Просмотр сообщений
1
Общий раздел / Re: Postfix + ldap
« : 22 Май 2020, 18:05:39 »
Egor добрый день
так и не смог я избавиться от
оставляю
оставляю
убираю обе
тоесть вот так у меня не работает
убрал virtual_transport
изменил transport_maps на ldap c result_format = smtp:[%s] с поиском IP ексченжа
в ящик без атрибута почта не пошла
подскажите что я упускаю
посмотрел примеры, либо обе строки transport_maps и virtual_transport либо одна transport_maps
сейчас попробую настроить с relay демоном но боюсь, что transport_maps вылезит все равно, он какой-то дефолтовый тут
postfix postfix-3.5.1_1
попробовал с
получил
еще подумал я над вторым "сложным вариантом" с рекурсией
обьект john у которого мы ищем ящик лежит тут
CN=john,OU=Users,OU=DOM3,DC=dom3,DC=corp,DC=local
у него есть атрибут homeMTA c DN CN=Microsoft MTA,CN=DOM3-MSG-01,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=CORP,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=corp,DC=local
у CN=Microsoft MTA есть атрибут mTALocalDesig который имеет значение в чистом виде с именем сервера DOM3-MSG-01
но проблема в том что CN Microsoft MTA находится в другой ветке CN=Configuration,DC=corp,DC=local
поэтому такой запрос не сработает
делаю так
обращаюсь к центральному серверу с глобальным каталогом
где я ошибся?
так и не смог я избавиться от
Код: [Выделить]
transport_maps
оставляю
Код: [Выделить]
virtual_transport = ldap:/usr/local/etc/postfix/ldap_transport_map.cf
лог такойКод: [Выделить]
May 22 16:42:57 dom3-gw postfix/qmgr[36274]: warning: connect to transport private/ldap: No such file or directory
May 22 16:42:57 dom3-gw postfix/error[36282]: 2D2676556231: to=<john3@dom3.domain.ru>, relay=none, delay=0.17, delays=0.16/0/0/0.01, dsn=4.3.0, status=deferred (mail transport unavailable)
оставляю
Код: [Выделить]
virtual_transport = hash:/usr/local/etc/postfix/transport
лог такойКод: [Выделить]
May 22 17:12:38 dom3-gw postfix/qmgr[36757]: warning: connect to transport private/hash: No such file or directory
May 22 17:12:38 dom3-gw postfix/error[36759]: 778B76556233: to=<john3@dom3.domain.ru>, relay=none, delay=0.28, delays=0.28/0/0/0, dsn=4.3.0, status=deferred (mail transport unavailable)
судя по private/hash и private/ldap то он видит строку и разницу в нейубираю обе
Код: [Выделить]
transport_maps = hash:/usr/local/etc/postfix/transportКод: [Выделить]
virtual_transport = hash:/usr/local/etc/postfix/transportвижу такоеКод: [Выделить]
May 22 17:21:45 dom3-gw postfix/virtual[36885]: fatal: bad string length 0 < 1: virtual_mailbox_base =
May 22 17:21:46 dom3-gw postfix/master[36876]: warning: process /usr/local/libexec/postfix/virtual pid 36885 exit status 1
May 22 17:21:46 dom3-gw postfix/master[36876]: warning: /usr/local/libexec/postfix/virtual: bad command startup -- throttling
он сразу понимает что нет транспорта совсемтоесть вот так у меня не работает
Код: [Выделить]
# transport_maps = ...
virtual_mailbox_domains = dom3.domain.ru
virtual_mailbox_maps = ldap:/usr/local/etc/postfix/ldap_dom3.corp.local.cf
virtual_transport = ldap:/usr/local/etc/postfix/ldap_transport_map.cf
убрал virtual_transport
изменил transport_maps на ldap c result_format = smtp:[%s] с поиском IP ексченжа
Код: [Выделить]
#transport_maps = hash:/usr/local/etc/postfix/transport
transport_maps = ldap:/usr/local/etc/postfix/ldap_transport_map.cf
почта пошла в этот ящик с кастом атрибутомв ящик без атрибута почта не пошла
Код: [Выделить]
May 22 19:05:32 dom3-gw postfix/virtual[37605]: fatal: bad string length 0 < 1: virtual_mailbox_base =
May 22 19:05:33 dom3-gw postfix/master[37594]: warning: process /usr/local/libexec/postfix/virtual pid 37605 exit status 1
May 22 19:05:33 dom3-gw postfix/master[37594]: warning: /usr/local/libexec/postfix/virtual: bad command startup -- throttling
подскажите что я упускаю
посмотрел примеры, либо обе строки transport_maps и virtual_transport либо одна transport_maps
сейчас попробую настроить с relay демоном но боюсь, что transport_maps вылезит все равно, он какой-то дефолтовый тут
postfix postfix-3.5.1_1
Код: [Выделить]
root@dom3-gw:/usr/local/etc/postfix # postconf -n
command_directory = /usr/local/sbin
compatibility_level = 2
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
inet_protocols = ipv4
local_recipient_maps =
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 41943040
meta_directory = /usr/local/libexec/postfix
milter_default_action = accept
milter_protocol = 2
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = dom3.domain.ru
myhostname = mail1.dom3.domain.ru
mynetworks = 127.0.0.0/8, 172.16.32.12/32
mynetworks_style = host
myorigin = $mydomain
newaliases_path = /usr/local/bin/newaliases
non_smtpd_milters = inet:localhost:12301
proxy_interfaces =
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
relay_domains = $mydestination
relayhost =
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
shlib_directory = /usr/local/lib/postfix
smtpd_client_restrictions = permit_mynetworks, check_client_access hash:/usr/local/etc/postfix/sender_access, reject_unauth_pipelining, reject_unknown_client_hostname, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl.spamhaus.org, reject_rbl_client zen.spamhaus.org, reject_rbl_client aspews.ext.sorbs.net, check_reverse_client_hostname_access pcre:/usr/local/etc/postfix/reverse_hostname_access.pcre
smtpd_discard_ehlo_keywords = silent-discard, dsn
smtpd_etrn_restrictions = permit_mynetworks, reject
smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/usr/local/etc/postfix/sender_access, reject_invalid_helo_hostname, reject_unknown_helo_hostname, reject_non_fqdn_helo_hostname
smtpd_milters = inet:localhost:12301
smtpd_recipient_restrictions = check_recipient_access hash:/usr/local/etc/postfix/recipient_access, permit_mynetworks, reject_unauth_destination check_policy_service inet:127.0.0.1:10023
smtpd_sender_restrictions = permit_mynetworks, check_sender_access hash:/usr/local/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unverified_sender, reject_unknown_sender_domain
soft_bounce = no
unknown_local_recipient_reject_code = 550
virtual_mailbox_domains = dom3.domain.ru
virtual_mailbox_maps = ldap:/usr/local/etc/postfix/ldap_dom3.corp.local.cf
virtual_transport = ldap:/usr/local/etc/postfix/ldap_transport_map.cf
root@dom3-gw:/usr/local/etc/postfix #
root@dom3-gw:/usr/local/etc/postfix # postconf | grep transport
address_verify_default_transport = $default_transport
address_verify_local_transport = $local_transport
address_verify_relay_transport = $relay_transport
address_verify_sender_dependent_default_transport_maps = $sender_dependent_default_transport_maps
address_verify_transport_maps = $transport_maps
address_verify_virtual_transport = $virtual_transport
best_mx_transport =
default_transport = smtp
default_transport_rate_delay = 0s
defer_transports =
empty_address_default_transport_maps_lookup_key = <>
error_transport_rate_delay = $default_transport_rate_delay
fallback_transport =
fallback_transport_maps =
lmtp_transport_rate_delay = $default_transport_rate_delay
local_transport = local:$myhostname
local_transport_rate_delay = $default_transport_rate_delay
mailbox_transport =
mailbox_transport_maps =
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $smtpd_client_restrictions $smtpd_helo_restrictions $smtpd_sender_restrictions $smtpd_relay_restrictions $smtpd_recipient_restrictions $address_verify_sender_dependent_default_transport_maps $address_verify_sender_dependent_relayhost_maps $address_verify_transport_maps $fallback_transport_maps $lmtp_discard_lhlo_keyword_address_maps $lmtp_pix_workaround_maps $lmtp_sasl_password_maps $lmtp_tls_policy_maps $mailbox_command_maps $mailbox_transport_maps $postscreen_discard_ehlo_keyword_address_maps $rbl_reply_maps $sender_dependent_default_transport_maps $sender_dependent_relayhost_maps $smtp_discard_ehlo_keyword_address_maps $smtp_pix_workaround_maps $smtp_sasl_password_maps $smtp_tls_policy_maps $smtpd_discard_ehlo_keyword_address_maps $smtpd_milter_maps $virtual_gid_maps $virtual_uid_maps
relay_transport = relay
relay_transport_rate_delay = $default_transport_rate_delay
retry_transport_rate_delay = $default_transport_rate_delay
sender_dependent_default_transport_maps =
smtp_transport_rate_delay = $default_transport_rate_delay
transport_maps =
transport_retry_time = 60s
virtual_transport = ldap:/usr/local/etc/postfix/ldap_transport_map.cf
virtual_transport_rate_delay = $default_transport_rate_delay
root@dom3-gw:/usr/local/etc/postfix #
root@dom3-gw:/usr/local/etc/postfix # postconf | grep virtual
address_verify_virtual_transport = $virtual_transport
propagate_unmatched_extensions = canonical, virtual
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps $alias_maps $smtpd_client_restrictions $smtpd_helo_restrictions $smtpd_sender_restrictions $smtpd_relay_restrictions $smtpd_recipient_restrictions $address_verify_sender_dependent_default_transport_maps $address_verify_sender_dependent_relayhost_maps $address_verify_transport_maps $fallback_transport_maps $lmtp_discard_lhlo_keyword_address_maps $lmtp_pix_workaround_maps $lmtp_sasl_password_maps $lmtp_tls_policy_maps $mailbox_command_maps $mailbox_transport_maps $postscreen_discard_ehlo_keyword_address_maps $rbl_reply_maps $sender_dependent_default_transport_maps $sender_dependent_relayhost_maps $smtp_discard_ehlo_keyword_address_maps $smtp_pix_workaround_maps $smtp_sasl_password_maps $smtp_tls_policy_maps $smtpd_discard_ehlo_keyword_address_maps $smtpd_milter_maps $virtual_gid_maps $virtual_uid_maps
unknown_virtual_alias_reject_code = 550
unknown_virtual_mailbox_reject_code = 550
virtual_alias_address_length_limit = 1000
virtual_alias_domains = $virtual_alias_maps
virtual_alias_expansion_limit = 1000
virtual_alias_maps = $virtual_maps
virtual_alias_recursion_limit = 1000
virtual_delivery_slot_cost = $default_delivery_slot_cost
virtual_delivery_slot_discount = $default_delivery_slot_discount
virtual_delivery_slot_loan = $default_delivery_slot_loan
virtual_delivery_status_filter = $default_delivery_status_filter
virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
virtual_destination_concurrency_limit = $default_destination_concurrency_limit
virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
virtual_destination_rate_delay = $default_destination_rate_delay
virtual_destination_recipient_limit = $default_destination_recipient_limit
virtual_extra_recipient_limit = $default_extra_recipient_limit
virtual_gid_maps =
virtual_initial_destination_concurrency = $initial_destination_concurrency
virtual_mailbox_base =
virtual_mailbox_domains = dom3.domain.ru
virtual_mailbox_limit = 51200000
virtual_mailbox_lock = fcntl, dotlock
virtual_mailbox_maps = ldap:/usr/local/etc/postfix/ldap_dom3.corp.local.cf
virtual_minimum_delivery_slots = $default_minimum_delivery_slots
virtual_minimum_uid = 100
virtual_recipient_limit = $default_recipient_limit
virtual_recipient_refill_delay = $default_recipient_refill_delay
virtual_recipient_refill_limit = $default_recipient_refill_limit
virtual_transport = ldap:/usr/local/etc/postfix/ldap_transport_map.cf
virtual_transport_rate_delay = $default_transport_rate_delay
virtual_uid_maps =
root@dom3-gw:/usr/local/etc/postfix #
root@dom3-gw:/usr/local/etc/postfix # postconf | grep domain
append_dot_mydomain = ${{$compatibility_level} < {1} ? {yes} : {no}}
default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
fast_flush_domains = $relay_domains
maps_rbl_domains =
masquerade_domains =
mydestination = $myhostname, localhost.$mydomain, localhost
mydomain = dom3.domain.ru
myorigin = $mydomain
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
relay_domains = $mydestination
relay_domains_reject_code = 554
remote_header_rewrite_domain =
resolve_null_domain = no
resolve_numeric_domain = no
smtpd_sasl_local_domain =
smtpd_sender_restrictions = permit_mynetworks, check_sender_access hash:/usr/local/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unverified_sender, reject_unknown_sender_domain
strict_mime_encoding_domain = no
virtual_alias_domains = $virtual_alias_maps
virtual_mailbox_domains = dom3.domain.ru
root@dom3-gw:/usr/local/etc/postfix #
root@dom3-gw:/usr/local/etc/postfix # postconf | grep relay
address_verify_relay_transport = $relay_transport
address_verify_relayhost = $relayhost
address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps
empty_address_relayhost_maps_lookup_key = <>
fast_flush_domains = $relay_domains
lmtp_fallback_relay =
luser_relay =
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
relay_clientcerts =
relay_delivery_slot_cost = $default_delivery_slot_cost
relay_delivery_slot_discount = $default_delivery_slot_discount
relay_delivery_slot_loan = $default_delivery_slot_loan
relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
relay_destination_concurrency_limit = $default_destination_concurrency_limit
relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
relay_destination_rate_delay = $default_destination_rate_delay
relay_destination_recipient_limit = $default_destination_recipient_limit
relay_domains = $mydestination
relay_domains_reject_code = 554
relay_extra_recipient_limit = $default_extra_recipient_limit
relay_initial_destination_concurrency = $initial_destination_concurrency
relay_minimum_delivery_slots = $default_minimum_delivery_slots
relay_recipient_limit = $default_recipient_limit
relay_recipient_maps =
relay_recipient_refill_delay = $default_recipient_refill_delay
relay_recipient_refill_limit = $default_recipient_refill_limit
relay_transport = relay
relay_transport_rate_delay = $default_transport_rate_delay
relayhost =
sender_dependent_relayhost_maps =
smtp_fallback_relay = $fallback_relay
smtpd_relay_restrictions = ${{$compatibility_level} < {1} ? {} : {permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination}}
unknown_relay_recipient_reject_code = 550
root@dom3-gw:/usr/local/etc/postfix #
попробовал с
Код: [Выделить]
relay_domains = dom3.domain.ru
Код: [Выделить]
relay_recipient_maps = ldap:/usr/local/etc/postfix/ldap_dom3.corp.local.cf
Код: [Выделить]
virtual_transport = ldap:/usr/local/etc/postfix/ldap_transport_map.cf
получил
Код: [Выделить]
May 22 22:52:48 be3-gw postfix/relay/smtp[39138]: DE1F76556231: to=<john3@dom3.domain.ru>, relay=none, delay=0.18, delays=0.16/0.01/0.02/0, dsn=5.4.6, status=bounced (mail for dom3.domain.ru loops back to myself)
еще подумал я над вторым "сложным вариантом" с рекурсией
обьект john у которого мы ищем ящик лежит тут
CN=john,OU=Users,OU=DOM3,DC=dom3,DC=corp,DC=local
у него есть атрибут homeMTA c DN CN=Microsoft MTA,CN=DOM3-MSG-01,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=CORP,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=corp,DC=local
у CN=Microsoft MTA есть атрибут mTALocalDesig который имеет значение в чистом виде с именем сервера DOM3-MSG-01
но проблема в том что CN Microsoft MTA находится в другой ветке CN=Configuration,DC=corp,DC=local
поэтому такой запрос не сработает
Код: [Выделить]
server_host = ldap://172.16.32.10
search_base = DC=dom3,DC=corp,DC=local
query_filter = (proxyAddresses=smtp:%s)
result_format = smtp:[%s]
special_result_attribute = homeMTA
result_attribute = mTALocalDesig
вывод такойКод: [Выделить]
root@dom3-gw:/usr/local/etc/postfix # postmap -q john3@dom3.domain.ru ldap:/usr/local/etc/postfix/ldap_transport_map.cf
postmap: warning: dict_ldap_get_values[1]: DN CN=Microsoft MTA,CN=DOM3-MSG-01,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=CORP,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=corp,DC=local not found, skipping
postmap: warning: dict_ldap_lookup: Had some trouble with entries returned by search: No such object
root@dom3-gw:/usr/local/etc/postfix #
делаю так
Код: [Выделить]
server_host = ldap://172.16.32.10
search_base = DC=corp,DC=local
query_filter = (proxyAddresses=smtp:%s)
result_format = smtp:[%s]
special_result_attribute = homeMTA
result_attribute = mTALocalDesig
вывод такойКод: [Выделить]
root@dom3-gw:/usr/local/etc/postfix # postmap -q john3@dom3.domain.ru ldap:/usr/local/etc/postfix/ldap_transport_map.cf
postmap: warning: dict_ldap_lookup: Search error 10: Referral
postmap: fatal: table ldap:/usr/local/etc/postfix/ldap_transport_map.cf: query error: No error: 0
root@dom3-gw:/usr/local/etc/postfix #
обращаюсь к центральному серверу с глобальным каталогом
Код: [Выделить]
server_host = ldap://172.16.10.10
search_base = DC=corp,DC=local
query_filter = (proxyAddresses=smtp:%s)
result_format = smtp:[%s]
special_result_attribute = homeMTA
result_attribute = mTALocalDesig
вывод пустойКод: [Выделить]
root@dom3-gw:/usr/local/etc/postfix # postmap -q john3@dom3.domain.ru ldap:/usr/local/etc/postfix/ldap_transport_map.cf
root@dom3-gw:/usr/local/etc/postfix #
где я ошибся?