LDAP-based postfix rewrite rules applied in Lion server?
Hi,
We've had a really strange problem with some users not receiving mails posted to a mailing list (configured in lion server). After a lot of debugging, we've traced this down to address rewriting occuring, but we simply cannot find out how.
Background:
We have a lion server setup with a normal hostname (host.domain1.com), and there is also a CNAME pointing to this (xyzlab.org). The LDAP database is setup with our lab domain ( kerberos XYZLAB.ORG, LDAP dc=xyzlab,dc=org), and we have several users in the database. LDAP works great, and we also have all the personal information of users listed on the "info" tab in workgroup manager, including their email addresses. Since it's an academic setting many of these addresses are to gmail, or other servers (we don't even want to handle mail locally on this server).
However, if I now send a mail (from the command line) to [email protected] who also has this address listed on his info tab in LDAP, postfix appears to do automatic address rewriting based on this hit, and rewrites it e.g. to [email protected] (based on the LDAP domain, I guess), and instead tries to deliver the mail to the corresponding local user.
There is a line in /var/log/mail.log like:
Feb 13 01:41:15 tcbm01 postfix/smtp[15249]: A47447A200: to=<[email protected]>, orig_to=<[email protected]>, relay=127.0.0.1[127.0.0.1]:10024, delay=16, delays=0.24/0.04/3.3/13, dsn=2.0.0, status=sent (250 2.0.0 from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as A71227A20D)
I have also confirmed that if we only remove the user's email address from the LDAP information tab, this does not happen.
However, my problem is that I simply cannot find HOW this rewriting is controlled, even after spending days digging through postfix documentation. The problem persists on a new server installation, so the postfix files are pretty close to default, but of course we've set up the mail handling. Even if I remove xyzlab.org as a virtual domain the rewrite problem occurs (but then the mail obviously isn't delivered in the end).
As so many others, I'm unfortunately starting to give up on OS X server (it's far from our first problem)...
Cheers,
Erik
Lion Server simply drops about half the previous functionality of the product while adding a badly designed and completely unnecessary additional administrative app. What remains is simplified in the same sense that a lobotomy "simplified" Francis Farmer. I can only assume this is in keeping with their decision to stop building server hardware – they've abandoned IT as a market, but have decided some unspecified group of people won't mind spending a small sum to play with a crippled server product.
Apple has always had trouble deciding what to do with OS X Server and has now apparently chosen to repurpose it - for who or what I really can't guess. It'll make a cool toy for a kid interested in playing geek, but I can no more do my work with Lion Server than I can two tin cans and a string. It's abilities aren't adequate for my home, much less my work.
I'll continue to run OS X as a desktop OS – the alternatives are unacceptable – but for services, Linux is all that's left. Certainly there's now no reason to spend extra money to use Macs as servers. Without a comprehensive interface to the underlying services, a Mac server is nothing more than an overpriced Unix/Linux box.
Similar Messages
-
Hi,
I have a rewriter ruleset and two gateways. For one of the two gateways this ruleset is applied correctly, for the some rules of it are not applied.
The rulesets are applied to the same uri and the gateways have the same configuration.
We are using 30�40 rulesets in total.
This smells like a bug. Any suggestion someone?The problem I have is the following rules:
<Function name="fetcher.open" paramPatterns=",y," />
<Function name="xml*ttp.open" paramPatterns=",y,"/>
<!--
window.open could be either called using open or window.open(),
make sure that this rule does not overlap with MS XML API's XMLHTTP.open().
-->
<Function name="open" paramPatterns="y"/>
<Function name="*.open" paramPatterns="y"/>
Now, when we have this applied to a file on the right url which contains fetcher.open(1,2,3), it should rewrite the second parameter, but it is rewriting the first one.
Does anybody know about the order or specificness of the rules applied in the case above?
Best regards,
Tim -
LDAP Auth Rewrite Rule in Mapping file
Hi,
We are trying to set LDAP Auth Rewrite rule in mapping file to get users First Name & Last Name or Display name & Mail Address from LDAP Server instead of users individual client settings.
In Messaging 5.2 we had the follwoing setting, but it does not work any more for Messaging 6.2:
LDAP Auth Rewrite Entry in mapping file:
AUTH_REWRITE
*|*|*|*@* $]ldap:///dir1.domain.com:389/o=domain.com?cn?sub?(uid=$3)[$ <$]ldap:///dir1.domain.com:389/o=domain.com?mail?sub?(uid=$3)[>$Z
We are running:
Sun Java(tm) System Messaging Server 6.2-3.04 (built Jul 15 2005)
libimta.so 6.2-3.04 (built 01:43:03, Jul 15 2005)
SunOS mta 5.10 Generic_118833-03 sun4u sparc SUNW,Sun-Fire-V240
ll appreciate for any help or clue
ThanksThanks Jay,
Well, here is what we want to achieve.
We are looking for re-writing the FROM address of Sender against the LDAP Entry as cn <[email protected]>. This should solve problem of where users have entered wrong FROM information on their clients or trying to spoof FROM address to other users.
Currently, The system delivers e-mail with FROM headers as per client entry instead of re-writing it against AUTHENTICATED userid.
Following is the IMTA.CNF and MAPPINGS lines:
IMTA.CNF
! ims-ms
ims-ms defragment subdirs 20 notices 1 3 backoff "pt5m" "pt10m" "pt30m" "pt1h" "pt2h" "pt4h" maxjobs 2 pool IMS_POOL fileinto
$U+$S@$D
! tcp_local
tcp_local smtp mx single_sys remotehost inner switchchannel identnonenumeric subdirs 20 maxjobs 7 pool SMTP_POOL maytlsserver
maysaslserver saslswitchchannel tcp_auth missingrecipientpolicy 0 mailfromdnsverify dropblank vrfyhide
! tcp_intranet
tcp_intranet smtp mx single_sys subdirs 20 dequeue_removeroute maxjobs 7 pool SMTP_POOL maytlsserver allowswitchchannel sasls
witchchannel tcp_auth missingrecipientpolicy 4 mailfromdnsverify dropblank vrfyhide
! tcp_extranet
tcp_extranet smtp mx single_sys subdirs 20 noreverse maxjobs 7 pool SMTP_POOL mustsaslserver allowswitchchannel saslswitchcha
nnel tcp_auth vrfyhide dropblank mailfromdnsverify dropblank missingrecipientpolicy 4
! tcp_submit
tcp_submit submit smtp mx single_sys mustsaslserver maytlsserver missingrecipientpolicy 4
! tcp_auth
tcp_auth smtp mx single_sys mustsaslserver missingrecipientpolicy 4 authrewrite 3
MAPPINGS file
AUTH_REWRITE
*|*|*|*@* $]ldap:///dir.domain.edu:389/o=domain.edu,dc=domain,dc=edu?cn?sub?(uid=$3)[$ <$]ldap:///dir.domain.edu:389
/o=domain.edu,dc=domain,dc=edu?mail?sub?(uid=$3)[>$Z
Thanks for your help -
I have an iMac and a NAS installed, I've made an automator based script to mount the NAS volumes, will i have to rewrite when moving to Lion?
Hi Tony,
Long shot, but...
Open Audio Midi Setup in Applications>Utilities, see the input & output options & KHz setting there, some things will change it for their own use, then not set it back. -
Rewrite rule and dinamic group
I have put the rewrite rule
domain.com $A$E$F$[email protected]
In Java Enterprise System.
This way, mails send to or from [email protected] are routed to mailhost and that is ok, but when I send a mail to a dinamic group, the message is not sent.
the command imsimta test -rewrite [email protected] reports this at the end:
Address list error -- 5.1.1 unknown or illegal alias: [email protected]
What could be happening?
Thanks,Your original rule is not the best way to go about routing to "domain.com"
I would start by removing that rule.
Then I would look at what you're really trying to do, here.
If you're trying to route mails to users that are in your ldap server, then they should be automatically routed, based on the value of "mailhost" you're put in for them.
If you're trying to route users that are not in your ldap, then you need to create a
domain smarthost
documentation in our provisioning guide, here:
http://docs.sun.com/source/816-6018-10/domains.htm#29147
Using rewrite rules for routing outside the MTA is a Bad Idea, as you've found. -
Creating LDAP filter in authorization rule OAM 10G
Hi,
I want to set up a LDAP filter in Authorization rule based on which i will redirect users to specific URL's. what is the syntax to writing LDAP filters in OAM authorization policy. Any pointers to documentation will be appreciated.
Also i want to know whether authorizations always follow authentication. i.e. my redirection will be successful only after a user is authenticated in end application based on the headers we send out after successful authentication.
Please Help
Thanks
Edited by: 904630 on Dec 27, 2011 5:34 AM
Edited by: 904630 on Dec 27, 2011 5:36 AMOpen Identity server console and check the attribute's Display Name and type in Object classes section. I recently faced a similar issue and it got fixed after providing these two values.
Hope it works for your as well :) -
Cisco ISE - What does "Multiple Matched Rule Applies" mean?
Hi,
In Cisco ISE authroiztion policy configuration, what does the option "multiple matched rule applies" mean? I can understand the "first matched rule", but in "multiple matched rule" how is the "permissions picked if multiple rules match? Or, what is the logic involved in picking up the permissions, if multiple rules are matched in authorization policy.
No where in cisco document I see any explaination for this.
Would appreciate if any one can point me to a document or explain me the login in selecting the persmissions if multiple rules are matched. Also, what would the use-case for this?
Thanks and Regards,
MohanI agree with tarik & also this might be helpful for you:
An authorization policy can consist of a single rule or a set of rules that are user-defined. These rules act to create a specific policy. For example, a standard policy can include the rule name using an If-Then convention that links a value entered for identity groups with specific condition(s) or attributes to produce a specific set of permissions that create a unique authorization profile. There are two authorization policy options you can set:
•First Matched Rules Apply
•Multiple Matched Rule Applies
These two options direct Cisco ISE to use either the first matched or the multiple matched rule type listed in the standard policy table when it matches the user's set of permissions. These are the two types of authorization policies that you can configure:
•Standard
•Exception
Standard policies are policies created to remain in effect for long periods of time, to apply to a larger group of users or devices or groups, and allow access to specific or all network endpoints. Standard policies are intended to be stable and apply to a large groups of users, devices, and groups that share a common set of privileges.
Standard policies can be used as templates in which you modify the original values to serve the needs of a specific identity group, using specific conditions or permissions to create another type of standard policy to meet the needs of new divisions, or groups of users, devices, or groups in your network.
By contrast, exception policies are appropriately named because this type of policy acts as an exception to the standard policies. Exception polices are intended for authorizing limited access that is based on a variety of factors (short-term policy duration, specific types of network devices, network endpoints or groups, or the need to meet special conditions or permissions or an immediate requirement).
Exception policies are created to meet an immediate or short-term need such as authorizing a limited number of users, devices, or groups to access network resources. An exception policy lets you create a specific set of customized values for an identity group, condition, or permission that are tailored for one user or a subset of users. This allows you to create different or customized policies to meet your corporate, group, or network needs.
http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_authz_polprfls.html -
(OT) Incompatible Apache Mod-Rewrite Rules
The following Apache mod-rewrite rule works:
RewriteRule ^About/([a-zA-Z0-9_/-]+)/?$
About/index.php?bout=$1 [L]
It displays URL's like mysite/About/Webmaster and
mysite/About/Search.
I've finally figured out how to apply a mod-rewrite rule to
my site's
home page...
RewriteRule ^/?([-a-zA-Z0-9_/]+)/?$ /index.php?home=$1 [L]
It displays URL's like mysite/Arizona and mysite/Africa.
But when I combine them...
RewriteRule ^/?([-a-zA-Z0-9_/]+)/?$ /index.php?home=$1 [L]
RewriteRule ^About/([a-zA-Z0-9_/-]+)/?$
About/index.php?bout=$1 [L]
The first rewrite rule appears to knock the second rule out
of action.
Does anyone know how to modify either rewrite rule to make
them compatible?
Thanks.On 4/26/06 8:52 AM, "David Blomstrom" wrote:
> The following Apache mod-rewrite rule works:
>
> RewriteRule ^About/([a-zA-Z0-9_/-]+)/?$
About/index.php?bout=$1 [L]
>
> It displays URL's like mysite/About/Webmaster and
mysite/About/Search.
>
> I've finally figured out how to apply a mod-rewrite rule
to my site's
> home page...
>
> RewriteRule ^/?([-a-zA-Z0-9_/]+)/?$ /index.php?home=$1
[L]
>
> It displays URL's like mysite/Arizona and mysite/Africa.
>
> But when I combine them...
>
> RewriteRule ^/?([-a-zA-Z0-9_/]+)/?$ /index.php?home=$1
[L]
> RewriteRule ^About/([a-zA-Z0-9_/-]+)/?$
About/index.php?bout=$1 [L]
>
> The first rewrite rule appears to knock the second rule
out of action.
> Does anyone know how to modify either rewrite rule to
make them compatible?
>
> Thanks.
I'm not an expert on mod_rewrite, but you might be able to
get what you want
simply by reversing the order of the rules:
RewriteRule ^About/([a-zA-Z0-9_/-]+)/?$
About/index.php?bout=$1 [L]
RewriteRule ^/?([-a-zA-Z0-9_/]+)/?$ /index.php?home=$1 [L]
In theory, that should redirect your /About pages, and the
[L] tells Apache
not to parse any more rewrite rules, so the first rule (which
looks like it
simply redirects *everything*) wouldn't come into play.
There's something about times when Apache still parses
rewrite rules even
after the [L] flag, though, so that might not work. Why don't
you see if
that works, and if it doesn't, we can look at it further.
Sonjay -
Changing sender email address via rewriting rules
My objective is to change my sender email address. For example, suppose my OCS email address is [email protected] and I would to send an email to [email protected]
John logs into yahoo mail and would see my mail. Upon opening my email, I would like John to see that the sender email address to be [email protected] so that whenever John replies my mail, the replied mail would go to [email protected] and not to [email protected]
I read the email admin guide and I configure the Sender rewriting rules within SMTP_OUT. I have key in the following within the Sender rewriting rules: $*@test.abc.com.my,$[email protected]
I restart the SMTP_OUT services and I check the log files in MIDTIER_HOME/oes/log/um_system/SMTP_OUT/12345
I found out that the rewriting rules have take effect on one of the lines.
Then I log into OCS as user Andrew with test.abc.com.my domain and send an email to yahoo.
I open my yahoo mail, which I receive the email.
However the sender email address remains unchanged which is [email protected]
How can I change the sender email domain?
thanks;
andrewYour observation is very correct in terms of symptoms, not of behaviour. We have numerous ER's there enabling header rewriting, too. Obviously for you, envelope rewriting works well, without to achieve the target you want to address. Please forward your request to Support Services with an Enhancement Request for native header rewriting.
Otherwise 3 ways:
1 Milter C-SDK
2 Milter general
3 relay accomplishing this task.
On 2,3 we have samples ready, for 3 in particular for postfix. -
Hello,
I'm having a lot trouble understanding how to configure the iMS 6.2 MTA to do my will. I've read the MTA sections in the Messaging Server Administration Guide and still it seems that when I try to implement a rewrite rule, it doesn't work the way I thought it would.
So with that preface, I'd like to ask:
1) What would an imta.cnf rule look like that would route all incoming messages from a server at an IP (say 1.2.3.4) to a specific channel (say tcp_scan)?
2) Does anyone know of any good (or even marginal) books or other resources for learning how to program the iMS MTA?
Thank you,Yes, there's a book on iMS. You can get it on amazon.com.
check out the unofficial page at:
http://ims.balius.com
as well.
No, you can't use a rewrite rule to route based on source ip.
You can use mapping file and channels for much of that. Far better to help me understand what your goal is, rather than for you to try to solve your problem by the wrong route.... -
LDAP and NFS mounts/setup OSX Lion iMac with Mac Mini Lion Server
Hello all,
I have a local account on my iMac (Lion), and I also have a Mac Mini (Lion Server) and I want to use LDAP and NFS to mount the /Users directory, but am having trouble.
We have a comination of Linux (Ubuntu), Windows 7 and Macs on this network using LDAP and NFS, except the windows computers.
We have created users in workgroup management on the server, and we have it working on a few Macs already, but I wasnt there to see that process.
Is there a way to keep my local account separate, and still have NFS access to /Users on the server and LDAP for authentification?
Thanks,
-MattIt would make a great server. Bonus over Apple TV for example is that you have access via both wired ethernet and wireless. Plus if you load tools from XBMC, Firecore and others you have a significant media server. Cost is right too.
Many people are doing this - google mac mini media server or other for more info.
Total downside to any windows based system - dealing with constant anti-virus, major security hassels, lack of true media integration and PITA to update, etc.
You should be aware that Lion Server is not ready for prime time - it stil has significant issues if you are migrating from SNL 10.6.8. If you buy an apple fresh Lion Server mac mini you should have no problems.
You'll probably be pleased. -
I would like write rewriting ruleset for an ActiveX application... this the html
<object width=100% height=100% classid="CLSID:1EE104B2-B32A-43d2-8DF1-2FD84BD00B14"
codebase="/wi/ActiveX/WIPanelXIT.cab#Version=5,1,4,33">
<param name=Cookie value="ITwGzbHZkSQT0">
<param name=CacheKey value="c0">
<param name=RepositoryID value="13">
<param name=UniverseName value="Extracom">
<param name=UniverseID value="70">
<param name=HostURL value="/wi/bin/iswi.dll">
<param name=ResultsPageURL value="http://mydomain/docViewFrameTop.asp">
<param name=AllowRefresh value="-1">
<param name=AllowLOVRefresh value="-1">
<param name=AllowViewSQL value="-1">
<param name=AllowDrill value="-1">
</object>
I need that the gateway rewrites only the parameters ResultsPageURL and HostURL. The rewrite is applied only to the tag codebase.
With Portal Sun 3.0 I have implemented the rules but the ActiveX application doesn't work. Someone have a similar problem with ActiveX? Any suggestion?
Thank you in advance.
Best Regards
FaustoThanks a lot Jay. Everything is working fine.
I managed to make things work following your advice but without calling tech support.
I am using mailEquivalentAddress attributes for users with domain.nl addresses. In our case, some users have domain.com AND domain.nl addresses while others only have the domain.com.
All rewriting works like a charm. I have set up noreverse on channels to forbid rewriting of "from" addresses, and the mailEquivalentAddress attributes deny rewriting of the "to" when mail is sent to these particular users.
Could you explain why the noreverse is discouraged? Would there be a rewriting rule that would do the same?
I can see reasons why not having rewriting would be an issue. If I find a solution to not having something as "strict" as the noreverse, I will indeed go in that direction.
Thanks again for your help.
Hyde -
URL Rewrite Rule: HTTP to HTTPS Not Working
Here is my problem. I cannot get HTTP to HTTPS redirect to work using the URL Rewrite module. I am using version 2, by the way, which I understand is the latest version. I've also enabled the "Proxy Server" and Application Request Routing"
features.
I've trolled through the Internet for 2 days now for solutions to my problem, including the ones provided by the TechNet forums and by MVP Scott Forsyth. I've tried over 30 solutions, and none have resolved my issue. Granted some of the solutions I've tried
may have been repeats of others. After trying so many, I have had a hard time discerning the differences. Does it really matter, for instance if the pattern match for the {HTTPS} input is specified as
"^off$" or just "off"? I see this discrepancy (among others) everywhere. It seems like there are so many variations out there. It is quite confusing for the uninitiated and the newbies like myself to the
URL Rewrite technology. I have enabled and consulted my "Failed Request Tracing Rules" logs but cannot make any sense of the cryptic information it is providing.
I just cannot get my reverse proxy server to redirect http requests from the Internet to https to my internal web server. When a user specifies "https://server1.xxxxx.com". he is able to access the internal server via the reverse proxy (IIS) server.
But when he specifies "http://server1.xxxxx.com" he receives "Server Error 500 - Internal server error.There is a problem with the resource you are looking for, and it cannot be displayed."
At this point I am at my wits end, and am even considering configuring the protocol translation on our firewall. But this not my preference as it presents another layer of complexity, and device to troubleshoot later on. Below I've pasted my entire web.config
file with my most current version of the rule in question (in bold) for your review. I started to paste just the specific rule, but thought you might need to see the entire file in case something else may be conflicting with the rule.
Thank you in advance for your help.
Dave Robinson
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="HTTP to HTTPS Redirect" enabled="true" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{REQUEST_URI}" redirectType="Found" />
</rule>
<rule name="ReverseProxyInboundRule1" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false">
<add input="{CACHE_URL}" pattern="^(https?)://" />
</conditions>
<serverVariables>
<set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
<set name="HTTP_ACCEPT_ENCODING" value="" />
</serverVariables>
<action type="Rewrite" url="{C:1}://server1.xxxxx.com/{R:1}" />
</rule>
</rules>
<outboundRules>
<rule name="RestoreAcceptEncoding" preCondition="NeedsRestoringAcceptEncoding">
<match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)" />
<action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
</rule>
<rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
<match filterByTags="A, Form, Img" pattern="^http(s)?://server1.xxxxx.com/(.*)" />
<action type="Rewrite" value="http{R:1}://server1.xxxxx.local/{R:2}" />
</rule>
<preConditions>
<preCondition name="ResponseIsHtml1">
<add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
</preCondition>
<preCondition name="NeedsRestoringAcceptEncoding">
<add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".+" />
</preCondition>
</preConditions>
</outboundRules>
</rewrite>
<tracing>
<traceFailedRequests>
<add path="*">
<traceAreas>
<add provider="ASP" verbosity="Verbose" />
<add provider="ISAPI Extension" verbosity="Verbose" />
<add provider="WWW Server" areas="Authentication,Security,Filter,StaticFile,CGI,Compression,Cache,RequestNotifications,Module,FastCGI,WebSocket"
verbosity="Verbose" />
</traceAreas>
<failureDefinitions timeTaken="00:00:00" statusCodes="404" />
</add>
</traceFailedRequests>
</tracing>
<httpErrors errorMode="Custom" />
<httpRedirect enabled="false" destination="" exactDestination="false" childOnly="false" httpResponseStatus="Permanent" />
</system.webServer>
</configuration>On Wed, 28 Jan 2015 17:53:41 +0000, dwrobins2000 wrote:
Here is my problem. I cannot get HTTP to HTTPS redirect to work using the URL Rewrite module. I am using version 2, by the way, which I understand is the latest version. I've also enabled the "Proxy Server" and Application Request Routing"
features.
Web/IIS related issues are better posted where the IIS experts are:
http://forums.iis.net
Paul Adare - FIM CM MVP
"The equivalent of treating dandruff by decapitation"
-- Frank Zappa on the Parents Music Resource Center' censorship plans -
How can I use LDAP searching from OSX Lion Server to Mozilla Thunderbird?
How can I use LDAP searching from OSX Lion Server to Mozilla Thunderbird? We have a super awesome contacts server that works great for our Mac users. About 30% of our company are on PCs, and I would like to use the Mozilla Thunderbird mail client for them. I see that in Thunderbird I can set up LDAP searching, and would like to have this feature point to our contacts server. I've tried several different settings, and looked all over the web, but could not find the proper way to configure this. Does anyone know if this can be done, or if not, would have a better suggestion? Thank you for your time!!
try double clicking keychain acces should launch and ask if you want to install login, system, System roots
A dialog box will launch asking where to install the cert since your configuring a vpn I would put the certificate it in system. -
Configuring postfix on Mountain Lion Server
I'm trying to upgrade from Snow Leopard Server to Mountain Lion Server and did an install of Mountain Lion Server on top of a working instance of Snow Leopard Server. The "crippled" GUI on Mountain Lion Server is forcing me into using terminal to configure Postfix to handle incoming email.
I would like to configure Postfix to only accept email that is forwarded from a gmail business account. The public email address is [email protected] which is received by Google Mail, goes through their spam filters and then is auto-forwarded to [email protected]
The server WAN domain is nonpublic.com The ip address is 96.231.165.126
The server LAN is nonpublic.local The ip address is 10.6.18.201
The server is a MacMini running Mountain Lion Server 10.6.8 hostname server so the FQDN is server.public.com.
The network on the MacMini is configured to handle both LAN and WAN traffic through the 1GB physical ethernet port which plugs into a CISCO 3750 switch. The external traffic to the WAN flows through the switch as tagged packets. The LAN traffic is not tagged. The VLAN connection is running 802.1q
When an email is sent through the WAN to [email protected] the Postfix SMTP log shows:
Jun 7 19:29:22 server.public.com postfix/smtpd[42181]: connect from cisco.public.com[96.231.165.123]
Jun 7 19:29:22 server.public.com postfix/smtpd[42181]: disconnect from cisco.public.com[96.231.165.123]
I can send emails from a client on the LAN through this server with no problems. The incoming mail server can connect to the machine via the Cisco router/switch but Postfix just shows "cisco" as the connection (that's the router's DNS name) and provides no more info. I suspect Postfix possibly doesn't like the 802.1q connection and drops the SMTP request to connect on port 25.
I have turned on "debug" logging in Postfix, but that is all that appears in the SMTP log file
I've spent most of the week reading through everything I can find on how to install and configure postfix on Mountain Lion Server and work around the cripled GUI in the "server" application. I'm barely OK using Terminal and not familiar at all with configuring Postfix directling editing the config file.
What is the best approach to configure Postfix to allow SMTP connections from the outside to deliver incoming email that is forwarded from gmail.com?
I did find an "aliases" file in /etc/postfix/aliases but I'm not sure how to add the aliases and if adding aliases with a text editor is going to cause the "server" app problems and if the changes will be lost when the machine is restarted.
Any help would be appreciated.MrHoffman, thank you for your response to my challenge to get the new test server working. This is a migration from Snow Leopard Server to Mountain Lion Server.
Here is the "checkhostname" test results:
blue:~ admin$ sudo changeip -checkhostname
Password:
Primary address = 96.231.165.211
Current HostName = blue.pderby.com
DNS HostName = blue.pderby.com
The names match. There is nothing to change.
dirserv:success = "success"
blue:~ admin$
Here is the response from postconf -n
blue:~ admin$ postconf -n
biff = no
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5
dovecot_destination_recipient_limit = 1
html_directory = /usr/share/doc/postfix/html
imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.cred
inet_interfaces = loopback-only
inet_protocols = all
mail_owner = _postfix
mailbox_size_limit = 0
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
message_size_limit = 10485760
mydomain_fallback = localhost
newaliases_path = /usr/bin/newaliases
queue_directory = /Library/Server/Mail/Data/spool
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtpd_tls_ciphers = medium
smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
use_sacl_cache = yes
blue:~ admin$
I agree that I should change the LAN domain from .local to something like .internal or whatever. I've been running with .local for 5 years on snow leopard server and never had any problems so that was a low priority.
I hope I'm just not seeing some obvious setting in main.cf
Maybe you are looking for
-
Making a JSP Form read only based on the form value present in DB
I need suggestions/examples as i am newbie into java stream. I have two JSP pages 'Add Page' and 'Edit Page' . Add Page -> In add Page,I have many text boxes,select drop-downs options. In one select drop-down I have values as Locked and open .I can s
-
Can I change Address Book's default setup?
I want to import my entire address book database from Palm Desktop to Apple Address Book (only about 5,000 entries in total). I have several fields in the Palm Desktop database that don't match the Address Book default setup. In Address Book, I went
-
Goods receipt at the time of confirmation
Dear all, At the time of confirmation only i want to do goods receipt in the goods movement screen. So please suggest me the configuration setting by which i can do GR at the time of order confirmation. Thanks, Aravind.
-
Adding additional hard disk drives
Hey, I want to add additional hard drives to my mac and have got a couple of questions? How many SATA ports are on the G5 Quad motherboard? If I need to get a RAID card or similar which ones are recommended? Thanks.
-
HT2204 Recovering password for old Apple ID
I copied my iTunes library to my new iMac from an external backup drived that was used with my now-scrapped G5 iMac. I didn't have any problem playing any songs. The problem I'm having on the new iMac is that some of my songs were purchased with an o