Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

stange ldap requests made by postfix

0 views
Skip to first unread message

Yannick Monclin

unread,
Oct 15, 2004, 3:46:32 AM10/15/04
to
hi,

we use MTA postfix in a french university, with cyrus, and ldap for our
aliases. all is ok, postfix run perfectly. But when we look our ldap log
postfix made many request in order to find cyrus mailbox. The first
request is sufficient, but there are 3 other request which are not
necessary. Do you see something wrong ? look here...

thanks for your advice and your help,
Yannick

ldap log, when i sent a email to laurent...@etudiant.univ-reims.fr:

Oct 15 08:50:04 ldap2 slapd[3676]: conn=195 fd=17 ACCEPT from
IP=my_server_ip:35079 (IP=0.0.0.0:389)
Oct 15 08:50:04 ldap2 slapd[3676]: conn=195 op=0 BIND
dn="cn=postfix,ou=system,dc=univ-reims,dc=fr" method=128
Oct 15 08:50:04 ldap2 slapd[3676]: conn=195 op=0 BIND
dn="cn=postfix,ou=system,dc=univ-reims,dc=fr" mech=SIMPLE ssf=0
Oct 15 08:50:04 ldap2 slapd[3676]: conn=195 op=0 RESULT tag=97 err=0 text=
Oct 15 08:50:04 ldap2 slapd[3676]: conn=195 op=1 SRCH
base="ou=people,dc=univ-reims,dc=fr" scope=2
filter="(mail=laurent...@etudiant.univ-reims.fr)"
Oct 15 08:50:04 ldap2 slapd[3676]: conn=195 op=1 SRCH attr=uid
Oct 15 08:50:04 ldap2 slapd[3676]: conn=195 op=1 SEARCH RESULT tag=101
err=0 nentries=1 text=
Oct 15 08:50:04 ldap2 slapd[3676]: conn=195 op=2 SRCH
base="ou=people,dc=univ-reims,dc=fr" scope=2
filter="(mail=owner-laur...@etudiant.univ-reims.fr)"
Oct 15 08:50:04 ldap2 slapd[3676]: conn=195 op=2 SRCH attr=uid
Oct 15 08:50:04 ldap2 slapd[3676]: conn=195 op=2 SEARCH RESULT tag=101
err=0 nentries=0 text=
Oct 15 08:50:04 ldap2 slapd[3676]: conn=195 op=3 SRCH
base="ou=people,dc=univ-reims,dc=fr" scope=2
filter="(mail=boul...@etudiant.univ-reims.fr)"
Oct 15 08:50:04 ldap2 slapd[3676]: conn=195 op=3 SRCH attr=uid
Oct 15 08:50:04 ldap2 slapd[3676]: conn=195 op=3 SEARCH RESULT tag=101
err=0 nentries=1 text=
Oct 15 08:50:04 ldap2 slapd[3676]: conn=195 op=4 SRCH
base="ou=people,dc=univ-reims,dc=fr" scope=2
filter="(mail=owner-b...@etudiant.univ-reims.fr)"
Oct 15 08:50:04 ldap2 slapd[3676]: conn=195 op=4 SRCH attr=uid

this is my postfix config:

root:/usr/sbin#./postconf -n
alias_database = hash:/etc/postfix/aliases
alias_maps = hash:/etc/postfix/aliases,ldap:ldapaliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
fallback_transport = cyrus
html_directory = no
inet_interfaces = all
local_recipient_maps =
mail_owner = postfix
mail_spool_directory = /var/spool/mail
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/local/man
mydestination = $myhostname, localhost.$mydomain, $mydomain
mydomain = etudiant.univ-reims.fr
myhostname = mail.etudiant.univ-reims.fr
mynetworks = xxx.xx.xxx.xx/27
mynetworks_style = subnet
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
unknown_local_recipient_reject_code = 550

ldapaliases_server_host = ldap.etudiant.univ-reims.fr
ldap2.etudiant.univ-reims.fr ldap1.etudiant.univ-reims.fr
ldapaliases_search_base = ou=people, dc=univ-reims, dc=fr
ldapaliases_server_port = 389
ldapaliases_timeout = 125
ldapaliases_bind_dn = cn=postfix,ou=system,dc=univ-reims,dc=fr
ldapaliases_bind_pw = secret
ldapaliases_version = 3
ldapaliases_query_filter = (mail=%s...@etudiant.univ-reims.fr)
ldapaliases_result_attribute = uid

Magnus Bäck

unread,
Oct 15, 2004, 4:44:45 AM10/15/04
to
On Friday, October 15, 2004 at 09:44 CEST,
Yannick Monclin <Yannick...@univ-reims.fr> wrote:

> we use MTA postfix in a french university, with cyrus, and ldap for our=
=20
> aliases. all is ok, postfix run perfectly. But when we look our ldap lo=
g=20
> postfix made many request in order to find cyrus mailbox. The first=20
> request is sufficient, but there are 3 other request which are not=20


> necessary. Do you see something wrong ? look here...

The following lookups are made against your local alias table:

laurent...@etudiant.univ-reims.fr
owner-laur...@etudiant.univ-reims.fr
boul...@etudiant.univ-reims.fr
owner-b...@etudiant.univ-reims.fr

Yes, all are necessary. The owner lookups are always made because local
addresses which have owner-prefixed alias require special care. The
third lookup is made because alias lookups are recursive.

[...]

--=20
Magnus B=E4ck
mag...@dsek.lth.se

Clifford Gonsalves

unread,
Oct 14, 2004, 12:10:50 PM10/14/04
to
Well you have provided 3 LDAP server to query!

I also have a strange problem on my server, please check if you also have
the same problem.

I'm trying to integrate Postfix + Cyrus Imap + LDAP. Firstly, I managed to
install LDAP and configure LDAP authentication on my Linux box. Then I
configured Postfix & Cyrus to access the LDAP accounts.

Now everything works fine, except for one thing it accepts and delivers mail
all u...@domain.com field for all mailboxes.
Postfix accepts mails for local account (LDAP Authentication)
u...@domain.com.
E.g. the server should only accept and deliver mail only for
clifford....@domain.com but it also accepts and delivers for
clif...@domain.com which is the u...@domain.com for my mailbox.

I would like to setup my mail server with FirstName as the Login Name and
FirstName...@domain.com email addresses for all users.
$relay_recipient_maps also does not reject the messages,

When I use simple file mappling everything works fine!

TRY TO SEND A MAIL TO YOUR u...@univ-reims.fr AND CHECK IF YOU SERVER ALSO
ACCEPTS MAILS AND DELIVERS TO YOUR MAILBOX. ACCORDING TO MY EXAMPLE ABOVE,
IT SHOULD ACCEPT & DELIVER MAIL ONLY FOR Yannick...@univ-reims.fr


Here is my config..........

dn: uid=clifford,dc=domain,dc=com
objectClass: mailUser
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
maildrop: clifford
uidNumber: 22968
gidNumber: 0
uid: clifford
cn: clifford
homeDirectory: /home/none
loginShell: /bin/false
shadowFlag: 0
shadowMin: 0
shadowMax: 99999
shadowWarning: 0
shadowInactive: 99999
shadowLastChange: 12011
shadowExpire: 99999
givenName: Clifford
sn: Gonsalves
displayName: Clifford Gonsalves
userPassword: {MD5}usQMsOwBmOOiwiZX9nhsQQ==
mail: clifford....@domain.com

/etc/postfix/main.cf
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes


command_directory = /usr/sbin
config_directory = /etc/postfix

content_filter = vscan:
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
defer_transports =
disable_dns_lookups = no
inet_interfaces = all
local_recipient_maps = $relay_recipient_maps
mail_owner = postfix
mail_spool_directory = /var/mail
mailbox_command =
mailbox_size_limit = 10240000
mailbox_transport = lmtp:unix:public/lmtp
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains =
masquerade_exceptions = root
message_size_limit = 10240000
mime_header_checks = regexp:/etc/postfix/mime_header_checks
mydestination = domain.com
mydomain = domain.com
myhostname = mail.domain.com
mynetworks = 10.0.0.0/24, 127.0.0.0/8
myorigin = $mydomain
newaliases_path = /usr/bin/newaliases
notify_classes = bounce,2bounce,delay,policy,protocol,resource,software
program_directory = /usr/lib/postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/packages/postfix/README_FILES
relay_domains = $mydestination
relay_recipient_maps = ldap:ldaprelay
relayhost =
sample_directory = /usr/share/doc/packages/postfix/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtp_sasl_auth_enable = no
smtpd_banner = $myhostname ESMTP ### NO SPAM Please!
smtpd_client_restrictions =
smtpd_helo_required = no
smtpd_helo_restrictions =
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks,
reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = mail
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = hash:/etc/postfix/access
smtpd_use_tls = no
strict_rfc821_envelopes = no
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 450
virtual_maps = hash:/etc/postfix/virtual ldap:ldapalias

ldapalias_server_host = mail.domain.com
ldapalias_search_base = dc=domain,dc=com
ldapalias_timeout = 30
ldapalias_bind = yes
ldapalias_scope = sub
ldapalias_bind_dn = cn=root,dc=domain,dc=com
ldapalias_bind_pw = password
ldapalias_query_filter = (mail=%s)
ldapalias_result_attribute = uid,maildrop

ldaprelay_server_host = mail.domain.com
ldaprelay_search_base = dc=domain,dc=com
ldaprelay_timeout = 30
ldaprelay_bind = yes
ldaprelay_scope = sub
ldaprelay_bind_dn = cn=root,dc=domain,dc=com
ldaprelay_bind_pw = password
ldaprelay_query_filter = (mail=%s)
ldaprelay_result_attribute = mail

Thanks,

Clifford Gonsalves


"Yannick Monclin" <Yannick...@univ-reims.fr> wrote in message
news:cknv8o$10fi$1...@FreeBSD.csie.NCTU.edu.tw...

Yannick Monclin

unread,
Oct 15, 2004, 9:18:45 AM10/15/04
to

Magnus B=E4ck a =E9crit:


> On Friday, October 15, 2004 at 09:44 CEST,
> Yannick Monclin <Yannick...@univ-reims.fr> wrote:

>=20
>=20
>>we use MTA postfix in a french university, with cyrus, and ldap for our=
=20
>>aliases. all is ok, postfix run perfectly. But when we look our ldap lo=
g=20
>>postfix made many request in order to find cyrus mailbox. The first=20
>>request is sufficient, but there are 3 other request which are not=20


>>necessary. Do you see something wrong ? look here...

>=20
>=20


> The following lookups are made against your local alias table:

>=20
> laurent...@etudiant.univ-reims.fr
> owner-laur...@etudiant.univ-reims.fr
> boul...@etudiant.univ-reims.fr
> owner-b...@etudiant.univ-reims.fr
>=20


> Yes, all are necessary. The owner lookups are always made because local
> addresses which have owner-prefixed alias require special care. The
> third lookup is made because alias lookups are recursive.

thanks, but i am surprise that all lookups are necessary, can you detail=20
a little more, if possible, i m not understand totally. Or can you tell=20
me where i can find more information about.

thanks for your advice
Yannick

Magnus Bäck

unread,
Oct 15, 2004, 9:58:52 AM10/15/04
to
On Friday, October 15, 2004 at 15:16 CEST,
Yannick Monclin <Yannick...@univ-reims.fr> wrote:

> Magnus B=E4ck a =E9crit:


>
> > The following lookups are made against your local alias table:
> >

> > laurent...@etudiant.univ-reims.fr
> > owner-laur...@etudiant.univ-reims.fr
> > boul...@etudiant.univ-reims.fr
> > owner-b...@etudiant.univ-reims.fr


> >
> > Yes, all are necessary. The owner lookups are always made because
> > local addresses which have owner-prefixed alias require special
> > care. The third lookup is made because alias lookups are recursive.

>=20


> thanks, but i am surprise that all lookups are necessary, can you

> detail a little more, if possible, i m not understand totally. Or can
> you tell me where i can find more information about.

If a message is sent to a local recipient foo and there is an alias
owner-foo, the mail will be handled differently, specifically the sender
address will be modified to the expansion of the owner-foo address. This
is configurable with the owner_request_special parameter.

As for the recursiveness, Postfix will look up a returned address(es)
recursively until no match is found. This is necessary for hierarchies
of aliases such as:

a: b
b: c

--=20
Magnus B=E4ck
mag...@dsek.lth.se

0 new messages