1 Topic by bjs59

  • bjs59
  • Member
  • Offline
  • Registered: 2015-05-10
  • Posts: 12

Topic: A solution for nested mail lists with LDAP backend

==== Required information ====
- iRedMail version: 0.9.1 with iredapd 1.5.0
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache 2.2
- Linux/BSD distribution name and version: CentOS 6.6 x86_64
- Related log if you're reporting an issue:
====

I found that nested mail lists did not work out of the box, so here is one solution that I came up with for LDAP backends.

1. Create a new file /etc/postfix/ldap/virtual_nested_groups.cf which contains:

server_host     = 127.0.0.1
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=domain,dc=tld
bind_pw         = YOURPASSWORD
search_base     = o=domains,dc=domain,dc=tld
scope           = sub
query_filter    = (&(memberOfGroup=%s)(accountStatus=active)(enabledService=deliver)(objectClass=mailList))
result_attribute= mail
debuglevel      = 0

Replace "dc=domain,dc=tld" with your domain info of course, and your password from the iredmail install. This file will expand any mail lists within mail lists. Note: this presumes the LDAP server and iredmail are on the same server. If remote, use port 636 with ldaps:// or start_tls=yes for security, plus whatever remote server host you have.

2. In /etc/postfix/main.cf, *modify* the following line to include the file created above:

virtual_alias_maps = proxy:ldap:/etc/postfix/ldap/virtual_alias_maps.cf,
   proxy:ldap:/etc/postfix/ldap/virtual_nested_groups.cf,
   proxy:ldap:/etc/postfix/ldap/virtual_group_maps.cf,
   proxy:ldap:/etc/postfix/ldap/virtual_group_members_maps.cf,
   proxy:ldap:/etc/postfix/ldap/catchall_maps.cf

3. At the command line, do "postfix reload" to get the new configs.

4. Create a high level mail list, which will contain other mail lists. Example: "toplist@domain.tld". Make sure it has at least the attributes "accountStatus" as "active" and "enabledService" including "deliver". You can also add "enabledService" including "displayedInGlobalAddressBook". Add a "cn" and "description" as desired.

5. In the lower level mail lists, example "lower1list@domain.tld" and "lower2list@domain.tld", make sure that each of those lists has the attribute "memberOfGroup" as "toplist@domain.tld". I did not test this, but it seems possible that you could also add individual email users (e.g. "user1@domain.tld") to the top level list through the memberOfGroup attribute of that particular user, in addition to the other mail lists.

That's it. Now when you send an email to "toplist@domain.tld" that will automatically expand into "lower1list@domain.tld" and "lower2list@domain.tld", and as many other lists that you assigned.

One final note: at present I find the accessPolicy feature doesn't seem to work.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: A solution for nested mail lists with LDAP backend

Nested mailing list works for me here with default iRedMail settings.

Steps to test it with iRedAdmin-Pro:

*) Add mailing list list01@domain.com, with member 'member1@domain.com'
*) Add mailing list list02@domain.com, with member 'member2@domain.com'
*) Add mailing list top@domain.com, with member list01@domain.com, list02@domain.com.
*) Send an email to top@domain.com. The result is both member1@ and member2@ receive the email.

3 Reply by bjs59

  • bjs59
  • Member
  • Offline
  • Registered: 2015-05-10
  • Posts: 12

Re: A solution for nested mail lists with LDAP backend

ZhangHuangbin wrote:

Nested mailing list works for me here with default iRedMail settings.

Steps to test it with iRedAdmin-Pro:

*) Add mailing list list01@domain.com, with member 'member1@domain.com'
*) Add mailing list list02@domain.com, with member 'member2@domain.com'
*) Add mailing list top@domain.com, with member list01@domain.com, list02@domain.com.
*) Send an email to top@domain.com. The result is both member1@ and member2@ receive the email.

Ah, perhaps that is a iRedAdmin-Pro feature, as I am using the community edition *without* the pro.

I tried again by sending email to the top@domain.com (without my addition) and get the same 550 error "Recipient address rejected: User unknown in virtual mailbox table".

Perhaps its a config issue on my end. For the members (member1@ and member2@), I presume those are put into the "memberOfGroup" attribute of the lists they are part of? Here is my /etc/postfix/ldap/virtual_group_maps.cf file as created by the install of the community edition.

server_host     = 127.0.0.1
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = cn=vmail,dc=domain,dc=tld
bind_pw         = THE_PASSWORD
search_base     = o=domains,dc=domain,dc=tld
scope           = sub
query_filter    = (&(accountStatus=active)(enabledService=mail)(enabledService=deliver)(|(&(|(memberOfGroup=%s)(shadowAddress=%s))(objectClass=mailUser))(&(memberOfGroup=%s)(!(shadowAddress=%s))(|(objectClass=mailExternalUser)(objectClass=mailList)(objectClass=mailAlias)))))
result_attribute= mail
debuglevel      = 0

In trying to decode your sophisticated search filter, it seems that it only works if there is an individual email user in the list, and does not support mail lists alone, since mail lists do not have the "enabledService=mail" parameter. I will fiddle with the position of the final filter 'or' group and let you know.

Note: this email system is for one organization, so I only have one domain configured.

In any case, given the iredapd fix to 1.5.0, the nested mail list feature works as needed with my bit of extra postfix code above.