So I now did go the way I’ve gone the first time installing NethServer: create the users by RSAT tools (Active directory users and computers). I created a new user (Minnie Mouse with E-Mail (AD field: “mail”) minnie.mouse@xyz.de). See the following two screenshots:
Now I tried to send an E-Mail with roundcube from Mickey to minnie.mouse@xyz.de (and roundcube even makes a suggestion for the xyz.de address of Minnie Mouse!):
SMTP Error (550): Failed to add recipient "minnie.mouse@xyz.de" (5.1.1 <minnie.mouse@xyz.de>: Recipient address rejected: User unknown in virtual alias table).
But: Minnie Mouse still can login into roundcube (see screenshot):
Very odd: this did work in my first installation (sending from user.one@xyz.de (using roundcube) to user.two@xyz.de (also using roundcube)).
So maybe it will be necessary to write down the functional specifications for the various scenarios.
I stop at that point because I don’t think further testing makes sense.
The AD domain naming with xyz.intern (or *.local) and also the subdomain naming doesn’t yet seem to be a practicable way with NethServer.
After sleeping on it in my opinion using the login of a user with the AD domain tailed as the E-Mail address is a design flaw of NethServer.
For an internal server this completely prevents using an AD domain name other than the intended Email domain name, because the “default” E-Mail address can’t be deactivated.
Or just think about this case:
The login of a user should be <last name (or only the first 8 letters of last name)><first letter of given name> as it is not unusual in some companies. So NethServer creates the default E-Mail address with this somewhat cryptical login.
But the official (public) E-Mail address should be <given name>.<last name>@domain.tld
How to handle this in NethServer?
How to prevent users sending an E-Mail outside of this domain and set some internal users CC, but as roundcube suggests with the (only internally valid) default E-Mail address?
Yes, your expectation does not match the actual behavior!
Your “xyz.intern” is the domain suffix of the system FQDN. Let’s call it primary domain.
In Postfix configuration the primary domain corresponds to a virtual_mailbox_domain. Any address belonging to it is managed by the Dovecot mailbox store, via LMTP.
Additional domains are virtual_alias_domains. Any address belonging to them is resoved to one or more addresses in virtual_mailbox_domain or belonging to external domains (mail-forwards).
If you delete the primary domain record in “Email > Domains” page, the virtual_mailbox_domain is unchanged. However it is listed in the “internal_access” table to reject mail messages from the outside.
So, if you send with sendmail command or via SMTP from any IP address of the local host the primary domain is still available. But messages coming from other hosts are directed to it are rejected. This is the same behavior of “Local network only” option in “Mail aliases” tab.
The local LDAP/AD provider is provisioned with the user account name as mail: LDAP attribute. You can change it according to your needs with RSAT, or any other LDAP client.
I agree, it looks very strange. Let me try to reproduce it!
There are multiple ways to enhance our setup and manage additional scenarios. The primary use case is using a real DNS domain name for the account provider …but I think we addressed it in another topic!
The email clients and the LDAP mail attributes must be configured correctly. I think we should provide a simple way to do it.
