-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 14 Feb 2014, matthias lay wrote:
On 02/14/2014 08:27 AM, Steffen Kaiser wrote:
On Fri, 7 Feb 2014, matthias lay wrote:
I experienced that if a Mailaddress matches several users the delivery is aborted.
dovecot: auth: Error: ldap(christian.test@securepoint.de): LDAP search returned multiple entries dovecot: auth: ldap(christian.test@securepoint.de): unknown user dovecot: lda: Error: user christian.test@securepoint.de: Auth USER lookup failed
now my question, is there a way to have a mail like that delivered to all users that matches the lookup? havent found anything in the docs.
This is a job of your MTA.
MTA is qmail and doesnt know anything about users. dovecot uses usernames for mailboxes. lets say
/var/mail/userA/Maildir /var/mail/userB/Maildir
both users have mailaddr XY@example.com mapped in Active Directory. Now when mails arrive lda is called like
dovecot-lda -d XY@example.com mailto:dafan.zhai@securepoint.de -m INBOX
and theres my problem.
You have implicitly created mail aliases for your users. qmail has to resolve this alias "XY" into the users A and B.
You could wrap your call to the Dovecot LDA by a script resolving the aliases somehow, e.g.:
#!/bin/bash
tmpf=/tmp/split.$$.tmp
# save the message in case we have multiple recipients
cat - >$tmpf
ldapsearch "mailtarget=$1" samaccountname |
awk '$1 == "sAMAccountName:" { print $2 } ' |
while read uid; do
dovecot-lda -d "$uid" ..... < $tmpf
rc=$?
if test $rc -gt 0; then
rm -f $tmpf
exit $rc
fi
done
rm -f $tmpf
adjust ldap query and attribute names and call to MDA.
This is not really nice, because you cannot handle individual problems, e.g. what shall happen if delivery to userB fails? Shall userA get the message, shall delivery to userA succeeded, but to retried to userB? Currently the first error is returned to qmail and probably one user gets the same message again and again, because of a problem of another user's mailbox. You could return $rc at the very end, then qmail gets the success status of the delivery attemp to the last user.
I wouldn't do such stuff in a non-private environment.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUv341HD1/YhP6VMHAQJ+Kgf5ARPwP6QhGJrHfbNhjc901i8eZzmSxRc6 UrmRnc/Z3n2MwepzG4JLaJkI8EYBD2VczKjhOXgZ4uzJEqyGkZeZestqabbs/vCy ki+FWcL5fnkxQSLEOHdUiop/A+BgWeD8fzOecWTqx4xextwDvbY2Se74Wk1lwBz3 bM2oJtU08hcU7DO+z3E4Au/0HagHddroW7SnCm+HYFcnV8m+laSB77ocgBUNu/a2 tCHe4YUWBOqWIbCiP2LhSfJLiL+OrawZBMGt/JfEfD8SnwBMlBONda0wlUD5MZvs U/+EKzPJvJn4/Y2k8yWPQjiTiuWzBqT0WlEttbovj9AtiFCu9Dgf2w== =TKbr -----END PGP SIGNATURE-----