Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent
    Statement regarding the closure of the Kopano community forum and the end of the community edition

    Postfix and Dynamic Groups

    Kopano Groupware Core
    3
    6
    2293
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • robertwbrandt
      robertwbrandt last edited by

      I’m having a problem sending to Dynamic groups through Postfix.

      I can list the groups fine using kopano-admin
      I can send fine if I use WebApp or Z-Push, but not if I use a SMTP client…

      It appears the difference is that in WebApp and Z-Push the group membership is resolved before it is sent to Postfix. Where as if I use a SMTP client, Postfix accepts the mail, but it gets stuck with the following errors:

      Aug 15 10:53:11 postfixserver postfix/lmtp[22557]: 0D10E8019090: to=<dynamic-group@domain.name>, relay=127.0.0.1[127.0.0.1]:2003, delay=0.08, delays=0.01/0/0.06/0, dsn=4.2.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 450 4.2.0 dynamic-group@domain.name Mailbox temporarily unavailable (in reply to end of DATA command))
Aug 15 11:01:52 postfixserver postfix/lmtp[21720]: 0D10E8019090: to=<dynamic-group@domain.name>, relay=127.0.0.1[127.0.0.1]:2003, delay=522, delays=522/0/0.06/0.01, dsn=4.2.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 450 4.2.0 dynamic-group@domain.name Mailbox temporarily unavailable (in reply to end of DATA command))
Aug 15 11:11:52 postfixserver postfix/lmtp[21735]: 0D10E8019090: to=<dynamic-group@domain.name>, relay=127.0.0.1[127.0.0.1]:2003, delay=1121, delays=1121/0/0.05/0, dsn=4.2.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 450 4.2.0 dynamic-group@domain.name Mailbox temporarily unavailable (in reply to end of DATA command))

      Is this by design? Is it possible to use Dynamic Groups with Postfix?

      Thanks
      Bob

      1 Reply Last reply Reply Quote 0
      • robertwbrandt
        robertwbrandt last edited by

        Sorry, I should have mentioned that I’m using Active Directory as my backend.
        I did find this article, but that seems specific to OpenLDAP…

        1 Reply Last reply Reply Quote 0
        • thctlo
          thctlo last edited by

          i suggest start reading here https://documentation.kopano.io/kopanocore_administrator_manual/configure_kc_components.html#configure-kc-active-directory-integration

          first set to something like :
          virtual_mailbox_maps = ldap:/etc/postfix/kopano-ads-users-aliases.cf

          my filter :
          scope = sub
          query_filter = (&(objectClass=person)(kopanoAccount=1)(|(mail=%s)(otherMailbox=%s)))
          result_attribute = mail

          virtual_alias_maps = /etc/postfix/kopano-ads-groups-aliases.cf
          query_filter = (&(objectclass=group)(zarafaAccount=1)(|(mail=%s)(otherMailbox=%s)))
          leaf_result_attribute = mail
          special_result_attribute = member

          and test with :
          postmap -q Your_Group@domain.tld ldap:/etc/postfix/kopano-ads-groups-aliases.cf

          1 Reply Last reply Reply Quote 0
          • robertwbrandt
            robertwbrandt last edited by

            Thanks!

            I did look at that and my setup seems fine from the Kopano side of things, the problem is the Postfix and specifically Postfix when used with Dynamic Groups.

            Postfix with users, groups, and aliases works perfectly fine. (All of which is covered in the document you mentioned) but Dynamic Groups with respect to Postfix are not.)
            When you look at a Dynamic Group object, you can see from the objectclass that is is not a person, it is not a group and the only attributes it has if a filter string.

            Bob

            1 Reply Last reply Reply Quote 0
            • emttom
              emttom last edited by

              Hi robert,
              you got kopano working with AD and dynamicGroups?
              Maybe you can help me with my issue.
              “No dynamicGroups and addresslists with samba AD”
              We are using Samba4 AD controller

              1 Reply Last reply Reply Quote 0
              • emttom
                emttom last edited by emttom

                Hi Bob,
                im playing with kopano and AD LDAP since many days now.
                Yes you are right the kopanoDynamicGroups and kopanoAddressLists are handled by kopano internally befor any postfix aktivities.
                But you can play with additional virtual_alias_maps as i did.

                The special_result_attribut is used for recursion, but it must be a DN or LDAP URL.
                The kopanoFilter Attribute used by kopano is only a query fragment, and can not directly be used with special_result_attribut :-(

                Assuming our kopanoDynamicGroup named grp-London has a kopanoFilter like this with email grp-london@<your-domain>

                (physicalDeliveryOfficeName=London)

                we expect something like this as URL result to use with special_result_attribut

                ldap://<your-server-ip>:389/ou=users,dc=<your>,dc=<domain>?mail?sub?(physicalDeliveryOfficeName=London)

                unfortunately we can not use URI with kopanoFilter :-(

                My Workaround:
                When using the dangerous ADSI-Editor you can change the attribute url of your kopanoDynamicGroup to use as our LDAP URI

                And here is what we use in virtual_alias_maps
                Our testfile ldap-kopano-dynGroup.cf

                server_host = ldap://<your-server-ip>
server_port = 389
search_base = dc=<your>,dc=<domain>
version = 3

bind = yes
bind_dn =  <your-bind-dn>
bind_pw =  <your-bind-password>

query_filter = (&(objectclass=kopanoDynamicGroup)(kopanoAccount=1)(|(mail=%s)(otherMailbox=%s)))
result_attribute = sn
leaf_result_attribute = mail
special_result_attribute = url

                running the command
                postmap -v -q grp-london@<your-domain> /etc/postfix/ldap-kopano-dynGroup.cf

                should now show the ldap queries and results we expect from within postfix.

                Simply copy ldap-kopano-dynGroup.cf to ldap-kopano-addrList.cf and change the objectClass to kopanoAddrList to get the same for Addresslists.
                You can also combine the query_filter to match both

                Have fun
                Tom
                PS: as far as i know, there is no option to rewrite the results of special_result_attribute to prepend a string to kopanoFilter with something like result_format = ldap:// … … … %s

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post