I'm investigating a new mail setup to replace Exchange in our organization using Cyrus-IMAP, Postfix and Perdition IMAP proxy server. I'm running into issues dealing with sending emails to different mail stores based on an LDAP attribute (extensionAttribute15) which contains the user's three letter department (ex. FIN, PAY, etc). We currently run Active Directory and I'm trying to decide what the best way would be to map a department to a particular mail store since they don't want to set a mail host attribute for every user. I'm currently using the hosts file to map the three letter department to a mail store since they don't want to query the DNS any more than needed, though I don't feel like this is a viable long-term solution.
There are two Cyrus backend servers and one frontend Perdition/Postfix server. I have the IMAP proxy working correctly and pulling from the correct mail store based on the user's department using the hosts file as mentioned above, but I'm having troubles getting Postfix working correctly.
The Postfix ldap_table documentation mentions under the result_format option that returning a mail host address as "smtp:[%s] can serve as the basis for a transport table, though when I attempt to do this I get a error in the postfix mail log on the proxy server:
postfix/qmgr[1593]: warning: connect to transport private/ldap: No such file or directory
Relevant parts of config files posted below:
#/etc/postfix/main.cf
myhostname = perdition.test.domain.com
mydomain = test.domain.com
mydestination = $myhostname, localhost
mynetworks_style = subnet
virtual_transport = ldap:/etc/postfix/ldap-virtual-transport.cf
virtual_mailbox_domains = email.test.domain.com
virtual_mailbox_maps = ldap:/etc/postfix/ldap-aliases.cf
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
#/etc/postfix/ldap-virtual-transport.cf
version = 3
server_host = ldap.domain.com
search_base = <email user search base>
bind_dn = <bind user dn>
bind_pw = <bind user pw>
query_filter = (sAMAccountName=%u)
result_attribute = extensionAttribute15
result_format = smtp:[%s]
#/etc/postfix/ldap-aliases.cf
version = 3
server_host = ldap.domain.com
search_base = <email user search base>
bind_dn = <bind user dn>
bind_pw = <bind user pw>
query_filter = (sAMAccountName=%u)
result_attribute = mail
result_format = %s
#/etc/postfix/master.cf
smtp inet n - n - - smtpd
-o smtp_dns_support_level=disabled
submission inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - n - - smtp
-o smtp_fallback_relay=
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#/etc/hosts
172.29.99.43 store01 store01.test.domain.com FIN
172.29.99.41 store02 store02.test.domain.com PAY
Best Answer
I'm using successfully this same configuration (mostly). It looks a lot like yours, so it should work with a few tweaks. I would change result_format slightly:
You can query this lookup table to see if you get the results you expect:
Anyway I think your mistake is using virtual_transport as a lookup table, when it's not. Instead, you should use transport_maps: