Postfix and LDAP

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Postfix and LDAP

Jerry Conway
Postfix and LDAP

Hello,
Postfix newbie here. I'm trying to configure LDAP to work with Postfix on relay server. I have followed the steps from detailed in  http://www.postfix.org/LDAP_README.html. In Main.cf, I have added

alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf
And in /etc/postfix/ldap-aliases.cf, I have added
server_host = ip_address_of_my_ldap_server
search_base = dc=mydomain, dc=com
I am able to telnet to the box on port 25 and send mail through it, but it never does any ldap lookups as far as I can tell. Sending to a clearly bogus address returns a 250OK. Also, a sniffer shows no attempts to contact the ldap sever.

Is there anyway that I can increase logging to help see what's (not) happening or otherwise trouble shot this?
Thanks for any assistance,
Jerry



Reply | Threaded
Open this post in threaded view
|

Re: Postfix and LDAP

Sahil Tandon
Jerry Conway <[hidden email]> wrote:

> Postfix newbie here. I'm trying to configure LDAP to work with Postfix
> on relay server. I have followed the steps from detailed in
> http://www.postfix.org/LDAP_README.html. In Main.cf, I have added

[...]

Do not post tidbits from your main.cf.  Instead, paste the output of
'postconf -n' and read http://www.postfix.org/DEBUG_README.html#mail.

--
Sahil Tandon <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

RE: Postfix and LDAP

Jerry Conway
Thanks for the response and the advice. Here is the output of postconf
-n:

alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf
bounce_queue_lifetime = 4h
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = all
local_recipient_maps =
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
maximal_queue_lifetime = 4h
message_size_limit = 12240000
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mydomain = AAAA.com
myhostname = mr4.AAAA.com
mynetworks = 192.168.8.0/24
myorigin = AAAA.com
newaliases_path = /usr/bin/newaliases.postfix
notify_classes =
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
relay_domains = AAAA.com
sample_directory = /usr/share/doc/postfix-2.2.10/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550

Thanks in advance for any assistance.

 

-----Original Message-----
From: Sahil Tandon [mailto:[hidden email]]
Sent: Friday, June 13, 2008 6:48 PM
To: Jerry Conway
Cc: [hidden email]
Subject: Re: Postfix and LDAP

Jerry Conway <[hidden email]> wrote:

> Postfix newbie here. I'm trying to configure LDAP to work with Postfix

> on relay server. I have followed the steps from detailed in
> http://www.postfix.org/LDAP_README.html. In Main.cf, I have added

[...]

Do not post tidbits from your main.cf.  Instead, paste the output of
'postconf -n' and read http://www.postfix.org/DEBUG_README.html#mail.

--
Sahil Tandon <[hidden email]>
Reply | Threaded
Open this post in threaded view
|

Re: Postfix and LDAP

Brian Evans - Postfix List
Jerry Conway wrote:
> Thanks for the response and the advice. Here is the output of postconf
> -n:
>  
Please do not top post, google this if you dont understand.

> alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf
> bounce_queue_lifetime = 4h
> command_directory = /usr/sbin
> config_directory = /etc/postfix
> daemon_directory = /usr/libexec/postfix
> debug_peer_level = 2
> html_directory = no
> inet_interfaces = all
> local_recipient_maps =
>  
This disables the alias_maps lookup. This is ok for a relay.. see below.

> mail_owner = postfix
> mailq_path = /usr/bin/mailq.postfix
> manpage_directory = /usr/share/man
> maximal_queue_lifetime = 4h
> message_size_limit = 12240000
> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
> mydomain = AAAA.com
> myhostname = mr4.AAAA.com
> mynetworks = 192.168.8.0/24
> myorigin = AAAA.com
> newaliases_path = /usr/bin/newaliases.postfix
> notify_classes =
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
> relay_domains = AAAA.com
>  
Do not list a domain in both relay_domains and mydestination.
If this is a relay server, as you say, it should be in relay_domains only.
(Also, use example.com for any privacy issues.)
Your LDAP lookup should be in relay_recipient_maps not alias_maps.

Brian

> sample_directory = /usr/share/doc/postfix-2.2.10/samples
> sendmail_path = /usr/sbin/sendmail.postfix
> setgid_group = postdrop
> transport_maps = hash:/etc/postfix/transport
> unknown_local_recipient_reject_code = 550
>
> Thanks in advance for any assistance.
>
>  
>
> -----Original Message-----
> From: Sahil Tandon [mailto:[hidden email]]
> Sent: Friday, June 13, 2008 6:48 PM
> To: Jerry Conway
> Cc: [hidden email]
> Subject: Re: Postfix and LDAP
>
> Jerry Conway <[hidden email]> wrote:
>
>  
>> Postfix newbie here. I'm trying to configure LDAP to work with Postfix
>>    
>
>  
>> on relay server. I have followed the steps from detailed in
>> http://www.postfix.org/LDAP_README.html. In Main.cf, I have added
>>    
>
> [...]
>
> Do not post tidbits from your main.cf.  Instead, paste the output of
> 'postconf -n' and read http://www.postfix.org/DEBUG_README.html#mail.
>
> --
> Sahil Tandon <[hidden email]>
>  

Reply | Threaded
Open this post in threaded view
|

Re: Postfix and LDAP

mouss-2
Brian Evans wrote:

> Jerry Conway wrote:
>> Thanks for the response and the advice. Here is the output of postconf
>> -n:
>>  
> Please do not top post, google this if you dont understand.
>> alias_maps = hash:/etc/aliases, ldap:/etc/postfix/ldap-aliases.cf
>> bounce_queue_lifetime = 4h
>> command_directory = /usr/sbin
>> config_directory = /etc/postfix
>> daemon_directory = /usr/libexec/postfix
>> debug_peer_level = 2
>> html_directory = no
>> inet_interfaces = all
>> local_recipient_maps =
>>  
> This disables the alias_maps lookup. This is ok for a relay.. see below.

no, this is never ok. worst: it is never needed.

BTW, this explains why he gets a 250 for any address.

>> mail_owner = postfix
>> mailq_path = /usr/bin/mailq.postfix
>> manpage_directory = /usr/share/man
>> maximal_queue_lifetime = 4h
>> message_size_limit = 12240000
>> mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
>> mydomain = AAAA.com
>> myhostname = mr4.AAAA.com
>> mynetworks = 192.168.8.0/24
>> myorigin = AAAA.com
>> newaliases_path = /usr/bin/newaliases.postfix
>> notify_classes =
>> queue_directory = /var/spool/postfix
>> readme_directory = /usr/share/doc/postfix-2.2.10/README_FILES
>> relay_domains = AAAA.com
>>  
> Do not list a domain in both relay_domains and mydestination.

indeed.

> If this is a relay server, as you say, it should be in relay_domains
> only.
> (Also, use example.com for any privacy issues.)
> Your LDAP lookup should be in relay_recipient_maps not alias_maps.

worst, he also relies on the default relay_recipient_maps which makes
any relay address valid.