Domain aliases

Tobias Oed tobias.oed at octant-fr.com
Wed Mar 5 14:03:41 CET 2008 

Bo Thorsen wrote:
> Hi guys,
> 
> It's been a while, but I'm back on the list :)
> 
> We just switched from a standard postfix/cyrus combo to a kolab 2.2 rc1 
> server, and I have a few questions about it.
> 
> The most pressing is about domain aliases. We have about 20 domains for the 
> company: thorsen-consulting.(dk,eu,com), t16g.dk and more. All are just 
> aliases for the same domain.
> 
> Adding each of these to all users would be a serious PITA, so I'm hoping there 
> is some quicker way of doing this, but I can't find it. I have googled and 
> read wiki pages, and I keep coming back to the same wiki statement 
> saying "Kolab >= 2.1 can handle multiple domains". This is true, it's just 
> not the sort I want.
> 
> I hope you can direct me to the correct answer.
> 
> Bo.
> 

I did something like this where a bunch of domains are equivalent to a *single*
master domain (masterdomain.com) with kolab 2.1. I had to modify some stuff though:
In templates/main.cf:

-mydestination = @@@postfix-mydestination|join( )@@@
+mydestination = @@@postfix-mydestination|join( )@@@,
+                hash:/kolab/etc/postfix/equivdomain

  virtual_maps =  hash:/kolab/etc/postfix/virtual,
         ldap:/kolab/etc/postfix/ldapdistlist.cf,
-       ldap:/kolab/etc/postfix/ldapvirtual.cf
+       ldap:/kolab/etc/postfix/ldapvirtual.cf,
+       ldap:/kolab/etc/postfix/ldapequivdomain.cf


where /kolab/etc/postfix/equivdomain has the equivalent domains

# Liste des domaines equivalents a masterdomain.com
otherdomain.com      dummy
somethingelse.net     dummy


and /kolab/etc/postfix/ldapequivdomain.cf is

# (c) 2005 Steffen Hansen <steffen at klaralvdalens-datakonsult.se> (Klaralvdalens Datakonsult AB)
#
# This program is Free Software under the GNU General Public License (>=v2).
# Read the file COPYING that comes with this packages for details.

#
# LDAP equivalent domain support for postfix
#

server_host = ldap://127.0.0.1:389
search_base = dc=bonneterie,dc=com
domain = hash:/kolab/etc/postfix/equivdomain
query_filter = (&(!(kolabDeleteFlag=*))(|(mail=%u@*)(alias=%u)))
#query_filter = (&(!(kolabDeleteFlag=*))(uid=%u))
result_attribute = mail
result_filter = %s
search_timeout = 15
scope = sub
bind = yes
bind_dn = cn=nobody,cn=internal,dc=bonneterie,dc=com
bind_pw = AiTwZ8n/BJaDdD5IC4ovwJCHPMQNpsy/hpyXBEa5
version = 3
#debuglevel = 255


Further I had to patch kolab_smtpdpolicy (not sure which parts are relevant here, sorry)

--- kolab_smtpdpolicy   2007-12-05 10:25:02.000000000 +0100
+++ kolab_smtpdpolicy.2007-12-01-to     2007-12-01 21:46:03.000000000 +0100
@@ -208,11 +208,10 @@
    my $sender = shift;
    my $tries = 0;
    my @result;
-  my ($user,$domain) = ($sender =~ m/(.*)@(.*)/);
   AGAIN:
    my $mesg = $ldap->search( base=> $conf_basedn,
                             scope=> 'sub',
-                           filter=> "(&(objectClass=kolabinetorgperson)(|(mail=$user@*)(alias=$sender)(alias=$user@*)))",
+                           filter=> "(&(objectClass=kolabinetorgperson)(|(mail=$sender)(alias=$sender)))",
                             attrs => [ 'uid', 'kolabDelegate' ]);
    if( !$mesg->code && $mesg->count() > 0 ) {
      mylog($syslog_priority, "LDAP search returned ".$mesg->count()." objects") if $verbose;
@@ -241,11 +240,10 @@
    my $username = shift;
    my $recipient = shift;
    my $tries = 0;
-  my ($list,$domain) = ($recipient =~ m/(.*)@(.*)/);
   AGAIN:
    if( !$username ) {
      my $mesg = $ldap->search( base=> "cn=internal,".$conf_basedn,
-                          scope=> 'one', filter=> "(&(mail=$list@*)(objectClass=kolabgroupofnames))");
+                          scope=> 'one', filter=> "(&(mail=$recipient)(objectClass=kolabgroupofnames))");
      if( !$mesg->code && $mesg->count() > 0 ) {
        # Ups, recipient is a restricted list, reject
        mylog( $syslog_priority, "Attempt from $username to access restricted list $recipient" ) if $verbose;
@@ -296,10 +294,8 @@
        mylog($syslog_priority, "$username using $sender is OK, accepting") if $verbose;
        return "DUNNO";
      } else {
-      #mylog($syslog_priority, "$username trying to use $sender is NOT OK, rejecting") if $verbose;
-      #return "REJECT Invalid sender";
-      mylog($syslog_priority, "$username using $sender is OK, accepting") if $verbose;
-      return "DUNNO";
+      mylog($syslog_priority, "$username trying to use $sender is NOT OK, rejecting") if $verbose;
+      return "REJECT Invalid sender";
      }
    } else {
      # OK, here things get fishy! The above check

Hope this helps
Tobias

-- 
*Tobias Oed* - Octant Informatique <http://www.octant-fr.com>
contact | tobias.oed at octant-fr.com <mailto:tobias.oed at octant-fr.com> -
04 76 50 82 38
image

More information about the users mailing list