Kolab policy with alias domains

Sebastian Walter mail at swalter-it.com
Tue Sep 2 17:07:25 CEST 2014


Thank you for the ldapsearch command example. The search results
delivered the expected results (yes, the alias mail address was in
alias, not mailAlternateAddress ).

And - your second hint solved my problem! The culprit was indeed the
policy_result cache.

What I obviously did was trying to send from the alias address before it
was registered in the "secondary email" field of the user. That way, it
ended up in the policy_result cache with a value of "0" (not allowed).
So, even after setting up the address as a valid secondary email, the
submission of the mail was rejected.

Emptying the policy_result cache worked! Now everything is running as
expected...

Many thanks!

Sebastian

On 09/02/14 16:22, Daniel Hoffend wrote:
> Okay. just to compare
>
> This is your full submission_sender_restrictions right?
> submission_sender_restrictions = reject_non_fqdn_sender,
> check_policy_service unix:private/submission_policy,
> permit_sasl_authenticated, reject
> One more question:
> is your mail address configured as "alias" or "mailAlternateAdress"
> the later one is only to add external mail addresses. Only mail and alias
> should be used for internal mail addresses that the user is allowed to
> use.
>
> I get the same error message when my Kolab Account and the mail
> addresses are not configured properly! (use mail+alias not external)
> Please check your LDAP entry using the following command:
>
> ldapsearch -xW -b "dc=dotlan,dc=info" -D "cn=Directory Manager"
> "mail=daniel.hoffend at dotlan.info" mail alias mailAlternateAddress
> # doe, People, example.org
> dn: uid=doe,ou=People,dc=exampe,dc=org
> mail: john.doe at example.org
> alias: john at example.org
> alias: mail at myexample.org
> mailAlternateAddress: john.doe at gmail.com
>
>
> Results:
> * sending with john.doe at example.org -> OK
> * sending with john at example.org -> OK
> * sending with mail at myexample.org -> OK
> * sending with john.doe at gmail.com -> REJECT: Could not find envelope
> sender user ...
>
> I hope this makes it clear.
>
> One more thing regaring the policies:
> You might want to reset your policy_result cache (once you fixed your
> account) otherwise it can get wrong results;
>
> mysql -u root -p -D kolab -e "TRUNCATE TABLE policy_result";
>
>
>
> regards
> Daniel
>
> ------ Originalnachricht ------
> Von: "Sebastian Walter" <mail at swalter-it.com>
> An: "Daniel Hoffend" <dh at dotlan.net>; users at lists.kolab.org
> Gesendet: 02.09.2014 14:33:16
> Betreff: Re: Kolab policy with alias domains
>
>> Hi Daniel,
>>
>> Thanks for helping me on this. Here are the answers to your questions.
>>
>> On 09/02/14 14:00, Daniel Hoffend wrote:
>>>  From what I understand:
>>>  * The user's primary_mail is withing the primary_domain of this
>>>  instance (user at example.org)
>>>  * You can send and authenticate via your primary mail yes?
>>>  * You can't send emails when choosing an alias from myexample.org as
>>>  from address
>>
>> Yes this is all true.
>>
>>>  Here are my questions:
>>>  * Do you have this problem when using roundcube or only when using a
>>>  external mail client
>>
>> I tried it using an external imap mail client (Thunderbird), roundcube
>> would be the next step in my opinion.
>>
>>>  * are you authenticating your primary_mail when trying to send from an
>>>  alias (which should be the right/best way)
>>
>> yes, authenticating as joe at example.org but setting an email address as
>> mail at myexample.org (virtual example).
>>
>>>  * Most important: Are you using SMTP Port 587 (submission) for sending
>>>  or do you try sending emails via Port 25?
>>
>> yes I'm using port 587 (STARTTLS). Here are the relevant lines from
>> /var/log/maillog:
>>
>> Sep 2 13:23:47 <host> postfix/submission/smtpd[17059]: connect from
>> <clienthost>[xx.xx.xx.xx]
>> Sep 2 13:23:48 <host> postfix/submission/smtpd[17059]: 6720AE0882:
>> client=<clienthost>[xx.xx.xx.xx], sasl_method=PLAIN,
>> sasl_username=joe at example.org
>> Sep 2 13:23:48 <host> postfix/submission/smtpd[17059]: 6720AE0882:
>> reject: DATA from <clienthost>[xx.xx.xx.xx]: 554 5.7.1 <DATA>: Data
>> command rejected: Could not find envelope sender user
>> mail at myexample.org; from=<mail at myexample.org>
>> to=<receiver at virtual-example.org> proto=ESMTP helo=<[xx.xx.xx.xx]>
>>
>> The mails get accepted if I change "submission_data_restrictions = " to
>> an empty string in postfix' main.cf.
>>
>> Many regards,
>> Sebastian
>> _______________________________________________
>> users mailing list
>> users at lists.kolab.org
>> https://lists.kolab.org/mailman/listinfo/users


More information about the users mailing list