Thank you Victor for giving me that wonderfully concise answer.
On Jun 17, 2010, at 9:53 AM, Victor Duchovni wrote:
On Thu, Jun 17, 2010 at 07:30:44AM -0700, Andrew G. Grant wrote:
> Jose,
>
> Unfortunately, looking at another server OS doesn't help me to find the
> answer to this question. But thank you for the suggestion.
>
> I am still trying to find out how Apple OS X Server 10.6.3
> (Darwin Kernel Version 10.3.0), running Postfix 2.5.5, Amavisd,
> ClamAV, SpamAssassin, Dovecot, and Squirrel Mail can have
> SASL access Open Directory's LDAP when Postfix isn't compiled
> on my system to use LDAP library types?
>
> This all revolves around finding a way to use:
> reject_sender_login_mismatch on smtpd_sender_restrictions
> without having to keep a separate smtpd_sender_login_maps
> hash file updated.
You need LDAP support in Postfix. There is no work-around that
does not involve copying data out of LDAP if LDAP is not
accessible. SASL alone cannot provide the
RFC 822 sender address <---> SASL authentication name
correspondence, SASL never sees the sender address, only the
user login name and associated credentials.
> Currently, I believe SASL is using Open Directory to reference
> User Name and Password information for SASL to work, as I haven't
> duplicated this information anywhere.
>
> Since my Postfix is not compiled to use LDAP, how is SASL accessing
> Open Directory information?
The SASL library uses LDAP, but Postfix itself is not configured
to use LDAP.
>
> If SASL can access Open Directory, why can't Postfix access Open Directory
> to lookup smtpd_sender_login_maps?
Because that code is not compiled into the Postfix binaries in question.
--
Viktor.
