Hello,

I try to configure "Envelope sender address authorization" as
described at

  http://www.postfix.org/SASL_README.html#server_sasl_authz

but Postfix keeps complaining that the sender address is not
owned by the SASL account I login with. The account is
n...@niklaas.eu while the sender address is m...@niklaas.eu.
(Configuration and logs follow below.)

Funny thing is that `postmap -q m...@niklaas.eu <ldap-config>`
gives "n...@niklaas.eu" as expected, however, as seen in
/var/log/maillog below (line 7), postfix gives "maps_find:
smtpd_sender_login_maps: m...@nikaas.eu: not found".

-- $ postconf -nf
  alias_maps = hash:/etc/aliases
  command_directory = /usr/local/sbin
  compatibility_level = 2
  daemon_directory = /usr/local/libexec/postfix
  data_directory = /var/db/postfix
  debug_peer_level = 2
  debug_peer_list = static:all
  debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
      $daemon_directory/$process_name $process_id & sleep 5
  html_directory = no
  inet_protocols = ipv4,ipv6
  mail_owner = postfix
  mailq_path = /usr/local/bin/mailq
  manpage_directory = /usr/local/man
  meta_directory = /usr/local/libexec/postfix
  mua_recipient_restrictions = reject_sender_login_mismatch
      permit_sasl_authenticated
  mua_sender_login_maps = ldap:$config_directory/ldap/smtpd_sender_login_maps.cf
  mydestination = localhost.$mydomain localhost
  mynetworks_style = host
  myorigin = $mydomain
  newaliases_path = /usr/local/bin/newaliases
  postscreen_upstream_proxy_protocol = haproxy
  queue_directory = /var/spool/postfix
  readme_directory = no
  recipient_delimiter = +
  sample_directory = /usr/local/etc/postfix
  sendmail_path = /usr/local/sbin/sendmail
  setgid_group = maildrop
  shlib_directory = /usr/local/lib/postfix
  smtpd_tls_auth_only = yes
  smtpd_tls_cert_file = $config_directory/certs/mail.niklaas.eu.pem
  smtpd_tls_key_file = $smtpd_tls_cert_file
  smtpd_tls_security_level = may
  smtpd_upstream_proxy_protocol = haproxy
  soft_bounce = yes
  unknown_local_recipient_reject_code = 550
  virtual_alias_domains = ldap:$config_directory/ldap/virtual_alias_domains.cf
  virtual_alias_maps = ldap:$config_directory/ldap/virtual_alias_maps.cf
  virtual_mailbox_domains = niklaas.eu
  virtual_mailbox_maps = ldap:$config_directory/ldap/virtual_mailbox_maps.cf
  virtual_transport = lmtp:unix:private/dovecot-lmtp
--

-- $ posconf -Mf
  smtp       inet  n       -       n       -       1       postscreen
  smtpd      pass  -       -       n       -       -       smtpd
  9025       inet  n       -       n       -       -       smtpd
  submission inet  n       -       n       -       -       smtpd
      -o syslog_name=postfix/submission
      -o smtpd_tls_security_level=encrypt
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_sasl_type=dovecot
      -o smtpd_sasl_path=private/auth
      -o smtpd_recipient_restrictions=$mua_recipient_restrictions
      -o smtpd_sender_login_maps=$mua_sender_login_maps
      -o smtpd_reject_unlisted_recipient=no
      -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
      -o milter_macro_daemon_name=ORIGINATING
  pickup     unix  n       -       n       60      1       pickup
  cleanup    unix  n       -       n       -       0       cleanup
  qmgr       unix  n       -       n       300     1       qmgr
  tlsmgr     unix  -       -       n       1000?   1       tlsmgr
  rewrite    unix  -       -       n       -       -       trivial-rewrite
  bounce     unix  -       -       n       -       0       bounce
  defer      unix  -       -       n       -       0       bounce
  trace      unix  -       -       n       -       0       bounce
  verify     unix  -       -       n       -       1       verify
  flush      unix  n       -       n       1000?   0       flush
  proxymap   unix  -       -       n       -       -       proxymap
  proxywrite unix  -       -       n       -       1       proxymap
  smtp       unix  -       -       n       -       -       smtp
  relay      unix  -       -       n       -       -       smtp
  showq      unix  n       -       n       -       -       showq
  error      unix  -       -       n       -       -       error
  retry      unix  -       -       n       -       -       error
  discard    unix  -       -       n       -       -       discard
  local      unix  -       n       n       -       -       local
  virtual    unix  -       n       n       -       -       virtual
  lmtp       unix  -       -       n       -       -       lmtp
  anvil      unix  -       -       n       -       1       anvil
  scache     unix  -       -       n       -       1       scache
--

-- /var/log/maillog
   1    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: dict_ldap_lookup: 
In dict_ldap_lookup
   2    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: dict_ldap_lookup: 
No existing connection for LDAP source 
/usr/local/etc/postfix/ldap/smtpd_sender_login_maps.cf, reopening
   3    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: dict_ldap_connect: 
Connecting to server ldap://proxy.box-local.klaas:389
   4    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: dict_ldap_connect: 
Actual Protocol version used is 2.
   5    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: dict_ldap_connect: 
Cached connection handle for LDAP source 
/usr/local/etc/postfix/ldap/smtpd_sender_login_maps.cf
   6    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: dict_ldap_lookup: 
/usr/local/etc/postfix/ldap/smtpd_sender_login_maps.cf: Searching with filter 
(&(objectClass=postfixUser)(mailacceptinggeneralid=m...@nikaas.eu))
   7    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: maps_find: 
smtpd_sender_login_maps: m...@nikaas.eu: not found
   8    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: match_string: 
mydestination: nikaas.eu ~? localhost.box-hlm-02.niklaas.eu
   9    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: match_string: 
mydestination: nikaas.eu ~? localhost
  10    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: match_list_match: 
nikaas.eu: no match
  11    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: dict_ldap_lookup: 
In dict_ldap_lookup
  12    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: dict_ldap_lookup: 
Using existing connection for LDAP source 
/usr/local/etc/postfix/ldap/smtpd_sender_login_maps.cf
  13    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: dict_ldap_lookup: 
/usr/local/etc/postfix/ldap/smtpd_sender_login_maps.cf: Searching with filter 
(&(objectClass=postfixUser)(mailacceptinggeneralid=@nikaas.eu))
  14    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: maps_find: 
smtpd_sender_login_maps: @nikaas.eu: not found
  15    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: mail_addr_find: 
m...@nikaas.eu -> (not found)
  16    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: NOQUEUE: reject: 
RCPT from aftr-109-91-37-7.unity-media.net[109.91.37.7]: 453 4.7.1 
<m...@nikaas.eu>: Sender address rejected: not owned by user n...@niklaas.eu; 
from=<m...@nikaas.eu> to=<n...@niklaas.eu> proto=ESMTP helo=<[192.168.178.45]>
  17    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: generic_checks: 
name=reject_authenticated_sender_login_mismatch status=2
  18    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: >>> END Recipient 
address RESTRICTIONS <<<
  19    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: generic_checks: 
name=reject_sender_login_mismatch status=2
  20    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: >>> END Recipient 
address RESTRICTIONS <<<
  21    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: > 
aftr-109-91-37-7.unity-media.net[109.91.37.7]: 453 4.7.1 <m...@nikaas.eu>: 
Sender address rejected: not owned by user n...@niklaas.eu
  22    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: watchdog_pat: 
0x805c0e110
  23    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: < 
aftr-109-91-37-7.unity-media.net[109.91.37.7]: RSET
  24    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: > 
aftr-109-91-37-7.unity-media.net[109.91.37.7]: 250 2.0.0 Ok
  25    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: watchdog_pat: 
0x805c0e110
  26    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: < 
aftr-109-91-37-7.unity-media.net[109.91.37.7]: QUIT
  27    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: > 
aftr-109-91-37-7.unity-media.net[109.91.37.7]: 221 2.0.0 Bye
  28    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: match_hostname: 
smtpd_client_event_limit_exceptions: aftr-109-91-37-7.unity-media.net ~? 
10.2.8.1/32
  29    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: match_hostaddr: 
smtpd_client_event_limit_exceptions: 109.91.37.7 ~? 10.2.8.1/32
  30    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: match_hostname: 
smtpd_client_event_limit_exceptions: aftr-109-91-37-7.unity-media.net ~? 
[fd16:dcc0:f4cc:2::8:1]/128
  31    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: match_hostaddr: 
smtpd_client_event_limit_exceptions: 109.91.37.7 ~? [fd16:dcc0:f4cc:2::8:1]/128
  32    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: match_list_match: 
aftr-109-91-37-7.unity-media.net: no match
  33    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: match_list_match: 
109.91.37.7: no match
  34    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: send attr request = 
disconnect
  35    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: send attr ident = 
submission:109.91.37.7
  36    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: private/anvil: 
wanted attribute: status
  37    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: input attribute 
name: status
  38    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: input attribute 
value: 0
  39    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: private/anvil: 
wanted attribute: (list terminator)
  40    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: input attribute 
name: (end)
  41    Aug  3 20:16:00 mx postfix/submission/smtpd[82701]: disconnect from 
aftr-109-91-37-7.unity-media.net[109.91.37.7] ehlo=2 starttls=1 auth=1 mail=1 
rcpt=0/1 rset=1 quit=1 commands=7/8
--

Any help is very much appreciated.

    Niklaas

Reply via email to