1

Topic: Possible to use LDAP for amavisd lookup ?

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.4.0
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version: Debian Buster
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? no
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hi,

Is it possible to switch easily amavisd lookup from SQL to LDAP ? I need it to configure the local domains.
I saw the LDAP schema is already added and amavisLocal is set to true by default when a user is created.

So... Is there a good reason to not use it ?

Regards,
Valentin

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Possible to use LDAP for amavisd lookup ?

In old iRedMail releases, Amavisd was configured to lookup against LDAP on OpenLDAP backend, but we switched it to SQL for easier management.

I personally don't see why we need to switch to LDAP again.

3 (edited by tms 2021-05-21 17:00:26)

Re: Possible to use LDAP for amavisd lookup ?

Hi,

I want to notify local recipients only when they should have receive a banned file ($warnbannedrecip) or virus ($warnvirusrecip). In order to work, we need to tell to amavisd if a user is local or not, and I don't want to manage two databases (LDAP backend for mail accounts, SQL to configure local recipients for amavisd).

Also, I believe amavisd use the local map for other things (DKIM signing for local senders only, Spam headers for local recipicients only, etc).

If the local map is not configured, everyone is considered as local, so external users will be warned, etc, which is not why I want.

Can you please provide me the LDAP configuration for amavisd if you still got it ?

Regards,
Valentin

4

Re: Possible to use LDAP for amavisd lookup ?

Was the SQL column "msgrcpt.is_local" correctly set by Amavisd?

tms wrote:

Can you please provide me the LDAP configuration for amavisd if you still got it ?

You can find it in GitHub repository under old tag.

5

Re: Possible to use LDAP for amavisd lookup ?

Hi Zhang,

I noticed this line in the conf :

# https://github.com/iredmail/iRedMail/blob/2ce5920c0076ce8c4dd9e6eb6290e7c2f7687167/samples/amavisd/amavisd.conf#L33

@local_domains_maps = 1;

It means everything is considered as local, it explains a lot of things!

I removed this line and added the LDAP configuration (I didn't find the configuration in the repository, but anyway I did it by myself). Now, everything works flawless: external recipients are not warned anymore, DKIM signing is applied for local senders only, logs are more accurate (RelayedInbound, RelayedInternal, RelayedOutbound, ...), spam headers are added for local recipients only, etc...!

Why not making it a default for LDAP backends ?

6

Re: Possible to use LDAP for amavisd lookup ?

Might be worth to enable it again.

$enable_ldap    = 1;    # 1 -> enable, 0 -> disable.
$default_ldap   = {
    hostname        =>
    port            =>
    version         =>
    tls             => 0,
    inet6           => 0,
    timeout         => 120,
    base            =>
    scope           =>
    query_filter    => "(&(objectClass=mailUser)(objectClass=amavisAccount)(accountStatus=active)(|(mail=%m)(shadowAddress=%m)))",
    bind_dn         =>
    bind_password   =>
};