Auto-Responder und Weiterleitungen mit LDAP?

Mi Sep 20 12:19:17 CEST 2017

Hallo zusammen,

wir sind gerade dabei unser altes Mailsystem (Exim/QMail/Dovecot; nicht
fragen) zu Postfix/Dovecot zu migrieren. Die Benutzerdaten liegen im
LDAP; wir haben ein eigenes Schema.

Ich versuche gerade das Problem zu Lösen Auto-Responder (Vacation) und
Weiterleitungen (z.B. an externe Adressen, vom Benutzer konfigurierbar)
zusammen ans Fliegen zu bekommen.

Grundsätzliches Setup:
- virtual_alias_maps für virtuelle Mail-Adressen,
  Mail-Verteiler (= poor-mans List per Aliases) und Auto-Responder
- Mails dann per LMTP an Dovecot

Vacation ist mit Gnarwl analog zum Postfix-Buch gebaut.

Mein Ansatz, Weiterleitungen analog hinzubekommen, also auch per
virtual_alias_maps zu machen, funktioniert natürlich nicht, da
Postfix nach dem ersten Treffer nicht mehr weiter sucht, und wenn für
einen benutzer beides aktiv ist, der Auto-Responder und die
Weiterleitungen zusammen dann nicht funktionierten. Je nachdem, was
zuerst in der Liste steht, gewinnt.

Momentan stehe ich ein bisschen auf dem Schlau, wie ich das am besten
implementiere und bin für jeden Tipp dankbar. Unser LDAP-Schema können
wir ggf. auch noch verändern.
Bonus: Bei Weiterleitungen mit und ohne Kopie in eigene Mailbox.

Danke und viele Grüße,
  Oliver

main.cf:
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
compatibility_level = 2
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd
$daemon_directory/$process_name $process_id & sleep 5
disable_vrfy_command = yes
html_directory = no
imap_smtpd_recipient_restrictions =
  permit_mynetworks
  reject_unauth_destination
  check_recipient_access pcre:/etc/postfix/imap_recipient_access.pcre
  check_client_access cidr:/etc/postfix/allowed_clients.cidr
  reject
inet_interfaces = localhost
inet_protocols = ipv4
lmtp_destination_recipient_limit = $local_destination_recipient_limit
local_destination_recipient_limit = 1
mail_owner = postfix
mailbox_size_limit = 1073741824
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 104857600
meta_directory = /etc/postfix
mydestination = $myhostname, localhost.$mydomain, localhost
mynetworks = 127.0.0.0/8
mynetworks_style = host
newaliases_path = /usr/bin/newaliases.postfix
parent_domain_matches_subdomains =
debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix3/README_FILES
recipient_delimiter = +
relayhost = [smtp.ids-mannheim.de]
sample_directory = /usr/share/doc/postfix3/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
shlib_directory = /usr/lib64/postfix
smtp_tls_CAfile = $smtpd_tls_CAfile
smtp_tls_ciphers = $smtpd_tls_ciphers
smtp_tls_fingerprint_digest = sha1
smtp_tls_loglevel = 0
smtp_tls_mandatory_ciphers =
  $smtpd_tls_mandatory_ciphers
smtp_tls_mandatory_exclude_ciphers =
  $smtpd_tls_mandatory_exclude_ciphers
smtp_tls_mandatory_protocols =
  $smtpd_tls_mandatory_protocols
smtp_tls_note_starttls_offer = yes
smtp_tls_protocols = $smtpd_tls_protocols
smtp_tls_security_level = may
smtpd_client_connection_count_limit = 50
smtpd_client_message_rate_limit = 0
smtpd_client_new_tls_session_rate_limit = 0
smtpd_client_recipient_rate_limit = 0
smtpd_discard_ehlo_keywords = silent-discard, etrn
smtpd_error_sleep_time = 0
smtpd_etrn_restrictions = reject
smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtpd_tls_cert_file = /etc/pki/postfix/certs/imap.ids-mannheim.de.crt
smtpd_tls_ciphers = high
smtpd_tls_dh1024_param_file = /etc/pki/postfix/private/dh_2048.pem
smtpd_tls_dh512_param_file = /etc/pki/postfix/private/dh_512.pem
smtpd_tls_eecdh_grade = strong
smtpd_tls_exclude_ciphers =
aNULL,eNULL,EXPORT,DES,RC4,MD5,PSK,aECDH,EDH-DSS-DES-CBC3-SHA,EDH-RSA-DES-CDB3-SHA,KRB5-DES,CBC3-SHA
smtpd_tls_key_file = /etc/pki/postfix/private/imap.ids-mannheim.de.key
smtpd_tls_loglevel = 0
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_exclude_ciphers =
aNULL,eNULL,EXPORT,DES,RC4,MD5,PSK,aECDH,EDH-DSS-DES-CBC3-SHA,EDH-RSA-DES-CDB3-SHA,KRB5-DES,CBC3-SHA
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_received_header = yes
smtpd_tls_security_level = encrypt
tls_high_cipherlist =
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
tls_preempt_cipherlist = yes
tls_random_bytes = 128
tls_ssl_options = NO_COMPRESSION
transport_maps = hash:/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
  hash:/etc/postfix/virtual_domains
virtual_alias_maps =
  ldap:/etc/postfix/ids-vacation.ldap
  ldap:/etc/postfix/ids-accounts.ldap
  ldap:/etc/postfix/ids-distibutionlists-auto.ldap
  ldap:/etc/postfix/ids-distibutionlists-manual.ldap
virtual_destination_concurrency_limit = 100
virtual_destination_recipient_limit = $local_destination_recipient_limit
virtual_initial_destination_concurrency = 20
virtual_mailbox_domains = imap.ids-mannheim.de
virtual_transport = lmtp:unix:private/dovecot-lmtp

transport:
vacation.ids-mannheim.de        gnarwl:

ids-vacation.ldap:
server_host = ldaps://XYZ_REDACTED.ids-mannheim.de
search_base = XYZ_REDACTED
bind_dn = XYZ_REDACTED
bind_pw = XYZ_REDACTED
version = 3
query_filter = (&(|(mail=%s)(idsMailAliasAddress=%s))(vacationActive=TRUE))
result_attribute = idsMailRoutingAddress
result_format = %s,%s at vacation.ids-mannheim.de
domain = hash:/etc/postfix/virtual_domains

ids-accounts.ldap:
server_host = ldaps://XYZ_REDACTED.ids-mannheim.de
search_base = XYZ_BASE_REDACTED
bind_dn = XYZ_REDACTED
bind_pw = XYZ_REDACTED
version = 3
query_filter = (|(mail=%s)(idsMailAliasAddress=%s))
result_attribute = idsMailRoutingAddress
domain = hash:/etc/postfix/virtual_domains

ids-distibutionlists-auto.ldap:
server_host = ldaps://XYZ_REDACTED.ids-mannheim.de
search_base = XYZ_BASE_REDACTED
bind_dn = XYZ_REDACTED
bind_pw = XYZ_REDACTED
version = 3
query_filter = (&(objectClass=idsMailDistributionList)(mail=%s))
special_result_attribute = member
result_attribute = idsMailRoutingAddress
domain = hash:/etc/postfix/virtual_domains

ids-distibutionlists-manual.ldap:
analog zu ids-distibutionlists-auto.ldap, nur andere search_base
-- 
Oliver Schonefeld
Institut für Deutsche Sprache, Zentrale Forschung
R5, 6-13, D-68161 Mannheim
+49-(0)621-1581-168 | http://www.ids-mannheim.de