On Tue, 2008-10-21 at 12:34 -0400, Brian Evans - Postfix List wrote: > The current best use view of reject_unverified_(recipient|sender) is > to > use for your domains that you control.
Thanks, and yes, I agree this should be done. We currently use LDAP lookups for transports. Is there a way to tie reject_unverified_(recipient|sender) to domains using LDAP lookups? Is it as easy as taking our transport.cf ldap conf file and modifying like this below? mx1# cat ldap/verification.cf bind = no server_host = ldapi:/// version = 3 search_base = ou=Domains,dc=example,dc=com query_filter = (&(|(dc=%s)(cn=%s)(associatedDomain=%s))(objectClass=inetLocalMailRecipient)) result_attribute = mailRoutingAddress result_format = reject_unverified_recipient In main.cf: smtpd_recipient_restrictions check_recipient_access ldap:/etc/postfix/verification.cf smtpd_sender_restrictions check_sender_access ldap:/etc/postfix/verification.cf mx1# postmap -q example.com ldap:/usr/local/etc/postfix/ldap/verification.cf reject_unverified_recipient -- Robert
