Postfix delivery to openldap users
Hi all, I am trying to deliver emails to openldap users through postfix. Here is the configuration included to lookup openldap users in main.cf. alias_maps = hash:/etc/postfix/aliases, ldap:/etc/postfix/ldap.cf Here is the configuration of ldap.cf server_host = hostname server_port = 389 search_base = base dn scope = sub bind = yes bind_dn = user dn bind_pw = pass version = 3 start_tls = no query_filter = (mail=%s) result_attribute = uid I get an unknown user error message whenever I send an email to an openldap user. I am using postfix-2.8.9 and openldap 2.4.23. Kindly help to resolve this issue. Regards Priscilla
Re: Postfix delivery to openldap users
On 28/3/2012 10:44 πμ, Priscilla V wrote: Here is the configuration included to lookup openldap users in main.cf. alias_maps = hash:/etc/postfix/aliases, ldap:/etc/postfix/ldap.cf Place your lookup tables in the following settings: virtual_alias_maps (for aliases) and virtual_mailbox_maps (for users). Make sure you have configured correctly: virtual_mailbox_domains and virtual_mailbox_base Post the output of postconf -n Read: http://www.postfix.org/VIRTUAL_README.html Nick
RE: Postfix delivery to openldap users
We have not configured any virtual domains. Output of postconf -n: alias_database = hash:/etc/aliases alias_maps = hash:/etc/postfix/aliases, ldap:/etc/postfix/ldap.cf command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 html_directory = no inet_interfaces = all mail_owner = postfix mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mydomain = domain name myhostname = host name mynetworks = 127.0.0.0/8, LAN network myorigin = $mydomain newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES sample_directory = /usr/share/doc/postfix-2.6.6/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop unknown_local_recipient_reject_code = 550 Regards Priscilla -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Nikolaos Milas Sent: Wednesday, March 28, 2012 1:25 PM To: postfix-users@postfix.org Subject: Re: Postfix delivery to openldap users On 28/3/2012 10:44 πμ, Priscilla V wrote: Here is the configuration included to lookup openldap users in main.cf. alias_maps = hash:/etc/postfix/aliases, ldap:/etc/postfix/ldap.cf Place your lookup tables in the following settings: virtual_alias_maps (for aliases) and virtual_mailbox_maps (for users). Make sure you have configured correctly: virtual_mailbox_domains and virtual_mailbox_base Post the output of postconf -n Read: http://www.postfix.org/VIRTUAL_README.html Nick
Re: Postfix delivery to openldap users
On 28/3/2012 11:07 πμ, Priscilla V wrote: We have not configured any virtual domains. If you only use alias_maps, then you simply define a mapping between (virtual) ldap users and *local* users; alias_maps defines the alias databases that are used for *local* delivery. Your local users must already exist. In essence, your ldap users are simply aliases. If all the above are OK for your case, what does postmap -q ldapuseralias ldap:/etc/postfix/ldap.cf output (where ldapuseralias is one of your ldap users)? Also, you may want to post the content of ldap:/etc/postfix/ldap.cf. Have you read: http://www.postfix.org/VIRTUAL_README.html ? Nick
FW: Postfix delivery to openldap users
-Original Message- From: Priscilla V [mailto:prisci...@bheltry.co.in] Sent: Wednesday, March 28, 2012 2:40 PM To: 'Nikolaos Milas'; 'postfix-users@postfix.org' Subject: RE: Postfix delivery to openldap users We have configured to consider ldap users also in /etc/nsswitch.conf. : files ldap nisplus shadow: files ldap nisplus group : files ldap nisplus So virtual aliases need not be configured. Alias_maps alone is sufficient. Here is the configuration of ldap.cf server_host = hostname server_port = 389 search_base = base dn scope = sub bind = yes bind_dn = user dn bind_pw = pass version = 3 start_tls = no query_filter = (mail=%s) result_attribute = uid Regards Priscilla -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Nikolaos Milas Sent: Wednesday, March 28, 2012 2:05 PM To: postfix-users@postfix.org Subject: Re: Postfix delivery to openldap users On 28/3/2012 11:07 πμ, Priscilla V wrote: We have not configured any virtual domains. If you only use alias_maps, then you simply define a mapping between (virtual) ldap users and *local* users; alias_maps defines the alias databases that are used for *local* delivery. Your local users must already exist. In essence, your ldap users are simply aliases. If all the above are OK for your case, what does postmap -q ldapuseralias ldap:/etc/postfix/ldap.cf output (where ldapuseralias is one of your ldap users)? Also, you may want to post the content of ldap:/etc/postfix/ldap.cf. Have you read: http://www.postfix.org/VIRTUAL_README.html ? Nick
Re: Postfix delivery to openldap users
On 28/3/2012 12:10 μμ, Priscilla V wrote: We have configured to consider ldap users also in /etc/nsswitch.conf. ... So virtual aliases need not be configured. Alias_maps alone is sufficient. Hmm, I am not sure if adding ldap local authentication at the OS level, automatically makes ldap accounts local in terms of accessibility by the *local* postfix agent... Someone more knowledgeable on this should advise you. I have setup my domain(s) in Postfix as virtual rather than as local. Good luck! Nick
Postscreen Exchanger policy Question
hi list, Under MAIL EXCHANGER POLICY TESTS i see this: By listening on both primary and backup MX addresses, postscreen(8) can deny the temporary whitelist status to clients that connect only to backup MX hosts. I dont get it at all. When my backup MX is not on the same Server as postfix, how can it listen to the backup mx adress? or do i get this totally wrong? marko
Re: Postscreen Exchanger policy Question
Marko Weber: hi list, Under MAIL EXCHANGER POLICY TESTS i see this: By listening on both primary and backup MX addresses, As the text says, for this feature to work, postscreen listens on both the primary and the backup IP address. If the primary and the backup IP address belong to different MTAs, these MTAs would have to share the postscreen cache; currently, that is supported only with memcache databases. Cache sharing between MTAs has obvious scaling limits. The MX exchanger policy enforcement feature is not meant for large corporate networks. It works well for small sites like mine. Wietse
Re: Postfix as smarthost for local netwok
On 27/03/12 21:13, Peter wrote: On 28/03/12 07:59, Pierre-Gilles RAYNAUD wrote: 450 4.1.8 u...@serv002.domain.com: Sender address rejected: Domain not found; smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender-checks, reject_unknown_sender_domain, reject_non_fqdn_sender, Your emails are getting rejected by the reject_unknown_sender_domain restriction above due to the domain serv002.domain.com returning NXDOMAIN for a DNS query of A and MX records (see postconf(5)). Peter Thank you, it works fine PGR
Next day
I use Postfix and is great. Thank you W! I send this becoz I got worried: If Wietse suddenly gets tired, retired etc what happens to Postfix? Any team/guys knowing Postfix well enough to keep dev on with W's blessings? I ask becoz I want to feel more safe. Sth more: Is there a ticketing system for Postfix bug reports feature requests? Cheers GD
Re: Next day
On 03/28/2012 02:15 PM, Γεώργιος Δεδούσης wrote: If Wietse suddenly gets tired, retired Or even will die one day? -- Sincerely, Nerijus Kislauskas
RE: Postfix delivery to openldap users
The issue is not yet solved. Regards Priscilla -Original Message- From: owner-postfix-us...@postfix.org [mailto:owner-postfix-us...@postfix.org] On Behalf Of Nikolaos Milas Sent: Wednesday, March 28, 2012 2:56 PM To: postfix-users@postfix.org Subject: Re: Postfix delivery to openldap users On 28/3/2012 12:10 μμ, Priscilla V wrote: We have configured to consider ldap users also in /etc/nsswitch.conf. ... So virtual aliases need not be configured. Alias_maps alone is sufficient. Hmm, I am not sure if adding ldap local authentication at the OS level, automatically makes ldap accounts local in terms of accessibility by the *local* postfix agent... Someone more knowledgeable on this should advise you. I have setup my domain(s) in Postfix as virtual rather than as local. Good luck! Nick
Re: Next day
2012/3/28 Nerijus Kislauskas nerijus.kislaus...@ktu.lt Or even will die one day? Well, we want W here for a LONG time, and we do wish MANY LONG HEALTHY YEARS, but no one is immortal... GD
Mail delivery for local mailbox
Hi list, I have a Postfix (2.7.1) with local mailboxes delivered through Dovecot agent (which is also used as pop3/imap server) The same server is also used to send mail for SASL authenticad users, without relay on any external server When a user send a mail to another local mailbox, the mail get delivered without check for the MX of the domain, so if I put the gmail.com domain as local I will never able to send mail di Gmail users anymore. There is a way to force Postefix check the real MX of a domain before verify if the mailbxo is local? I' need this configuration to support user migration, both in and out, from my server, during migration there is a window in which the mailbox is up on both servers Thank you -- Ing. Andrea Cappelli Asidev s.r.l. Viale Rinaldo Piaggio, 32 - 56025 Pontedera (Pisa) @CERFITT Via Osteria Bianca, 108/6A 50053 Empoli (Firenze) Tel. (+39) 333 60 18 258 Fax. (+39) 0587 97 01 20 E-mail: a.cappe...@asidev.com Web: http://www.asidev.com Skype: a.cappelli
Re: Mail delivery for local mailbox
On 2012-03-28 Andrea Cappelli wrote: I have a Postfix (2.7.1) with local mailboxes delivered through Dovecot agent (which is also used as pop3/imap server) The same server is also used to send mail for SASL authenticad users, without relay on any external server When a user send a mail to another local mailbox, the mail get delivered without check for the MX of the domain, so if I put the gmail.com domain as local I will never able to send mail di Gmail users anymore. Well, don't make gmail.com a local domain when it isn't a local domain. Problem solved. Regards Ansgar Wiechers -- Abstractions save us time working, but they don't save us time learning. --Joel Spolsky
Re: Mail delivery for local mailbox
Il 28/03/2012 13:47, Ansgar Wiechers ha scritto: Well, don't make gmail.com a local domain when it isn't a local domain. Problem solved. Regards Ansgar Wiechers There are some cases in which I need to, for example when I migrate the domain to my server, so the domain will be local but for some time (until the DNS change) it is still on another server. In this situation I create the mailboxes for incoming user, but I have the drawback that I can't write to them anymore, because the delivery became local ( assuming I'm using the same SMTP server), so in this case I would Postfix check the MX record (which is still pointing to the other server) before check local mailbox. It's possible? Or the are better way to accomplish this? -- Ing. Andrea Cappelli Asidev s.r.l. Viale Rinaldo Piaggio, 32 - 56025 Pontedera (Pisa) @CERFITT Via Osteria Bianca, 108/6A 50053 Empoli (Firenze) Tel. (+39) 333 60 18 258 Fax. (+39) 0587 97 01 20 E-mail: a.cappe...@asidev.com Web: http://www.asidev.com Skype: a.cappelli
Difference in Return-Path (envelope) and From: (header) - spam messages, how to react?
Hi all. Currently we have some amount of spam with different Return-Path and From fields. What to do to filter it? Should it be done in postfix (at mta level) or maybe in spamassassin? I think that SPF could be used but what about domains which do not have proper spf records? Best regards, Rafal.
Re: Difference in Return-Path (envelope) and From: (header) - spam messages, how to react?
Am 28.03.2012 14:06, schrieb Rafał Radecki: Hi all. Currently we have some amount of spam with different Return-Path and From fields. What to do to filter it? Should it be done in postfix (at mta level) or maybe in spamassassin? I think that SPF could be used but what about domains which do not have proper spf records? this differences are totally normal (mailing-lists, SRS...) on the MTA side From: does not matter in any way in other words: you can NOT reject a message because of this difference alone because you would reejct also some legit mail signature.asc Description: OpenPGP digital signature
postscreen on rhel6/postfix-2.6.6
I'm quite locked to running the distributions version of postfix (currently 2.6.6), but also would very much to take advantage of postscreen for turning away zombies. I saw in the postfix-2.7.0 announcement that it would be possible to use postscreen from v2.8 with postfix v2.7, and also the POSTSCREEN_README.html mentions running postfix 2.6. So, should it be ok to run postscreen with postfix-2.6.6, and does anybody have any information for how to do this? Just build the postscreen binary from latest v2.7 or v2.8 and point to it in master.cf? -jf
Re: Mail delivery for local mailbox
On 28/03/2012 13:54, Andrea Cappelli wrote: Il 28/03/2012 13:47, Ansgar Wiechers ha scritto: Well, don't make gmail.com a local domain when it isn't a local domain. Problem solved. Regards Ansgar Wiechers There are some cases in which I need to, for example when I migrate the domain to my server, so the domain will be local but for some time (until the DNS change) it is still on another server. In this situation I create the mailboxes for incoming user, but I have the drawback that I can't write to them anymore, because the delivery became local ( assuming I'm using the same SMTP server), so in this case I would Postfix check the MX record (which is still pointing to the other server) before check local mailbox. It's possible? Or the are better way to accomplish this? try using a sql map for virtual mailboxes/domains -- Simone Caruso IT Consultant +39 349 65 90 805
Re: FW: Postfix delivery to openldap users
On 3/28/2012 5:19 AM, Priscilla V wrote: We have configured to consider ldap users also in /etc/nsswitch.conf. I'm not an LDAP expert, but it seems as if you are looking up a full email address. Please be aware that alias_maps lookups only send the bare user name. Queries targeting j...@example.com will fail. : files ldap nisplus shadow: files ldap nisplus group : files ldap nisplus So virtual aliases need not be configured. Alias_maps alone is sufficient. Here is the configuration of ldap.cf server_host = hostname server_port = 389 search_base = base dn scope = sub bind = yes bind_dn = user dn bind_pw = pass version = 3 start_tls = no query_filter = (mail=%s) result_attribute = uid [snip] If all the above are OK for your case, what does postmap -q ldapuseralias ldap:/etc/postfix/ldap.cf output (where ldapuseralias is one of your ldap users)? This is good advice for testing and you should follow it. Just be sure to test the bare user name, like joe from my previous example. Brian
Re: FW: Postfix delivery to openldap users
Brian Evans - Postfix List: On 3/28/2012 5:19 AM, Priscilla V wrote: We have configured to consider ldap users also in /etc/nsswitch.conf. I'm not an LDAP expert, but it seems as if you are looking up a full email address. Please be aware that alias_maps lookups only send the bare user name. Queries targeting j...@example.com will fail. However, you can use such queries in virtual_alias_maps ***even if you don't have virtual domains***. This is documented. Wietse
Re: postscreen on rhel6/postfix-2.6.6
postscreen is supported on Postfix stable releases 2.9 and 2.8. Earlier postscreen versions are not part of a stable release, and are therefore not supported. There are plenty resources that provide RPMs for Postfix 2.9, or how to build your own. These are discussed frequently on this mailing list. Wietse
Re: Enabled SMTP AUTH but mails from external networks still being rejected
Am 28.03.2012 15:31, schrieb Phill Edwards: I have had a Postfix SMTP server on my LAN for a long time and it works really well for delivering my email via relayhost = smtp.example.com http://smtp.example.com (replaced my actuals ISP's SMTP server here). I have now set up SMTP AUTH and it's working when sening emails from PCs on my LAN. But when I send emails from outside (eg from my mobile phone) I get these errors: Mar 29 00:04:32 zrf postfix/smtpd[624]: warning: xx.xxx.180.193: hostname paxx-xxx-180-193.pa.nsw.optusnet.com.au http://paxx-xxx-180-193.pa.nsw.optusnet.com.au verification failed: Name or service not known Mar 29 00:04:32 zrf postfix/smtpd[624]: connect from unknown[xx.xxx.180.193] Mar 29 00:04:33 zrf postfix/smtpd[624]: NOQUEUE: reject: RCPT from unknown[xx.xxx.180.193]: 554 5.7.1 unknown[xx.xxx.180.193]: Client host rejected: Access denied; from=m...@example.com mailto:m...@example.com to=some...@example.com mailto:some...@example.com proto=ESMTP helo=paxx-xxx-180-193.pa.nsw.optusnet.com.au http://paxx-xxx-180-193.pa.nsw.optusnet.com.au Mar 29 00:04:33 zrf postfix/smtpd[624]: disconnect from unknown[xx.xxx.180.193] where do you see here any authentication try? connect - reject let me guess - this is a iPhone? these stupid phones are forgot randomly the auth setting, do not inform the user about the problem and the winner was a iphone trying over 6 months to send the same message without authentication _ this is how a authentication looks like in maillog Mar 28 15:34:58 mail postfix/smtpd[28115]: connect from xx[10.0.0.xx] Mar 28 15:34:58 mail postfix/smtpd[28115]: 9340B91: client=xx[10.0.0.xx], sasl_method=PLAIN, sasl_username=c.pi...@thelounge.net Mar 28 15:34:58 mail postfix/cleanup[987]: 9340B91: message-id=07e64489-a24e-4952-9ae3-2ee943a37...@thelounge.net signature.asc Description: OpenPGP digital signature
Re: Next day
Zitat von gdedousis1...@gmail.com: I use Postfix and is great. Thank you W! I send this becoz I got worried: If Wietse suddenly gets tired, retired etc what happens to Postfix? Any team/guys knowing Postfix well enough to keep dev on with W's blessings? Well, that's the real power of Open Source. If there is enough interest/invest in, for sure someone will step up and take over responsibility. With some knowledge in C you can even do it yourself to some extend. I ask becoz I want to feel more safe. To feel safe is a personal point of view so maybe there is nothing the people on this list can do about ;-) Sth more: Is there a ticketing system for Postfix bug reports feature requests? There once was a developer mailing list, but not sure if it still exist. You might also post here to get started. Regards Andreas smime.p7s Description: S/MIME Cryptographic Signature
Re: Next day
On 28/03/12 16:43, lst_ho...@kwsoft.de wrote: Zitat von gdedousis1...@gmail.com: I use Postfix and is great. Thank you W! I send this becoz I got worried: If Wietse suddenly gets tired, retired etc what happens to Postfix? Any team/guys knowing Postfix well enough to keep dev on with W's blessings? Well, that's the real power of Open Source. If there is enough interest/invest in, for sure someone will step up and take over responsibility. With some knowledge in C you can even do it yourself to some extend. That's true, however, as far as I know, differently than most of other open source software, there isn't a public source code repository for the development of Postfix. Wieste, can you comment on this choice? Thank you. Cheers, -- Daniele