-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon, 7 Apr 2014, Deeztek Support wrote:
On 4/7/2014 6:13 PM, Reindl Harald wrote:
Am 07.04.2014 23:47, schrieb Deeztek Support:
On 4/7/2014 4:42 PM, Christian Schmidt wrote:
7.04.2014 20:43, Deeztek Support:
On 4/7/2014 2:08 PM, Oscar del Rio wrote:
On 04/ 7/14 01:46 PM, Deeztek Support wrote: > > I'm authenticating users through AD and it seems to work with no > problems. Unfortunately, when I try to send e-mail from a user who's > not in the testou container I get the following error: > > Sender address rejected: User unknown in virtual mailbox table> > #SMTP#. >
Looks like a Postfix error, not Dovecot.
I don't think so. Postfix already looks from the root of the AD down and it has no problems. Dovecot does not authenticate at all if I simply put the AD root in the ldap configuration file.
"User unknown in virtual mailbox table" is what *postfix* tells you. Dovecot does not do SMTP (yet). Thus, I suppose that dovecot doesn't get involved at all (although this depends on your configuration).
I recommend to check the restrictions you defined in your postfix configuration.
The reason I think it's Dovecot generating the error is because when the IP address of the sending server is not in the mynetworks directive of postfix I get the following error
why in the world do you strip logs
syslog contains even the process who generates a entry and so there is not much to guess if you *really* look at the log
I'm not stripping any logs. The error I put is from the bounce message. The syslog says the following:
Apr 7 17:39:39 ewa postfix/pipe[7134]: E35AE860B26: to=<someone@domain.tld>, relay=dovecot, delay=0.02, delays=0/0/0/0.01, dsn=5.1.1, status=bounced (user unknown. Command output:
So mystery solved, it really is dovecot generating the error.
Question remains, can someone please tell me how to get Dovecot do LDAP looks from the AD root?
The primary question is: Does
ldapsearch -H ldap://server.domain.tld:389
-b dc=domain,dc=tld -D ... -W
'(&(userPrincipalName=<<user>>)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))'
return the user?
How many domain controllers to you have in the AD? Which of them holds which domains? See http://technet.microsoft.com/en-us/library/cc978012.aspx
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBU0OUvXD1/YhP6VMHAQIF9AgAu2wxEpYXMoHwS1uA7fxKbMPY1tGXU2SE Ub0GVd6CZ6tUWsYW4YE7rYsyy2LFdLDlTFkeOttP30XeoLdYbvnh8QqOR+iURJx2 u2Y/x91SfTIqhRIjDLckq6pmcgugyaLngWKMBCWvkpra03GTqCUmY7Wndh9FoXRm /S1F3u/q0vID1JDEZWeoEInrpKh7KCxX4WPDiUTLUho1CwnzYiMpDlLYJMHNn7P/ K8P2ESPapFwr16tShUewXi7l2hGVGt8Eaqb/z2OqnkWEdSNILejnv5TkZif6GT6H sh8/AxPsotpmV2kEh/IjMG4mjihHCnzvxngpMu96xkTufsBcgt4RyQ== =dM6R -----END PGP SIGNATURE-----