Zitat von Ansgar Wiechers <li...@planetcobalt.net>:
On 2011-01-09 lst_ho...@kwsoft.de wrote:Zitat von Eero Volotinen <eero.voloti...@iki.fi>:Does this still works for windows 2008 ad? : http://postfix.state-of-mind.de/patrick.koetter/mailrelay/#d0e149 or is there better way to do it?In most cases it would be best to query Windows AD by LDAP without the need for script magic and without syncronisation delays.No, it wouldn't. The reason for this is explained in the section "MAPS built from LDAP queries" on the same page.
Proper setup LDAP lookups, maybe even with proxymap (persistant connection) are really fast and cheap at AD side. So even a Microsoft AD should be able to stand dictionary attacks without any problems and with a real DDoS to your site you are lost anyway. In fact i have never seen or heard of AD suffering because of LDAP lookups from Postfix. For those who are in a size with that many users that it may be relevant a seperate LDAP replica for the MX servers is no problem and much more of a solution.
Regards Andreas
smime.p7s
Description: S/MIME Cryptographic Signature
