Usermin + PAM + LDAP + smtpd_sender_login_maps

Hello Folks!

I think I found a feature of some sort, users logged in usermin can not send email when using smtpd_sender_login_maps and users is in LDAP. Same problem if users are local. Virtualmin 4.11 and usermin 1.600.

I have Postfix + Openldap setup per advices on your old famous link from 2009, everything is working as it should except that usermin users can not send email.

We use pam_ldap and pam to authenticate usermin users, they can read imap mail, change passwords and all that.

Postfix is locked down so authenticated users only can use email addresses that is created via virtualmin:

smtpd_sender_login_maps = ldap:/etc/postfix/ smtpd_sender_restrictions = reject_sender_login_mismatch

Failed to send mail : SMTP command rcpt to: failed : 553 5.7.1 Sender address rejected: not logged in

If using any other mail client line thunderbird or msmail, outlook, horde+imp and so on, all works perfectly, only sermon have the problem.

I suspect usermin users do not authenticate against outgoing smtp server, it is maybe like that by design.

To workaround the feature, I added "Send mail via connection to" (*) Sendmail executable and disabled user ability to change their email address using: Allow editing of From: address No (always username@hostname).

I have played around with PAM and postfix a lot, trying to make user authenticatate/login to smtp server, but it did not work. For example Pass on PAM status to other modules and so on.

Please tell me, is this how usermin is expected to work or a bug.

I can provide all my configuration if needed :-)



By default, usermin doesn't do SMTP authentication when sending email via a localhost connection - and unfortunately there is no support for enabling this currently. In a typical Postfix setup, local connections don't need SMTP auth because the sender could just use the local sendmail or postfix commands anyway.

The only work-around I can suggest is to configure Postfix to not check smtpd_sender_login_maps for localhost SMTP connections.

And so we did, also using sendmail/postfix binaries to put the mail directly in the queue works :-)