|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Wojtek Bogusz (Wojtek
FrontLineDefenders.org)
Date: Thu May 08 2008 - 11:41:28 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Victor Duchovni wrote:
> On Thu, May 08, 2008 at 05:16:27PM +0100, Wojtek Bogusz wrote:
>
>>>> virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf
>>> This applies to all recipient addresses, not just those in your domain.
>> yes. we have just one domain. and i wanted to avoid writing this domain
>> in all aliases and addresses. so instead i am just checking the user
>> names / alias names and leave the domain static listed in other settings.
>
> You never send any mail out? Not even legitimate bounces? Seems unlikely.
we do. but i thought that the way it works is that postfix will relay
email as long as either from or to/cc/bcc will match the domain name
that is relayed and account/alias name that is relayed within this domain.
>>> This ignores the domain part without restricting it. The result is that
>>> you rewrite <localpart><any.domain> provided the local part is the "sn"
>>> of one of your users. A terrible idea.
>> why is it terrible idea?
>
> You will rewrite "your-last-namegmail.com" to "your-accountgmail.com"
> even though the "gmail.com" address has nothing to do with you or your
> account.
does it mean that there is no other way than have all the accounts and
aliases repeating domain part ('frontlinedefenders.org')?
>>>> $ sudo postmap -q wojtekboguszfrontlinedefenders.org
>>>> ldap:/etc/postfix/ldap-aliases.cf
>>>> $ sudo postmap -q wojtekbogusz ldap:/etc/postfix/ldap-aliases.cf
>>>>
>>>> is nothing...
>>> Good. Are these expected to match anything?
>> yes. if you do:
>
> The strings "admin" and "wojtekbogusz" are not the same.
lets forget about 'wojtekbogusz' here please. and do exercise on
'admin'. it is the same with 'wojtekbogusz'.
>> $ ldapsearch -b 'ou=EmailAliases,dc=frontline' -x 'sn=admin' cn
>
> This query filter is not the one you are using in the Postfix
> table definitions. Compare apples with apples.
how come. in /etc/postfix/ldap-aliases.cf i have:
server_host = localhost
search_base = ou=EmailAliases,dc=frontline
query_filter = (&(objectClass=inetOrgPerson)(sn=%u))
this is exactly what i am ldapsearch'ing above i think.
>> May 8 17:13:01 base postfix/smtpd[16729]: NOQUEUE: reject: RCPT from
>> unknown[192.168.0.3]: 550 5.1.1 <adminfrontlinedefenders.org>:
>> Recipient address rejected: User unknown in virtual mailbox table
>> ; from=<wojtekriseup.net> to=<adminfrontlinedefenders.org> proto=SMTP
>> helo=<vortex.localhost>
>
> Naturally, since "postmap -q" does not see "admin". Fix that first. Try
> "postmap -vq" and see what query Postfix sends, try that query for
> yourself with "ldapsearch" if you like. Make sure your result_attribute
> is valid.
ok. i guess those are the lines from 'postmap -vq'
postmap: dict_ldap_lookup: /etc/postfix/ldap-aliases.cf: Searching with
filter (&(objectClass=inetOrgPerson)(sn=admin))
postmap: dict_ldap_get_values[1]: Search found 2 match(es)
postmap: dict_ldap_get_values[1]: Leaving dict_ldap_get_values
postmap: dict_ldap_lookup: Search returned nothing
so to my untrained eye the search string
'(&(objectClass=inetOrgPerson)(sn=admin))' is ok. and than there is the
part i do not understand: found 2 matches = returned nothing.
cheers, Wojtek
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]