Am 24.12.2013 11:52, schrieb Zeljko Culek:
Hello everyone,
I need some help with postfix+LDAP config and delivery mode.
We're using Postfix 2.6.6 on Centos 6.4. Before, we used Qmail with
the same LDAP (on old Debian). Our LDAP accounts have the attribute
deliveryMode
which we used for mailing lists (OK, they are in fact "mailing groups"
rather than lists). When the attribute is set to
deliveryMode = nolocal
Qmail did not deliver mail to the list "mailbox", only to the accounts
on the list/group.
Now with Postfix I can't achieve the same behaviour. Can Postfix (I
now it can, but don't know how :)) be set up not to deliver the mail
to the list mailbox if the list has the attribute deliveryMode = nolocal?
Can it be that your ldap_user_maps filter matches for develop...@nth.ch?
If so you need to change your query filter into
(&(!(deliveryMode=nolocal))(!(objectclass=qmailgroup))(&(mail=%s)))
I'll try to simplify to be more understandable:
I have a mailing group (or list if you prefer) e.g. develop...@nth.ch.
This group has many recipients, defined with LDAP attribute
maiForwardingAddress for develop...@nth.ch. Those recipients can be
both internal (nth.ch) and external (any other domain - gmail, yahoo,
etc.). So, when mail is sent to develop...@nth.ch, it is delivered to
all of the recipients in mailForwardingAddress, but also to
develop...@nth.ch mailbox; with qmail, that mailbox didn't even exist,
i.e. mail was delivered only to mailForwardingAddress recipients, and
no develop...@nth.ch mailbox was created or deliverd a message.
So, that's what I want to achieve - mail to be delivered only to
mailForwardingAddress recipient mailboxes. So, deliveryMode=nolocal
with qmail meant - don't deliver mail to mail=something, only deliver
to mailForwardingAddress=something.
Thnx in advance!
Here's postconf -n:
-------------------
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 3
disable_vrfy_command = yes
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailbox_command = /usr/libexec/dovecot/deliver
mailbox_size_limit = 0
mailbox_transport = dovecot
mailq_path = /usr/bin/mailq.postfix
message_size_limit = 52857600
milter_default_action = accept
milter_protocol = 6
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = nth.ch
myhostname = mx.nth.ch
mynetworks = 127.0.0.0/8, --omitted--, hash:/etc/postfix/relayhosts
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = inet:localhost:8891
queue_directory = /var/spool/postfix
relay_domains = mlist.nth.ch
resolve_numeric_domain = yes
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtpd_banner = "$myhostname - NTH ESMTP - NO UCE"
smtpd_client_restrictions = permit_sasl_authenticated,
permit_mynetworks, permit
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:10031
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_invalid_hostname, permit
smtpd_milters = inet:localhost:8891
smtpd_recipient_restrictions = check_policy_service
inet:127.0.0.1:10031, permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_unlisted_recipient, reject_invalid_hostname,
reject_unauth_pipelining, reject_non_fqdn_sender, permit
smtpd_reject_unlisted_recipient = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_authenticated_sender_login_mismatch, permit
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/postfix/ssl/nth.ch.pem
smtpd_tls_key_file = /etc/postfix/ssl/nth.ch.key
smtpd_tls_loglevel = 2
smtpd_tls_received_header = yes
smtpd_tls_security_level = may
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport
virtual_alias_domains = ldap:/etc/postfix/conf.d/ldap_alias_maps.cf
virtual_alias_maps = hash:/etc/mailman/virtual-mailman,
ldap:/etc/postfix/conf.d/ldap_alias_maps.cf
virtual_gid_maps = static:12
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = ldap:/etc/postfix/conf.d/ldap_domain_maps.cf
virtual_mailbox_maps = ldap:/etc/postfix/conf.d/ldap_user_maps.cf,
hash:/etc/postfix/transport
virtual_minimum_uid = 100
virtual_transport = dovecot
virtual_uid_maps = static:111
ldap_user_maps.cf:
------------------
***
search_base = dc=nth,dc=ch
scope = sub
query_filter = (&(!(objectclass=qmailgroup))(&(mail=%s)))
result_attribute = mail
ldap_alias_maps.cf:
-------------------
***
search_base = dc=nth,dc=ch
scope = sub
query_filter =
(&(objectClass=inetOrgPerson)(|(mail=%s)(mailAlternateAddress=%s)))
result_attribute = mail
leaf_result_attribute = mailForwardingAddress
ldap_domain_maps.cf
-------------------
***
search_base = dc=nth,dc=ch
scope = sub
query_filter = (ou=%s)
result_attribute = ou
--
Zeljko Culek
