-1

I have ldap table with logins

ldapsearch -x -h ldap.server-b 'ou=mail,ou=Groups,dc=my,dc=org' '(&(cn=mailFullAccess)(memberUid=username))'

output 

dn: cn=mailFullAccess,ou=mail,ou=Groups,dc=my,dc=org
gidNumber: 5555
memberUid: fred
memberUid: bob
memberUid: username
cn: mailFullAccess

Create a LDAP table

search_base = ou=mail,ou=Groups,dc=my,dc=org
server_host = ldap.server
query_filter = (&(cn=mailFullAccess)(memberUid=%u))
result_attribute = memberUid
result_format = %u      internal_hosts_class
scope = sub
bind = yes

try check with command

postmap -q username ldap:./mailFullAccess_check.cf

yields result

fred    internal_hosts_class, bob internal_hosts_class, username internal_hosts_class

1 match found.

and local domain file list (local_urls.db)

mydomain1.ru      OK
mydomain2.ru       OK
mydomain3.ru    OK

I want, 'username' can send email only to local domains

i write in main.cf. SMTP auth (saslauthd from LDAP) is working fine.

...
smtpd_recipient_restrictions =
        permit_sasl_authenticated
        reject
...
smtpd_restriction_classes = internal_hosts_class
internal_hosts_class =   check_recipient_access hash:/etc/postfix/border/local_urls, reject
smtpd_sender_restrictions = check_sender_access  ldap:/etc/postfix/border/mailFullAccess_check.cf
...

postfix restart, send email and get error

Feb  3 11:30:53 email postfix/smtpd[10546]: warning: unknown smtpd restriction: "fred"
masegaloeh
  • 366
  • 4
  • 12
Anton Shevtsov
  • 1,279
  • 4
  • 16
  • 34

1 Answers1

1

Your postmap command

postmap -q username ldap:./mailFullAccess_check.cf

should just return internal_hosts_class string. That's why postfix complain with the error unknown smtpd restriction.

The solution was modify mailFullAccess_check.cf especially in result_format become

result_format = internal_hosts_class
masegaloeh
  • 366
  • 4
  • 12