1

Topic: Domain aliases

I set 3 domain aliases in iRedAdmin Pro, but it's not working.
It was working until yesterday. The only thing I changed yesterday is new record in Sender Whitelist.

I got this error in log:

NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 <my-name@alias-domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<my-name@my-domain.eu> to=<my-name@alias-domain.com> proto=ESMTP



==== Required information ====
- iRedMail version: 0.8.3
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: Debian
- Related log if you're reporting an issue:
====

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Domain aliases

Could you please try below steps and paste their output message here for troubleshooting?

# cd /etc/postfix/ldap/
# for cf in $(ls *cf); do echo ${cf}; postmap -q my-name@alias-domain.com ldap:./${cf}; done

And paste output of command "postconf -n" too.

3

Re: Domain aliases

catchall_maps.cf
recipient_bcc_maps_domain.cf
recipient_bcc_maps_user.cf
relay_domains.cf
sender_bcc_maps_domain.cf
sender_bcc_maps_user.cf
sender_login_maps.cf
transport_maps_domain.cf
transport_maps_user.cf
virtual_alias_maps.cf
virtual_group_maps.cf
virtual_group_members_maps.cf
virtual_mailbox_domains.cf
virtual_mailbox_maps.cf

===

alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases
allow_min_user = no
append_dot_mydomain = no
biff = no
bounce_queue_lifetime = 1d
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
delay_warning_time = 0h
disable_vrfy_command = yes
enable_original_recipient = no
home_mailbox = Maildir/
inet_interfaces = all
inet_protocols = ipv4
mailbox_command = /usr/lib/dovecot/deliver
mailbox_size_limit = 0
maximal_backoff_time = 4000s
maximal_queue_lifetime = 1d
message_size_limit = 26214400
minimal_backoff_time = 300s
mydestination = $myhostname, localhost, localhost.localdomain, localhost.$myhostname
mydomain = my-domain.eu
myhostname = mail.my-domain.eu
mynetworks = 127.0.0.0/8, 192.168.8.21, 192.168.8.81
mynetworks_style = subnet
myorigin = mail.my-domain.eu
proxy_read_maps = $canonical_maps $lmtp_generic_maps $local_recipient_maps $mydestination $mynetworks $recipient_bcc_maps $recipient_canonical_maps $relay_domains $relay_recipient_maps $relocated_maps $sender_bcc_maps $sender_canonical_maps $smtp_generic_maps $smtpd_sender_login_maps $transport_maps $virtual_alias_domains $virtual_alias_maps $virtual_mailbox_domains $virtual_mailbox_maps $smtpd_sender_restrictions
queue_run_delay = 300s
readme_directory = no
recipient_bcc_maps = proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_user.cf, proxy:ldap:/etc/postfix/ldap/recipient_bcc_maps_domain.cf
recipient_delimiter = +
relay_domains = $mydestination, crm.my-domain.eu, proxy:ldap:/etc/postfix/ldap/relay_domains.cf
relayhost =
sender_bcc_maps = proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_user.cf, proxy:ldap:/etc/postfix/ldap/sender_bcc_maps_domain.cf
smtp_data_init_timeout = 240s
smtp_data_xfer_timeout = 600s
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,permit_sasl_authenticated, check_helo_access pcre:/etc/postfix/helo_access.pcre
smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unlisted_recipient, check_policy_service inet:127.0.0.1:7777, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, check_policy_service inet:127.0.0.1:10031
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_path = ./dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:ldap:/etc/postfix/ldap/sender_login_maps.cf
smtpd_sender_restrictions = permit_mynetworks, reject_sender_login_mismatch, permit_sasl_authenticated
smtpd_tls_CAfile = /etc/ssl/certs/ACMT_Certificate_authority.pem
smtpd_tls_cert_file = /etc/ssl/certs/iRedMail_CA.pem
smtpd_tls_key_file = /etc/ssl/private/iRedMail.key
smtpd_tls_loglevel = 0
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:/etc/postfix/transport, proxy:ldap:/etc/postfix/ldap/transport_maps_user.cf, proxy:ldap:/etc/postfix/ldap/transport_maps_domain.cf
virtual_alias_domains =
virtual_alias_maps = proxy:ldap:/etc/postfix/ldap/virtual_alias_maps.cf, proxy:ldap:/etc/postfix/ldap/virtual_group_maps.cf, proxy:ldap:/etc/postfix/ldap/virtual_group_members_maps.cf, proxy:ldap:/etc/postfix/ldap/catchall_maps.cf
virtual_gid_maps = static:1000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_domains.cf
virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap/virtual_mailbox_maps.cf
virtual_minimum_uid = 1000
virtual_transport = dovecot
virtual_uid_maps = static:1000

4

Re: Domain aliases

casey wrote:

catchall_maps.cf
recipient_bcc_maps_domain.cf
recipient_bcc_maps_user.cf
relay_domains.cf
sender_bcc_maps_domain.cf
sender_bcc_maps_user.cf
sender_login_maps.cf
transport_maps_domain.cf
transport_maps_user.cf
virtual_alias_maps.cf
virtual_group_maps.cf
virtual_group_members_maps.cf
virtual_mailbox_domains.cf
virtual_mailbox_maps.cf

No output in postmap commands. Here comes the questions:

- Did you have this alias domain enabled? You can check it with iRedAdmin-Pro.
- Did you replace "my-name@alias-domain.com" by a valid email address? if not, try again.
- If you did replace it by valid address, that means Postfix cannot find this user. Please show me content of file /etc/postfix/ldap/virtual_mailbox_maps.cf?

5

Re: Domain aliases

Yes, aliases are enabled (tre are 3 domain aliases)

"my-name@alias-domain.com" is for this forum only. There is a real e-mail address on real server.

====

#
# File generated by iRedMail (2012.02.26.02.31.29):
#
# Version:  0.7.4
# Project:  http://www.iredmail.org/
#
# Community: http://www.iredmail.org/forum/
#

server_host     = 127.0.0.1
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=my-domain,dc=eu
bind_pw         = my-password
search_base     = o=domains,dc=my-domain,dc=eu
scope           = sub
query_filter    = (&(objectClass=mailUser)(|(mail=%s)(&(enabledService=shadowaddress)(shadowAddress=%s)))(accountStatus=active)(enabledService=mail)(enabledService=deliver))
result_attribute= mailMessageStore
result_format   = %s/Maildir/
debuglevel      = 0

"my-domain" and "my-password" are changed

6

Re: Domain aliases

virtual_mailbox_maps.cf is fine. Could you please

*) export LDIF data of your primary domain which has 3 alias domains (and not working properly)
*) export LDIF data of your user "my-name@alias-domain.com"

7

Re: Domain aliases

# LDIF Export for domainName=my-domain.eu,o=domains,dc=my-domain,dc=eu
# Server: My LDAP Server (127.0.0.1)
# Search Scope: base
# Search Filter: (objectClass=*)
# Total Entries: 1
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on February 28, 2013 7:03 pm
# Version: 1.2.0.5

version: 1

# Entry 1: domainName=my-domain.eu,o=domains,dc=my-domain,dc=eu
dn: domainName=my-domain.eu,o=domains,dc=my-domain,dc=eu
accountstatus: active
domainadmin: postmaster@my-domain.eu
domainaliasname: alias-domain1.com
domainaliasname: alias-domain2.com
domainaliasname: alias-domain3.com
domaincurrentaliasnumber: 6
domaincurrentlistnumber: 22
domaincurrentquotasize: 1293649182720
domaincurrentusernumber: 129
domainname: my-domain.eu
enabledservice: mail
enabledservice: senderbcc
enabledservice: recipientbcc
enabledservice: domainalias
mtatransport: dovecot
objectclass: mailDomain

=====================================

I have no user "my-name@alias-domain.com". All users belongs to primary domain "my-domain.eu".

8

Re: Domain aliases

Found the root cause. You have three alias domains in attribute "domainAliasName", but user under primary doesn't have attribute "shadowAddress" for these alias domains. e.g. shadowAddress=my-name@alias-domain1.com.

This is a bug in iRedAdmin-Pro-LDAP-1.8.1, and was fixed in development edition. Sorry about this trouble.

Attachment is patch for iRedAdmin-Pro-LDAP-1.8.1, you can follow below steps to apply this patch on your server:

1) Download attached patch, upload it to your server which has iRedAdmin-Pro-LDAP-1.8.1 running. Assume uploaded file is
/root/alias_domain.patch.

2) Change working directory to the root directory of iRedAdmin-Pro-LDAP-1.8.1. For example:

# cd /usr/share/apache2/iRedAdmin-Pro-LDAP-1.8.1/

3) Verify the patch with command 'patch --dry-run -p1':

# patch --dry-run -p1 < /root/alias_domain.patch
patching file libs/ldaplib/domain.py
Hunk #1 succeeded at 366 (offset 14 lines).
Hunk #2 succeeded at 383 (offset 14 lines).
Hunk #3 succeeded at 403 (offset 14 lines).
Hunk #4 succeeded at 453 (offset 14 lines).
Hunk #5 succeeded at 465 (offset 14 lines).
Hunk #6 succeeded at 474 (offset 14 lines).
Hunk #7 succeeded at 526 (offset 14 lines).

Note: All lines have word 'succeeded'.

4) If you got the SAME output message, it's safe to apply it without '--dry-run' immediately:

# patch -p1 < /root/alias_domain.patch

5) Restart Apache web server to reload patched file.

6) IMPORTANT: Now login to iRedAdmin-Pro, delete existing alias domains first, then re-add it.

That's all. Let me know whether it works for you or not.

9

Re: Domain aliases

All done, but it doesn't work. I got the same error message. :-(

10

Re: Domain aliases

- Did you restart Apache?
- Did you remove existing alias domains first, then re-add them?

11

Re: Domain aliases

- Yes

- Yes. I removed all of them and disable aliases. Then I enabled aliases and re-add domains.

:-(

12

Re: Domain aliases

Sorry about this trouble.
Could you please paste LDIF data of the primary domain and one of user again? I need to check LDIF data for troubleshooting.

13

Re: Domain aliases

# LDIF Export for domainName=my-domain.eu,o=domains,dc=my-domain,dc=eu
# Server: My LDAP Server (127.0.0.1)
# Search Scope: base
# Search Filter: (objectClass=*)
# Total Entries: 1
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on March 1, 2013 8:45 pm
# Version: 1.2.0.5

version: 1

# Entry 1: domainName=my-domain.eu,o=domains,dc=my-domain,dc=eu
dn: domainName=my-domain.eu,o=domains,dc=my-domain,dc=eu
accountstatus: active
domainadmin: postmaster@my-domain.eu
domainaliasname: alias-domain1.com
domainaliasname: alias-domain2.com
domainaliasname: alias-domain3.com
domaincurrentaliasnumber: 6
domaincurrentlistnumber: 22
domaincurrentquotasize: 1293649182720
domaincurrentusernumber: 129
domainname: my-domain.eu
enabledservice: mail
enabledservice: senderbcc
enabledservice: recipientbcc
enabledservice: domainalias
mtatransport: dovecot
objectclass: mailDomain

===================================


# LDIF Export for mail=my-user@my-domain.eu,ou=Users,domainName=my-domain.eu,o=domains,dc=my-domain,dc=eu
# Server: My LDAP Server (127.0.0.1)
# Search Scope: base
# Search Filter: (objectClass=*)
# Total Entries: 1
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on March 1, 2013 8:50 pm
# Version: 1.2.0.5

version: 1

# Entry 1: mail=my-user@my-domain.eu,ou=Users,domainName=my-domain.eu,o=domai...
dn: mail=my-user@my-domain.eu,ou=Users,domainName=my-domain.eu,o=domains,dc=my-d
omain,dc=eu
accountstatus: active
amavislocal: TRUE
cn:: my-domain-in-base64
enabledservice: mail
enabledservice: deliver
enabledservice: lda
enabledservice: smtp
enabledservice: smtpsecured
enabledservice: pop3
enabledservice: pop3secured
enabledservice: imap
enabledservice: imapsecured
enabledservice: managesieve
enabledservice: managesievesecured
enabledservice: sieve
enabledservice: sievesecured
enabledservice: forward
enabledservice: senderbcc
enabledservice: recipientbcc
enabledservice: internal
enabledservice: shadowaddress
enabledservice: displayedInGlobalAddressBook
enabledservice: doveadm
enabledservice: lib-storage
homedirectory: /var/vmail/vmail1/my-domain.eu/j/s/a/my-user-2012.02.26.04.09.26
/
mail: my-user@my-domain.eu
mailmessagestore: vmail1/my-domain.eu/j/s/a/my-user-2012.02.26.04.09.26/
mailquota: 10485760000
memberofgroup: support@my-domain.eu
memberofgroup: allcz@my-domain.eu
objectclass: inetOrgPerson
objectclass: mailUser
objectclass: shadowAccount
objectclass: amavisAccount
sn: my-user
storagebasedirectory: /var/vmail
title: IT support
uid: my-user
userpassword: my-password

14

Re: Domain aliases

Well, still no "shadowAddress=my-user@[ALIAS-DOMAIN]" in user LDIF.
is it ok for you to try the latest development edition? I can send you via email. If ok, please mail to "support _at_ iredmail.org" to ask one.

15

Re: Domain aliases

It works! Great

BTW: Is it just for local delivery, or does it work from outside as well?

16

Re: Domain aliases

casey wrote:

BTW: Is it just for local delivery, or does it work from outside as well?

Both. smile

17

Re: Domain aliases

Cool :-) It's very helpfull for migration from another server :-)