Interco postfix en dmz / exchange 2003 / AD 2003

Support Debian
#1

Bonjour,

je dois installer un relaysmtp dans ma dmz pour eviter a mon serveur exchange d’etre en direct sur le net.

j’ai trouvé pas mal de tuto sur le net et je commence donc a travailler la chose.

malheureusement j’achoppe des le debut sur un pb peu commun:

d’apres tous les sites que j’ai pu trouver, un aptitude install postfix postfix-ldap devait avoir pour conséquence l’installation de postfix evidement mais aussi de sa capacité a s’interfacer avec mon serveur ldap.

je devrait trouver dans le dossier /etc/postfix
main.cf et master.cf mais aussi ldap-aliases.cf

malheureusement chez moi ce fichier n’est jamais créé !!
sauriez vous pourquoi ?

(la machine est juste installée)
et j’ai juste fait un
aptitude postfix postfix-ldap

uname -a
Linux proxy 2.6.32-5-amd64 #1 SMP Sat Oct 30 14:18:21 UTC 2010 x86_64 GNU/Linux version squeese

j’espere que vous pourrez m’aider !

T

#2

Bon apparemment mon problème ne passionne pas les foules :blush:

comme apparemment le seul truc qui manque c’est le fameux fichier ldap-aliases.cf

j’en ai créé un moi meme que j’ai rempli (PS si une bonne ame peut m’envoyer le sien cela m’arrange histoire de l’avoir en complet)

Voila ou j’en suis:
main.cf

[code]smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = proxy.entreprise.fr
alias_maps = hash:/etc/aliases ldap:/etc/postfix/ldap-aliases.cf
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = entreprise.fr, proxy.entreprise.fr, localhost.entreprise.fr, localhost
relayhost =srvexch.entreprise.fr

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.16.0.0/16

mynetworks = 172.16.0.0/16
mailbox_command =
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = ipv4[/code]


ldap-aliases.cf

[code]#Directory settings
domain= entreprise.fr
server_host= srvAD.entreprise.fr
search_base=dc=entreprise, dc=fr
version= 3

User Binding

bind = yes
bind_dn = cn=administrateur, cn=Users, dc=entreprise, dc=fr
bind_pw = password

Filter

query_filter = (proxyAddresses=smtp:%s)
#query_filter = (&(objectclass=person)(proxyAddresses=smtp:%s))
leaf_result_attribute = proxyAddresses

result_format = maildrop[/code]

je tente en telnet d’un poste distant d’envoyer un mail

220 proxy.entreprise.fr ESMTP Postfix (Debian/GNU) EHLO entreprise.fr 250-proxy.entreprise.fr 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM: webmaster@entreprise.fr 250 2.1.0 Ok RCPT TO: eric@entreprise.fr 250 2.1.5 Ok DATA 354 End data with <CR><LF>.<CR><LF> blablabla blablabla . 250 2.0.0 Ok: queued as AF8511922A3

et dans mail.log:[code]

Dec 1 11:55:03 proxy postfix/smtpd[4583]: connect from pcb107.entreprise.fr[172.16.3.40]
Dec 1 11:55:58 proxy postfix/smtpd[4583]: AF8511922A3: client=pcb107.entreprise.fr[172.16.3.40]
Dec 1 11:56:15 proxy postfix/cleanup[4587]: AF8511922A3: message-id=<>
Dec 1 11:56:15 proxy postfix/qmgr[4581]: AF8511922A3: from=webmaster@entreprise.fr, size=202, nrcpt=1 (queue active)
Dec 1 11:56:15 proxy postfix/local[4588]: AF8511922A3: to=e.lefoll@entreprise.fr, relay=local, delay=41, delays=41/0.01/0/0.01, dsn=5.1.1, status=bounced (unknown user: “e.lefoll”)
Dec 1 11:56:15 proxy postfix/cleanup[4587]: C73321922B3: message-id=20101201105615.C73321922B3@proxy.entreprise.fr
Dec 1 11:56:15 proxy postfix/qmgr[4581]: C73321922B3: from=<>, size=1951, nrcpt=1 (queue active)
Dec 1 11:56:15 proxy postfix/bounce[4589]: AF8511922A3: sender non-delivery notification: C73321922B3
Dec 1 11:56:15 proxy postfix/qmgr[4581]: AF8511922A3: removed
Dec 1 11:56:15 proxy postfix/local[4588]: C73321922B3: to=administrateur@entreprise.fr, orig_to=webmaster@entreprise.fr, relay=local, delay=0.03, delays=0/0/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox)
Dec 1 11:56:15 proxy postfix/qmgr[4581]: C73321922B3: removed[/code]

voila, la je suis perdu…

apparement postfix trouve bien mon compte mais refuse de faire le boulot…

est ce que vous pourriez me filer un coup de main ?
Merci !

#3

non, il ne trouve pas ton compte…

#4

pourtant si !!

c’est un peu la que je bloque en fait !

si je tape

[code]login as: root
root@172.16.1.13’s password:
Linux proxy 2.6.32-5-amd64 #1 SMP Sat Oct 30 14:18:21 UTC 2010 x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Dec 2 14:19:57 2010 from pcb107.entreprise.fr
root@proxy:~# postmap -vq p.nom@entreprise.fr ldap:/etc/postfix/ldap-aliases.cf[/code]

alors j’obtiens comme réponse:

postmap: dict_eval: const mail postmap: dict_eval: const ipv4 postmap: dict_eval: const postmap: dict_eval: const postmap: dict_eval: const postmap: name_mask: ipv4 postmap: dict_eval: const proxy.entreprise.fr postmap: dict_eval: const entreprise.fr postmap: dict_eval: const Postfix postmap: dict_eval: expand ${multi_instance_name:postfix}${multi_instance_name?$multi_instance_name} -> postfix postmap: dict_eval: const postfix postmap: dict_eval: const postdrop postmap: dict_eval: const entreprise.fr, proxy.entreprise.fr, localhost.entreprise.fr, localhost postmap: dict_eval: const /etc/mailname postmap: dict_eval: const srvexch.entreprise.fr postmap: dict_eval: const /usr/lib/postfix postmap: dict_eval: const /var/lib/postfix postmap: dict_eval: const /usr/sbin postmap: dict_eval: const /var/spool/postfix postmap: dict_eval: const pid postmap: dict_eval: const all postmap: dict_eval: const postmap: dict_eval: const double-bounce postmap: dict_eval: const nobody postmap: dict_eval: const hash:/etc/aliases postmap: dict_eval: const 20100608 postmap: dict_eval: const 2.7.1 postmap: dict_eval: const hash postmap: dict_eval: const deferred, defer postmap: dict_eval: const + postmap: dict_eval: expand $mydestination -> entreprise.fr, proxy.entreprise.fr, localhost.entreprise.fr, localhost postmap: dict_eval: expand $relay_domains -> entreprise.fr, proxy.entreprise.fr, localhost.entreprise.fr, localhost postmap: dict_eval: const TZ MAIL_CONFIG LANG postmap: dict_eval: const MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C postmap: dict_eval: const subnet postmap: dict_eval: const postmap: dict_eval: const += postmap: dict_eval: const -=+ postmap: dict_eval: const debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,smtpd_access_maps postmap: dict_eval: const postmap: dict_eval: const bounce postmap: dict_eval: const cleanup postmap: dict_eval: const defer postmap: dict_eval: const pickup postmap: dict_eval: const qmgr postmap: dict_eval: const rewrite postmap: dict_eval: const showq postmap: dict_eval: const error postmap: dict_eval: const flush postmap: dict_eval: const verify postmap: dict_eval: const trace postmap: dict_eval: const proxymap postmap: dict_eval: const proxywrite postmap: dict_eval: const postmap: dict_eval: const postmap: dict_eval: const 100s postmap: dict_eval: const 100s postmap: dict_eval: const 100s postmap: dict_eval: const 100s postmap: dict_eval: const 3600s postmap: dict_eval: const 3600s postmap: dict_eval: const 5s postmap: dict_eval: const 5s postmap: dict_eval: const 1000s postmap: dict_eval: const 1000s postmap: dict_eval: const 10s postmap: dict_eval: const 10s postmap: dict_eval: const 1s postmap: dict_eval: const 1s postmap: dict_eval: const 1s postmap: dict_eval: const 1s postmap: dict_eval: const 500s postmap: dict_eval: const 500s postmap: dict_eval: const 18000s postmap: dict_eval: const 18000s postmap: dict_eval: const 1s postmap: dict_eval: const 1s postmap: dict_eval: const 172.16.0.0/16 postmap: inet_addr_local: configured 2 IPv4 addresses postmap: dict_ldap_open: Using LDAP source /etc/postfix/ldap-aliases.cf postmap: cfg_get_str: /etc/postfix/ldap-aliases.cf: server_host = srvAD.entreprise.fr postmap: cfg_get_int: /etc/postfix/ldap-aliases.cf: server_port = 389 postmap: cfg_get_int: /etc/postfix/ldap-aliases.cf: version = 3 postmap: dict_ldap_open: /etc/postfix/ldap-aliases.cf server_host URL is ldap://srvAD.entreprise.fr:389 postmap: cfg_get_str: /etc/postfix/ldap-aliases.cf: scope = sub postmap: cfg_get_str: /etc/postfix/ldap-aliases.cf: search_base = dc=entreprise, dc=fr postmap: cfg_get_int: /etc/postfix/ldap-aliases.cf: timeout = 10 postmap: cfg_get_str: /etc/postfix/ldap-aliases.cf: query_filter = (proxyAddresses=smtp:%s) postmap: cfg_get_str: /etc/postfix/ldap-aliases.cf: result_format = <NULL> postmap: cfg_get_str: /etc/postfix/ldap-aliases.cf: result_filter = %s postmap: cfg_get_str: /etc/postfix/ldap-aliases.cf: domain = entreprise.fr postmap: cfg_get_str: /etc/postfix/ldap-aliases.cf: terminal_result_attribute = postmap: cfg_get_str: /etc/postfix/ldap-aliases.cf: leaf_result_attribute = proxyAddresses postmap: cfg_get_str: /etc/postfix/ldap-aliases.cf: result_attribute = maildrop postmap: cfg_get_str: /etc/postfix/ldap-aliases.cf: special_result_attribute = postmap: cfg_get_bool: /etc/postfix/ldap-aliases.cf: bind = on postmap: cfg_get_str: /etc/postfix/ldap-aliases.cf: bind_dn = cn=administrateur, cn=Users, dc=entreprise, dc=fr postmap: cfg_get_str: /etc/postfix/ldap-aliases.cf: bind_pw = password postmap: cfg_get_bool: /etc/postfix/ldap-aliases.cf: cache = off postmap: cfg_get_int: /etc/postfix/ldap-aliases.cf: cache_expiry = -1 postmap: cfg_get_int: /etc/postfix/ldap-aliases.cf: cache_size = -1 postmap: cfg_get_int: /etc/postfix/ldap-aliases.cf: recursion_limit = 1000 postmap: cfg_get_int: /etc/postfix/ldap-aliases.cf: expansion_limit = 0 postmap: cfg_get_int: /etc/postfix/ldap-aliases.cf: size_limit = 0 postmap: cfg_get_int: /etc/postfix/ldap-aliases.cf: dereference = 0 postmap: cfg_get_bool: /etc/postfix/ldap-aliases.cf: chase_referrals = off postmap: cfg_get_bool: /etc/postfix/ldap-aliases.cf: start_tls = off postmap: cfg_get_bool: /etc/postfix/ldap-aliases.cf: tls_require_cert = off postmap: cfg_get_str: /etc/postfix/ldap-aliases.cf: tls_ca_cert_file = postmap: cfg_get_str: /etc/postfix/ldap-aliases.cf: tls_ca_cert_dir = postmap: cfg_get_str: /etc/postfix/ldap-aliases.cf: tls_cert = postmap: cfg_get_str: /etc/postfix/ldap-aliases.cf: tls_key = postmap: cfg_get_str: /etc/postfix/ldap-aliases.cf: tls_random_file = postmap: cfg_get_str: /etc/postfix/ldap-aliases.cf: tls_cipher_suite = postmap: cfg_get_int: /etc/postfix/ldap-aliases.cf: debuglevel = 0 postmap: dict_open: ldap:/etc/postfix/ldap-aliases.cf postmap: dict_ldap_lookup: In dict_ldap_lookup postmap: match_string: entreprise.fr ~? entreprise.fr postmap: dict_ldap_lookup: No existing connection for LDAP source /etc/postfix/ldap-aliases.cf, reopening postmap: dict_ldap_connect: Connecting to server ldap://srvAD.entreprise.fr:389 postmap: dict_ldap_connect: Actual Protocol version used is 3. postmap: dict_ldap_connect: Binding to server ldap://srvAD.entreprise.fr:389 as dn cn=administrateur, cn=Users, dc=entreprise, dc=fr postmap: dict_ldap_connect: Successful bind to server ldap://srvAD.entreprise.fr:389 as cn=administrateur, cn=Users, dc=entreprise, dc=fr postmap: dict_ldap_connect: Cached connection handle for LDAP source /etc/postfix/ldap-aliases.cf postmap: dict_ldap_lookup: /etc/postfix/ldap-aliases.cf: Searching with filter (proxyAddresses=smtp:p.nom@entreprise.fr) postmap: dict_ldap_get_values[1]: [b]Search found 1 match(es) postmap: dict_ldap_get_values[1]: search returned 2 value(s) for requested result attribute proxyAddresses postmap: dict_ldap_get_values[1]: Leaving dict_ldap_get_values postmap: dict_ldap_lookup: Search returned SMTP:p.nom@entreprise.fr,X400:c=FR;a= ;p=entreprise;o=Exchange;s=nom;g=Prenom; SMTP:p.nom@entreprise.fr,X400:c=FR;a= ;p=entreprise;o=Exchange;s=nom;g=Prenom;[/b] postmap: dict_ldap_close: Closed connection handle for LDAP source /etc/postfix/ldap-aliases.cf root@proxy:~#

comme vous pouvez le voir, la requete trouve bien mon user, par contre le test en réel ne marche pas …

je reste a l’écoute !

T

#5

Met

relayhost =srvexch.entreprise.fr mynetworks = 127.0.0.0/8 172.16.0.0/16 #mynetworks = 172.16.0.0/16

si il y a une boucle locale ça peut poser souci et j’ai l’impression que c’est le cas (mais j’ai du mal à interpréter les logs postfix)…

#6

tu peux m’expliquer ta phrase ?
je n’en comprend pas le sens (donc j arrive a pas chercher une nouvelle piste)

merci de ton aide