Hi, what is the output when you test if testing is possible of say these commands ?
postmap -q racoo...@tamu.edu ldap:/etc/postfix/tamu.ldap postmap -q bad_a...@tamu.edu ldap:/etc/postfix/tamu.ldap if I'm sending you down the wrong rabbit hole I am sure someone more savvy will help out. -ANGELO FAZZINA ang...@uconn.edu University of Connecticut, ITS, SSG, Server Systems 860-486-9075 From: owner-postfix-us...@postfix.org <owner-postfix-us...@postfix.org> On Behalf Of Cooper, Robert A Sent: Friday, June 21, 2019 9:44 AM To: postfix-users@postfix.org Subject: Rejecting mail if LDAP lookup returns empty Howdy! We are setting up Postfix to be an on-premise mail lookup and forward service for a cloud-based mail filter service (ProofPoint). Our campus uses LDAP to route email from a public alias (@tamu.edu) to an internal mailbox (e.g., @exchange.tamu.edu) or external destination such as yahoo or gmail. The issue we are seeing is that the lookups are working just fine, but if an email is sent to a bogus public alias or a valid alias without a defined routing address in LDAP, Postfix then attempts to pass on the @tamu.edu address to the next hop instead of failing the lookup and bouncing. We are running postfix 2.10.1 (CentOS 7) and I can't seem to find a configuration that will fail messages back if there is no LDAP mailRoutingAddress. Right now, we are getting bounces but they are being generated from the on-prem ProofPoint appliance and not Postfix. The on-prem appliances are going away (which is what prompted this change to begin with). Is there something I'm missing in configuration that would fail if LDAP does not return a routing address? Thanks, RobertC postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_at_myorigin = yes biff = no command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix debug_peer_level = 2 debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 defer_transports = disable_dns_lookups = no disable_mime_output_conversion = no disable_vrfy_command = yes html_directory = no inet_interfaces = all inet_protocols = ipv4 lmtp_destination_concurrency_limit = 2 lmtp_host_lookup = native mail_owner = postfix mail_spool_directory = /var/mail mailbox_command = mailbox_size_limit = 0 mailbox_transport = mailq_path = /usr/bin/mailq.postfix manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = root message_size_limit = 52428800 mydestination = $myhostname, localhost.$mydomain mydomain = syse.tamu.edu mynetworks = /etc/postfix/mynetworks.cidr myorigin = $myhostname newaliases_path = /usr/bin/newaliases.postfix queue_directory = /var/spool/postfix queue_run_delay = 300s readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES relayhost = sample_directory = /usr/share/doc/postfix-2.10.1/samples sendmail_path = /usr/sbin/sendmail.postfix setgid_group = postdrop smtp_host_lookup = native smtp_sasl_auth_enable = no smtp_use_tls = no smtpd_client_connection_count_limit = 1000 smtpd_client_restrictions = smtpd_helo_required = no smtpd_helo_restrictions = smtpd_recipient_limit = 1000 smtpd_recipient_restrictions = permit_mynetworks,reject_unknown_recipient_domain,reject_unverified_recipient smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sasl_auth_enable = no smtpd_use_tls = no strict_8bitmime = no strict_rfc821_envelopes = no transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_maps = ldap:/etc/postfix/tamu.ldap postconf -M smtp inet n - n - - smtpd pickup unix n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp -o smtp_fallback_relay= showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache
