Add a redirection mail/alias without attaching it to a YunoHost account

I recently needed to create an alias who redirect to an email not manage by my yunohost instance.

To do it, I wrote into the LDAP which is read by Postfix (the mail system).
Firstly i created a file with this command

nano aliasmail 

containing the declaration of the “alias” organisational unit, and an entry with it like that

dn: ou=alias,dc=yunohost,dc=org
objectClass: organizationalUnit
objectClass: top
ou: alias

dn: uid=mail1,ou=alias,dc=yunohost,dc=org
uid: mail1
uid: jean
objectClass: inetOrgPerson
objectClass: mailAccount
cn: Jean DUPONT
sn: Jean
maildrop: redirection@anotherdomain.tld
mail: alias@domain.nohost.me

Then I run this command to add these element to the ldap

sudo ldapadd -x -D cn=admin,dc=yunohost,dc=org -W -f aliasmail

And the redirection was done, if I sent a mail to alias@domain.nohost.me it was resent to redirection@anotherdomain.tld.

Note: if you need a second alias/redirection, you don’t need to put the first part of the file because it is already in the ldap.
Note2: you can redirect an alias to several mail by adding several “maildrop” line.

Nice, that could be an idea for an application. I’ve packaged an app like this but it is not compatible with the ldap alias system of yunohost. With this one, you can keep the yunohost alias system.

Nice tip !

On my side what I would appreciate is having one alias that forwards to a number of already registered yunohost users, without creating an additionnal yunohost user specifically for that.
Seems like your solution could fit the purpose.

Definilty, we need to have this feature available within the moulinette !!

I know this topic is very old, but I have the very same need (e-mail forwarding without Yunohost account).
Does anyone know if this is the only/preferred method to address that need?

On the other hand, would it be possible to have a yunohost account, with e-mail forwarding and no local IMAP account?

Thanks !

Which email address do you need forwarded where exactly? And for what purpose?
Because if you just want to use a YunoHost account and read/send emails using another address, you can just use the Rainloop app and add all your addresses.

I’m planning to manage the family domain which corresponds to our last name: every member has a first_name@domain forwarding e-mail address. So ideally:

• some users would have a yunohost account, but I don’t wan’t to host their e-mails --> only forwarding to their own personal e-mail account (gmail.com or whatever)
• some users wouldn’t have a yunohost account, but still they would need to get the e-mails forwarded to their own personal e-mail account

I rested it today, 2 years after, and it works

Hello,
digging up this subject once again !

Is there any way to do the alias in the yunohost web interface ?
(I’d like it to be understandable for the next person in my organisation who have to manage the aliases)

Salut,
J’utilise un alias avec cette méthode depuis quelques années, et là il ne marche plus depuis la màj vers 3.7. Une idée de pourquoi ?
L’entrée est bien toujours présente dans le ldap :

admin@serveur:/etc/postfix$ sudo ldapsearch -x -h localhost -b "dc=yunohost,dc=org" "(uid=mail1)"
# extended LDIF
#
# LDAPv3
# base <dc=yunohost,dc=org> with scope subtree
# filter: (uid=mail1)
# requesting: ALL
#

# mail1, alias, yunohost.org
dn: uid=mail1,ou=alias,dc=yunohost,dc=org
uid: mail1
uid: jean
objectClass: inetOrgPerson
objectClass: mailAccount
cn: Jean DUPONT
sn: Jean
maildrop: redirect1@domain.net
maildrop: redirect2@domain.net
mail: alias@domain.net

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

Bon, à priori c’est normal que ça ait sauté, car le système de permission a changé dans 3.7.
En attendant mieux, j’ai supprimé la règle dans le ldap : sudo ldapdelete -x -D cn=admin,dc=yunohost,dc=org -W uid=mail1,ou=alias,dc=yunohost,dc=org , puis j’ai créé un utilisateur et redirigé vers les deux adresses.

Hello,
The method still works, but you have additional information to add to your alias:

• add the objectClass userPermissionYnh
• add the permission attribute with the value cn=mail.main,ou=permission,dc=yunohost,dc=org

Hope it helps!

Is this still “best practise”? Would be great to have an app to do this.

Or is the best workaround to create a new dummy user?

Hello,
Since nobody answer to YB2022, I suppose it is still the good method if we do not want to create a new account only for an alias.

I tried the method with success.
from Jimbojoe, I added theses two lines in the second part of the first post :

objectClass: userPermissionYnh
permission: cn=mail.main,ou=permission,dc=yunohost,dc=org

In order to see what you get, you can install the APP phpldapadmin

Mhh, There is this new alias system directly available in latest yunohost version (available partially in the web interface) and fully on the CLI groups: add mail-aliases management by alexAubin · Pull Request #1539 · YunoHost/yunohost · GitHub
So I guess we do have feature integrated now

Does this work for an alias which redirect to an email not managed by the yunohost instance ? As far as I understand, it does not…
And since the 11.1 version, I can not use the LDAP method anymore…
Do I miss something ?

why not use virtual_alias_domains and virtual_alias_maps in postfix configuration ?

I needed:

• aliases pointing then one or more mail addresses
• aliases that can point to external addresses

I found this very helpful, but couldn’t get it to work, because I couldn’t add the new organizationalUnit to the directory.

I solved the problem by temporarily changing the permissions to the directory.

cp /usr/share/yunohost/conf/slapd/config.ldif /usr/share/yunohost/conf/slapd/config.ldif.orig
patch /usr/share/yunohost/conf/slapd/config.ldif < slapd_config.ldif.patch
/usr/share/yunohost/hooks/conf_regen/06-slapd post true
ldapadd -Y EXTERNAL -H ldapi:/// -W -f alias_ou.ldif
mv /usr/share/yunohost/conf/slapd/config.ldif.orig /usr/share/yunohost/conf/slapd/config.ldif
/usr/share/yunohost/hooks/conf_regen/06-slapd post true
ldapadd -Y EXTERNAL -H ldapi:/// -W -f test_alias.ldif

slapd_config.ldif.patch:

*** config.ldif.orig	2023-10-06 11:34:04.024726179 +0200
--- config.ldif	2023-10-06 11:35:40.176600709 +0200
*************** objectClass: olcDatabaseConfig
*** 108,114 ****
  olcDatabase: {0}config
  # Give access to root user.
  # This give the possiblity to the admin to customize the LDAP configuration
! olcAccess: {0}to *  by * none
  olcAddContentAcl: TRUE
  olcLastMod: TRUE
  olcRootDN: cn=config
--- 108,115 ----
  olcDatabase: {0}config
  # Give access to root user.
  # This give the possiblity to the admin to customize the LDAP configuration
! # olcAccess: {0}to *  by * none
! olcAccess: {0}to *  by * read
  olcAddContentAcl: TRUE
  olcLastMod: TRUE
  olcRootDN: cn=config

The ACLs changed and I haven’t been able to use the simple authentication. For the above to work you need to sudo the above commands or run them as root.

What I didn’t find out is how I could allow the accounts receiving emails to a certain address to send using the address as sender.

Update

In postfix main.cf the setting smtpd_sender_restrictions defines who is allowed to send using which sender address. To let user send using their aliases as sender names there are exceptions defined for the setting reject_authenticated_sender_login_mismatch.

These exceptions are defined in smtpd_sender_login_maps by /etc/postfix/ldap-accounts.cf an ldap query that returns the uid for a specific email address. If the returned uid matches the uid of the authenticated user the email address is allowed for that user as the sender.

To make this work for the solution described in this thread another ldap query to resolve an email address defined in the manner described here to an uid which should be very well possible.

Meanwhile I talked to @Aleks on matrix about this and he suggested a completely different solution: using groups (as for example the admin group) for email aliases which deliver to several maildrops and/or email addresses.

The postfix documentation suggests the use of yet another objectClass for aliases delivering to multiple recipients: ldapGroups.

We’d need to consider in which way 1-m aliases fit best into the original concept of yunohosts directory.

To work towards a good feature request I’d like to define the possibly wanted features of the 1-m aliases:

• an email received for that alias is send to multiple maildrops and/or email addresses
• its got one or more owner(s) who
  • are able to edit the list of receivers
  • are allowed to delete it
• for an 1-m alias is defined who is allowed to change the receivers
  • its open to subscription by every uid
  • only owner(s) are allowed to change the receivers
• for an 1-m alias is defined who is allowed to use it as the sender address of emails
  • a freely defined list of one or more uids
  • every uid that own one of the maildrops which receive the emails

Something missing? Please comment!

Off the above features I’d like to see the best possible subset that can be realized by one ldap entry per 1-m alias and an understandable additional query for smtpd_sender_login_maps.

I’d expect that for the beginning it would be a feature that would be used through direct editing the directory (through e.g. phpldapadmin) before the feature would be added to the the yunohost command and maybe the webgui.

Another update

On my former mailserver I had a database table containing entries with columns for ‘alias’ (mailalias), ‘target’ (maildrop or address to deliver to), ‘owner’ (person with permission to alter the record). The primary key of the table had been made from ‘alias’ & ‘target’.

For each alias there were multiple targets allowed owned by the same or different uids. A mail addressed to an alias has been delivered to all of the targets listed in the different rows for that alias.

If an alias for yunohost would be made of (instead of the above proposed solution):

dn: cn=alias_target,ou=alias,dc=yunohost,dc=org
uid: owner
objectClass: inetOrgPerson
objectClass: mailAccount
cn: alias_target
sn: <whatever>

and only one maildrop or mail attribute it should be possible to add these several times for the same alias. I’ll have to do the following:

• check whether dn would be valid (cn instead of uid - the dn has to be unique and the same uid could be used in multiple aliases)
  • works fine, _‘dn=cn=alias_rcpt,ou=alias,dc=yunohost,dc=org’ works
  • the ‘primary key’ would be cn=<aliasname>__<target> then
  • and even though: as logic dictates the field mail: containing the email address needs to be unique
  • this needs a different approach
    • Could be that the email address is something like an ou that can contain sub-items which in turn are the targets to be delivered to + additional informations needed (like e.g. ownership)
    • There’s this article pointing to the misc schema which is not included, yet.
    • ldap knows aliases that could be used to point from an email address being used as an alias to the dn of an email user for local users (solving the question of maildrop and ownership for those)
• solve the permission problem of the actual yunohost configuration (reading the ldap bible)
  • everything point to defining a ‘manager’ for the directory that can be used without the ACLs applying
  • Manager could be ‘root’ via sasl to not have another account that wouldn’t be used much
  • Since we don’t want to use the root account in phpldapadmin the manager account could be used to set up a dn exclusively used for editing the directory via e.g. phpldapadmin (or the ldap cli utils)
• check postfix whether it’s possible and performance-wise o.k. to get the targets for an alias from several different entries

I tried to understand how does virtual_alias_domains and virtual_alias_maps works, without succeed.
Can you help me to redirect a newAlias@myYnhServer.tld to several remote (external) adress ?