Postfix+LDAP nolocal delivery

[Zeljko Culek]

Hello everyone,

I need some help with postfix+LDAP config and delivery mode.
We're using Postfix 2.6.6 on Centos 6.4. Before, we used Qmail with the 
same LDAP (on old Debian). Our LDAP accounts have the attribute

deliveryMode

which we used for mailing lists (OK, they are in fact "mailing groups" 
rather than lists). When the attribute is set to

deliveryMode = nolocal

Qmail did not deliver mail to the list "mailbox", only to the accounts 
on the list/group.

Now with Postfix I can't achieve the same behaviour. Can Postfix (I now 
it can, but don't know how :)) be set up not to deliver the mail to the 
list mailbox if the list has the attribute deliveryMode = nolocal?

I'll try to simplify to be more understandable:

I have a mailing group (or list if you prefer) e.g. develop...@nth.ch. 
This group has many recipients, defined with LDAP attribute 
maiForwardingAddress for develop...@nth.ch. Those recipients can be both 
internal (nth.ch) and external (any other domain - gmail, yahoo, etc.). 
So, when mail is sent to develop...@nth.ch, it is delivered to all of 
the recipients in mailForwardingAddress, but also to develop...@nth.ch 
mailbox; with qmail, that mailbox didn't even exist, i.e. mail was 
delivered only to mailForwardingAddress recipients, and no 
develop...@nth.ch mailbox was created or deliverd a message.

So, that's what I want to achieve - mail to be delivered only to 
mailForwardingAddress recipient mailboxes. So, deliveryMode=nolocal with 
qmail meant - don't deliver mail to mail=something, only deliver to 
mailForwardingAddress=something.

Thnx in advance!


Here's postconf -n:
-------------------
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 3
disable_vrfy_command = yes
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailbox_command = /usr/libexec/dovecot/deliver
mailbox_size_limit = 0
mailbox_transport = dovecot
mailq_path = /usr/bin/mailq.postfix
message_size_limit = 52857600
milter_default_action = accept
milter_protocol = 6
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = nth.ch
myhostname = mx.nth.ch
mynetworks = 127.0.0.0/8, --omitted--, hash:/etc/postfix/relayhosts
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = inet:localhost:8891
queue_directory = /var/spool/postfix
relay_domains = mlist.nth.ch
resolve_numeric_domain = yes
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_banner = "$myhostname - NTH ESMTP - NO UCE"
smtpd_client_restrictions = permit_sasl_authenticated, 
permit_mynetworks,    permit
smtpd_data_restrictions = reject_unauth_pipelining,        permit
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, 
permit_mynetworks,        reject_invalid_hostname,        permit
smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions = check_policy_service 
inet:127.0.0.1:10031,        permit_mynetworks, 
permit_sasl_authenticated,        reject_unauth_destination, 
reject_unlisted_recipient,        reject_invalid_hostname, 
reject_unauth_pipelining,        reject_non_fqdn_sender, permit
smtpd_reject_unlisted_recipient = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated, 
permit_mynetworks,        reject_non_fqdn_sender, 
reject_unknown_sender_domain, 
reject_authenticated_sender_login_mismatch,        permit
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/nth.ch.pem
smtpd_tls_key_file = /etc/postfix/ssl/nth.ch.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
virtual_alias_domains = ldap:/etc/postfix/conf.d/ldap_alias_maps.cf
virtual_alias_maps = hash:/etc/mailman/virtual-mailman, 
ldap:/etc/postfix/conf.d/ldap_alias_maps.cf
virtual_gid_maps = static:12
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = ldap:/etc/postfix/conf.d/ldap_domain_maps.cf
virtual_mailbox_maps = ldap:/etc/postfix/conf.d/ldap_user_maps.cf, 
hash:/etc/postfix/transport
virtual_minimum_uid = 100
virtual_transport = dovecot
virtual_uid_maps = static:111



ldap_user_maps.cf:
------------------
***
search_base = dc=nth,dc=ch
scope = sub
query_filter = (&(!(objectclass=qmailgroup))(&(mail=%s)))
result_attribute = mail


ldap_alias_maps.cf:
-------------------
***
search_base = dc=nth,dc=ch
scope = sub
query_filter = 
(&(objectClass=inetOrgPerson)(|(mail=%s)(mailAlternateAddress=%s)))
result_attribute = mail
leaf_result_attribute = mailForwardingAddress


ldap_domain_maps.cf
-------------------
***
search_base = dc=nth,dc=ch
scope = sub
query_filter = (ou=%s)
result_attribute = ou

--
Zeljko Culek