Samba4 group email address lookup postfix/dovecot

0

I have samba4 ad dc setup with my users and groups working fine loginwise. I have installed a postfix/dovecot mailserver on my dc, which is working fine with single user mail addresses, sending and receiving also. But when I try to receive mail for a group of users then I get a mail undeliverable, user not found error. Just to clearify, I do not want to send mail as a group, just receive one mail to multiple accounts.

I am using sAMAccountname attribute for the user lookup, so I can understand the user not found error.

I also understand that the ldap query against the samba4 ad should return all the email addresses that should receive the mail, because there is no further processing of the query results.

The question is, is there a way to achieve this in samba4 ad? Is there an attribute that I can add to the group cn which will not break the ad schema, but can contain all the email addresses for the group?

Or am I looking at the subject he other way around, and I should add the multiple e-mail addresses to the users own cn? (Which I have found on google, but think that is not the correct way of doing this, and I do not think samba even supports this)

===============================postfix main.cf===========================
smtpd_banner = mail.virtualdomain.xx ESMTP
biff = no
append_dot_mydomain = no
delay_warning_time = 4h
readme_directory = no
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail.myhostname.yy
myorigin = /etc/mailname
mydestination = $myorigin,localhost,localhost.$mydomain
relayhost =
mynetworks = 127.0.0.0/8
dovecot_destination_recipient_limit = 1
mailbox_command = /usr/lib/deliver
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
broken_sasl_auth_clients = yes
smtpd_tls_auth_only = no
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
home_mailbox = Maildir/
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_invalid_hostname
reject_non_fqdn_hostname
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unauth_destination
reject_unauth_pipelining
reject_invalid_hostname
reject_unknown_sender_domain
reject_rbl_client list.dsbl.org
reject_rbl_client cbl.abuseat.org
reject_rhsbl_sender dsn.fc-ignorant.org

smtpd_data_restrictions =
reject_unauth_pipelining,
reject_multi_recipient_bounce,
permit

smtpd_helo_required = yes

transport_maps

maildrop_destination_concurrency_limit = 2
maildrop_destination_recipient_limit = 1
gnarwl_destination_concurrency_limit = 1
gnarwl_destination_recipient_limit = 1
transport_maps = hash:/etc/postfix/transport

virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf
virtual_mailbox_domains = domain1.xx domain2.xx domain3.xx domain4.xx domain5.xx
virtual_transport = lmtp:unix:private/dovecot-lmtp
virtual_mailbox_maps = ldap:/etc/postfix/ldap-aliases.cf
dovecot_destination_recipient_limit = 1
virtual_uid_maps = static:1002
virtual_gid_maps = static:1002
content_filter = smtp-amavis:[127.0.0.1]:10024

local_recipient_maps = $alias_maps

recipient_bcc_maps = ldap:/etc/postfix/ldap-vacation.cf

================== postfix main.cf end ==============================

====================ldap-aliases.cf==================================
server_host = localhost
search_base = cn=Users,dc=domain5,dc=xx
query_filter = (mail=%s)
result_attribute = sAMAccountName
result_format = %s@domain5.xx
bind = yes
bind_dn = mydn
bind_pw = mypasswd
start_tls = no
version = 3
====================ldap-aliases.cf end==============================

thanks for the help
tom

tom

Posted 2015-06-15T13:13:15.083

Reputation: 25

Answers

0

On Samba4 side:

  1. Create a distribution group
  2. Set the group's email address as required
  3. Add users as members

On Postfix side:

Look at: http://www.postfix.org/LDAP_README.html

there is an example about expanding LDAP groups

Silvio Massina

Posted 2015-06-15T13:13:15.083

Reputation: 434

Yeah, thats the way! But if you are trying to use the aduc from windows, then there aren't to many common attributes in the user and group containers. Actually none, if I remember well. So the actual solution for me was to use a separate ldap editor (ldapadmin) and add the usernames to the url attribute of the groups and users also, because this attribute is a multi value attribute. Then just changed the postfix ldap-aliases.cf, so the result attribute is not sAMAccountname, but url, and everything is working fine. – tom – 2015-06-17T11:44:43.630

Did you try adding a new group (with ADUC) and choosing Distribution Group as type during the creation? Then if you edit the properties you'll thind that it can have an email address – Silvio Massina – 2015-06-17T12:01:57.757

Yes, I have tried that, but in my setup the email adresses are not equal to the login names. With the solution I mentioned above there is no correlation between the user login name and the email address. So for example today I can have the callcenter@ address, and if something changes all that needs to be done is to change (or add) another login name and voila. – tom – 2015-06-18T14:34:35.530

Asked: 2015-06-15T13:13:15.083

Viewed: 1 512 times

Active: 2015-06-17T12:03:11.443