Linux Mail Server Setup and Howto Guide

Active Directory has a type of grouping called Distribution group used solely as an email distribution list. This page will show you how to use the distribution group as a mailing list for Postfix. But first, you need to upgrade Postfix to version 2.4 or higher. Download Postfix RPM Packages.

This is what an Active Directory distribution group looks like.

And these are the group members.

And this is how it is stored in LDAP.

We will be using the following attributes

• mail – Email Address
• member – Distinguished Name of the group members

How to setup

1. Create the file /etc/postfix/ldap-groups.cf containing the following lines below.

server_host = your domain controller
search_base = your search base
version = 3
query_filter = (&(objectclass=group)(mail=%s))
leaf_result_attribute = mail
special_result_attribute = member
bind = yes
bind_dn = user name
bind_pw = password

If you used Winbind and the Active Directory users are part of your system account then use the query_filter below instead.

query_filter = (&(objectclass=group)(mail=%s@acme.local))

Replace acme.local with your own domain name.

leaf_result_attribute is available only in Postfix 2.4 and above which is why we really need to upgrade.

2. Test your postfix configuration file by typing in the command below in a terminal window.

postmap -q group@acme.local ldap:/etc/postfix/ldap-groups.cf

or

postmap -q group ldap:/etc/postfix/ldap-groups.cf

for Winbind users. You should see the email addresses of the members.

 

If you are querying a Windows 2003 Server and postmap does not seem to work, try enabling the Windows 2003 Active Directory anonymous ldap operations.

3. Edit the file /etc/postfix/main.cf. There are two ways to configure Postfix depending on how you integrated Active Directory. If you used the virtual user solution, add this line

virtual_alias_maps = ldap:/etc/postfix/ldap-groups.cf

or the line below if you are using Winbind

alias_maps = ldap:/etc/postfix/ldap-groups.cf

4. Restart Postfix or MailScanner (depends if you installed MailScanner).

That’s it. You should now be able to send email to your distribution group.

Related Pages

How to integrate Active Directory into Postfix and Dovecot.

***
Posted on 3/23/2007 and last updated on 3/2/2009
Filed under Active Directory , LDAP , Postfix

Share This

 

16 Responses to “Postfix Active Directory Mailing List”

1. Steven teosin Says:
   March 6th, 2008 at 11:43 pm

   Thank you very much for the information on seting up a linux mail server. it was well presented and easy to understand.

   My network do have a linux posfix mail server that has been setup by a consultant and this info will greatly assist me in troubleshooting this server should any problem occur.

   Good on you.

2. Cooper Says:
   May 2nd, 2008 at 8:20 pm

   The new mail server is working great, but I can get the mailing list feature to work.
   I followed the instructions above and postmap can query the ldap server just fine, but I run this command
   postmap -vq IT@prograss.com ldap:/etc/postfix/ldap-groups.cf
   I get the following results

   postmap: dict_open: ldap:/etc/postfix/ldap-groups.cf
   postmap: dict_ldap_lookup: In dict_ldap_lookup
   postmap: dict_ldap_lookup: No existing connection for LDAP source /etc/postfix/ldap-groups.cf, reopening
   postmap: dict_ldap_connect: Connecting to server ldap://adserver.prograss.local:389
   postmap: dict_ldap_connect: Actual Protocol version used is 3.
   postmap: dict_ldap_connect: Binding to server ldap://adserver.prograss.local:389 as dn LOCAL\Administrator
   postmap: dict_ldap_connect: Successful bind to server ldap://adserver.prograss.local:389 as LOCAL\Administrator
   postmap: dict_ldap_connect: Cached connection handle for LDAP source /etc/postfix/ldap-groups.cf
   postmap: dict_ldap_lookup: /etc/postfix/ldap-groups.cf: Searching with filter (&(objectclass=group)(mail=it@prograss.com))
   postmap: dict_ldap_get_values[1]: Search found 1 match(es)
   postmap: dict_ldap_get_values[1]: looking up DN CN=ccooper,CN=Users,DC=ProGrass,DC=local
   postmap: dict_ldap_get_values[2]: Search found 1 match(es)
   postmap: dict_ldap_get_values[2]: Leaving dict_ldap_get_values
   postmap: dict_ldap_get_values[1]: search returned 1 value(s) for special result attribute member
   postmap: dict_ldap_get_values[1]: Leaving dict_ldap_get_values
   postmap: dict_ldap_lookup: Search returned nothing
   postmap: dict_ldap_close: Closed connection handle for LDAP source /etc/postfix/ldap-groups.cf

   It appears that it can not interrupt the following line
   postmap: dict_ldap_get_values[1]: looking up DN CN=ccooper,CN=Users,DC=ProGrass,DC=local

   Please help

   Thanks,
   Cooper

3. consultant Says:
   May 4th, 2008 at 2:38 am

   You’re right, the LDAP lookup is not working. It seems LDAP in Postfix 2.5 is broken. Please reinstall the Postfix RPMs, I’ve rebuilt the RPMs using Postfix 2.4.

4. Cooper Says:
   May 5th, 2008 at 6:08 pm

   Is there anyway to get this feature to work with postfix 2.5 or have this work with a mysql server

   Cooper

5. consultant Says:
   May 5th, 2008 at 11:39 pm

   I think Postfix 2.5 is broken, the same command works in 2.4 and even in 2.3 without the leaf_result_attribute. Mysql will also work but it will require more work since you need to setup the database schema. You’ll also lose the address book capability if you use mysql.

6. consultant Says:
   May 31st, 2008 at 6:21 am

   False alarm, Postfix 2.5 with LDAP is working properly. I’ve restored the 2.5 RPMs.

7. davtup Says:
   August 22nd, 2008 at 7:15 am

   sorry,
   after I follow these steps. I done with LDAP query. But now I don’t know how to create mailbox on Postfix by using user on AD.

   Could please someones guide me, or do you have any document about that?

   Thanks a lot

8. consultant Says:
   August 22nd, 2008 at 1:38 pm

   See Postfix, Dovecot and Active Directory

   Mailbox creation is automatic, all you have to do is assign a value in the Email field of Active Directory.

9. davtup Says:
   August 22nd, 2008 at 4:03 pm

   Thank you very much for your reply.
   your link is very helpful for me!

10. cach0rr0 Says:
    January 14th, 2009 at 1:25 pm

    Cheers for that, nifty guide (and quite painless).

    The one minuscule flaw I can see, is it doesn’t appear to handle addresses stored in the proxyAddresses attribute (?)

    Generally speaking, with an LDAP lookup, this should be possible – but I’m unclear exactly what’s expected in this .cf

    The filter, I’ve worked out should be something like:

    (&(objectclass=*)(|(mail=%s)(proxyAddresses=smtp:%s)))

    The idea being, we don’t simply want users’ primary e-mail. We want:

    -distribution list addresses
    -distribution group addresses
    -public folder addresses
    -user primary addresses
    -user proxy addresses

    Can debate the sensibility of allowing external parties to e-mail an internal DL later – fact is some people need to do it, so it’d be nice if we had this same flexibility.

    Of course given the need described above, I’m not sure the relevance of the ‘member’ attribute, since we don’t just want group members, we want *everything*, including the group’s address itself (if available)

    I know I’m somewhat on the right track, but alas what I have this far is incomplete.

    Any ideas?

11. consultant Says:
    January 14th, 2009 at 11:25 pm

    Hi cach0rr0,

    This article handles the two items below
    -distribution list addresses
    -distribution group addresses

    For the items
    -user primary addresses
    -user proxy addresses

    See the related page How to integrate Active Directory into Postfix and Dovecot

    I used the othermailbox attribute for the proxy address because proxyAddresses is available only if you have Microsoft Exchange.

12. David Wooldridge Says:
    February 24th, 2009 at 10:04 am

    Hi, many thanks for all the great howtos. I have a postfix (2.5.6) and dovecot server setup authenticating via AD using winbind with one local domain (example.com) so no virtual accounts/domains. I have everything working apart from getting the mailing lists from AD as described above. I have the following in my main.cf:

    alias_maps = hash:/etc/postfix/aliases, ldap:/etc/postfix/ldap-groups.cf

    My ldap-groups.cf is:

    # cat ldap-groups.cf
    server_host = dc1.corp.example.com
    search_base = dc=corp,dc=example,dc=com
    version = 3
    query_filter = (&(objectclass=group)(mail=%s))
    leaf_result_attribute = mail
    special_result_attribute = member
    bind = yes
    bind_dn = mailserver@corp.example.com
    bind_pw = password

    One of my mailing lists is this:

    # postmap -q ukbackups@example.com ldap:/etc/postfix/ldap-groups.cf
    user1@example.com,user2@example.com

    when i send mail to this, I get this in the log file:

    Feb 24 09:29:23 flanders postfix/local[3895]: 196DA1CEA7E: to=, relay=local, delay=0.13, delays=0.07/0.01/0/0.06, dsn=5.1.1, status=bounced (unknown user: “ukbackups”)

    How can I tell postfix that this isn’t a local user? I thought putting this in alias_maps would be enough.

    If I change the mailing list “mail” attribute to just “ukbackups” without the domain, it works ok, but then this breaks the lookup in the directory/address book etc.

    Cheers David

13. consultant Says:
    February 28th, 2009 at 10:30 pm

    Hi David Wooldridge,

    You are right, the above instruction do not work for Winbind. Please read the article again, I’ve updated its content. Thanks.

14. David Wooldridge Says:
    March 2nd, 2009 at 1:51 pm

    Hi, I did think about doing the above but wanted to have friendly names in the directory, but this works fine. Thanks alot.

    David

15. consultant Says:
    March 2nd, 2009 at 2:25 pm

    Hi David Wooldridge,

    Yeah, that bothered me too. Anyway, try my new solution above.

16. David Wooldridge Says:
    March 2nd, 2009 at 2:38 pm

    yeah, that’s good too. Cheers

Leave a Reply