John Baker:
> Hi,
>
> We have a a few mass group addresses that we restrict access to. So far we
> have used a mix of sender_access and recipient_access on one final
> destination server to do this. But have have moved all of our other groups
> to ldap so that they expand on all the relays we have for various reason
> and want to move these last ones as well.
>
> I can put the access files on all 6 servers but it would be nice to have
> some way to manage the lists centrally. Is there a way to ok or reject mail
> to a specific addresses based on an ldap lookup to see if the sender
> address is allowed? The ldap_table documentation appears to be just for
> rewrites.
All Postfix table lookup mechanisms can use LDAP. That said, it
probably isn't a good idea to put all tables into LDAP because LDAP
server load will increase and Postfix performance will suffer.
You can certainly try to replace a hash: access map by an LDAP one.
Postfix makes the same lookups with hash: and ldap: tables, including
lookups for partial strings (parent domains, subnetworks) as
documented in the access(5) manpage.
You can reduce LDAP server load by judicious use of the domains
parameter in Postfix LDAP config files.
Wietse
