search

mailserver2 / mailserver

Simple and full-featured mail server using Docker
https://store.docker.com/community/images/mailserver2/mailserver
MIT License
133 stars 28 forks source link

Using /etc/postfix/virtual in virtual_alias_maps and LDAP db together #33

Closed aronpapp closed 3 years ago

aronpapp commented 3 years ago

Classification

Reproducibility

Docker information

docker info
docker images mailserver2/mailserver --digests --filter "dangling=false"

Description

We tried to use the virtual hash table while using LDAP as user-db. The template rootfs/etc/postfix/main.cf contains the line hash:/etc/postfix/virtual at the variable virtual_alias_maps, even so mails sent to the recipient are not delivered.

Steps to reproduce

  1. Use LDAP as backend
  2. Create user postmaster@{{ .DOMAIN }} in the AD, to store letters sent to postmaster
  3. Send email to root@{{ .DOMAIN }}

Expected results

To deliver the letter sent to root@{{ .DOMAIN }} to postmaster@{{ .DOMAIN }}.

$ cat rootfs/etc/postfix/virtual 
root         postmaster@{{ .DOMAIN }}
clamav       postmaster@{{ .DOMAIN }}
postmaster   postmaster@{{ .DOMAIN }}

Actual results

No delivery, mail.log showing:

Recipient address rejected: User unknown in virtual mailbox table;

Debugging information

docker logs mailserver

Configuration (docker-compose.yml, traefik.toml...etc)

services:

  mailserver:
    image: mailserver2/mailserver:${MAILSERVER_DOCKER_TAG}
    restart: ${RESTART_MODE}
    hostname: ${MAILSERVER_HOSTNAME}
    container_name: mailserver2_mailserver
    ports:
      - DBDRIVER=ldap
      - DBHOST=ad
      - LDAP_TLS_ENABLE=true
      - LDAP_TLS_FORCE=true
      - LDAP_BIND_DN= CN=Administrator,CN=Users,DC=example,DC=com
      - LDAP_BIND_PW= ***
      - LDAP_DEFAULT_SEARCH_BASE= DC=example,DC=com
      - LDAP_DOMAIN_FILTER= (&(|(mail=*@%s)(mailAlias=*@%s)(mailGroupMember=*@%s)))
      - LDAP_DOMAIN_ATTRIBUTE= mail
      - LDAP_DOMAIN_FORMAT= %d
      - LDAP_MAILBOX_FILTER= (&(|(mail=%s)(user=%s))(objectClass=user)(!(userAccountControl=514)))
      - LDAP_MAILBOX_ATTRIBUTE= mail
      - LDAP_ALIAS_FILTER= (mailAlias=%u)
      - LDAP_ALIAS_ATTRIBUTE= mail
      - LDAP_SENDER_FILTER= (&(|(mail=%s)(user=%s))(objectClass=user)(!(userAccountControl=514)))
      - LDAP_SENDER_ATTRIBUTE= mail
      - LDAP_SENDER_FORMAT= %s
      - LDAP_DOVECOT_USER_ATTRS= =homeDirectory=home,=uid=1024,=gid=1024,=home=/var/mail/vhosts/%d/%Ln/,=mail=maildir:/var/mail/vhosts/%d/%Ln/mail/
      - LDAP_DOVECOT_USER_FILTER= (&(|(mail=%u)(user=%u))(objectClass=user)(!(userAccountControl=514)))
      - LDAP_DOVECOT_PASS_ATTRS= =uid=1024
      - LDAP_DOVECOT_PASS_FILTER= (&(|(mail=%u)(user=%u))(objectClass=user)(!(userAccountControl=514)))
      - LDAP_GROUP_FILTER= (& (mail=%s) (objectClass=group) )
      - LDAP_GROUP_ATTRIBUTE=
      - LDAP_GROUP_FORMAT= %s
      - LDAP_GROUP_LEAF_ATTRIBUTE= mail
      - LDAP_GROUP_SPEC_ATTRIBUTE= member
    volumes:
      - ${VOLUMES_ROOT_PATH}/mail:/var/mail
      - /etc/letsencrypt:/etc/letsencrypt  
    depends_on:
      - mariadb
      - redis
    networks:
      mail_subnet:
        ipv4_address: 172.16.1.6
    extra_hosts:
        - "archive.example.com:172.16.1.11"

(...)
aronpapp commented 3 years ago

Changing myorigin to $mydomain instead of FQDN in main.cf resolves this, at least for the current config. (background info: the logs showed the destination address postmaster@mail.example.com instead of postmaster@example.com. Btw, thank you for maintaining this image!