Re: Incorrect rewrite on senders address

Mon, 16 Jan 2023 21:22:54 -0800 

On Tue, Jan 17, 2023 at 11:29:51AM +0700, Olivier wrote:

> recipient_canonical_maps = ldap:$config_directory/ldap_user_uncanonical,
>     ldap:$config_directory/ldap_deleted_uncanonical
> sender_canonical_maps = ldap:$config_directory/ldap_canonical

The most likely problem table is "sender_canonical_maps".  By the way I
strongly don't recommend using different settings in the sender and
recipient canonical mappings, who's a header sender and who's a header
recipient is in the eye of the beholder (consider what happens in
replies).  Making these different has poor semantics.

> I have several rewrittings, all using LDAP, for example:
> 
> more ldap_canonical
> 
> # Rewrite user into firstname.lastname
> server_host= ldaps://ldap.cs.ait.ac.th/
> search_base= ou=People,ou=csim,dc=cs,dc=ait,dc=ac,dc=th
> query_filter = (&(mail=%s)(csimAccountPermission=mail))
> result_attribute= csimFullName
> scope= one
> version= 3

This uses "%s" (full address with domain), so should touch remote
addresses.  You could however configure a list of domains:

    domain = foo.example, bar.example, ...

which are the only ones to look up in LDAP.  On the other hand,
what is this table doing, "csimFullName" does not sound like
a mail address.  Are you trying to include/update display names
in the canonical table???  That can't work.

> Jan 17 10:18:06 mail postfix/cleanup[32377]: warning: 873DF89283:
> multi-valued sender_canonical_maps entry for [email protected]

Something is not right here, that address should presumably not be
listed in your

> The rewritting is occuring because in the LDAP entry for user
> [email protected], there is the value olivier2553@gmail
> defined as an forwarding alias in the attribute mail (attribute used in
> the canonical rule above).

Your LDAP schema/data is broken.  The "mail" attribute needs:

    - To be single-valued
    - To be the primary address of the user
    - MUST NOT be used for forwarding addresses, use a different
      attribute for that.

> I have to dig in deeper and understand how to limit the rewritting of
> the sender to outgoing messages.

Your LDAP schema is a mess, you need to solve the problem at a different
layer.  See some of the examples in LDAP_README.

-- 
    Viktor.

Reply via email to