[Sysadmins] all-rwNdu3Xx/YEdnm+yROfE0A на public.gmane.org & LDAP

Вадим Илларионов =?iso-8859-1?q?master_=CE=C1_nstel=2Eru?=
Пт Июл 4 12:09:11 MSD 2008 

Eugene Ostapets wrote:

> 2008/7/3 Вадим Илларионов <master nstel.ru>:
>> В каталоге LDAP есть специальный пользователь all, в атрибуте mailDrop
>> которого перечислены все пользователи домена.
>> Ожидалось, что отправка письма на адрес all на domain.org приведёт к
>> доставке этого письма всем пользователям домена.
> Кем ожидалось, что было для этого сделано?

Мною. :) См. конфиги ниже.

>> У кого-нибудь работает такое? Не кинете конфигами-лдифами?
> Работает, конечно, но при чем тут ldif? Серверу каталога фиолетово что
> там в нем хранится. Показывайте конфиги почтовика...

Вот оне:

# egrep -v "^#|^$" /etc/postfix/ldap-aliases.cf
version = 3
server_host = ldap://localhost
domain = nstel.ru
bind = no
search_base = ou=Users,dc=nstel,dc=ru
query_filter = uid=%u
result_attribute = mail

# egrep -v "^#|^$" /etc/postfix/main.cf
address_verify_map = btree:/var/spool/postfix/saved/verify
address_verify_negative_expire_time = 3d
address_verify_negative_refresh_time = 1h
address_verify_positive_refresh_time = 28d
alias_maps = hash:$config_directory/aliases, ldap
$config_directory/ldap-aliases.cf
allow_mail_to_commands = alias,forward,include
body_checks = regexp:$config_directory/body_checks
command_directory = /usr/sbin
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb
$daemon_directory/$process_name $process_id &; sleep 5
default_privs = mail
default_transport = smtp
disable_vrfy_command = yes
inet_interfaces = all
local_recipient_maps = $alias_maps
mail_owner = postfix
mailbox_command = /usr/bin/procmail -a $DOMAIN -d $LOGNAME
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 10485760
mydestination = localhost, $myhostname, localhost.$mydomain,
$config_directory/mydestination
mydomain = nstel.ru
myhostname = domain.office.$mydomain
mynetworks = $config_directory/mynetworks
mynetworks_style = subnet
myorigin = $myhostname
newaliases_path = /usr/bin/newaliases
notify_classes = policy,protocol,resource,software
queue_directory = /var/spool/postfix
readme_directory = $config_directory/README_FILES
relayhost = mail.$mydomain
relay_recipient_maps = $transport_maps
sample_directory = $config_directory/samples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated,
regexp:$config_directory/reject_dsl
smtpd_delay_reject=yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated,
reject_invalid_hostname
smtpd_recipient_restrictions = reject_unknown_recipient_domain,
permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination,
        check_sender_access hash:$config_directory/no_verify_sender,
reject_unverified_sender,
        reject_rbl_client blackholes.easynet.nl,
        reject_rbl_client blackholes.mail-abuse.org,
        reject_rbl_client blackholes.wirehub.net,
        reject_rbl_client cbl.abuseat.org,
        reject_rbl_client combined.njabl.org,
        reject_rbl_client dialups.mail-abuse.org,
        reject_rbl_client dul.ru,
        reject_rbl_client dul.dnsbl.sorbs.net,
        reject_rbl_client dynablock.wirehub.net,
        reject_rbl_client list.dsbl.org,
        reject_rbl_client multihop.dsbl.org,
        reject_rbl_client opm.blitzed.org,
        reject_rbl_client proxies.blackholes.wirehub.net,
        reject_rbl_client relays.ordb.org,
        permit
smtpd_sasl_type = cyrus
smtpd_sasl_application_name = smtpd
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtp_sasl_auth_enable = yes
smtpd_sasl_auth_enable = yes
broken_sasl_auth_clients = yes
broken_sasl_local_domain = $mydomain
smtp_sasl_mechanism_filter = ldap
smtp_sasl_password_maps = hash:$config_directory/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_key_file = $config_directory/ssl/key.pem
smtp_tls_CAfile = $config_directory/ssl/cacert.pem
smtp_tls_cert_file = $config_directory/ssl/crt.pem
smtp_tls_loglevel = 1
smtp_tls_note_starttls_offer = yes
smtp_tls_received_header = no
smtp_tls_session_cache_timeout = 3600s
smtp_use_tls = yes
smtpd_tls_key_file = $smtp_tls_key_file
smtpd_tls_CAfile = $smtp_tls_CAfile
smtpd_tls_cert_file = $smtp_tls_cert_file
smtpd_tls_loglevel = 1
smtpd_tls_received_header = no
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
transport_maps = hash:$config_directory/transport
unverified_sender_reject_code=550

_________________________________
С уважением,
Вадим Илларионов
системный администратор
ООО "Новые Системы Телеком"
UIN: 7899517
JID: master at usib dot irkps dot ru
Телефоны:
- рабочий    +7 495 6414045+5885
- мобильный  +7 916 3889337

Подробная информация о списке рассылки Sysadmins