On Thu, Dec 02, 2010 at 04:08:09PM -0600, Stan Hoeppner wrote:
> Martin Kellermann put forth on 12/2/2010 6:08 AM:
>
> > and there's a 5 sec. delay ... seems way too long to me for just
> > checking the recipient...!?
>
> That delay should be no longer than what a typical delivery to the
> Exchange server would be. Since no message is sent, it should be
> shorter by quite a bit. I would guess the delay is within the Exchange
> server, not Postfix, so you may need to do some sleuthing on the Exch
> server to see what it causing the delay.
>
> > PS: should unverified_recipient_reject_code set to 450 or 550 ?
>
> You should probably leave this at the defaults. As I understand it, the
> default configuration will return a 5xx for "unknown user" and a 4xx if
> the query fails, due to network, etc.
The OP is really far better off querying the LDAP server:
server_host = ... suitable LDAP server or servers ...
bind_dn = ... a low-value non-human AD account, just for LDAP lookups ...
bind_pw = ... the corresponding password ...
search_base =
scope = sub
query_filter = proxyAddresses=smtp:%s
result_attribute = mail
In an upcoming snapshot the Postfix LDAP driver will be able to do GSSAPI
auth to AD for those brave enough to try their hand at provisioning
cross-platform Kerberos credential caches ...
--
Viktor.
