On 10/28/2009 6:55 AM, Harakiri wrote:
Hi,
my current setup is using check_recipient_access with a SQL table. This works
fine since i can negate the query to return REJECT when a user is not found, if
the user is found, the query returns DUNNO to proceed with addtional checks
(greylisting, rbl), im doing this with a simple sql union.
Now, i do also have a setup where i cant use a SQL table but an existing LDAP
directory. I tried using check_recipient_access with an ldap table.
The problem is, how do i tell that the query should return REJECT if the user
isnt found? The result_format allows only to define a value when a match is
found, but there isnt a no_result_format option.
I know i could do the opposite way, returning PERMIT if the user is found in
the LDAP query, and add , REJECT after the recipient check i.e.
check_recipient_access ldap:/ldap.cf, REJECT
however, then i couldnt do any additional checks like
check_policy_service and rbl, because PERMIT returns and does not proceed with
checks.
The only solution would be to do the check_recipient_access as the final check,
but that would be a quite useless configuration to do greylisting, rbls etc
before a recipient check.
Any ideas?
The proper solution is to use postfix's built-in recipient
validation. Valid recipients should be listed in the proper
table for the address class of the recipient domain, then you
can reject all unknown recipients with a simple
"reject_unlisted_recipient" at whatever point you want. See
http://www.postfix.org/ADDRESS_CLASS_README.html
-- Noel Jones
