Nethserver Mail - Distribution list or groups via AD not working

Jokan · August 24, 2021, 11:38am

Hello Team,

I am using Nethserver 7.9.2009 version with AD intergration. Am however not able to send mail to groups even though they appear visible on the server with automatic alias for groups enabled.
They keep bouncing with this error below:-

550 5.1.1 <user-group@xxxxxx.com>: Recipient address rejected: undeliverable address: host hostxx@xxxxxx.com[/var/run/dovecot/lmtp] said: 550 5.1.1 <user-group@xxxx.com> User doesn’t exist: user-group@xxxxxx.com (in reply to RCPT TO command)

Any idea on how to make it work?

stephdl · August 24, 2021, 2:59pm

can you send email to a users, are you sure that SSSD service is up and able to reach the local or remote AD

in short can you see the users in the users list of cockpit ?

stephdl · August 24, 2021, 3:06pm

I did a quick test it just work as expected

Aug 24 17:03:58 serveur postfix/lmtp[8986]: 334BF18B9588E: to=stephdl@domain.com, orig_to=rachel@domain.com, relay=server.domain.com[/var/run/dovecot/lmtp], delay=0.5, delays=0.21/0.01/0.01/0.27, dsn=2.0.0, status=sent (250 2.0.0 stephdl@domain.com 2BGIFV4KJWEbIwAAQwhQhQ Saved)

Andy_Wismer · August 24, 2021, 4:26pm

@stephdl

Salut Stéphane

I have seen this error quite often. All my clients use AD. I actually gave up on using groups for mail, because often postfix (Or whatever) doesn’t seem to expand the group correctly, and claims the user is not available.

Actually, the target user is member of the group, but postfix claims that the user can’t be reached (Or is no members in group or some other strange error.) It seems as though the alias file doesn’t correctly contain the group / target users.
The file /etc/postfix/login_maps also does not contain the needed groups. (The server I’m looking at is a setup from 7.5 or 7.6, updated to 7.9 (current!).

Just my feedback to a “seen” problem.

I mostly create a (group-) user and redirect the mail to other users as needed.

My 2 cents
Andy

Jokan · August 25, 2021, 12:10pm

Had a little breakthrough with the groups yester-night, apparently its working with global - security group types only not distribution list type. Also i have to leave the group email blank , if i add group email ist stop working. However am sorted halfway,my challenge is that my environment is kinda hybrid. Let me explain; I have O365 hosted mails for external communication (i.e userx@domainz.com )and on-prem hosted one on nethserver for internal com (i.e. userx@me.domainz.com) But both integrated with AD, so i get to manage them centrally and therefore needs to have members on both domains(servers) be part of a group (especially if they share department) and be able to communicate within. As it is am having the following drawbacks;

On the nethserver membership addition appears to be static and not dynamic, so the group has to be deactivated and activated with every member addition.
For now the group will only work/accept members with the internal domain. Group members who are on the external domain do not receive the emails addressed to the group.

Jokan · August 25, 2021, 12:18pm

Hi Andy,

this is exactly what happens to me when I use groups that are not security groups on the AD`

Actually, the target user is member of the group, but postfix claims that the user can’t be reached (Or is no members in group or some other strange error.) It seems as though the alias file doesn’t correctly contain the group / target users.

`

Jokan · June 16, 2022, 12:00pm

Something I have noticed with the groups I can’t have a group with more than 70 - 100 members. If I do it breaks in between when a user tries to send to the group with an error that a group member address cant be found. any idea on how to adjust or expand this limit on postfix?