haraka-plugin-ldap-aliases

haraka-plugin-ldap-aliases

With haraka-plugin-ldap-aliases it is possible to query LDAP to resolve email aliases and to forward email to one or multiple configured targets. It utilizes the haraka-plugin-ldap-pool.

Configuration

All configuration is done in config/ldap-aliases.ini. The following options are configurable:

• basedn: optional, default: as used by haraka-plugin-ldap-pool It's possible to override haraka-plugin-ldap-pool's default basedn for this plugin.
• scope: optional, default: as used by haraka-plugin-ldap-pool It's possible to override haraka-plugin-ldap-pool's default scope for this plugin.
• searchfilter: optional, default: (&(objectclass=)(mail=%a)(mailForwardAddress=))
  Search filter to lookup aliases. The param %a denotes the recipient's mail address as given on the email's envelope. As result the search filter should return the objects containing the dealiased recipient addresses within a given attribute (see below).
• attribute: optional, default: mailForwardingAddress Attribute used to parse as recipient's email address or as recipient's DN (see below).
• attribute_is_dn: optional, default: false Set this to true if the attribute does not contain an email address but a fully qualified DN.
• subattribute: optional, default: mailLocalAddress If the attribute references a DN then the subattribute references the DN's email address that should be used as recipient.

Examples

Following are a few examples to explain the proper usage of the alias_ldap plugin.

simple aliases

It is possible to use email aliases to deliver email for one address to another address. Given the following LDAP objects:

dn: uid=forwarder,ou=people,dc=my-domain,dc=com
objectClass: inetLocalMailRecipient
uid: forwarder
cn: Forwarding User
mailLocalAddress: forwarder@my-domain.com
mailRoutingAddress: user@my-domain.com

dn: uid=user,dc=my-domain,dc=com
uid: user
cn: Our User
mailLocalAddress: user@my-domain.com

So here are two users in LDAP, both with a mailLocalAddress and one with a mailRoutingAddress. Email send to the user with a mailRoutingAddress should be delivered to user@my-domain.com. This can be accomplished with the following configuration:

searchfilter = (&(mailLocalAddress=%a)(mailRoutingAddress=*))
attribute = mailRoutingAddress

Given this configuration, the haraka-plugin-ldap-aliases plugin will simply change recipients that match the given searchfilter to the value referenced by the mailRoutingAddress attribute: Mail send to forwarder@my-domain.com will be delivered to user@my-domain.com.

attribute_is_dn

attribute_is_dn is handy to use LDAP groups as mail groups. Let's check the following LDAP group and user:

dn: cn=postmaster,dc=my-domain,dc=com
objectclass: groupOfNames
mailLocalAddress: postmaster@my-domain.com
member: uid=user,dc=my-domain,dc=com

dn: uid=user,dc=my-domain,dc=com
uid: user
cn: Our User
mailLocalAddress: user@my-domain.com

So, we have one group with the email address postmaster@my-domain.com and one user with the email address user@my-domain.com. Also, the user is a member of the group.

To use the LDAP group as email group the haraka-plugin-ldap-aliases plugin would need the following configuration settings:

searchfilter = (&(objectclass=groupOfNames)(mailLocalAddress=%a))
attribute = member
attribute_is_dn = true
subattribute = mailLocalAddress

The search filter applies only to groups (objectclass=groupOfNames) with an email address of the alias email (mailLocalAddress=%a). Then the plugin checks the group's attribute member and assumes it contains a DN (attribute_is_dn = true) and looks up and returns every member DN's attribute mailLocalAddress. In other words, email to postmaster@my-domain.com would be send to user@my-domain.com. Of course a group may contain multiple members, in which case every member with a valid mailLocalAddress would receive the email.