Hi all. My problem is very close to
http://forum.zentyal.org/index.php/topic,12388.msg50950.html#msg50950 but have some differences
I have virtual maildomain 'test.ru' on zentyal 3.0 server.
Authorization domain (kerberos realm) is 'test.lan'.
Workstations and users are members of "Windows domain" 'test.lan'.
On workstations configured Thunderbird as default mail client with Kerberos / GSSAPI authorization.
Because authorization credentials are '
user@TEST.LAN', and mailaddresses are '
user@test.ru', I became some authorisation errors:
First from dovecot, when user try to recieve mail:
Jun 28 16:01:40 zent dovecot: auth: Error: userdb(user@TEST.LAN,192.168.122.29): user not found from userdb ldap
Jun 28 16:01:40 zent dovecot: imap: Error: Authenticated user not found from userdb, auth lookup id=2933784577 (client-pid=24627 client-id=1)
Jun 28 16:01:40 zent dovecot: imap-login: Internal login failure (pid=24627 id=1) (auth failed, 1 attempts): user=<user@TEST.LAN>, method=GSSAPI, rip=192.168.122.29, lip=192.168.122.101, mpid=24631, TLS
This error can be fixed by modifying rule in 'dovecot-ldap.conf' file to:
user_filter = (&(objectClass=CourierMailAccount)(|(uid=%n)(mail=%u)))
But the second error occurs at sending emails, from postfix:
Jun 28 16:10:51 zent postfix/smtpd[24798]: connect from linux-7r77.test.lan[192.168.122.29]
Jun 28 16:10:51 zent postfix/smtpd[24798]: NOQUEUE: reject: RCPT from linux-7r77.test.lan[192.168.122.29]: 553 5.7.1 <user@test.ru>: Sender address rejected: not owned by user user@TEST.LAN; from=<user@test.ru> to=<mailuser@test.lan> proto=ESMTP helo=<[192.168.122.29]>
Jun 28 16:10:54 zent postfix/smtpd[24798]: disconnect from linux-7r77.test.lan[192.168.122.29]
And I can't find some way to solve it other than comment 'smtpd_sender_restrictions' rule, as in thread, pointed in first line of this post, so
any authenticated user can send message "from" any e-mail address, and it is not so fine
Is this behavior of Zentyal server normal or erroneous? Have somebody any suggestions for more accurate solving this situation?
P.S.: Described situation is on just-installed (from "zentyal-3.0-2-i386.iso" disc) for test system; Current core version: 3.0.21, with all actual updates. Active modules: Network, Firewall, Antivirus, DHCP, DNS, Backup, Events, Logs, Mail Filter, Monitoring, NTP, VPN, Users and Groups, Web Server, FTP, Mail, File Sharing, HTTP Proxy, Webmail, Printer Sharing. I explore Zentyal as alternative to our old solution with different authentication databases/user accounts on different physical servers (fileserver, mailserver and proxy/web/GW). The first task is to transfer e-mail and central authorization roles to new platform, and I can't name my internal domain same as external, because users have access to external web-platform, that name is exact as our maildomain.