On Thu, May 26, 2011 at 2:18 PM, Victor Duchovni <victor.ducho...@morganstanley.com> wrote: > On Thu, May 26, 2011 at 02:14:20PM -0700, Stephen Ingram wrote: > >> 4test.net 4test.net >> >> thinking that the right side doesn't matter. Postfix is just looking >> for the presence of the domain, no? >> >> For the ldap lookup, postfix is looking for 4test.net for which the >> query results in the same 4test.net returned. Isn't that correct? > > Almost certainly not. The LDAP query must also be matching other domains. > >> In both cases, the user, u...@test.net is looked up in the >> virtual_aliases_map (ldap) which converts the address to a local user >> (user in this example) and the mail is delivered via lmtp to cyrus >> (when it works). Also note that the virtual_alias_map is the same ldap >> lookup in both cases. The only thing I'm changing is whether the >> domain lookup is using a hash table or ldap table. > > The LDAP lookup matches additional lookup keys. To find out which, > read or post the full log entries for the bounced email. Your anecdotal > retelling of what's in the logs leaves out critical information.
Agreed. Here is the postfix log for when the ldap table is used: May 26 14:48:20 smtp postfix/smtpd[5653]: connect from terrapin.penumbra.us[192.168.17.42] May 26 14:48:46 smtp postfix/smtpd[5653]: E8EB7CC056A: client=terrapin.penumbra.us[192.168.17.42] May 26 14:48:59 smtp postfix/cleanup[5663]: E8EB7CC056A: message-id=<20110526194846.e8eb7cc0...@smtp.penumbra.us> May 26 14:48:59 smtp postfix/qmgr[5156]: E8EB7CC056A: from=<st...@penumbra.us>, size=414, nrcpt=1 (queue active) May 26 14:49:00 smtp postfix/smtpd[5683]: disconnect from terrapin.penumbra.us[192.168.17.42] May 26 14:49:04 smtp postfix/smtpd[5683]: connect from scan.penumbra.us[192.168.17.43] May 26 14:49:04 smtp postfix/smtpd[5683]: C5DB2CC056C: client=terrapin.penumbra.us[192.168.17.42] May 26 14:49:04 smtp postfix/cleanup[5663]: C5DB2CC056C: message-id=<20110526194846.e8eb7cc0...@smtp.penumbra.us> May 26 14:49:04 smtp postfix/qmgr[5156]: C5DB2CC056C: from=<st...@penumbra.us>, size=871, nrcpt=1 (queue active) May 26 14:49:04 smtp postfix/smtpd[5683]: disconnect from scan.penumbra.us[192.168.17.43] May 26 14:49:04 smtp postfix/smtp[5668]: E8EB7CC056A: to=<u...@4test.net>, relay=192.168.17.43[192.168.17.43]:10024, delay=30, delays=25/0.04/0/4.9, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=24032-10, from MTA([192.168.17.44]:10025): 250 2.0.0 Ok: queued as C5DB2CC056C) May 26 14:49:04 smtp postfix/qmgr[5156]: E8EB7CC056A: removed May 26 14:49:04 smtp postfix/error[5684]: C5DB2CC056C: to=<us...@penumbra.us>, orig_to=<u...@4test.net>, relay=none, delay=0.16, delays=0.13/0.01/0/0.0, dsn=5.0.0, status=bounced (User unknown in virtual alias table) And, now when the hash table is used: May 26 14:54:53 smtp postfix/smtpd[5860]: connect from terrapin.penumbra.us[192.168.17.42] May 26 14:55:09 smtp postfix/smtpd[5860]: DF310CC056A: client=terrapin.penumbra.us[192.168.17.42] May 26 14:55:19 smtp postfix/cleanup[5883]: DF310CC056A: message-id=<20110526195509.df310cc0...@smtp.penumbra.us> May 26 14:55:19 smtp postfix/qmgr[5857]: DF310CC056A: from=<st...@penumbra.us>, size=414, nrcpt=1 (queue active) May 26 14:55:20 smtp postfix/smtpd[5860]: disconnect from terrapin.penumbra.us[192.168.17.42] May 26 14:55:24 smtp postfix/smtpd[5894]: connect from scan.penumbra.us[192.168.17.43] May 26 14:55:24 smtp postfix/smtpd[5894]: 7FC45CC056C: client=terrapin.penumbra.us[192.168.17.42] May 26 14:55:24 smtp postfix/cleanup[5883]: 7FC45CC056C: message-id=<20110526195509.df310cc0...@smtp.penumbra.us> May 26 14:55:24 smtp postfix/qmgr[5857]: 7FC45CC056C: from=<st...@penumbra.us>, size=871, nrcpt=1 (queue active) May 26 14:55:24 smtp postfix/smtpd[5894]: disconnect from scan.penumbra.us[192.168.17.43] May 26 14:55:24 smtp postfix/smtp[5889]: DF310CC056A: to=<u...@4test.net>, relay=192.168.17.43[192.168.17.43]:10024, delay=22, delays=17/0.04/0/4.8, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=24120-10, from MTA([192.168.17.44]:10025): 250 2.0.0 Ok: queued as 7FC45CC056C) May 26 14:55:24 smtp postfix/qmgr[5857]: DF310CC056A: removed May 26 14:55:25 smtp postfix/smtp[5896]: 7FC45CC056C: to=<us...@penumbra.com>, orig_to=<u...@4test.net>, relay=smtp2.penumbra.us[192.168.17.85]:25, delay=0.79, delays=0.13/0.13/0.17/0.36, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 34E50448037) May 26 14:55:25 smtp postfix/qmgr[5857]: 7FC45CC056C: removed Please note that I have removed the TLS/SSL connection messages for brevity and the mail does travel through a amavisd filter, thus the exchange with scan.penumbra.us. Also whenever ldap is used to lookup the domain, it reports only finding one entry: May 26 14:49:15 ldap slapd[25990]: conn=47 op=2 SRCH base="ou=accounts,dc=penumbra,dc=net" scope=2 deref=0 filter="(&(objectClass=postfixVirtualDomain)(virtualDomain=4test.net)(entryActive=TRUE))" May 26 14:49:15 ldap slapd[25990]: conn=47 op=2 SRCH attr=virtualDomain May 26 14:49:15 ldap slapd[25990]: conn=47 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= so I don't think the ldap queries are matching other domains. Like you say, unless postfix performs the name rewrite differently when an ldap lookup is used, this has got to somehow be the ldap lookup that it's not satisfied with. But given that only one result is obtained with each lookup, I can't imagine what could be the difference. Steve
