Kolab policy with alias domains

Stuart Naylor StuartIanNaylor at inbox.com
Tue Sep 2 23:28:03 CEST 2014


I am glad that is solved but thought maybe no-one would mind if I hitched a lift on this one.

On setup kolab I have been changing the default domain prompt from 
mysubdomain.mypublicdomain to mypublicdomain.

The next prompt its the root DN
Because I just changed the domain to mypublicdomain the default prompt is
dc=mypublicdomain which I change to dc=mysubdomain,dc=mypublicdomain.

So I end up with an ldap directory structure that is a subdomain but the email address is my public 
domain address.

It seems to work with no problems but thought I would check with you guys if that would cause 
any further problems.

Also when it comes to aliases then alias domains are important maybe some users might want to 
be able to send and recieve from different email addresses.
Also with aliases such as info@, sales@ it might just be an alias or group alias.

This is just opinion but I have being try to work out what use the current secondary automatically 
created email aliases are for. Even if I delete them before I submit a new user they still end up 
being created.
I have been totally puzzled by them as I can't think of any rationale reason for automatically 
generated email aliases based on user name.

Domain aliases or group aliases yeah I can understand, aliases that the user wants specifically I 
can understand. I have been puzzled and if someone can forward a rationale usage I would be 
interested as I say they have puzzled me.

Stuart.   

On Tuesday 02 September 2014 17:07:25 Sebastian Walter wrote:
> Thank you for the ldapsearch command example. The search results
> delivered the expected results (yes, the alias mail address was in
> alias, not mailAlternateAddress ).
> 
> And - your second hint solved my problem! The culprit was indeed the
> policy_result cache.
> 
> What I obviously did was trying to send from the alias address before it
> was registered in the "secondary email" field of the user. That way, it
> ended up in the policy_result cache with a value of "0" (not allowed).
> So, even after setting up the address as a valid secondary email, the
> submission of the mail was rejected.
> 
> Emptying the policy_result cache worked! Now everything is running as
> expected...
> 
> Many thanks!
> 
> Sebastian
> 
> On 09/02/14 16:22, Daniel Hoffend wrote:
> > Okay. just to compare
> > 
> > This is your full submission_sender_restrictions right?
> > submission_sender_restrictions = reject_non_fqdn_sender,
> > check_policy_service unix:private/submission_policy,
> > permit_sasl_authenticated, reject
> > One more question:
> > is your mail address configured as "alias" or "mailAlternateAdress"
> > the later one is only to add external mail addresses. Only mail and alias
> > should be used for internal mail addresses that the user is allowed to
> > use.
> > 
> > I get the same error message when my Kolab Account and the mail
> > addresses are not configured properly! (use mail+alias not external)
> > Please check your LDAP entry using the following command:
> > 
> > ldapsearch -xW -b "dc=dotlan,dc=info" -D "cn=Directory Manager"
> > "mail=daniel.hoffend at dotlan.info" mail alias mailAlternateAddress
> > # doe, People, example.org
> > dn: uid=doe,ou=People,dc=exampe,dc=org
> > mail: john.doe at example.org
> > alias: john at example.org
> > alias: mail at myexample.org
> > mailAlternateAddress: john.doe at gmail.com
> > 
> > 
> > Results:
> > * sending with john.doe at example.org -> OK
> > * sending with john at example.org -> OK
> > * sending with mail at myexample.org -> OK
> > * sending with john.doe at gmail.com -> REJECT: Could not find envelope
> > sender user ...
> > 
> > I hope this makes it clear.
> > 
> > One more thing regaring the policies:
> > You might want to reset your policy_result cache (once you fixed your
> > account) otherwise it can get wrong results;
> > 
> > mysql -u root -p -D kolab -e "TRUNCATE TABLE policy_result";
> > 
> > 
> > 
> > regards
> > Daniel
> > 
> > ------ Originalnachricht ------
> > Von: "Sebastian Walter" <mail at swalter-it.com>
> > An: "Daniel Hoffend" <dh at dotlan.net>; users at lists.kolab.org
> > Gesendet: 02.09.2014 14:33:16
> > Betreff: Re: Kolab policy with alias domains
> > 
> >> Hi Daniel,
> >> 
> >> Thanks for helping me on this. Here are the answers to your questions.
> >> 
> >> On 09/02/14 14:00, Daniel Hoffend wrote:
> >>>  From what I understand:
> >>>  * The user's primary_mail is withing the primary_domain of this
> >>>  instance (user at example.org)
> >>>  * You can send and authenticate via your primary mail yes?
> >>>  * You can't send emails when choosing an alias from myexample.org as
> >>>  from address
> >> 
> >> Yes this is all true.
> >> 
> >>>  Here are my questions:
> >>>  * Do you have this problem when using roundcube or only when using a
> >>>  external mail client
> >> 
> >> I tried it using an external imap mail client (Thunderbird), roundcube
> >> would be the next step in my opinion.
> >> 
> >>>  * are you authenticating your primary_mail when trying to send from an
> >>>  alias (which should be the right/best way)
> >> 
> >> yes, authenticating as joe at example.org but setting an email address as
> >> mail at myexample.org (virtual example).
> >> 
> >>>  * Most important: Are you using SMTP Port 587 (submission) for sending
> >>>  or do you try sending emails via Port 25?
> >> 
> >> yes I'm using port 587 (STARTTLS). Here are the relevant lines from
> >> /var/log/maillog:
> >> 
> >> Sep 2 13:23:47 <host> postfix/submission/smtpd[17059]: connect from
> >> <clienthost>[xx.xx.xx.xx]
> >> Sep 2 13:23:48 <host> postfix/submission/smtpd[17059]: 6720AE0882:
> >> client=<clienthost>[xx.xx.xx.xx], sasl_method=PLAIN,
> >> sasl_username=joe at example.org
> >> Sep 2 13:23:48 <host> postfix/submission/smtpd[17059]: 6720AE0882:
> >> reject: DATA from <clienthost>[xx.xx.xx.xx]: 554 5.7.1 <DATA>: Data
> >> command rejected: Could not find envelope sender user
> >> mail at myexample.org; from=<mail at myexample.org>
> >> to=<receiver at virtual-example.org> proto=ESMTP helo=<[xx.xx.xx.xx]>
> >> 
> >> The mails get accepted if I change "submission_data_restrictions = " to
> >> an empty string in postfix' main.cf.
> >> 
> >> Many regards,
> >> Sebastian

____________________________________________________________
Can't remember your password? Do you need a strong and secure password?
Use Password manager! It stores your passwords & protects your account.
Check it out at http://mysecurelogon.com/manager
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kolab.org/pipermail/users/attachments/20140902/14d798ea/attachment-0001.html>


More information about the users mailing list