1

Topic: Domain alias in LDAP

I'm transferring here a private discussion with Zhang regarding the method of creating domain aliases in iRedMail 0.6.0 with LDAP backend.

The problem is that my Institution has 2 domains that are equivalent and interchangeable each other, so we need to receive emails indifferently on the two domains for the same user: user@foo.com === user@foo.net

Zhang told me that it is possible and there is a post wich try to explain how to do, but my attempts have been unsuccessfully.

I read some documentation of postfix, but also the methods explained there didn't function.

Zhang reported me that another user had the same need and that the problem stay in dovecot configuration, he said: "... it's dovecot ldap lookup issue, it doesn't search '(&(enabledService=shadowaddress)(shadowaddress=%s))' in dovecot-ldap.conf."

But I cannot understand what kind of modification I have to do to dovecot, sorry.

We bring the discussion on the forum in the hope someone else can join the discussion and give me help.

2

Re: Domain alias in LDAP

Some steps to confirm whether it works for you or not. Let's assume you have a normal user user@domain.ltd, and an alias domain '@alias.ltd'.

We need phpLDAPadmin as addition tool.

- Create your domain in iRedAdmin: domain.ltd.
- Add two more attributes to  this domain in phpLDAPadmin:

domainAliasName: alias.ltd
enabledService: domainalias

- Make sure postfix know your normal domain and alias domain:

# postmap -q 'domain.ltd' ldap:/etc/postfix/ldap_virtual_mailbox_domains.cf
domain.ltd

# postmap -q 'alias.ltd' ldap:/etc/postfix/ldap_virtual_mailbox_domains.cf
domain.ltd

- Create your normal user in iRedAdmin: user@domain.ltd
- Make sure postfix know your normal user. Run command in terminal:

# postmap -q 'user@domain.ltd' ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf
vmail/domain.ltd/u/us/use/user-2010.06.21.16.12.24/

- Add two new attributes for this user, with phpLDAPadmin:

enabledService: shadowaddress
shadowAddress: user@alias.ltd

- Make sure postfix know your alias user. Run command in terminal, it should return same result as you query normal user (user@domain.ltd):

# postmap -q 'user@alias.ltd' ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf
vmail/domain.ltd/u/us/use/user-2010.06.21.16.12.24/

- That's all.

3

Re: Domain alias in LDAP

ZhangHuangbin wrote:

Some steps to confirm whether it works for you or not. Let's assume you have a normal user user@domain.ltd, and an alias domain '@alias.ltd'.

We need phpLDAPadmin as addition tool.

- Create your domain in iRedAdmin: domain.ltd.
- Add two more attributes to  this domain in phpLDAPadmin:

domainAliasName: alias.ltd
enabledService: domainalias

Done, Ok.

ZhangHuangbin wrote:

- Make sure postfix know your normal domain and alias domain:

# postmap -q 'domain.ltd' ldap:/etc/postfix/ldap_virtual_mailbox_domains.cf
domain.ltd

# postmap -q 'alias.ltd' ldap:/etc/postfix/ldap_virtual_mailbox_domains.cf
domain.ltd

Done, Ok.

ZhangHuangbin wrote:

- Create your normal user in iRedAdmin: user@domain.ltd
- Make sure postfix know your normal user. Run command in terminal:

# postmap -q 'user@domain.ltd' ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf
vmail/domain.ltd/u/us/use/user-2010.06.21.16.12.24/

FAIL no output.

ZhangHuangbin wrote:

- Add two new attributes for this user, with phpLDAPadmin:

enabledService: shadowaddress
shadowAddress: user@alias.ltd

- Make sure postfix know your alias user. Run command in terminal, it should return same result as you query normal user (user@domain.ltd):

# postmap -q 'user@alias.ltd' ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf
vmail/domain.ltd/u/us/use/user-2010.06.21.16.12.24/

FAIL no output.

4

Re: Domain alias in LDAP

adicon wrote:
ZhangHuangbin wrote:

- Create your normal user in iRedAdmin: user@domain.ltd
- Make sure postfix know your normal user. Run command in terminal:

# postmap -q 'user@domain.ltd' ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf
vmail/domain.ltd/u/us/use/user-2010.06.21.16.12.24/

FAIL no output.

Interesting, you create a normal email account in iRedAdmin-Pro, but Postfix doesn't know it.

Could you please post LDIF data of this account here? You can get it with iRedAdmin-Pro-1.2.0 via visiting this address:
http://your_server/iredadmin/export/ldi … domain.ltd

WARNING: Please hide/replce sensitive information before you post it.

adicon wrote:
ZhangHuangbin wrote:

- Add two new attributes for this user, with phpLDAPadmin:

enabledService: shadowaddress
shadowAddress: user@alias.ltd

- Make sure postfix know your alias user. Run command in terminal, it should return same result as you query normal user (user@domain.ltd):

# postmap -q 'user@alias.ltd' ldap:/etc/postfix/ldap_virtual_mailbox_maps.cf
vmail/domain.ltd/u/us/use/user-2010.06.21.16.12.24/

FAIL no output.

Make above work first.

5 (edited by adicon 2010-06-23 01:41:07)

Re: Domain alias in LDAP

ZhangHuangbin wrote:

Interesting, you create a normal email account in iRedAdmin-Pro, but Postfix doesn't know it.

Now all steps are Ok! All green smile

I'm sorry, I tested on users imported directly in LDAP not those created with iRedAdmin-Pro. Now I created a test account and re-performed all the steps and now they worked as aspected.

However I'm unable to deliver mail to users on alias domain (foo.net).
In /var/log/mail.info I found this error message:

Jun 22 19:07:38 posta postfix/pipe[12983]: 72ED3E83AF: to=<test@foo.net>, relay=dovecot, delay=0.05, delays=0.04/0.01/0/0.01, dsn=5.1.1, status=bounced (user unknown)
Jun 22 19:07:38 posta postfix/cleanup[12980]: 7FF0BE83B0: message-id=<20100622170738.7FF0BE83B0@posta.foo.com>
Jun 22 19:07:38 posta postfix/bounce[12985]: 72ED3E83AF: sender non-delivery notification: 7FF0BE83B0
Jun 22 19:07:38 posta postfix/qmgr[11186]: 72ED3E83AF: removed
Jun 22 19:07:38 posta postfix/qmgr[11186]: 7FF0BE83B0: from=<>, size=2106, nrcpt=1 (queue active)
Jun 22 19:07:38 posta postfix/cleanup[12980]: 84386E8393: message-id=<20100622170738.7FF0BE83B0@posta.foo.com>
Jun 22 19:07:38 posta postfix/local[12986]: 7FF0BE83B0: to=<root@posta.foo.com>, relay=local, delay=0.02, delays=0.01/0.01/0/0.01, dsn=2.0.0, status=sent (forwarded as 84386E8393)
Jun 22 19:07:38 posta postfix/qmgr[11186]: 7FF0BE83B0: removed
Jun 22 19:07:38 posta postfix/qmgr[11186]: 84386E8393: from=<>, size=2243, nrcpt=1 (queue active)
Jun 22 19:07:38 posta postfix/pipe[12983]: 84386E8393: to=<www@foo.com>, relay=dovecot, delay=0.02, delays=0/0/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)
Jun 22 19:07:38 posta postfix/qmgr[11186]: 84386E8393: removed

If I send an e-mail to the user on the legacy domain (foo.com), in the log I can read:

Jun 22 19:20:56 posta postfix/pickup[12863]: 065A7E83AE: uid=0 from=<root>
Jun 22 19:20:56 posta postfix/cleanup[13096]: 065A7E83AE: message-id=<20100622172056.065A7E83AE@posta.foo.com>
Jun 22 19:20:56 posta postfix/qmgr[11186]: 065A7E83AE: from=<root@foo.com>, size=378, nrcpt=1 (queue active)
Jun 22 19:20:56 posta postfix/pipe[13099]: 065A7E83AE: to=<test@foo.com>, relay=dovecot, delay=0.08, delays=0.06/0.01/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)
Jun 22 19:20:56 posta postfix/qmgr[11186]: 065A7E83AE: removed

Any idea? Next step?

6

Re: Domain alias in LDAP

I saw they were delivered with success, no error message:

Jun 22 19:07:38 posta postfix/pipe[12983]: 84386E8393: to=<www@foo.com>, relay=dovecot, delay=0.02, delays=0/0/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)


Jun 22 19:20:56 posta postfix/pipe[13099]: 065A7E83AE: to=<test@foo.com>, relay=dovecot, delay=0.08, delays=0.06/0.01/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)

Or maybe you can give us more log or related information?

7

Re: Domain alias in LDAP

ZhangHuangbin wrote:

I saw they were delivered with success, no error message:

Or maybe you can give us more log or related information?

No, it isn't delivered.
The first piece of log, to the start, show you that the message sent to the alias domain in bouced, then the error message is reported to root@ wich is forwarded to www@ (I remember you that foo.com is the legacy domain and foo.net is the alias one).

Jun 22 19:07:38 posta postfix/pipe[12983]: 72ED3E83AF: to=<test@foo.net>, relay=dovecot, delay=0.05, delays=0.04/0.01/0/0.01, dsn=5.1.1, status=bounced (user unknown)

the second piece of log show a correct delivery to the same user but on the legacy domain.
It seems that dovecot cannot identify correctly addresses on the alias domain.

Either the user really exist or not, the message in the log is the same if I use the alias domain.

How do dovecot verify validity of e-mail addresses?

8

Re: Domain alias in LDAP

PROBLEM SOLVED :-D

I have had to change the way dovecot verify username/address validity.

It is specified in the file /etc/dovecot/dovecot-ldap.conf. You will find a line regarding user filter

user_filter     = (&(objectClass=mailUser)(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc)(mail=%u))

that you have to change with this one

user_filter     = (&(objectClass=mailUser)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u)))(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc))

Now all work fine. I can send e-mails to users on legacy domain and the alias, too.

9 (edited by Jariel06 2010-07-11 22:44:01)

Re: Domain alias in LDAP

Greetings to all...

How I can do to send mails using a domain alias, not legacy domain, for example:

my legacy domain is my.domain.com and i have a domain alias domain.com, if I try to send mails using user@my.domain.com works fine but when I try to send from user@domain.com, it gives me error, not working...

can someone please help me, what can i do?