Postfix and Dynamic Groups
I’m having a problem sending to Dynamic groups through Postfix.
I can list the groups fine using kopano-admin
I can send fine if I use WebApp or Z-Push, but not if I use a SMTP client…
It appears the difference is that in WebApp and Z-Push the group membership is resolved before it is sent to Postfix. Where as if I use a SMTP client, Postfix accepts the mail, but it gets stuck with the following errors:
Aug 15 10:53:11 postfixserver postfix/lmtp: 0D10E8019090: to=<email@example.com>, relay=127.0.0.1[127.0.0.1]:2003, delay=0.08, delays=0.01/0/0.06/0, dsn=4.2.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 450 4.2.0 firstname.lastname@example.org Mailbox temporarily unavailable (in reply to end of DATA command)) Aug 15 11:01:52 postfixserver postfix/lmtp: 0D10E8019090: to=<email@example.com>, relay=127.0.0.1[127.0.0.1]:2003, delay=522, delays=522/0/0.06/0.01, dsn=4.2.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 450 4.2.0 firstname.lastname@example.org Mailbox temporarily unavailable (in reply to end of DATA command)) Aug 15 11:11:52 postfixserver postfix/lmtp: 0D10E8019090: to=<email@example.com>, relay=127.0.0.1[127.0.0.1]:2003, delay=1121, delays=1121/0/0.05/0, dsn=4.2.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 450 4.2.0 firstname.lastname@example.org Mailbox temporarily unavailable (in reply to end of DATA command))
Is this by design? Is it possible to use Dynamic Groups with Postfix?
Sorry, I should have mentioned that I’m using Active Directory as my backend.
I did find this article, but that seems specific to OpenLDAP…
thctlo last edited by
first set to something like :
virtual_mailbox_maps = ldap:/etc/postfix/kopano-ads-users-aliases.cf
my filter :
scope = sub
query_filter = (&(objectClass=person)(kopanoAccount=1)(|(mail=%s)(otherMailbox=%s)))
result_attribute = mail
virtual_alias_maps = /etc/postfix/kopano-ads-groups-aliases.cf
query_filter = (&(objectclass=group)(zarafaAccount=1)(|(mail=%s)(otherMailbox=%s)))
leaf_result_attribute = mail
special_result_attribute = member
and test with :
postmap -q Your_Group@domain.tld ldap:/etc/postfix/kopano-ads-groups-aliases.cf
I did look at that and my setup seems fine from the Kopano side of things, the problem is the Postfix and specifically Postfix when used with Dynamic Groups.
Postfix with users, groups, and aliases works perfectly fine. (All of which is covered in the document you mentioned) but Dynamic Groups with respect to Postfix are not.)
When you look at a Dynamic Group object, you can see from the objectclass that is is not a person, it is not a group and the only attributes it has if a filter string.
emttom last edited by
you got kopano working with AD and dynamicGroups?
Maybe you can help me with my issue.
“No dynamicGroups and addresslists with samba AD”
We are using Samba4 AD controller
emttom last edited by emttom
im playing with kopano and AD LDAP since many days now.
Yes you are right the kopanoDynamicGroups and kopanoAddressLists are handled by kopano internally befor any postfix aktivities.
But you can play with additional virtual_alias_maps as i did.
The special_result_attribut is used for recursion, but it must be a DN or LDAP URL.
The kopanoFilter Attribute used by kopano is only a query fragment, and can not directly be used with special_result_attribut :-(
Assuming our kopanoDynamicGroup named grp-London has a kopanoFilter like this with email grp-london@<your-domain>
we expect something like this as URL result to use with special_result_attribut
unfortunately we can not use URI with kopanoFilter :-(
When using the dangerous ADSI-Editor you can change the attribute url of your kopanoDynamicGroup to use as our LDAP URI
And here is what we use in virtual_alias_maps
Our testfile ldap-kopano-dynGroup.cf
server_host = ldap://<your-server-ip> server_port = 389 search_base = dc=<your>,dc=<domain> version = 3 bind = yes bind_dn = <your-bind-dn> bind_pw = <your-bind-password> query_filter = (&(objectclass=kopanoDynamicGroup)(kopanoAccount=1)(|(mail=%s)(otherMailbox=%s))) result_attribute = sn leaf_result_attribute = mail special_result_attribute = url
running the command
postmap -v -q grp-london@<your-domain> /etc/postfix/ldap-kopano-dynGroup.cf
should now show the ldap queries and results we expect from within postfix.
PS: as far as i know, there is no option to rewrite the results of special_result_attribute to prepend a string to kopanoFilter with something like result_format = ldap:// … … … %s