q wojtekbogusz ldap:/etc/postfix/ldap-aliases.cf
>>
>> is nothing...
>
> Good. Are these expected to match anything?

yes. if you do:

$ ldapsearch -b 'ou=EmailAliases,dc=frontline' -x 'sn=admin' cn
# extended LDIF
#
# LDAPv3
# base <ou=EmailAliases,dc=frontline> with scope subtree
# filter: sn=admin
# requesting: cn
#

# wojtek, EmailAliases, frontline
dn: cn=wojtek,ou=EmailAliases,dc=frontline

# nikt, EmailAliases, frontline
dn: cn=john,ou=EmailAliases,dc=frontline

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

but when you do:

$ sudo postmap -q adminfrontlinedefenders.org
ldap:/etc/postfix/ldap-aliases.cf
or:
$ sudo postmap -q admin ldap:/etc/postfix/ldap-aliases.cf

you get nothing

>> and smtp still rejects the address (any address admin,
>> adminfrontlinedefenders.org, wojtekbogusz,
>> wojtekboguszfrontlinedefenders.org, etc.)
>
> Do show the relevant ": reject: " log entries and explain why you expect
> these to be accepted.

May 8 17:13:01 base postfix/smtpd[16729]: NOQUEUE: reject: RCPT from
unknown[192.168.0.3]: 550 5.1.1 <adminfrontlinedefenders.org>:
Recipient address rejected: User unknown in virtual mailbox table
; from=<wojtekriseup.net> to=<adminfrontlinedefenders.org> proto=SMTP
helo=<vortex.localhost>

i do not know how i can motivate more that i expect this address
resolved :-) i have relevant record in ldap -> address should resolve
fine. i must be doing something wrong with the configuration.

cheers, Wojtek

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]