Mail bounced (user unknow in virtual mailbox table)

paolo · September 30, 2016, 4:02pm

I get this error when sending emails to 2 domain defined in the email section of a NS7b2 server

Sep 30 17:45:33 fo-n7b2-lab postfix/smtpd[6940]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 550 5.1.1 test@formatsoft.it: Recipient address rejected: User unknown in virtual mailbox table; from=paolo@folab.local to=test@formatsoft.it proto=ESMTP helo=<www.sonicle.com>

Both domain are configured to be delivered locally

The users are taken from an AD domain (windows 2012 DC) and the email address is defined on the ad user setting

Nevertheless when I look at the users section in NG i see

any clue or advice to get it working ?

by the way … the same config with a 6.8ENT is working fine.

regards

Stefano_Zamboni · September 30, 2016, 4:57pm

you need to create the right alias on NS for @formasoft.it domain

paolo · September 30, 2016, 6:04pm

Sorry for asking … mine is probably a stupid question, but since using 6.8 Enterprise version this was not necessary I’m curious to know if this is a specific feature of the enterprise or if is just a new way of working … also seems that aliases made using distribution groups in AD are not taken in NG 7. Can someone clarify ?
Thanks in advance.

davidep · October 3, 2016, 8:34am

In ns7 mail addresses are no longer read from the AD LDAP. All aliases must be defined from the new “Email addresses” module.

paolo · October 3, 2016, 12:39pm

This looks like a step back … may I ask why this project choice ?

davidep · October 4, 2016, 2:33pm

ns7 was designed with less requirements against the domain account provider, to ease deploying it on different environments.

We cannot modify directly a LDAP entry in Active Directory, for instance the user’s mail address. For that reason we must keep the mail address in our database.

As a bonus, in ns7 the username is a valid email address itself. If the domain is a valid DNS domain it is ready to receive mail messages!

paolo · October 4, 2016, 2:48pm

You should not modify, but actually just read it.
Also note that Microsoft best practices warn against using valid DNS domain as internal domain name.

davidep · October 4, 2016, 3:49pm

Right, but …also to read that field we need an authenticated client. We tried this solution on ns6, but ended up with a complex configuration I don’t want to maintain on ns7, too.

Absolutely agree, for AD those are the guidelines to follow!

However we don’t have such restrictions with OpenLDAP.

enzoturri · October 22, 2016, 7:15pm

Hi @paolo,
the information that @Stefano_Zamboni and @davidep gave you, they help you solve the problem?

GG_jr · October 23, 2016, 12:00am

Yes, but they say that you can use a subdomain of your FQDN.

Name computers, domains, sites, and OUs - Windows Server | Microsoft Learn

Active Directory Domain Naming in the Modern Age - AC Brown's IT World

davidep · October 23, 2016, 7:15am

Thank you those are very useful articles!

Because the DNS names of all the nodes that require name resolution include the Internet DNS domain name for the organization, choose an Internet DNS domain name that is short and easy to remember. Because DNS is hierarchical, DNS domain names grow when you add subdomains to your organization. Short domain names make the computer names easy to remember.

If the organization has an Internet presence, use names that are relative to the registered Internet DNS domain name. For example, if you have registered the Internet DNS domain name contoso.com, use a DNS domain name such as corp.contoso.com for the intranet domain name.come

For your Active Directory Domain Name, use a subdomain of your public domain.

davidep · October 24, 2016, 7:37am

2 posts were split to a new topic: Read AD to determine the user’s email address

davidep · October 26, 2016, 7:37am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.