ldap query and custom error response - broken

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

ldap query and custom error response - broken

pandorasbox55
Hi -

I have postfix configured to deliver emails based on custom LDAP queries. One of these queries issues a custom error response. 

If an email is received from an upstream server and in the initial lookup, the custom error response is generated, the custom error response is returned properly. eg

server-a > postfix > ldap lookup > custom error response returned

However, if an email is received from an upstream server and the initial query leads to another LDAP query and then the custom error response, instead of returning the custom error response, the postfix server takes each individual word of the error response and turns that into an expanded email address. 

server-a > postfix > ldap lookup (mail forwarded to another account) > ldap lookup > custom error response expanded into individual email addresses

I can also reproduce this issue if I try to do a test directly from the postfix server. (sendmail -bv emailaddress)

The LDAP queries are defined using virtual_alias_maps.

The postfix server does not have a need to deliver mail "locally". If the email address is found in the LDAP, then it will use the mail routing information found in the LDAP to redirect the email to the proper server. If the email address is not found in the LDAP then the message can be rejected. 


tia,
=lc






Reply | Threaded
Open this post in threaded view
|

Re: ldap query and custom error response (misconfigured)

Viktor Dukhovni


> On Nov 4, 2017, at 4:20 PM, l carr <[hidden email]> wrote:
>
>
> If an email is received from an upstream server and in the initial lookup, the custom error response is generated, the custom error response is returned properly.

As one might expect when LDAP is used as the backend store
for an access(5) table:

        http://www.postfix.org/access.5.html
        http://www.postfix.org/SMTPD_ACCESS_README.html

> However, if an email is received from an upstream server and the
> initial query leads to another LDAP query and then the custom error
> response, instead of returning the custom error response, the postfix
> server takes each individual word of the error response and turns that
> into an expanded email address.

As one would expect when LDAP is used as the backend store
for a virtual(5) or aliases(5) table:

        http://www.postfix.org/virtual.5.html
        http://www.postfix.org/aliases.5.html
        http://www.postfix.org/ADDRESS_REWRITING_README.html

DO NOT use access(5) data as address rewriting data or vice versa.

> I can also reproduce this issue if I try to do a test directly from the postfix server. (sendmail -bv emailaddress)
>
> The LDAP queries are defined using virtual_alias_maps.

Reject error messages don't go into virtual_alias_maps.
That's what access(5) tables are for.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: ldap query and custom error response - broken

Wietse Venema
In reply to this post by pandorasbox55
l carr:
> I have postfix configured to deliver emails based on custom LDAP
> queries. One of these queries issues a custom error response.
...
> The LDAP queries are defined using virtual_alias_maps.

There is no 'custom error response' for virtual_alias_maps lookups.
Where did you get that idea from?

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: ldap query and custom error response - broken

Wietse Venema
Wietse Venema:
> l carr:
> > I have postfix configured to deliver emails based on custom LDAP
> > queries. One of these queries issues a custom error response.
> ...
> > The LDAP queries are defined using virtual_alias_maps.
>
> There is no 'custom error response' for virtual_alias_maps lookups.
> Where did you get that idea from?

Meaning, if Postfix or other documentation suggests that virtual alias
maps support custom error responses, then that needs to be fixed.

        Wietse