virtual_alias_maps against local_recipient_maps

[jakjr]

Hello,

Is there a way to check the result of a iteration(email address) on
virtual_alias_maps(cleanup) against the local_recipient_maps (smtp) ?

Best Regards

Jakjr

Re: virtual_alias_maps against local_recipient_maps

[jakjr]

Hello,

I am using virtual_alias_maps to implement a simple mailing list.

l...@example.com, after virtual_alias_maps is aliased to
us...@example.com and us...@example.com.

local_recipient_maps prevents the reception of unknown users and, in
my case, disabled users too.

So, if I disable a us...@example.com, he stops receiving email.
(because local_recipient_maps in smtpd). But, if I send a email to
l...@example.com he still receiving the emails (because the result of
a virtual_alias_maps is not check again in local_recipient_maps).

I would like a way to re-check this results.

Best Regards,
Jakjr.

On Thu, Feb 12, 2009 at 5:43 PM, Noel Jones  wrote:
> jakjr wrote:
>>
>> Hello,
>>
>> Is there a way to check the result of a iteration(email address) on
>> virtual_alias_maps(cleanup) against the local_recipient_maps (smtp) ?
>>
>> Best Regards
>>
>> Jakjr
>
>
> No.  If you describe your problem maybe someone can give some helpful
> suggestions.
>
>  -- Noel Jones
>

Re: trouble with ldaps in ldap lookup map

[jakjr]

Try to use smtp without chroot:

master.cf:
smtp  inet  n   -   n   -   -   smtpd

On Fri, Jun 26, 2009 at 4:30 PM, Victor Duchovni <
victor.ducho...@morganstanley.com> wrote:

> On Fri, Jun 26, 2009 at 02:37:32PM -0400, Victor Duchovni wrote:
>
> > What exactly was working before and what did you change? You need
> > a version of the LDAP library with debugging symbols. Then single-step
> > "gdb" (debugging "postmap") through ldap_int_tls_init_ctx()
> >
> > called from   ldap_pvt_tls_set_option().
> > - openldap/libraries/libldap/tls.c line 332
> > case LDAP_OPT_X_TLS_NEWCTX:
> > if ( !arg ) return -1;
> > if ( lo->ldo_tls_ctx )
> > ldap_pvt_tls_ctx_free( lo->ldo_tls_ctx );
> > lo->ldo_tls_ctx = NULL;
> > return ldap_int_tls_init_ctx( lo, *(int *)arg );
> >
> > called from   ldap_set_option()
> > - openldap/libraries/libldap/options.c line 332
> > #ifdef HAVE_TLS
> >   if ( ldap_pvt_tls_get_option( ld, option, outvalue ) == 0 ) {
> >   return LDAP_OPT_SUCCESS;
> >   }
> > #endif
>
> Sorry the calling code is on line 670 of options.c (in 2.4.11)
>
>#ifdef HAVE_TLS
>if ( ldap_pvt_tls_set_option( ld, option, (void *)invalue ) == 0 )
> return LDAP_OPT_SUCCESS;
>#endif
>
> >
> > called from   dict_ldap_set_tls_options()
> > - postfix/src/global/dict_ldap.c line 560 -
> > #ifdef LDAP_OPT_X_TLS_NEWCTX
> >   if ((rc = ldap_set_option(ld, LDAP_OPT_X_TLS_NEWCTX, &am_server))
> >   != LDAP_SUCCESS) {
> >   msg_warn("%s: Unable to allocate new TLS context %d: %s",
> >myname, rc, ldap_err2string(rc));
> >   return (-1);
> >   }
> > #endif
> >
> > This code works with Postfix and OpenLDAP both using OpenSSL, I don't
> > have a GNUTLS build of OpenLDAP to test.
>
> --
>Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> 
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.
>

Re: Postfix with SASL Authentication against LDAP

[jakjr]

smtp and cleanup shoudn't use chroot in master.cf when usinf ssl+ldap.

Jakjr

On Thu, Aug 14, 2008 at 4:03 AM, Patrick Ben Koetter <[EMAIL PROTECTED]>wrote:

> * Alejandro Facultad <[EMAIL PROTECTED]>:
> >>> apt-get install sasl2-bin libsasl2-modules
> >>>
> >>> /etc/default/saslauthd:
> >>> START=yes
> >>> MECHANISMS="ldap"
> >>> MECH_OPTIONS=""
> >>> THREADS=5
> >>> OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
> >>>
> >>> /etc/saslauthd.conf:
> >>> ldap_servers: ldap://ldap.company.com/
> >>> ldap_search_base: ou=people,dc=company,dc=com
> >>> ldap_bind_dn: cn=admin,dc=company,dc=com
> >>> ldap_bind_pw: xyz
> >>> ldap_filter: (&(objectClass=CourierMailAccount)(cn=%U))
> >>> ldap_scope: sub
> >>> ldap_auth_method: bind
> >>>
> >>> I execute:
> >>> dpkg-statoverride --add root sasl 710
> >>> /var/spool/postfix/var/run/saslauthd
> >>> adduser postfix sasl
> >>>
> >>> /etc/postfix/sasl/smtpd.conf:
> >>> pwcheck_method: saslauthd
> >>> mech_list: plain login
> >>> log_level: 7
> >>>
> >>> /etc/postfix/master.cf:
> >>> smtp  inet  n   -   n   -   -   smtpd -o
> >>> content_filter=spamassassin  # No chroot
> >>>
> >>> /etc/postfix/main.cf:
> >>> # TLS
> >>> smtp_tls_security_level = may
> >>> smtpd_tls_security_level = may
> >>> smtpd_tls_auth_only = no
> >>> smtpd_tls_cert_file = /etc/courier/smtpd.cert
> >>> smtpd_tls_key_file = /etc/courier/smtpd.key
> >>> smtpd_tls_loglevel = 2
> >>> smtpd_tls_received_header = yes
> >>> smtpd_tls_session_cache_timeout = 3600s
> >>> tls_random_source = dev:/dev/urandom
> >>> # SASL
> >>> smtpd_sasl_auth_enable = yes
> >>> smtpd_sasl_security_options = noanonymous
> >>> smtpd_sasl_local_domain =
> >>> broken_sasl_auth_clients = yes
> >>> # SMTP Restrictions
> >>> smtpd_recipient_restrictions = permit_sasl_authenticate,
> >>> permit_mynetworks
> >>>
> >>> Restart postfix and saslauthd
> >>>
> >>> After that:
> >>>
> >>> $telnet mail 25
> >>>
> >>> and I see:
> >>> 250-STARTTLS
> >>> 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN
> >>> So TLS and SASL are OK.
> >>>
> >>> Finally I configure my mail client (Iceweasel) and sens a mail,
> >>> asking me for the password, but I FAIL !!! I see this in
> >>> /var/log/auth.log:
> >>>
> >>> Aug 13 15:25:45 mail postfix/cleanup[4182]: looking for plugins in
> >>> '/usr/lib/sasl2', failed to open directory, error: No such file or
> >>> directory
> >>> Aug 13 15:25:53 mail postfix/smtpd[4196]: looking for plugins in
> >>> '/usr/lib/sasl2', failed to open directory, error: No such file or
> >>> directory
> >>> Aug 13 15:27:15 mail postfix/cleanup[4222]: looking for plugins in
> >>> '/usr/lib/sasl2', failed to open directory, error: No such file or
> >>> directory
> >>> Aug 13 15:29:41 mail postfix/cleanup[4290]: looking for plugins in
> >>> '/usr/lib/sasl2', failed to open directory, error: No such file or
> >>> directory
> >>> Aug 13 15:29:57 mail postfix/smtpd[4303]: looking for plugins in
> >>> '/usr/lib/sasl2', failed to open directory, error: No such file or
> >>> directory
> >>> Aug 13 15:30:01 mail CRON[4306]: (pam_unix) session opened for user
> >>> vmail by (uid=0)
> >>> Aug 13 15:30:01 mail pam_limits[4306]: setrlimit limit #11 to
> >>> soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0
> >>> Aug 13 15:30:01 mail pam_limits[4306]: setrlimit limit #12 to
> >>> soft=-1, hard=-1 failed: Operation not permitted; uid=0 euid=0
> >>> Aug 13 15:30:01 mail CRON[4306]: (pam_unix) session closed for user
> >>> vmail
> >>>
> >>>
> >> You need to install either the courier or dovecot packages to provide
> >> the necessary utilities/libraries.
> >>
> >> For the courier option, you'll need libsasl2-modules and sasl2-bin at
> >> a minimum.  I don't think the dovecot packages have broken out the
> >> auth portion yet, so you would need to install dovecot-imapd and/or
> >> dovecot-pop3d.
> >>
> > I had libsasl2-modules and sasl2-bin as I just said above.
> >
> > What can I do 
>
> Simplify (for the moment).
>
> 1. $ ls -l /usr/lib/sasl2
> 2. Verify it works with testsaslauthd.
> 3. Move on to Postfix.
>
> [EMAIL PROTECTED]
>
> --
> The Book of Postfix
> <http://www.postfix-book.com>
> saslfinger (debugging SMTP AUTH):
> <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
>

Big Distribution List

[jakjr]

Hi Guys,

I have one big distribution list (100K emails). I'm using virtual_alias_maps
for that like this:

virtual_alias_maps = hash:/etc/postfix/virtual

where virtual:
[EMAIL PROTECTED]
  [EMAIL PROTECTED],
  .
  [EMAIL PROTECTED]

Everything is working fine, but when I send a email to this distribution
list, the postix cleanup process take 1 hour to finish.

I know this process is responsible for the checks, including expand the
virtual address, but, is there a way to speed up this process ?

Thanks
Jakjr