SBBH
2015-10-14 19:58:39 UTC
I inherited a FreeBSD server running Postfix 2.8.15 and I'm trying get it upgraded to Postfix 2.15 but get the following error after upgrading and trying to send mail:
dict_ldap_lookup: Search error 50: Insufficient access
ldap:/data/config/domains.ldap: table lookup problem
virtual_mailbox_domains lookup failure
Relevant info from main.cf:
virtual_alias_maps = ldap:/data/config/alias.ldap
virtual_mailbox_domains=ldap:/data/config/domains.ldap
virtual_mailbox_maps=ldap:/data/config/mailbox.ldap
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = example.com
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_helo_required = yes
smtpd_client_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org
smtpd_sender_restrictions =
permit_sasl_authenticated,
check_sender_access hash:/data/config/access,
check_sender_access hash:/data/config/sender_checks,
permit_mynetworks,
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org
smtpd_recipient_restrictions =
check_recipient_access ldap:/data/config/message.ldap,
check_recipient_access hash:/data/config/recipient_checks,
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
smtpd_helo_restrictions =
permit_mynetworks,
check_helo_access hash:/data/config/helo_access
Contents of /data/config/domains.ldap:
version = 3
bind = yes
search_base = dc=mail
server_host = ldap.example.com
query_filter = (&(objectClass=mailDomain)(mailDrop=%s)(!(disable=TRUE)))
result_attribute = mailDrop
timeout = 10
start_tls = yes
tls_ca_cert_file = /data/keys/example.pem
tls_cert = /data/keys/example.pem
tls_key = /data/keys/example.key
tls_require_cert = yes
bind_mech = external
Running "postmap -q "example.com" ldap:/data/config/domains.ldap" works as expected and I'm also able to connect to the LDAP server with ldapsearch so I know it's not an access problem. Also, as soon as I switch back to 2.8 everything works fine.
I've looked through the docs to see if anything's changed and I don't see anything that would cause this problem but I could be missing something.
Any ideas?
Thanks for the help!
dict_ldap_lookup: Search error 50: Insufficient access
ldap:/data/config/domains.ldap: table lookup problem
virtual_mailbox_domains lookup failure
Relevant info from main.cf:
virtual_alias_maps = ldap:/data/config/alias.ldap
virtual_mailbox_domains=ldap:/data/config/domains.ldap
virtual_mailbox_maps=ldap:/data/config/mailbox.ldap
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = example.com
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_helo_required = yes
smtpd_client_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org
smtpd_sender_restrictions =
permit_sasl_authenticated,
check_sender_access hash:/data/config/access,
check_sender_access hash:/data/config/sender_checks,
permit_mynetworks,
reject_rbl_client bl.spamcop.net,
reject_rbl_client zen.spamhaus.org
smtpd_recipient_restrictions =
check_recipient_access ldap:/data/config/message.ldap,
check_recipient_access hash:/data/config/recipient_checks,
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination,
reject_rbl_client zen.spamhaus.org,
reject_rbl_client bl.spamcop.net,
smtpd_helo_restrictions =
permit_mynetworks,
check_helo_access hash:/data/config/helo_access
Contents of /data/config/domains.ldap:
version = 3
bind = yes
search_base = dc=mail
server_host = ldap.example.com
query_filter = (&(objectClass=mailDomain)(mailDrop=%s)(!(disable=TRUE)))
result_attribute = mailDrop
timeout = 10
start_tls = yes
tls_ca_cert_file = /data/keys/example.pem
tls_cert = /data/keys/example.pem
tls_key = /data/keys/example.key
tls_require_cert = yes
bind_mech = external
Running "postmap -q "example.com" ldap:/data/config/domains.ldap" works as expected and I'm also able to connect to the LDAP server with ldapsearch so I know it's not an access problem. Also, as soon as I switch back to 2.8 everything works fine.
I've looked through the docs to see if anything's changed and I don't see anything that would cause this problem but I could be missing something.
Any ideas?
Thanks for the help!