I have a primary and backup mx both running postfix with assp in front.
Assp performs all spam and recipient verification checks which is working
fine except for a limitation in assp whereby ldap recipient checks are
limited to one server so in the case where these two gateways are authoritative
for more than one domain I can't perform recipient validation for all but one
domain.
Worse is that the backup mx doesn't perform any recipient validation as we
don't allow tcp389 across the net for assp to leverage.
I am hoping to migrate just this task out of assp and into postfix and use
relay_recipient_maps = ldap:/etc/postfix/ldap_1.cf
ldap:/etc/postfix/ldap_2.cf
ldap:/etc/postfix/ldap_3.cf
where ldap_#.cf represents the applicable ldap server for each domain.
Additionally I want to allow the backup mx to perform recipient validation
against the primary mx and restrict the primary as the only server which can
reach the various ldap servers.
Can caching be enabled on both the primary and backup mx like
smtpd_sender_restrictions can with its address_verify_map? If so, how do
you control the behavior when the ldap server is unavailable? Can I change the
reject behavior to warn for example if the recipient is not in the cache and
postfix attempts to resolve it through ldap and gets an error?
Thanks!
jlc
