Join Log in
Score:1
alini76 avatar Server

LDAP postfix "User doesn't exist"

mo flag
alini76

I have a postfix server, which forwards all the emails to a dovecot server via LMTP. The usersname/groups are kept in a 389-Directory Server (LDAP)

In /etc/postfix/transport I have a few lines like (one per each domain that I host):

mydomain.com                   lmtp:inet:[192.168.50.223]:10025

In /etc/postfix/main.cf I have:

relay_recipient_maps = proxy:ldap:/etc/postfix/ldap-users-389.cf
...
virtual_alias_maps = ldap:/etc/postfix/ldap-groups-389.cf
...
transport_maps = hash:/etc/postfix/transport

In /etc/postfix/ldap-users-389.cf:

server_host = ds
search_base = ou=people,dc=adomaine,dc=tld
version = 3
query_filter = (&(objectClass=nsPerson)(|(mail=%s)(mailAlternateAddress=%s)))
result_attribute = mail
#result_filter = OK
bind = yes
bind_dn = cn=Directory Manager
bind_pw = XXXXXXXXXX

In /etc/postfix/ldap-groups-389.cf:

server_host = ds
search_base = ou=groups,dc=adomain,dc=tld
version = 3
query_filter = (&(objectClass=mailgroup)(|(mail=%s)(mail=%d)))
leaf_result_attribute = mail
special_result_attribute = uniqueMember
bind = yes
bind_dn = cn=Directory Manager
bind_pw = XXXXXXXX

I setup a "people" in LDAP:

dn=cn=myname,ou=people,dc=yellowgnu,dc=net

with the following attributes:

objectClass top
objectClass nsPerson
objectClass nsAccount
objectClass nsOrgPerson
objectClass posixAccount
objectClass mailrecipient
cn  myname
mail    [email protected]
mailAlternateAddress    [email protected]

The error that I see in /var/log/maillog of the postfix server is:

May  7 18:33:54 mx postfix/lmtp[16088]: D29FE60E5173: to=<[email protected]>, relay=192.168.50.223[192.168.50.223]:10025, delay=39, delays=33/0.01/0.01/5.9, dsn=5.1.1, status=bounced (host 192.168.50.223[192.168.50.223] said: 550 5.1.1 <[email protected]> User doesn't exist: [email protected] (in reply to RCPT TO command))

Even in the logs of LDAP I see something like:

[07/May/2023:18:33:34.962281900 +0300] conn=235 op=21 SRCH base="ou=people,dc=adomain,dc=tld" scope=2 filter="(&(objectClass=nsPerson)(|([email protected])(mailAlternateAddress=
[email protected])))" attrs="mail"
[07/May/2023:18:33:36.665394512 +0300] conn=235 op=21 ENTRY dn="cn=myname,ou=people,dc=adomaine,dc=tld"
[07/May/2023:18:33:36.866690132 +0300] conn=235 op=21 RESULT err=0 tag=101 nentries=1 wtime=1.014704138 optime=1.951879611 etime=2.966580180

and, when I ran on the postfix server the following command it results in the actual email address where I expect email to be delivered:

# postmap -q [email protected] ldap:/etc/postfix/ldap-users-389.cf
[email protected]

Thanks !

79
0 + 2
anx avatar
fr flag
anx
your dc= samples are just copypaste mistakes and ldap in reality has just one such nsPerson instance, right? (see [this](https://meta.serverfault.com/questions/963/what-information-should-i-include-or-obfuscate-in-my-posts/6063#6063) for some guidance on consistent obfuscation)
0
Reply
anx avatar
fr flag
anx
How did you setup `relay_domains`?
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.