Virtual users - LDAP

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Virtual users - LDAP

Douglas Macedo
Guys,

I have a strange situation here and I'll need help! 

I configured a mail server, normally, and some users are sending and receiving email normally, as follow below:

Aug  3 14:20:27 cranio postfix/smtp[12872]: 47E7B222107C: to=<[hidden email]>, orig_to=<[hidden email]>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.23, delays=0.04/0.01/0.02/0.16, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=12832-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 7335F22219A9)
Aug  3 14:20:27 cranio postfix/qmgr[12550]: 47E7B222107C: removed
Aug  3 14:20:27 cranio postfix/virtual[12876]: 7335F22219A9: to=<[hidden email]>, relay=virtual, delay=0.05, delays=0.01/0.02/0/0.03, dsn=2.0.0, status=sent (delivered to maildir)

But to some users occurs: 

Aug  3 14:15:50 cranio postfix/smtpd[12663]: NOQUEUE: reject: RCPT from unknown[150.162.67.62]: 550 5.1.1 <[hidden email]>: Recipient address rejected: User unknown in local recipient table; from=<[hidden email]> to=<[hidden email]> proto=ESMTP helo=<[150.16.0.61]>

The strange thing here is that user [hidden email] don't receive emails, but this user has a mailAlternateAddress on LDAP to [hidden email] and if I try to send a email for [hidden email] this works.

Using a comand postmap asking for the virtual user (mailAlternateAddress) the results are:

#postmap -q [hidden email] ldap:accountsmap

But if I try to "real" user, the command don't works:

#postmap -q [hidden email] ldap:accountsmap
#

I l appreciate any help! THANKS!

Follow my main.cf:

#-----------------------------
# LOCAL PATHNAME INFORMATION
#-----------------------------
queue_directory = /var/spool/postfix
####command_directory = /usr/local/sbin
####daemon_directory = /usr/local/libexec/postfix

#-----------------------------
# QUEUE AND PROCESS OWNERSHIP
#-----------------------------
mail_owner = postfix

#-----------------------------
# INTERNET HOST AND DOMAIN NAMES
#-----------------------------
myhostname = mail.xxx.ufsc.br
mydomain = xxx.ufsc.br

#-----------------------------
# SENDING MAIL
#-----------------------------
myorigin = $myhostname

#-----------------------------
# RECEIVING MAIL
#-----------------------------
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain, listas.$mydomain, xxx.ufsc.br, yyy.ufsc.br, ppp.ufsc.br, ooo.ufsc.br

#-----------------------------
# REJECTING MAIL
#-----------------------------
unknown_local_recipient_reject_code = 550
mynetworks_style = subnet


#-----------------------------
# INPUT RATE CONTROL
#-----------------------------
in_flow_delay = 1s


#-----------------------------
# TRUST AND RELAY CONTROL
#-----------------------------
relay_domains = $mydestination



# Define metodo de transporte das caixas postais
mailbox_transport = virtual:
mailbox_command = /usr/bin/procmail
mailbox_command_maps = ldap:accounts

# Mapa de usuarios locais
####local_recipient_maps = unix:passwd.byname $alias_maps, $virtual_alias_maps
local_recipient_maps = unix:passwd.byname $alias_maps, $virtual_maps

# Mapeia as contas de mail
virtual_maps = ldap:accountsmap
###virtual_alias_maps = ldap:accountsmap

# Mailbox das contas de mail
#virtual_mailbox_base = /var/mail
virtual_mailbox_base = /
virtual_mailbox_maps = ldap:accounts

# Uid/Gid do usuario que vai guardar as mensagens
virtual_uid_maps = static:104
virtual_gid_maps = static:107
virtual_maildir_extended = yes

# Pesquisa o endereco de mail e retorna o endereco de roteamento
accountsmap_server_host = ldap.xxx.ufsc.br
accountsmap_bind_dn = cn=Manager,dc=xxx,dc=ufsc,dc=br
accountsmap_bind_pw = xxxx
accountsmap_search_base = ou=Users,dc=xxx,dc=ufsc,dc=br
#accountsmap_query_filter = (&(objectClass=qmailUser)(mailAlternateAddress=%s))
accountsmap_query_filter = (&(objectClass=qmailUser)(mailAlternateAddress=%s))
accountsmap_result_attribute =  mail
#accountsmap_bind = no
accountsmap_bind = yes
accountsmap_scope = sub


# Pesquisa o endereco de mail de roteamento e retorna o local de armazenamento
accounts_server_host = ldap.xxx.ufsc.br
accounts_search_base = ou=Users,dc=xxx,dc=ufsc,dc=br
accounts_query_filter = (&(objectClass=qmailUser)(mail=%s))
accounts_result_attribute =  mailMessageStore
accounts_bind = no
accounts_scope = sub


# Necessita de testes
# Security Options
#disable_vrfy_command = yes
#smtpd_etrn_restrictions = permit_mynetworks, reject
#smtpd_helo_required = yes
#spf_explanation = "%{h} [%{i}] is not allowed to send mail for %{s}"



# Pesquisa o endereco de mail de roteamento e retorna a quota do usuario
quota_server_host = ldap.xxx.ufsc.br
quota_search_base = ou=Users,dc=xxx,dc=ufsc,dc=br
quota_query_filter = (&(objectClass=qmailUser)(mail=%s))
quota_result_attribute =  mailQuota 
quota_bind = no
quota_scope = sub


#-----------------------------
# ALIAS DATABASE
#-----------------------------
alias_maps = hash:/etc/aliases,hash:/var/lib/mailman/data/aliases
#####alias_maps = hash:/etc/aliases,hash:/usr/local/mailman/data/aliases
#alias_maps = hash:/etc/aliases
#alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

#-----------------------------
# DELIVERY TO MAILBOX
#-----------------------------
home_mailbox = Maildir/
mail_spool_directory = /var/mail

#mailbox_command = /usr/local/bin/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"

#-----------------------------
# FAST ETRN SERVICE
#-----------------------------
fast_flush_domains = $relay_domains

#-----------------------------
# SHOW SOFTWARE VERSION OR NOT
#-----------------------------
smtpd_banner = $myhostname ESMTP $mail_name

#-----------------------------
# PARALLEL DELIVERY TO THE SAME DESTINATION
#-----------------------------
#local_destination_concurrency_limit = 2
#default_destination_concurrency_limit = 20

#-----------------------------
# DEBUGGING CONTROL
#-----------------------------
debug_peer_level = 2
debugger_command =
 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
 xxgdb $daemon_directory/$process_name $process_id & sleep 5

#-----------------------------
# INSTALL-TIME CONFIGURATION INFORMATION
#-----------------------------
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = no


# Antivirus
content_filter=amavis:[127.0.0.1]:10024
######content_filter=smtp-amavis:[127.0.0.1]:10024

#-----------------------------
# JUNK MAIL CONTROLS
#-----------------------------

#limits spam
header_size_limit = 1000
disable_vrfy_command = yes
strict_rfc821_envelopes = yes
#requires valid mailers
smtpd_helo_required = yes
recipient_delimiter = +
allow_percent_hack = no
swap_bangpath = no

# verificacao contra a rbl
reject_rhsbl_client = blackhole.securitysage.com
reject_rhsbl_sender = blackhole.securitysage.com

# verificacao do remetente e destinatario
check_sender_access = hash:/etc/postfix/spam/access_usernames
check_recipient_access =  hash:/etc/postfix/spam/access_usernames

#verificacao do dominio
check_helo_access = hash:/etc/postfix/spam/access

# verificacao do corpo e cabecalho da mensagem contra spam
# ATENCAO: degrada a performance do sistema
header_checks = regexp:/etc/postfix/spam/header_checks
body_checks = regexp:/etc/postfix/spam/body_checks

smtpd_helo_required = yes
smtpd_recipient_limit = 50
smtpd_recipient_restrictions =
    permit_mynetworks,
#    permit_sasl_authenticated, 
    reject_unauth_destination
    reject_unknown_sender_domain,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain,
    reject_unauth_pipelining,
#    check_policy_service unix:private/policy,
#    reject_maps_rbl,
#    reject_rbl_client relays.ordb.org,
#    reject_rbl_client opm.blitzed.org,
#    reject_rbl_client list.dsbl.org,
#    reject_rbl_client sbl.spamhaus.org,
#    reject_rbl_client blackholes.easynet.nl,
#    reject_rbl_client cbl.abuseat.org,
#    reject_rbl_client blackholes.mail-abuse.org




#======= Quota ============
virtual_mailbox_limit_inbox = no
virtual_mailbox_limit_maps = ldap:quota
virtual_mailbox_limit_override = yes
virtual_maildir_extended = yes
virtual_create_maildirsize = yes
virtual_mailbox_limit = 20480000
virtual_maildir_limit_message = Lamento, mas o usuario estah com a caixa postal cheia. Tente novamente mais tarde!

# The message_size_limit parameter limits the total size in bytes of
# a message, including envelope information.
# 30M
message_size_limit = 20480000


#======== Listas ===========
owner_request_special = no
unknow_local_recipient_reject_code = 550



# caso de problemas descomentar para fazer mensagens serem reenviadas
soft_bounce = no


Um abraço,
Douglas


--
Douglas Macedo
[hidden email]
--
Avalia-se a inteligência de um indivíduo pela quantidade de incertezas que ele é capaz de suportar.
(Immanuel Kant)
Reply | Threaded
Open this post in threaded view
|

Re: Virtual users - LDAP

Reinaldo Gil Lima de Carvalho
On Fri, Aug 3, 2012 at 2:38 PM, Douglas D. J. de Macedo
<[hidden email]> wrote:

>
> Using a comand postmap asking for the virtual user (mailAlternateAddress)
> the results are:
>
> #postmap -q [hidden email] ldap:accountsmap
> [hidden email]
>
> But if I try to "real" user, the command don't works:
>
> #postmap -q [hidden email] ldap:accountsmap
> #
>

accountsmap_query_filter =
(&(objectClass=qmailUser)(|(mailAlternateAddress=%s)(mail=%s)))
accountsmap_result_attribute =  mail

--
Reinaldo de Carvalho
http://korreio.sf.net
http://python-cyrus.sf.net

"While not fully understand a software, don't try to adapt this
software to the way you work, but rather yourself to the way the
software works" (myself)
Reply | Threaded
Open this post in threaded view
|

[SOLVED] Re: Virtual users - LDAP

Douglas Macedo
Reinaldo,

thanks a lot man!

Best,
Doug

On Fri, Aug 3, 2012 at 2:45 PM, Reinaldo de Carvalho <[hidden email]> wrote:
On Fri, Aug 3, 2012 at 2:38 PM, Douglas D. J. de Macedo
<[hidden email]> wrote:
>
> Using a comand postmap asking for the virtual user (mailAlternateAddress)
> the results are:
>
> #postmap -q [hidden email] ldap:accountsmap
> [hidden email]
>
> But if I try to "real" user, the command don't works:
>
> #postmap -q [hidden email] ldap:accountsmap
> #
>

accountsmap_query_filter =
(&(objectClass=qmailUser)(|(mailAlternateAddress=%s)(mail=%s)))
accountsmap_result_attribute =  mail

--
Reinaldo de Carvalho
http://korreio.sf.net
http://python-cyrus.sf.net

"While not fully understand a software, don't try to adapt this
software to the way you work, but rather yourself to the way the
software works" (myself)



--
Douglas Macedo
[hidden email]
--
Avalia-se a inteligência de um indivíduo pela quantidade de incertezas que ele é capaz de suportar.
(Immanuel Kant)