Re: sender login maps and alias domains

2014-11-21 Thread Quanah Gibson-Mount
--On November 21, 2014 at 2:30:18 PM -0500 Wietse Venema wrote: Postfix 2.12 allows one lookup table to produce a query for another lookup table. For example: smtpd_sender_login_maps = pipemap:{lmdb:map1, ldap:map2} This will transform the sender with the LMDB table, before searchin

Re: sender login maps and alias domains

2014-11-21 Thread Wietse Venema
Quanah Gibson-Mount: > >> This is not a productive direction to pursue. The feature you're > >> looking for is not there, and is not planned. You need to find > >> a different solution. > > > > If Quanah is asking for the sender login map to automagically > > expand Postfix virtual alias maps, th

Re: sender login maps and alias domains

2014-11-21 Thread Quanah Gibson-Mount
--On November 19, 2014 at 7:40:07 PM -0500 Wietse Venema wrote: Viktor Dukhovni: On Wed, Nov 19, 2014 at 03:07:19PM -0800, Quanah Gibson-Mount wrote: > > Sorry, the login table lookup must handle the original address as > > the lookup key via a single query. > > And clearly postfix is alr

Re: sender login maps and alias domains

2014-11-20 Thread li...@rhsoft.net
Am 20.11.2014 um 09:10 schrieb Michael Ströder: li...@rhsoft.net wrote: but LDAP is a very limited database missing things like joins, views and a lot of other things you can easily do with a SQL query While you're right you don't recommend using joins for productive use, do you? surely - i

Re: sender login maps and alias domains

2014-11-20 Thread Michael Ströder
li...@rhsoft.net wrote: > but LDAP is a very limited database missing things like joins, views and a lot > of other things you can easily do with a SQL query While you're right you don't recommend using joins for productive use, do you? > - don't blame the messenger > and just setup a wrapper fet

Re: sender login maps and alias domains

2014-11-19 Thread li...@rhsoft.net
Am 20.11.2014 um 00:06 schrieb Quanah Gibson-Mount: --On November 19, 2014 at 11:02:05 PM +0100 li...@rhsoft.net wrote: in case of such sites you have *databases* used directly for MTA queries or generate config files from databases LDAP is a database. It already contains all of the necess

Re: sender login maps and alias domains

2014-11-19 Thread Wietse Venema
Viktor Dukhovni: > On Wed, Nov 19, 2014 at 03:07:19PM -0800, Quanah Gibson-Mount wrote: > > > >Sorry, the login table lookup must handle the original address as > > >the lookup key via a single query. > > > > And clearly postfix is already designed in some cases to do multiple queries > > based o

Re: sender login maps and alias domains

2014-11-19 Thread Quanah Gibson-Mount
--On November 19, 2014 at 11:14:49 PM + Viktor Dukhovni wrote: On Wed, Nov 19, 2014 at 03:07:19PM -0800, Quanah Gibson-Mount wrote: > Sorry, the login table lookup must handle the original address as > the lookup key via a single query. And clearly postfix is already designed in some

Re: sender login maps and alias domains

2014-11-19 Thread Viktor Dukhovni
On Wed, Nov 19, 2014 at 03:07:19PM -0800, Quanah Gibson-Mount wrote: > >Sorry, the login table lookup must handle the original address as > >the lookup key via a single query. > > And clearly postfix is already designed in some cases to do multiple queries > based on the results of previous queri

Re: sender login maps and alias domains

2014-11-19 Thread Viktor Dukhovni
On Wed, Nov 19, 2014 at 03:06:07PM -0800, Quanah Gibson-Mount wrote: > >in case of such sites you have *databases* used directly for MTA queries > >or generate config files from databases > > LDAP is a database. It already contains all of the necessary data to get > the work done. What's missin

Re: sender login maps and alias domains

2014-11-19 Thread Quanah Gibson-Mount
--On November 19, 2014 at 4:57:50 PM -0500 Wietse Venema wrote: Alias expansions are one-to-many, and alias expansions are recursive. Suppose that foo is aliased to bar and baz. When a client sends mail from foo, the Postfix SMTP server does not know what addresses foo is aliased to. And eve

Re: sender login maps and alias domains

2014-11-19 Thread Quanah Gibson-Mount
--On November 19, 2014 at 10:04:07 PM + Viktor Dukhovni wrote: Avoiding wildcards gives you the opportunity to not burden every user with legacy domain names just because some users need them. Who said anything about legacy domain names? Sorry, the login table lookup must handle the

Re: sender login maps and alias domains

2014-11-19 Thread Quanah Gibson-Mount
--On November 19, 2014 at 11:02:05 PM +0100 li...@rhsoft.net wrote: in case of such sites you have *databases* used directly for MTA queries or generate config files from databases LDAP is a database. It already contains all of the necessary data to get the work done. What's missing is t

Re: sender login maps and alias domains

2014-11-19 Thread Viktor Dukhovni
On Wed, Nov 19, 2014 at 01:57:48PM -0800, Quanah Gibson-Mount wrote: > >For each user list all their mail addresses as additional values > >of a suitable multi-valued attribute that holds the users various > >valid email addresses. For example, Microsoft Exchange stores: > > For sites with 10 mi

Re: sender login maps and alias domains

2014-11-19 Thread li...@rhsoft.net
Am 19.11.2014 um 22:57 schrieb Quanah Gibson-Mount: --On November 19, 2014 at 9:39:26 PM + Viktor Dukhovni wrote: For each user list all their mail addresses as additional values of a suitable multi-valued attribute that holds the users various valid email addresses. For example, Microso

Re: sender login maps and alias domains

2014-11-19 Thread Wietse Venema
Quanah Gibson-Mount: > When implementing sender login maps, we've run into an issue where people > cannot send out email using a "from" address of the alias domain. We store Postfix alias expansion happens after the sender authorization check. At the risk of asking an obvious question: have yo

Re: sender login maps and alias domains

2014-11-19 Thread Quanah Gibson-Mount
--On November 19, 2014 at 9:39:26 PM + Viktor Dukhovni wrote: For each user list all their mail addresses as additional values of a suitable multi-valued attribute that holds the users various valid email addresses. For example, Microsoft Exchange stores: For sites with 10 million +

Re: sender login maps and alias domains

2014-11-19 Thread Viktor Dukhovni
On Wed, Nov 19, 2014 at 01:31:59PM -0800, Quanah Gibson-Mount wrote: > server_host = ldap://zre-ldap003.eng.zimbra.com:389 > server_port = 389 > search_base = > query_filter = > (&(|(uid=%s)(zimbraAllowFromAddress=%s)(zimbraMailDeliveryAddress=%s)(zimbraMailAlias=%s)(zimbraMailCatchAllAddress=%s)

sender login maps and alias domains

2014-11-19 Thread Quanah Gibson-Mount
When implementing sender login maps, we've run into an issue where people cannot send out email using a "from" address of the alias domain. We store all of the data in LDAP, but I'm not coming up with a good resolution on a lookup query that will handle this. Thoughts appreciated. The genera