# postfix + ldap => User unknown in virtual alias table



## goto; (16. März 2020)

Hallo zusammen,

ich habe vorgestern angefangen, mein postfix testweise auf ldap umzustellen.
Leider scheitert es daran, dass beim Empfang einer E-Mail der entsprechende Benutzer nicht gefunden werden konnte (User unknown in virtual alias table).

Via "postmap" erhalte ich Treffer, weshalb ich inzwischen nicht mehr weiß, was ich noch probieren soll.

Hier die relevanten Informationen:
- Passwörter wurde mit Platzhalter belegt
- Richtige Domain wurde mit Platzhalter belegt
- E-Mail-Adresse wurde mit Platzhalter belegt

/etc/postfix/main.cf

```
smtpd_banner = $myhostname
biff = no
inet_protocols = ipv4
append_dot_mydomain = no
readme_directory = /usr/share/doc/postfix


ssl = required
ssl_cert = </etc/letsencrypt/live/domain/fullchain.pem
ssl_key = </etc/letsencrypt/live/domain/privkey.pem

#smtpd_tls_cert_file = /etc/ssl/mail.crt
smtpd_tls_cert_file = /etc/letsencrypt/live/domain/fullchain.pem
#smtpd_tls_key_file = /etc/ssl/mail.key
smtpd_tls_key_file = /etc/letsencrypt/live/domain/privkey.pem
smtpd_tls_security_level=may
#smtp_tls_cert_file = /etc/ssl/mail.crt
smtp_tls_cert_file = /etc/letsencrypt/live/domain/fullchain.pem
#smtp_tls_key_file = /etc/ssl/mail.key
smtp_tls_key_file = /etc/letsencrypt/live/domain/privkey.pem
smtp_tls_security_level=may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_auth_only = yes
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_mandatory_ciphers=high
tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
smtpd_tls_eecdh_grade = strong
myhostname = mail.meinedomain.de
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = localhost
#mydestination = mail.$mydomain, $myhostname, localhost, localhost.localdomain
mydestination = localhost, localhost.localdomain
mydomain = meinedomain.de
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
disable_vrfy_command = yes
smtpd_helo_required = yes
smtpd_sasl_type=dovecot
smtpd_sasl_path=private/auth_dovecot
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
broken_sasl_auth_clients = yes
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch,
   reject_unknown_sender_domain,
   permit_sasl_authenticated
smtpd_recipient_restrictions = permit_sasl_authenticated,
   permit_mynetworks,
   reject_rbl_client zen.spamhaus.org,
   reject_unauth_destination,
   reject_unknown_reverse_client_hostname,
smtpd_data_restrictions =
   reject_unauth_pipelining,
   permit
virtual_mailbox_base = /var/vmail/
virtual_alias_domains = $mydomain
virtual_minimum_uid = 104
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
virtual_transport = dovecot
html_directory = /usr/share/doc/postfix/html
sender_bcc_maps =
recipient_bcc_maps =
relay_domains =
relay_recipient_maps =
smtpd_sasl_local_domain = meinedomain.de
virtual_mailbox_domains =
smtpd_sender_login_maps = ldap:/etc/postfix/ldap/sender_login_maps.cf
virtual_mailbox_maps = ldap:/etc/postfix/ldap/virtual_mailbox_maps.cf
virtual_alias_maps = ldap:/etc/postfix/ldap/virtual_group_maps.cf
dovecot_destination_recipient_limit=1
```

/etc/postfix/master.cf

```
smtp      inet  n       -       -       -       -       smtpd
submission inet n       -       -       -       -       smtpd
  -o smtpd_enforce_tls=yes
  -o smtpd_tls_security_level=encrypt
  -o tls_preempt_cipherlist=yes
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
relay     unix  -       -       -       -       -       smtp
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -   n   n   -   2   pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}
```

/etc/postfix/ldap/virtual_group_maps.cf

```
server_host     = ldap.jumpcloud.com
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = uid=admin,ou=Users,o=5e6cee514bcc2234713c93f48,dc=jumpcloud,dc=com
bind_pw         = meinPasswort
search_base     = ou=Users,o=5e6cee514bcc2234713c93f48,dc=jumpcloud,dc=com
scope           = sub
query_filter    = (mail=%s*)
#query_filter    = (&(objectClass=group)(mail=%s*))
leaf_result_attribute = mail
special_result_attribute = member
result_attribute= mail
debuglevel      = 0
```

/etc/postfix/ldap/virtual_mailbox_maps.cf

```
server_host     = ldap.jumpcloud.com
server_port     = 389
version         = 3
bind            = yes
start_tls       = no
bind_dn         = uid=admin,ou=Users,o=5e6cee514bcc2234713c93f48,dc=jumpcloud,dc=com
bind_pw         = meinPasswort
search_base     = ou=Users,o=5e6cee514bcc2234713c93f48,dc=jumpcloud,dc=com
scope           = sub
#query_filter    = (&(mail=%s)(objectclass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
query_filter    = (&(mail=%s*))
result_attribute= mail
result_format   = %d/%u/Maildir/
debuglevel      = 3
```

/etc/dovecot/dovecot-ldap.conf.ext

```
hosts = ldap.jumpcloud.com
dn = uid=admin,ou=Users,o=5e6cee514bcc2234713c93f48,dc=jumpcloud,dc=com
dnpass = meinPasswort
tls = no
auth_bind = yes
ldap_version = 3
base = o=5e6cee514bcc2234713c93f48,dc=jumpcloud,dc=com
scope = subtree
user_attrs = \
  =quota_rule=*:bytes=%{ldap:quotaBytes}, \
  =home=/var/vmail/%d/%{ldap:sAMAccountName}, \
  =mail=maildir:/var/vmail/%d/%{ldap:sAMAccountName}/Maildir
#user_filter = (&(mail=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
user_filter = (mail=%s*)
pass_filter = (&(mail=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
iterate_attrs = mail=user
iterate_filter = (objectClass=person)
```

Wenn ich die ldap-Files mit postmap teste, erhalte ich Ergebnisse:

```
root@a2:/etc/postfix# postmap -q "max.mustermann@meinedomain.de" ldap:/etc/postfix/ldap/virtual_group_maps.cf
max.mustermann@meinedomain.de
```


```
root@a2:/etc/postfix# postmap -q "max.mustermann" ldap:/etc/postfix/ldap/virtual_group_maps.cf
max.mustermann@meinedomain.de
```

Sobald ich aber eine E-Mail an die Adresse schicke, tauchen folgende Logs auf

```
Mar 16 22:18:22 a2 dovecot: master: Dovecot v2.2.27 (c0f36b0) starting up for imap (core dumps disabled)
Mar 16 22:18:38 a2 postfix/smtpd[6082]: connect from mail-oln040092065092.outbound.protection.outlook.com[40.92.65.92]
Mar 16 22:18:39 a2 postfix/smtpd[6082]: CADB7B40E48: client=mail-oln040092065092.outbound.protection.outlook.com[40.92.65.92]
Mar 16 22:18:39 a2 postfix/cleanup[6087]: CADB7B40E48: message-id=<AM6PR06MB4708E1CA2617C4F998AC0F60CDF90@AM6PR06MB4708.eurprd06.prod.outlook.com>
Mar 16 22:18:39 a2 postfix/qmgr[5592]: CADB7B40E48: from=<eheherh@live.de>, size=4969, nrcpt=1 (queue active)
Mar 16 22:18:40 a2 postfix/error[6088]: CADB7B40E48: to=<max.mustermann@meinedomain.de>, relay=none, delay=0.26, delays=0.25/0.01/0/0.01, dsn=5.1.1, status=bounced (User unknown in virtual alias table)
Mar 16 22:18:40 a2 postfix/cleanup[6087]: 00658B410CE: message-id=<20200316211840.00658B410CE@mail.meinedomain.de>
Mar 16 22:18:40 a2 postfix/bounce[6089]: CADB7B40E48: sender non-delivery notification: 00658B410CE
Mar 16 22:18:40 a2 postfix/qmgr[5592]: 00658B410CE: from=<>, size=6810, nrcpt=1 (queue active)
Mar 16 22:18:40 a2 postfix/qmgr[5592]: CADB7B40E48: removed
Mar 16 22:18:40 a2 postfix/smtpd[6082]: disconnect from mail-oln040092065092.outbound.protection.outlook.com[40.92.65.92] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Mar 16 22:18:40 a2 postfix/smtp[6090]: 00658B410CE: to=<rterzerzerzerz@live.de>, relay=eur.olc.protection.outlook.com[104.47.8.33]:25, delay=0.48, delays=0.03/0.01/0.15/0.29, dsn=2.6.0, status=sent (250 2.6.0 <20200316211840.00658B410CE@mail.meinedomain.de> [InternalId=81647328311365, Hostname=AM5EUR03HT176.eop-EUR03.prod.protection.outlook.com] 13208 bytes in 0.211, 61.061 KB/sec Queued mail for delivery)
Mar 16 22:18:40 a2 postfix/qmgr[5592]: 00658B410CE: removed
```

Ich weiß leider nicht, wo ich noch nach dem Fehler suchen soll.
Hat jemand von Euch eine Idee?

Vielen Dank!
goto;


----------



## Zvoni (17. März 2020)

Passt das hier?
https://serverfault.com/questions/7...-multiple-domains-and-multiple-linux-accounts
EDIT: Was ist der Output von "hostname -f"?


----------



## goto; (17. März 2020)

Hallo Zvoni,

danke für Deine Antwort.

*hostname -f* hat "a2.bl.meinedomain.de" geliefert - Habe diesen testweise auf "mail.meinedomain.de" umgestellt. Jedoch ohne Erfolg.

Die Werte für "myorigin" und "mydestination" habe ich wie im Link beschrieben auch angepasst, allerdings auch ohne Erfolg.

Läuft hier etwas am Zusammenspiel zwischen dovecot und postfix schief? Die Antworten von der ldap-Gegenstelle scheinen ja korrekt zu funktionieren.

Viele Grüße
goto;


----------



## Zvoni (17. März 2020)

Bin definitiv kein Experte, aber meine Recherche hat ergeben, dass dein Problem ein Klassiker ist, und meist eben mit myorigin bzw. mit einem falschen Hostamen zusammenhängt.

Sorry, muss dann passen


----------

