1 (edited by ivuzunov 2012-04-19 01:08:08)

Topic: Mail aliases with LDAP backend problem

==== Provide required information to help troubleshoot and get quick answer ====
- iRedMail version: 0.7.4 LDAP backend with AD integration
- Linux/BSD distribution name and version: CentOS 6.2 64 bit
- Any related log? Log is helpful for troubleshooting.
====

Hi , i installed iRedMail (openldap) and did the AD integration. Everything works fine for now except i cannot make aliases to work.
I have real mailbox called admin@xentio.local (this is valid AD account also) and i want to setup several aliases to go to this account for example cats@xentio.local ->admin@xentio.local

So i follow step by step manual from here : http://iredmail.org/wiki/index.php?titl … pLDAPadmin but it didnt work. When i try to send a mail to cats@xentio.local i receive this error in maillog :
NOQUEUE: reject: RCPT from unknown[192.168.3.188]: 550 5.1.1 <cats@xentio.local>: Recipient address rejected: User unknown in virtual mailbox table; from=<dj@test.com> to=<cats@xentio.local> proto=SMTP helo=<dude>

I search the forums and found some topics but my configuration looks OK here is my LDIF :

# LDIF Export for mail=cats@xentio.local,ou=Aliases,domainName=xentio.local,o=domains,dc=xentio,dc=local
# Server: My LDAP Server (127.0.0.1)
# Search Scope: base
# Search Filter: (objectClass=*)
# Total Entries: 1
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on April 19, 2012 1:05 am
# Version: 1.2.2

version: 1

# Entry 1: mail=cats@xentio.local,ou=Aliases,domainName=xentio.local,o=do...
dn: mail=cats@xentio.local,ou=Aliases,domainName=xentio.local,o=domains,dc=x
entio,dc=local
accountstatus: active
cn: Alias for CATS
description: Alias for CATS
enabledservice: mail
enabledservice: deliver
mail: cats@xentio.local
mailforwardingaddress: test@xentio.local
objectclass: mailAlias
objectclass: top


So .. what i am doing wrong ? smile

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Mail aliases with LDAP backend problem

Dear ivuzunov,

You have AD integrated, then all mail accounts are stored in AD, not OpenLDAP anymore. So please add alias account in AD instead.

3

Re: Mail aliases with LDAP backend problem

ZhangHuangbin wrote:

Dear ivuzunov,

You have AD integrated, then all mail accounts are stored in AD, not OpenLDAP anymore. So please add alias account in AD instead.

OK thank you for this response. I have one more quick question. In this situation can i still use /etc/postfix/aliases file to add some simple aliases or this file is not used anymore if i do AD implementation and i need to do ALL of this things into AD ?

4

Re: Mail aliases with LDAP backend problem

If you have 'alias_maps = /etc/postfix/aliases' in Postfix main.cf, then it's ok.

5

Re: Mail aliases with LDAP backend problem

ZhangHuangbin wrote:

If you have 'alias_maps = /etc/postfix/aliases' in Postfix main.cf, then it's ok.

Yes i have it and i put this in it on the bottom :
cats:admin

after it i did 'newalias' command and restarted postfix service but now when i try to send a mail to the alias (cats@xentio.local) that suppose to fwd this to the real box admin@xentio.local it still not working and something strange happends , here is the example :

telnet cancer.xentio.local 25
Trying 192.168.1.2...
Connected to cancer.xentio.local.
Escape character is '^]'.
220 cancer.xentio.local ESMTP Postfix
helo dude
250 cancer.xentio.local
mail from:<test@test.com>
250 2.1.0 Ok
rcpt to:<cats@xentio.local>
550 5.1.1 <cats@xentio.local>: Recipient address rejected: User unknown in virtual mailbox table
rcpt to:<cats@cancer.xentio.local>
250 2.1.5 Ok

  So .. its still not working for @xentio.local i check my main.cf file that is generated by iRedMail everything looks OK :
virtual_alias_domains =
myhostname = cancer.xentio.local
myorigin = cancer.xentio.local
mydomain = xentio.local


So any clue why this happends ?

6

Re: Mail aliases with LDAP backend problem

ivuzunov wrote:

myhostname = cancer.xentio.local

Since you have myhostname set to 'cancer.xentio.local', the alias user should be: cats@cancer.xentio.local.

7

Re: Mail aliases with LDAP backend problem

ZhangHuangbin wrote:
ivuzunov wrote:

myhostname = cancer.xentio.local

Since you have myhostname set to 'cancer.xentio.local', the alias user should be: cats@cancer.xentio.local.

  Hi,
  I tried to put this (cats@cancer.xentio.local: admin) in /etc/postfix/aliases and run newaliases command after it but the command output an error :

postalias: warning: /etc/postfix/aliases, line 99: name must be local

If i understand the format right, in the left part of the file i can put only local users on the machine and i cannot put "@" symbol in this file.
So this solution is not working for me and i cannot use it in my case right ?

8

Re: Mail aliases with LDAP backend problem

Sorry for this confusion.

In /etc/postfix/aliases, it should be:

cats: admin

To send email to user cats, you should use email address cats@cancer.xentio.local.

9

Re: Mail aliases with LDAP backend problem

ZhangHuangbin wrote:

Sorry for this confusion.

In /etc/postfix/aliases, it should be:

cats: admin

To send email to user cats, you should use email address cats@cancer.xentio.local.

Yes i understand this too smile so to to finalize, there is no way to make a working alias for cats@xentio.local > admin@xentio.local using /etc/postfix/aliasses and i need to figure out how to do it from AD and after it to learn how to configure postfix-ldap backend to read this aliases from AD ? smile

10

Re: Mail aliases with LDAP backend problem

ivuzunov wrote:

i need to figure out how to do it from AD and after it to learn how to configure postfix-ldap backend to read this aliases from AD ?

Two ways:

1) Add account in AD to achieve this.
2) Add one more hash map in Postfix setting: virtual_alias_maps. For example:

virtual_alias_maps = hash:/etc/postfix/virtual_aliases, [...OMIT ORIGINAL SETTINGS HERE]

Then add alias for cats@xentio.local in /etc/postfix/virtual_aliases. Refer to Postfix doc for more detail: http://www.postfix.org/virtual.5.html

11

Re: Mail aliases with LDAP backend problem

hum, i setup a fresh AD integration.
Everything fine so far.

but how to ad an Alias in the microsoft AD ?
any idea ?

i use the "mail" Field for authenticating.

12

Re: Mail aliases with LDAP backend problem

Frankstar wrote:

but how to ad an Alias in the microsoft AD ?

Do you mean a mail list? If so, it's already mentioned in integration tutorial:
http://www.iredmail.org/wiki/index.php? … in_Postfix

Search "Verify mail list/group" in above link.

13 (edited by Frankstar 2013-03-18 21:26:36)

Re: Mail aliases with LDAP backend problem

hum, yeah thats an option.
But not the greatest.

so i have to create  a Group for each user in case, someone needs a alias adresse.
but if this is the only option ....

14

Re: Mail aliases with LDAP backend problem

What do you mean "a group for each user"? You mean alias address for mail user, or a standalone mail alias account?
- If it's a standalone mail alias account, please use "group" in AD instead.
- If it's alias address of mail user, check how we achieve this with OpenLDAP.

15 (edited by Frankstar 2013-03-18 21:46:03)

Re: Mail aliases with LDAP backend problem

Standalone mail alias is clear, and work perfect.

Alias adress of mail user is the problem, i will look into, but i think i have to wait till someone prepare the ground.
im good in "solve problems" but not in "create new features"


thanks anyway, greate and fast support, like the past years.

16

Re: Mail aliases with LDAP backend problem

Well, alias address of mail user is achieved this way:

*) Mail user has a LDAP attribute to store its primary email address. e.g. mail=user@domain.com.
*) Use addition LDAP attribute to store its alias addresses. in iRedMail with OpenLDAP, we use 'shadowAddress=user_alias@domain.com'. Of course you can other attribute, whatever you like.

So the LDIF of this user looks like below:

dn: mail=user@domain.com,xxx
mail: user@domain.com
shadowAddress: user_alias_01@domain.com
shadowAddress: user_alias_02@domain.com
shadowAddress: user_alias_03@domain.com
...

Primary mail addess is user@domain.com, with 3 alias addresses: user_alias_01@, user_alias_02@, user_alias_03@. Of course you can add as many alias addresses as you want.

17 (edited by Frankstar 2013-03-18 23:14:18)

Re: Mail aliases with LDAP backend problem

One Idea,
Maybe we could use the "proxyAdresse" Attribute from AD ?
Exchange also use this Attribute to store multiple mail adresses in this.

i use "mail" for primary too.

but i dont know how to config postfix for that, or prepare postfix.

sorry for stealing your time, but i will google for a solution too.
Maybe we could expand your wiki later.
I found some "bugs" and improved some parts.

and thnx ! you are helping alot ! and i learn alot smile


hm, researched a little bit,
you use the postconf -e virtual_alias_maps= for the "ldap:/etc/postfix/ad_virtual_group_maps.cf"

so, could i use both options, like create a postconf -e virtual_group_maps for the groups
and virtual_alias_maps for a "ldap:/etc/postfix/ad_virtual_alias_maps.cf" ?

or is this a either ... or config ?

18 (edited by Frankstar 2013-03-18 23:48:40)

Re: Mail aliases with LDAP backend problem

just play around:

createt a "/etc/postfix/ad_virtual_alias_maps.cf"
with this code:

server_host     = 10.0.1.10
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = vmail
bind_pw         = psssst-secret
search_base     = ou=Users,ou=Team,dc=server,dc=local
scope           = sub
query_filter    = (&(objectClass=group)(proxyAddresses=%s))
result_attribute= mailForwardingAddress
debuglevel      = 0

Try to test it with:

postmap -q testa@domain.com ldap:/etc/postfix/ad_virtual_alias_maps.cf
postmap -q klaus.name@domain.com ldap:/etc/postfix/ad_virtual_alias_maps.cf

no response.

it seems, my problem is the  "query_filter    = (&(objectClass=group)(proxyAddresses=%s))"


Active Directory: ProxyAddresses, here you can add it
http://i.imgur.com/H3qlgOq.jpg



Test Query:
http://i.imgur.com/Cw2Vc0E.jpg

19 (edited by Frankstar 2013-03-19 00:18:10)

Re: Mail aliases with LDAP backend problem

sorry for spamming,

but i found my fault

server_host     = 10.0.1.10
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = vmail
bind_pw         = psssst-secret
search_base     = ou=Users,ou=Team,dc=server,dc=local
scope           = sub
query_filter    = (&(objectClass=person)(mail=%s))
result_attribute= proxyAddresses
debuglevel      = 0

changed (forgot to change after copy the sample config from iredmail)

query_filter    = (&(objectClass=group)(proxyAddresses=%s))
result_attribute= mailForwardingAddress

Try to test it with:

postmap -q klaus.name@domain.com ldap:/etc/postfix/ad_virtual_alias_maps.cf

and it shows:

testb@domain.com, testa@domain.com

!

so now i need help to integrate this to postfix, no glue here.

20 (edited by Frankstar 2013-03-20 09:53:05)

Re: Mail aliases with LDAP backend problem

ok. i get something wrong.
But now it works !

Create new file "/etc/postfix/ad_virtual_alias_maps.cf"

server_host     = hostname-or-ip
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = vmail
bind_pw         = Secret-password
search_base     = ou=Users,ou=Team,dc=mydomain,dc=local
scope           = sub
query_filter    = (proxyAddresses=%s)
result_attribute= mail
debuglevel      = 0

add it to Postfix via postconf:

postconf -e virtual_alias_maps='proxy:ldap:/etc/postfix/ad_virtual_alias_maps.cf, proxy:ldap:/etc/postfix/ad_virtual_group_maps.cf'

so postfix handle first the alias adresses, then the maillist (group)


tested and it works.
Keep in mind, "proxyAddresses" is a standard Windows AD Attribute.

Exchange Server use this Attribute for alias Addresses too.

my config also works with different Domains.
Just use the "mail" Attribute in AD for users.
No Need for more OUs or hardcoded domains in config files.

You need to adjust the postfix and dovecot files for that.

21

Re: Mail aliases with LDAP backend problem

Hi Frankstar,

Could you show us all differences from your server and our tutorial? http://www.iredmail.org/wiki/index.php? … y.iRedMail
So that i can improve this tutorial.