Re: smtpd_recipient_restrictions with ldap

2017-04-07 Thread Paolo Barbato
Hi, waiting for CGPro upcoming release with promised search fixing, I've sorted out the warning: dict_ldap_lookup: Search error 1: Operations error, adding a domain= list of my internal domains in ldaprfx.cf, and so stopping mail=%s expansion . In main.cf I’ve added proxy:ldap:/opt/trend/imss

Re: smtpd_recipient_restrictions with ldap

2017-04-04 Thread Paolo Barbato
> On 5 Apr 2017, at 01:21, Brett @Google wrote: > > On Wed, Apr 5, 2017 at 5:35 AM, Paolo Barbato > wrote: > > I've anyway just receive a feedback from CGPro developers that I share as > promised: > >> For 6.2c3 (later this April): >> LDAP: search for non-rou

Re: smtpd_recipient_restrictions with ldap

2017-04-04 Thread Paolo Barbato
> On 5 Apr 2017, at 01:08, Viktor Dukhovni wrote: > > >> On Apr 4, 2017, at 3:35 PM, Paolo Barbato wrote: >> >> here new ldaprfx.cf >> >> server_host = 150.178.3.89:389 >> bind=no >> search_base = mail=%s,dc=cgprouter >> scope = base >> query_filter = mail=%s >> result_attribute = mail >> re

Re: smtpd_recipient_restrictions with ldap

2017-04-04 Thread Brett @Google
On Wed, Apr 5, 2017 at 5:35 AM, Paolo Barbato wrote: > > I've anyway just receive a feedback from CGPro developers that I share as > promised: > > For 6.2c3 (later this April): > LDAP: search for non-routable address under the dc=cgprouter base now > returns empty result rather than routing error

Re: smtpd_recipient_restrictions with ldap

2017-04-04 Thread Viktor Dukhovni
> On Apr 4, 2017, at 3:35 PM, Paolo Barbato wrote: > > here new ldaprfx.cf > > server_host = 150.178.3.89:389 > bind=no > search_base = mail=%s,dc=cgprouter > scope = base > query_filter = mail=%s > result_attribute = mail > result_format = OK %s > version = 3 > > here postmap check > [root@ma

Re: smtpd_recipient_restrictions with ldap

2017-04-04 Thread Paolo Barbato
Viktor, here new ldaprfx.cf server_host = 150.178.3.89:389 bind=no search_base = mail=%s,dc=cgprouter scope = base query_filter = mail=%s result_attribute = mail result_format = OK %s version = 3 here postmap check [root@mail2 postfix]# postmap -q bar...@igi.cnr.it ldap:/opt/trend/imss/postfix/

Re: smtpd_recipient_restrictions with ldap

2017-04-04 Thread Viktor Dukhovni
> On Apr 4, 2017, at 12:30 PM, Paolo Barbato wrote: > >> For better performance, change "ldap:ldaprfx" to "proxy:ldap:ldaprfx" > > Very effective suggestions, although if CGPro developers > will accept my proposal, I'm confident that I'll be able > to add CGPro virtual base directly using IMSVA

Re: smtpd_recipient_restrictions with ldap

2017-04-04 Thread Paolo Barbato
Hi Viktor, Il giorno 04/apr/2017, alle ore 18.02, Viktor Dukhovni ha scritto: > On Tue, Apr 04, 2017 at 08:48:33AM +0200, Paolo Barbato wrote: > >> I’m using following rules in main.cf >> >> smtpd_recipient_restrictions = >> permit_mynetworks, >> check_recipient_access >> regexp:/opt

Re: smtpd_recipient_restrictions with ldap

2017-04-04 Thread Viktor Dukhovni
On Tue, Apr 04, 2017 at 04:02:34PM +, Viktor Dukhovni wrote: > > Here what ldapsearch returns: > > > > ldapsearch -v -LLL -h -b"dc=cgprouter" -x -s one 'mail=notexist@xx' > > ldap_initialize( ldap://xxx) > > filter: mail=notexist@xxx > > requesting: All userApplication attributes > > No s

Re: smtpd_recipient_restrictions with ldap

2017-04-04 Thread Viktor Dukhovni
On Tue, Apr 04, 2017 at 08:48:33AM +0200, Paolo Barbato wrote: > I’m using following rules in main.cf > > smtpd_recipient_restrictions = > permit_mynetworks, > check_recipient_access > regexp:/opt/trend/imss/postfix/etc/postfix/access, > reject_unauth_pipelining, > reject

Re: smtpd_recipient_restrictions with ldap

2017-04-04 Thread Christian Rößner
> Am 04.04.2017 um 17:22 schrieb Viktor Dukhovni : > > >> On Apr 4, 2017, at 10:53 AM, Christian Rößner >> wrote: >> >>> smtpd_recipient_restrictions = >> ... >>> ldap:ldaprfx, >> ... >> >> Maybe I am wrong, but aren't you missing a keyword here? Something like >> check_sender_access or ch

Re: smtpd_recipient_restrictions with ldap

2017-04-04 Thread Viktor Dukhovni
> On Apr 4, 2017, at 10:53 AM, Christian Rößner > wrote: > >> smtpd_recipient_restrictions = > ... >> ldap:ldaprfx, > ... > > Maybe I am wrong, but aren't you missing a keyword here? Something like > check_sender_access or check_recipient_access or vice versa? > > ... > check_XYZ_access lda

Re: smtpd_recipient_restrictions with ldap

2017-04-04 Thread Christian Rößner
> Am 04.04.2017 um 17:04 schrieb Paolo Barbato : > > Hi Christian, the keyword can be omitted see > http://postfix.1071664.n5.nabble.com/smtpd-recipient-restrictions-multiple-tables-in-check-recipient-access-td86603.html I just read the official documentation (man 5 postconf) under smtpd_reci

Re: smtpd_recipient_restrictions with ldap

2017-04-04 Thread Paolo Barbato
Hi Christian, the keyword can be omitted see http://postfix.1071664.n5.nabble.com/smtpd-recipient-restrictions-multiple-tables-in-check-recipient-access-td86603.html Regar

Re: smtpd_recipient_restrictions with ldap

2017-04-04 Thread Christian Rößner
Hi, > Am 04.04.2017 um 08:48 schrieb Paolo Barbato : > > smtpd_recipient_restrictions = ... > ldap:ldaprfx, ... Maybe I am wrong, but aren't you missing a keyword here? Something like check_sender_access or check_recipient_access or vice versa? ... check_XYZ_access ldap:ldaprfx, ... Christian

Re: smtpd_recipient_restrictions with ldap

2017-04-04 Thread Paolo Barbato
> On 4 Apr 2017, at 13:16, Brett Maxfield wrote: > > The documentation on that link says dc=cgprouter is virtual, which means it > literally wont exist in ldap (wont be found), maybe its an error in the way > the mapping is configured, it only rewrites children of that virtual domain > to the

Re: smtpd_recipient_restrictions with ldap

2017-04-04 Thread Brett Maxfield
The documentation on that link says dc=cgprouter is virtual, which means it literally wont exist in ldap (wont be found), maybe its an error in the way the mapping is configured, it only rewrites children of that virtual domain to the matching ldap.. so maybe you need to ask the developers of th

Re: smtpd_recipient_restrictions with ldap

2017-04-04 Thread Paolo Barbato
I use CommuniGate as mailer and they allow a “virtual" ldap tree (very useful in my specific situation) that use dc=cgprouter as base search. http://www.communigate.com/CommuniGatePro/LDAP.html#RouterDN Trouble arise since ldap sear

Re: smtpd_recipient_restrictions with ldap

2017-04-04 Thread Michael Ströder
Paolo Barbato wrote: > postmap: warning: dict_ldap_lookup: > /opt/trend/imss/OpenLDAP/etc/openldap/myBad.cf: > Search base 'dc=cgprouter' not found: 32: No such object As Brett already said: Most likely this configuration line is wrong: ldaprfx_search_base = dc=cgprouter Make sure to put the ri

Re: smtpd_recipient_restrictions with ldap

2017-04-04 Thread Paolo Barbato
Hi Brett, yes 4.3.5 is really an error, but when a valid user is found no error is returned. Such problem arise since ldap return 32: No such object. [root@mail2 openldap]# postmap -q barb...@igi.cnr.it ldap:/opt/trend/imss/OpenLDAP/etc/openldap/myBad.cf OK barb...@igi.cnr.it [root@mail2 ope

Re: smtpd_recipient_restrictions with ldap

2017-04-04 Thread Brett Maxfield
This is not a warning, it is an error, your base might be wrong. your ldapsearch test would return the same result even if the base was wrong.. try searching for something that exists.. open yourldap with a ldap gui and cut and paste the base, or better test your search config file with postmap

smtpd_recipient_restrictions with ldap

2017-04-03 Thread Paolo Barbato
Hi. I’m using following rules in main.cf smtpd_recipient_restrictions = permit_mynetworks,check_recipient_access regexp:/opt/trend/imss/postfix/etc/postfix/access,reject_unauth_pipelining, reject_non_fqdn_recipient,reject_unknown_recipient_domain, reject_unauth_destination, l