1

Topic: Still unable to get shadowaddress to work

I am unable to receive or send email using the shadowaddress in the from field.  Mail addressed to the shadowaddress (other in this case) goes to the catchall address instead of the user account (steve in this example). 

Mail sent from the shadowaddress gets in Thunderbird:
An error occurred while sending mail. The mail server responded:  5.7.1 <other@example.net>: Sender address rejected: not owned by user steve@example.net. Please check the message recipient steve@rellims.com and try again.

I made the changes to dovecot-ldap.conf as mentioned in other spots:
egrep "^user_filter|^pass_filter"  /etc/dovecot-ldap.conf
user_filter     = (&(objectClass=mailUser)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u)))(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc))
pass_filter     = (&(objectClass=mailUser)(|(mail=%u)(&(enabledService=shadowaddress)(shadowAddress=%u)))(accountStatus=active)(enabledService=mail)(enabledService=%Ls%Lc))

Export from iredadmin
dn: mail=steve@example.net,ou=Users,domainName=example.net,o=domains,dc=example,dc=net
accountStatus: active
amavisLocal: TRUE
cn: Steve
employeeNumber: steve
enabledService: mail
enabledService: smtp
enabledService: deliver
enabledService: pop3
enabledService: pop3secured
enabledService: imap
enabledService: imapsecured
enabledService: managesieve
enabledService: managesievesecured
enabledService: sieve
enabledService: sievesecured
enabledService: forward
enabledService: senderbcc
enabledService: recipientbcc
enabledService: internal
enabledService: shadowaddress
enabledService: displayedInGlobalAddressBook
homeDirectory: {omitted}
mail: steve@example.net
mailMessageStore: {omitted}
mailQuota: 0
objectClass: inetOrgPerson
objectClass: mailUser
objectClass: shadowAccount
objectClass: amavisAccount
shadowAddress: other@example.net
sn: steve
storageBaseDirectory: /var/vmail
uid: steve
userPassword: {omitted}

2

Re: Still unable to get shadowaddress to work

It's better to search this forum in google before you post new topic:
http://www.iredmail.org/forum/topic342- … -user.html

3

Re: Still unable to get shadowaddress to work

I am expected shadowaddress to work to allow the sending from more then one address, without changing it at the postfix server level. 

Besides, most important is that shadowaddress is not working for receiving mail either.

4

Re: Still unable to get shadowaddress to work

Why not solve this error first and then try again?

An error occurred while sending mail. The mail server responded:  5.7.1 <other@example.net>: Sender address rejected: not owned by user steve@example.net. Please check the message recipient steve@rellims.com and try again.

It reports "Sender address rejected: not owned by user steve@example.net", and no other errors were mentioned in your first post.

And, "query_filter" setting in /etc/postfix/ldap_virtual_mailbox_maps.cf should be:

query_filter    = (&(objectClass=mailUser)(|(mail=%s)(&(enabledService=shadowaddress)(shadowAddress=%s)))(accountStatus=active)(enabledService=mail)(enabledService=deliver))

5

Re: Still unable to get shadowaddress to work

Ok, I removed 'reject_sender_login_mismatch' in postfix /etc/postfix/main.cf and can now send FROM any email address.

However, I am still unable to receive email TO the shadowaddresses.  I also confirmed that my virtual_mailbox_maps were correct.

grep query /etc/postfix/ldap_virtual_mailbox_maps.cf
query_filter    = (&(objectClass=mailUser)(|(mail=%s)(&(enabledService=shadowaddress)(shadowAddress=%s)))(accountStatus=active)(enabledService=mail)(enabledService=deliver))

6

Re: Still unable to get shadowaddress to work

Did some more testing.  I have more then one domain setup.  The one I am trying use the shadowAddress has a catchall setup (I have iRedAdmin-Pro) and the other one does not have a catchall.  I am able to use shadowAddress on the domain without the catchall.  So this appears to be a order of operations thing.  How do we get the shadowAddress to get looked up before the catchall?

7

Re: Still unable to get shadowaddress to work

The other interesting thing, I can add other@example.net as a shadowAddress to the domain without the catchall and it WORKS.  However, this delivers the mail to the wrong domain's mailbox and was only setup as a test.

8

Re: Still unable to get shadowaddress to work

copart wrote:

How do we get the shadowAddress to get looked up before the catchall?

iRedMail gets shadownAddress in virtual_mailbox_maps, same as virtual user accounts. But catch-all account is queried in virtual_alias_maps, which queried before virtual_mailbox_maps. So, i'm afraid that i don't have idea yet.

9

Re: Still unable to get shadowaddress to work

copart wrote:

The other interesting thing, I can add other@example.net as a shadowAddress to the domain without the catchall and it WORKS.  However, this delivers the mail to the wrong domain's mailbox and was only setup as a test.

This should be OK, because mails sent to @example.net will be delivered to MX host of @example.net, not your mail server.

10

Re: Still unable to get shadowaddress to work

ZhangHuangbin wrote:
copart wrote:

The other interesting thing, I can add other@example.net as a shadowAddress to the domain without the catchall and it WORKS.  However, this delivers the mail to the wrong domain's mailbox and was only setup as a test.

This should be OK, because mails sent to @example.net will be delivered to MX host of @example.net, not your mail server.

Ok ZhangHuangbin, any idea why shadowAddress doesnt work on the domain that has catch all setup?  All emails sent to the shadowAddress still get sent to the catchall instead of the account that it should have.

11

Re: Still unable to get shadowaddress to work

First, change dovecot ldap query as you mentioned in post;
Second, change postfix ldap query in /etc/postfix/ldap_virtual_mailbox_maps.cf as I mentioned in post;
Restart dovecot and postfix, and it should work as expected.

if it doesn't work, try to set 'loglevel 256' in openldap config file /etc/openldap/slapped.conf, and monitor ldap queries when you sending mail to shadowAddress account. Find out the difference, and you will get it.