I will test this right now!
I just followed the instructions (mostly) for the test. I already have existing groups in my remote LDAP/AD system with email address’s configured with the attribute “mailPrimaryAddress”
I hope this isn’t the problem, my AD/LDAP domain has always been sgvfr.lan
changing to sgvfr.com seems like a lot of work.
I also tried to email SGVFR-INSTRUCTORS@sgvfr.lan - it also bounced.
LDAP group I was testing with is SGVFR-INSTRUCTORS (email@example.com)
my first test I tried the email address, then realized i should have sent the message to the group instead… both bounced from the server with
<SGVFR-INSTRUCTORS@sgvfr.com>: host sparky.sgvfr.com[/var/run/dovecot/lmtp] said: 550 5.1.1 <SGVFR-INSTRUCTORS@sgvfr.com> User doesn't exist: SGVFR-INSTRUCTORS@sgvfr.com (in reply to RCPT TO command)
login as: root firstname.lastname@example.org's password: Last login: Sun Mar 3 19:46:06 2019 from 172.20.250.15 [root@sparky ~]# yum install --enablerepo nethserver-testing nethserver-mail-ser ver Loaded plugins: changelog, fastestmirror, nethserver_events Loading mirror speeds from cached hostfile * ce-base: mirror.cwcs.co.uk * ce-extras: mirror.cwcs.co.uk * ce-sclo-rh: mirror.cwcs.co.uk * ce-sclo-sclo: mirror.cwcs.co.uk * ce-updates: mirror.cwcs.co.uk * epel: mirrors.kernel.org * nethforge: mirror.nordest.systems * nethserver-base: mirror.nordest.systems * nethserver-updates: mirror.nordest.systems nethserver-testing/7/x86_64/signature | 836 B 00:00 nethserver-testing/7/x86_64/signature | 2.9 kB 00:00 !!! nethserver-testing/7/x86_64/primary_db | 129 kB 00:00 Resolving Dependencies --> Running transaction check ---> Package nethserver-mail-server.noarch 0:2.4.5-1.ns7 will be updated ---> Package nethserver-mail-server.noarch 0:2.4.5-1.9.gd3d7cd1.ns7 will be an update --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================== Package Arch Version Repository Size ============================================================================================================================== Updating: nethserver-mail-server noarch 2.4.5-1.9.gd3d7cd1.ns7 nethserver-testing 112 k Transaction Summary ============================================================================================================================== Upgrade 1 Package Total download size: 112 k Is this ok [y/d/N]: y Downloading packages: No Presto metadata available for nethserver-testing nethserver-mail-server-2.4.5-1.9.gd3d7cd1.ns7.noarch.rpm | 112 kB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : nethserver-mail-server-2.4.5-1.9.gd3d7cd1.ns7.noarch 1/2 Cleanup : nethserver-mail-server-2.4.5-1.ns7.noarch 2/2 Verifying : nethserver-mail-server-2.4.5-1.9.gd3d7cd1.ns7.noarch 1/2 Verifying : nethserver-mail-server-2.4.5-1.ns7.noarch 2/2 Updated: nethserver-mail-server.noarch 0:2.4.5-1.9.gd3d7cd1.ns7 Complete! [root@sparky ~]# db configuration setprop postfix DynamicGroupAlias enable [root@sparky ~]# signal-event nethserver-mail-server-update [root@sparky ~]# mail -s "Test Subject" email@example.com < /dev/null Null message body; hope that's ok [root@sparky ~]# mail -s "Test Subject" SGVFR-INSTRUCTORS@sgvfr.com < /dev/null Null message body; hope that's ok
Question: Do I still need to configure a “mail alias” under Management>Email Addresses ??
Please let me know what logs I can provide, I will do everything I can to help troubleshoot.
That is ignored
In this case you have to define some address aliases, however the UI is still not ready to support this use case: you have to use the command line (see below )
@amygos is checking if the “-” minus sign is a problem
Yes you have to add a mail alias. As said the UI can’t do it by now, but you can do it with this command
db accounts set instructors@ pseudonym Access public Account SGVFR-INSTRUCTORS@sgvfr.lan Description Test-5725 signal-event nethserver-mail-server-save
instructors@ if it already exists.
There was a typo in the test cases, the value of the prop
DynamicGroupAlias must be set to
enabled instead of
enable, sorry @SGVFR .
So you can enable the feature with:
db configuration setprop postfix DynamicGroupAlias enabled
This don’t seem to be a problem
Great, I will try again.
Initial test did work… I am able to send email to SGVFR-INSTRUCTORS@sgvfr.com from the root accouunt.
When you say “that is ignored” regarding the email address attribute on the groups does that mean we will have to manually (one time) configure the alias for each group we want as a contact? but it will dynamically update with users on the LDAP/AD server, right?
Looking great so far !!
Yes, just once.
Exactly. Consider also that group changes are effective when sssd cache expires, for remote ad/ldap. We have to check the sssd docs for the actual timings
@davidep A button/signal event for “refresh cache now” could lead to problems?
I think it can be useful if you are in a hurry. However I see it for the cockpit UI only.
Another thing we can do is decreasing the cache lifetime to 15 minutes.
chance of a cli command for the impatient people? Could there be an option for a realtime view of the current email address list in the cockpit / dashboard ? I’m happy with a cli command also.
it’s a nice idea
Found a bug : an user is not removed from a group after it has been deleted.
Reproduce : delete user (eg “test1”) and send a mail to the group (eg “mailgroup”).
You got an non delivery notification.
Did you run it?
Oh ! No. Working after that. Didn’t understood what it was about in the context of this discussion.
I didn’t understood that sentence. When I tested I didn’t create any alias of any sort - and that’s the intended way of doing things from my point of view. What is that alias you’re talking about ?
It looks like it is the same for local AD.
Some people have a “domain.lan” (or similar) domain suffix: a private domain suffix. They need to configure an alias domain or a group mail alias address to deliver messages into users’ mailboxes.
Thanks for the heads-up: this need to be checked.
You’re welcome. Btw I mixed up things; on this particular machine we’re talking about a DC (simple LDAP).
PS / Did i say how GREAT this update was ?? It will save us hours of pain and encoding errors.
PS2 / Will the definitive version support import / conversion of existing aliases ?
hello Matteo, just wondering if there is anything else I can help test or check? I’ve added a couple alias’s, which also do show in the current dashboard so I can see which ones I have created.
So far it is working great.
Anything else I can do, I would be happy to help with.