On 8/16/2010 3:40 PM, Christopher Koeber wrote:
On Mon, Aug 16, 2010 at 1:22 PM, Brian Evans - Postfix List
<grkni...@scent-team.com <mailto:grkni...@scent-team.com>> wrote:
On 8/16/2010 10:45 AM, Christopher Koeber wrote:
Well, maybe it will help to describe what I am trying to do.
I have a list of folks in my OpenLDAP server that I would like
accounts for. These accounts are for the
'students.wesleyseminary.edu
<http://students.wesleyseminary.edu>
<http://students.wesleyseminary.edu>' domain.
I also have folks in a 'wesleyministrynetwork.com
<http://wesleyministrynetwork.com>
<http://wesleyministrynetwork.com>' domain that I would like
mail to be sent to. These folks are going to be in a different
organizational unit.
Obviously, I also will need to have the
postmaster/mailerdaemon/etc. accounts working as well.
Now, from the documentation that I looked at, the virtual
maps/alias settings that I loaded in seemed like the best bet.
Is that correct, or do I need to go in a different direction?
I believe you are heading in the right direction, but you must
understand my comments.
When a bare username is retrieved from a map, $myorigin is
appended to it automatically.
$myorigin defaults to $myhostname
(http://www.postfix.org/postconf.5.html#myorigin)
virtual_ALIAS_maps apply to ALL mail passed through the system and
are applied before delivery.
virtual_MAILBOX_maps validate *and* point to the mailbox (when
using the virtual(8) delivery) for users that are included in the
domains for virtual_MAILBOX_domains
If you do not need to apply alternate names (aka aliases) to
users, do not use virtual_ALIAS_maps.
It is recommended to use virtual_ALIAS_maps for the accounts you
pointed out above and *not* include normal users that
virtual_MAILBOX_maps will do for you.
When you do have a virtual_ALIAS_maps match, make sure it is fully
qualified:
Example:
postmas...@wts-zimbra.wesleysem.edu
<mailto:postmas...@wts-zimbra.wesleysem.edu>
real.u...@wts-zimbra.wesleysem.edu
<mailto:real.u...@wts-zimbra.wesleysem.edu>
Great, I don't get a bounceback!!!!
Thanks, but the email hasn't been delivered to an actual mailbox. My
guess is that the mapping for the users to the mailbox hasn't been
worked out.
Logs?
OK, I am not sure if I am doing this correctly. I have the following
configured for postconf -n:
----------------------------------------------------------------------------------------------------------------------------------------------------------
alias_maps = hash:/etc/mail/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib64/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
default_destination_concurrency_limit = 20
home_mailbox = .Maildir/
html_directory = /usr/share/doc/postfix-2.6.6/html
inet_interfaces = all
local_destination_concurrency_limit = 2
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
local_transport = virtual
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
mydestination =
mydomain = students.wesleyseminary.edu
<http://students.wesleyseminary.edu>
myhostname = wts-zimbra.wesleysem.edu <http://wts-zimbra.wesleysem.edu>
mynetworks_style = subnet
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.6.6/readme
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_banner = students.wesleyseminary.edu
<http://students.wesleyseminary.edu> ESMTP $mail_name ($mail_version)
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_security_options = noanonymous
smtpd_tls_CAfile = /etc/postfix/cacert.pem
smtpd_tls_cert_file = /etc/postfix/newcert.pem
smtpd_tls_key_file = /etc/postfix/newkey.pem
smtpd_tls_loglevel = 3
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf
<http://ldap-aliases.cf>
virtual_gid_maps = static:$studentemail-gid
virtual_mailbox_base = /
virtual_mailbox_domains = /etc/postfix/virtual_domains.cf
<http://virtual_domains.cf>
virtual_mailbox_maps = ldap:/etc/postfix/ldap-maps.cf
<http://ldap-maps.cf>
virtual_minimum_uid = 1000
virtual_uid_maps = static:$studentemail-uid
----------------------------------------------------------------------------------------------------------------------------------------------------------
So, here is what I have for my ldap-aliases.cf <http://ldap-aliases.cf>:
Personally, I think you should dump the LDAP lookup of
virtual_alias_maps and *simply* map the postmaster; abuse; and other
special accounts in a hash or cdb file. You do *not* need
virtual_alias_maps to have a functioning virtual_MAILBOX_maps system.
You *do NOT* want to map every user in virtual_ALIAS_maps that already
exist in virtual_MAILBOX_maps
Reference: http://www.postfix.org/VIRTUAL_README.html#virtual_mailbox
----------------------------------------------------------------------------------------------------------------------------------------------------------
server_host = wts-studdir.wesleysem.edu <http://wts-studdir.wesleysem.edu>
search_base = ou=Students,dc=wesleyseminary,dc=edu
version=3
timeout = 10
size_limit = 1
bind = yes
bind_dn = Bind_DN
bind_pw = password
query_filter = (mail=%s)
result_attribute = mail
----------------------------------------------------------------------------------------------------------------------------------------------------------
My question is where does the mapping for the user's physical
mailboxes go? And within the LDAP pull should the result from the
query have the ".Maildir" part added on or not?
The Postfix virtual(8) delivery agent will deliver mail to the result of
a virtual_MAILBOX_maps lookup. home_mailbox is ignored since it is for
the local(8) delivery agent *only*.
If you want items stored in Maildir format, *be sure* to append a / at
the end of the path.
Please see: http://www.postfix.org/virtual.8.html for details
I thought it was in virtual_mailbox_maps if they weren't local users.
Last question.
What do I need to do to add additional support for the second domain
to get pulled from a separate OU in LDAP?
Is that possible?
Add a second LDAP map to virtual_MAILBOX_maps. Notice it says "maps"
and not "map", multiples maps are supported.
Once you have a working setup, you may want to use the proxymap
(http://www.postfix.org/proxymap.8.html) service to keep a sane load on
your LDAP servers.
