[Freeipa-users] Postfix IPA

Rob Crittenden rcritten at redhat.com
Thu Jul 5 15:38:55 UTC 2012 

freeipa at noboost.org wrote:
> Hi All,
>
> Server:
> ipa-server-2.1.3-9.el6.x86_64
> sssd-1.5.1-66.el6_2.3
>
> Client:
> ipa-client-2.1.3-9.el6.x86_64
>
>
> I've got Postfix working with IPA and to be honest it was actually very
> easy. I simply setup a standard postfix server, configured the IPA
> client and when mail was delivered, postfix detected the UID's from IPA
> and delivered the mail.
>
> So I thought to myself, this is one of the most important services we
> have. What would happen if the SSSD client failed for some reason on the
> postfix server?
>
> As expected the postfix server bounces the email back to it's sender.
> -------------------------------------------------------------------------
> This is the mail system at host pan.example.com.
>
> I'm sorry to have to inform you that your message could not
> be delivered to one or more recipients. It's attached below.
>
> For further assistance, please send mail to postmaster.
>
> If you do so, please include this problem report. You can
> delete your own text from the attached returned message.
>
>                     The mail system
>
> <craig at safevm-craig.example.com> (expanded from
>      <craig at example.com>): host
>      safevm-craig.example.com[192.168.0.28] said: 550 5.1.1
>      <craig at safevm-cht.example.com>: Recipient address rejected:
> User
>      unknown in local recipient table (in reply to RCPT TO command)
> -------------------------------------------------------------------------
>
> Before I start investigating backup mail servers, different posfix
> queues. Just thought I'd ask if anyone else has setup their one solution
> to ensure the safety of mail delivery with IPA?

I think this would apply to any non-file-based nss provider (ldap, nis, 
etc). What does your nsswitch.conf look like?

I wonder if something clever can be done like [!UNAVAIL=return]. My nss 
knowledge is limited though so I'm not sure what gets returned to the 
lookup call though, whether it is distinguishable from a notfound.

rob

More information about the Freeipa-users mailing list