Kolab policy with alias domains

Tue Sep 2 16:22:48 CEST 2014

Okay. just to compare

This is your full submission_sender_restrictions right?
submission_sender_restrictions = reject_non_fqdn_sender, 
check_policy_service unix:private/submission_policy, 
permit_sasl_authenticated, reject
One more question:
is your mail address configured as "alias" or "mailAlternateAdress"
the later one is only to add external mail addresses. Only mail and 
alias
should be used for internal mail addresses that the user is allowed to 
use.

I get the same error message when my Kolab Account and the mail 
addresses are not configured properly! (use mail+alias not external)
Please check your LDAP entry using the following command:

ldapsearch -xW -b "dc=dotlan,dc=info" -D "cn=Directory Manager" 
"mail=daniel.hoffend at dotlan.info" mail alias mailAlternateAddress
# doe, People, example.org
dn: uid=doe,ou=People,dc=exampe,dc=org
mail: john.doe at example.org
alias: john at example.org
alias: mail at myexample.org
mailAlternateAddress: john.doe at gmail.com

Results:
* sending with john.doe at example.org -> OK
* sending with john at example.org -> OK
* sending with mail at myexample.org -> OK
* sending with john.doe at gmail.com -> REJECT: Could not find envelope 
sender user ...

I hope this makes it clear.

One more thing regaring the policies:
You might want to reset your policy_result cache (once you fixed your 
account) otherwise it can get wrong results;

mysql -u root -p -D kolab -e "TRUNCATE TABLE policy_result";

regards
Daniel

------ Originalnachricht ------
Von: "Sebastian Walter" <mail at swalter-it.com>
An: "Daniel Hoffend" <dh at dotlan.net>; users at lists.kolab.org
Gesendet: 02.09.2014 14:33:16
Betreff: Re: Kolab policy with alias domains

>Hi Daniel,
>
>Thanks for helping me on this. Here are the answers to your questions.
>
>On 09/02/14 14:00, Daniel Hoffend wrote:
>>  From what I understand:
>>  * The user's primary_mail is withing the primary_domain of this
>>  instance (user at example.org)
>>  * You can send and authenticate via your primary mail yes?
>>  * You can't send emails when choosing an alias from myexample.org as
>>  from address
>
>Yes this is all true.
>
>>  Here are my questions:
>>  * Do you have this problem when using roundcube or only when using a
>>  external mail client
>
>I tried it using an external imap mail client (Thunderbird), roundcube
>would be the next step in my opinion.
>
>>  * are you authenticating your primary_mail when trying to send from 
>>an
>>  alias (which should be the right/best way)
>
>yes, authenticating as joe at example.org but setting an email address as
>mail at myexample.org (virtual example).
>
>>  * Most important: Are you using SMTP Port 587 (submission) for 
>>sending
>>  or do you try sending emails via Port 25?
>
>yes I'm using port 587 (STARTTLS). Here are the relevant lines from
>/var/log/maillog:
>
>Sep 2 13:23:47 <host> postfix/submission/smtpd[17059]: connect from
><clienthost>[xx.xx.xx.xx]
>Sep 2 13:23:48 <host> postfix/submission/smtpd[17059]: 6720AE0882:
>client=<clienthost>[xx.xx.xx.xx], sasl_method=PLAIN,
>sasl_username=joe at example.org
>Sep 2 13:23:48 <host> postfix/submission/smtpd[17059]: 6720AE0882:
>reject: DATA from <clienthost>[xx.xx.xx.xx]: 554 5.7.1 <DATA>: Data
>command rejected: Could not find envelope sender user
>mail at myexample.org; from=<mail at myexample.org>
>to=<receiver at virtual-example.org> proto=ESMTP helo=<[xx.xx.xx.xx]>
>
>The mails get accepted if I change "submission_data_restrictions = " to
>an empty string in postfix' main.cf.
>
>Many regards,
>Sebastian
>_______________________________________________
>users mailing list
>users at lists.kolab.org
>https://lists.kolab.org/mailman/listinfo/users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5714 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/users/attachments/20140902/18dd7fad/attachment.bin>