I suppose it might be of interest to others if you told the list what users your ldap director[y|ies] contain(s). As well as your policy.
Like I don't want mail from my local users (100% Openldap 2.1.19 based) scanned, so both with my Postfix 2.0.x and SA-Exim 4.20/3.0 MTAs, I configure them such, that they don't scan mails from ldap-based local users. This is my policy and this is in fact what I do. I don't need to change any SA code at all to do it. If I only wanted certain local groups to be accepted, I could do that my way too.
So, suppose you explain why you have to. A good reason, for example, would be that you don't want external ldap users (Netscape, Bigfoot, you name it) to be vetted for spam. That wouldn't work with my method.
Sorry, in trying to be brief in my original posting, I probably wasn't clear enough.
We're a small organisation, and most of the email we receive is from external addresses. We have a Contacts Database in MySQL with a PHP web front end, in which we keep details of names, addresses, phone numbers, email addresses, etc, of external contacts. There's about 600 external email addresses in it, from a variety of different organisations. The login database of our own internal users is held in NIS, and not directly relevant to this discussion.
Before using SA, we'd set up a regular cron job to send the relevant data from MySQL into an OpenLDAP directory so that we could then use this easily as a shared address book from mail clients like Mozilla Mail, e.g. to autocomplete addresses when composing. Works well.
Having installed SA to rid us of unsolicited spam from people we'd never heard of, we wanted a way of ensuring that we didn't miss email from external people we do know as a result of SA possibly classifying it as spam. We're working on the basis that people we know are trusted to send us only non-spam.
To avoid exposing our SMTP server to the outside world, we actually pick up all incoming mail from our ISP relay using fetchmail in multi-drop mode, and then pump it into our internal SMTP server (sendmail). Mail is then delivered for each internal user via procmail (which is where we've plugged in SA) and picked up by the user in Mozilla Mail using movemail.
So, I could have constructed a "whitelist_from" list of 600 email addresses, put that in SA's config file, and arrange somehow to keep them in step, but that didn't seem very elegant. So I figured it might be better if I got SA to check the from addresses of incoming mail directly against our LDAP server. The latter basically contains a schema of inetOrgPerson objects whose "mail" attribute is the email address of the external contact. Maybe I could have done the checks directly against MySQL, but I figured querying the LDAP server might be more lightweight.
My modifications to SA allow this LDAP-based whitelist-checking to be performed immediately after the usual whitelist_from and whitelist_from_rcvd processing, enabled in a minimal case by two extra config lines, e.g.
whitelist_ldap_url ldap://localhost:389 whitelist_ldap_base_dn dc=example,dc=com
but with a few additional config options to allow specifying Bind DN and password, and to cater for "ldaps://" server CA cert checking. I've also put in an additional filter option, so e.g. if the LDAP entries were flagged with some other attribute saying whether a given address should be whitelisted or not, that would be easily accommodated. My LDAP config options are in the spirit of those used by Mozilla Mail.
Maybe this isn't a common problem, and there may well be other ways of solving it, but we're happy now!
Regards,
Colin
------------------------------------------------------- This SF.NET email is sponsored by: eBay Great deals on office technology -- on eBay now! Click here: http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
