Mit Postfix Mailzustellung abhängig von LDAP Gruppe

[Altanos]

Hallo,

ich habe folgendes Problem. Meine Firma möchte, dass einzelne Benuzer für
die Mailzustellung in das Internet anhand einer LDAP Gruppe Freigeschalten
werden. Auf dem LDAP Server existieren die Gruppen extern für die
Zustellung in das WWW und intern für die Zustellung in der Firmeneigenen
Domäne. Die LDAP Datenbank ist ebenfalls auf dem Mailserver local. Ich habe
versucht eine Lösung anhand folgenden Linkes zu erstellen:
http://www.stahl.bau.tu-bs.de/~hildeb/postfix/restriction_classes2.shtml .


Hier ein Ausschnitt aus meiner main.cf

#Deffinition der Restriction Class

smtpd_restriction_classes = extern,intern

readme_directory= /usr/share/doc/packages/postfix/README_FILES
mail_spool_directory= /var/mail
canonical_maps= hash:/etc/postfix/canonical
virtual_maps= ldap:ldapvuser,hash:/etc/postfix/virtual
relocated_maps= hash:/etc/postfix/relocated
transport_maps= hash:/etc/postfix/transport
sender_canonical_maps= hash:/etc/postfix/sender_canonical
masquerade_exceptions= root
masquerade_classes= envelope_sender, header_sender, header_recipient
myhostname= bkhmail01.bkh-schwaben.de
inet_interfaces= all
masquerade_domains= $mydomain
mydestination= $mydomain, $myhostname, localhost.$mydomain,
/etc/postfix/localdomains
defer_transports=
disable_dns_lookups= no
relayhost=
content_filter=
mailbox_command=
mailbox_transport= lmtp:unix:public/lmtp
smtpd_sender_restrictions= hash:/etc/postfix/access
# smtpd_client_restrictions=
smtpd_helo_required= no
smtpd_helo_restrictions=
strict_rfc821_envelopes= no
smtpd_recipient_restrictions=
ldap:ldapmailenab,permit_tls_clientcerts,permit_sasl_authenticated,permit_mynetworks, check_relay_domains, ldap:ldapmailext

#Regeln für Restriction_Class
extern = permit
intern = check_recipient_access hash:/etc/postfix/allowed_recipients

alias_maps= hash:/etc/aliases,hash:/etc/aliases.d/slots,ldap:ldapaliases
alias_database= hash:/etc/aliases,hash:/etc/aliases.d/slots
local_destination_concurrency_limit= 10
mailbox_size_limit= 0
message_size_limit= 30000000
myorigin= $mydomain
recipient_delimiter= +
relay_clientcerts= ldap:ldaprelcert
smtpd_tls_ask_ccert= yes
smtpd_tls_received_header= yes
tls_daemon_random_source= dev:/dev/urandom
tls_random_source= dev:/dev/urandom


# alias database
ldapaliases_server_host= localhost
ldapaliases_server_port= 389
ldapaliases_bind= no
ldapaliases_timeout= 20
ldapaliases_search_base= dc=bkh-schwaben,dc=de
ldapaliases_query_filter=
(|(alias=%s)(&(fn=%s)(objectclass=SuSEIMAPFolderObject)))
ldapaliases_result_attribute= uid,mailDeliveryProgram,deliverToUID
ldapaliases_scope= one

# virtual user database
ldapvuser_server_host= localhost
ldapvuser_server_port= 389
ldapvuser_bind= no
ldapvuser_timeout= 20
ldapvuser_search_base= dc=bkh-schwaben,dc=de
ldapvuser_query_filter= (&(objectclass=SuSEVirtUserObject)(vaddress=%s))
ldapvuser_result_attribute= uid,mailDeliveryProgram
ldapvuser_scope= one

# this is used to enable/disable mail reception
ldapmailenab_server_host= localhost
ldapmailenab_server_port= 389
ldapmailenab_bind= no
ldapmailenab_timeout= 20
ldapmailenab_search_base= dc=bkh-schwaben,dc=de
ldapmailenab_query_filter= (reject=%s)
ldapmailenab_result_attribute= mailenabled
ldapmailenab_scope= one

# this is used for client certificate based relaying
ldaprelcert_server_host= localhost
ldaprelcert_server_port= 389
ldaprelcert_bind= no
ldaprelcert_timeout= 20
ldaprelcert_search_base= dc=bkh-schwaben,dc=de
ldaprelcert_query_filter= (relayClientcert=%s)
ldaprelcert_result_attribute= uid
ldaprelcert_scope= one
smtpd_tls_CAfile= /etc/ssl/CA/usedCA.pem
smtpd_use_tls= yes
smtpd_tls_cert_file= /etc/ssl/certs/cert.pem
# smtpd_sasl_security_options= noanonymous
smtpd_tls_key_file= /etc/ssl/certs/skey.pem
# smtpd_sasl_auth_enable= yes

#Für externen/internen Versand
ldapmailext_server_host= localhost
ldapmailext_server_port= 389
ldapmailext_bind= no
ldapmailext_tiemout= 20
ldapmailext_search_base= dc=bkh-schwaben,dc=de
ldapmailext_query_filter= (&(memberUID=%s)(|(cn=extern)(cn=intern)))
ldapmailext_result_attribute= cn
ldapmailext_scope= one

Ich wäre um jede Hilfe dankbar.

Gruß

Altanos
_________________
Linux User #155501
[img:ce44b9cefe]http://seti.familie-friedrich.de/userstats.php?bcolor=128,128,128&tcolor=128,128,128&l=1&email=60[/img:ce44b9cefe]