Re: postfix filters and ldap groups

Tue, 17 Jan 2012 10:05:29 -0800 

On 01/16/2012 09:39 PM, Carlos R Laguna wrote:
Hello everyone i am recently using postfix, and i required bu necessity set a limit of reach of my users, meaning some users will have international access for receiving or sending mails and other wont, so try to make a filter using my ldap groups like this 

international_server_host = 127.0.0.1
international_server_port = 389
international_bind = no
international_timeout = 5
international_search_base = ou=Groups,dc=jovenclub,dc=cu
international_query_filter = (&(|(cn=MailInt))(memberUid=%u))
international_result_attribute = cn

# Verifico enviador
smtpd_sender_login_maps = ldap:ldapvirtualmap


smtpd_restriction_classes = MailInt, International, InternationalOut

# Classes
MailInt = permit

International =
    check_recipient_access ldap:international,
    check_sender_access regexp:/etc/postfix/international.cf

InternationalOut =
    check_sender_access ldap:international,
    check_recipient_access regexp:/etc/postfix/international.cf

smtpd_helo_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_invalid_helo_hostname

smtpd_sender_restrictions =
    reject_non_fqdn_sender,
    permit_mynetworks,
    permit_sasl_authenticated

smtpd_recipient_restrictions =
    reject_non_fqdn_recipient,
    check_sender_access regexp:/etc/postfix/access.cf,
    permit_sasl_authenticated,
    reject_unauth_destination,
    reject_unlisted_recipient,
    permit


but so far postfix is just sending the emails and looks like he is 
skipping  the filter, since my experience with postfix is close to 0 i 
really can see if any option declared at first is overriding this set 
of parameters so i will left my main.cg just below.Thanks for 
everything  and sorry for the rusty english.Best regards Carlos R Laguna




# Generated by Zentyal

# See /usr/share/postfix/main.cf.dist for a commented, more complete 
version


# require helo
smtpd_delay_reject  = yes
smtpd_helo_required = yes

strict_rfc821_envelopes = yes
disable_vrfy_command = yes

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUAs job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myorigin = /etc/mailname
myhostname = tinomail.jovenclub.cu
mydestination = $myorigin,$myhostname,localhost,localhost.$mydomain
smtp_helo_name = tinomail.jovenclub.cu
alias_maps = hash:/etc/aliases

alias_database = hash:/etc/aliases
local_recipient_maps = proxy:unix:passwd.byname $alias_maps

relayhost = mx4.jovenclub.cu


smtp_tls_security_level = may
smtp_tls_key_file  = /etc/postfix/sasl/postfix.pem
smtp_tls_cert_file = /etc/postfix/sasl/postfix.pem


mynetworks = 127.0.0.0/8 192.168.xxx.xxx/32 ect.

message_size_limit = 3145728
mailbox_size_limit = 0
virtual_mailbox_limit = 0
recipient_delimiter = +
inet_interfaces = all

# Virtual Aliases
virtual_alias_maps = ldap:valiases
valiases_server_host = 127.0.0.1
valiases_search_base = ou=mailalias,ou=postfix,dc=jovenclub,dc=cu
valiases_query_filter = (&(mail=%s)(objectClass=CourierMailAlias))
valiases_result_attribute = maildrop
aliases_bind = no

# Virtual Domains
dovecot_destination_recipient_limit = 1
virtual_transport = dovecot
#virtual_transport = virtual
virtual_mailbox_base = /var/vmail/
virtual_mailbox_maps= ldap:ldapvirtualmap

ldapvirtualmap_server_host = 127.0.0.1:389
ldapvirtualmap_bind = no
ldapvirtualmap_search_base = ou=Users,dc=jovenclub,dc=cu

ldapvirtualmap_query_filter = 
(&(mail=%s)(!(quota=-1))(objectClass=CourierMailAccount))

ldapvirtualmap_result_attribute = mailbox

virtual_mailbox_domains = ldap:vmaildomains
vmaildomains_server_host = 127.0.0.1
vmaildomains_bind = no
vmaildomains_search_base =  ou=postfix,dc=jovenclub,dc=cu

vmaildomains_query_filter = 
(|(&(objectclass=domain)(domainComponent=%s))(&(objectclass=CourierMailAlias)(mail=@%s)))

vmaildomains_result_attribute = dc, maildrop


virtual_minimum_uid = 100
virtual_uid_maps = static:110
virtual_gid_maps = static:114

#########

# Grups Users
international_server_host = 127.0.0.1
international_server_port = 389
international_bind = no
international_timeout = 5
international_search_base = ou=Groups,dc=jovenclub,dc=cu
international_query_filter = (&(|(cn=MailInt))(memberUid=%u))
international_result_attribute = cn


# TLS/SSL
smtpd_use_tls = yes
smtpd_tls_note_starttls = yes
smtpd_tls_key_file  = /etc/postfix/sasl/postfix.pem
smtpd_tls_cert_file = /etc/postfix/sasl/postfix.pem
smtpd_tls_loglevel = 1

# recipient restrictions

smtpd_recipient_restrictions = permit_sasl_authenticated, 
permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, 
reject_unknown_sender_domain, reject_invalid_helo_hostname, 
reject_non_fqdn_helo_hostname, check_helo_access 
pcre:/etc/postfix/helo_checks.pcre
submission_recipient_restrictions = reject_non_fqdn_sender, 
reject_non_fqdn_recipient, permit_sasl_authenticated, 
permit_mynetworks, reject

smtpd_restriction_classes = submission_recipient_restrictions

#SASL authentication
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain =  $myorigin




###########

## Rules

# Check sender
smtpd_sender_login_maps = ldap:ldapvirtualmap

# Restrictions Classes
smtpd_restriction_classes = MailInt, International, InternationalOut


These are not used anywhere.


--
J.























					Reply via email to