proxyAddresses, groupwares and sender addresses

NethServer Version: 7b2
Module: SOGo and WebTop4

Separate server with Samba4-powered domain is used! NethServer isn’t AD DC here.

Is there any way to automatically pickup mail addresses specified in proxyAddresses AD user parameter and put them to identities list in groupwares?

I’ve successfully sent mail with mail address from proxyAddresses, but I have to add it manually into identities list.

Example use case: I have 3 domain (domain1.com, domain2.com and domain3.com) configured on NethServer email server. I want to allow privileged users to use identities (and send mails) with all 3 domains, and some users should be able to use only one or two domains.

Sorry for bumping, but any ideas how to achieve it? It’s not so good to create aliases in NethServer, because everything should be controlled from one place.

Sorry but no at the moment.

Something similar happens on ns6, but the configuration to achieve it is complex and requires a recompiled version of Postfix and Dovecot and a specific account for SOGo in AD. For this reason, we decided to change approach on ns7.

Maybe @gabriele_bulfon or @lucag can help us to make more sender addresses available from WebTop interface. Can we read the identities directly from the e-smith DB, or /etc/postfix/virtual?

This is an interesting point! Couldn’t that place be the server-manager?

Can you suggest an alternative tool to manage the Active Directory contents?

I’m managing my samba4-powered domain with RSAT, because there is no such easy-to-use tool out there :frowning: So I think that if we’re using remote server for domain auths it may be logical to take all the data from remote server.

And if you think so (about “Couldn’t that place be the server-manager?”) - yes, it could. But it should be able to do things which RSAT do. So I should be able to edit proxyAdresses (as example), and these changes appeared in database. As bonus - self-servicing (e.g. password changing).

As said, it would be great, but it’s hard to integrate many different applications with it. We decided to rely on PAM as much as possible and configure sssd only. This choice allows NS to connect to different account providers: Microsoft AD, Samba AD, OpenLDAP.

I understand this design has the limitation you pointed out. I hope we’ll find a way to provide alternative sender addresses to our groupwares.

If I understand it right, now WebTop4 (which, if I’m again understand it right) will eventually replace SOGo as main groupware in NethServer, doesn’t using PAM for authentication, I’m still forced to enter LDAP crenentials. Maybe it’s a place to go?

Or really, instead of relying on PAM + SSSD (which is good solution actually) NethServer should do some caching in SQL database and use only it as auth source. But this only my dreams :)))))

At the moment, the only way I can see an integraton of the postfix identities into webtop is a cron batch to import these data into the database regularly, with some intelligence to choose destination users.
The postgres identities table is very simple.

Gabriele

Thank you @gabriele_bulfon!

As @alefattorini said, the SMTP identity management is a client task. Think about set up alternative identity on Thunderbird or similar…

What we should implement on the SMTP server side is the sender address authorization to avoid spoofing!

1 Like

That’s the truth, some clients like Webtop and Roundcube permit to manage flawlessly identities others not (read SOGo). It’s all client-side.

We started this discussion that is strictly related to this, I think:

1 Like

I can do this manually but there isn’t any automatic procedure for this.
SOGO implementation on 6.8 works like this but you can’t select which addresses show or force a preferred one, so it turned out pretty unuseful.