On Wed, 19 May 2010, Mikael Syska wrote:
> Hi,
>
> Not to highjack the thread, but there are also other things to consider.
>
> I have no idea how on Postfix, but this could help you too Scott Lavoie.
>
> If there are multiple exchange backends for postfix/spamasassin
> gateway ... how could one validate that users exists, given that you
> only have a list of valid users for some of the exchange servers and
> the mailahead/milterahead/smtp are not an option?
>
> I'm looking for a pointer here ...
>
> transport_maps is for the entire domain and where to send the mail ...
> but, I'm lost about the validations of users for some of the domains
> ...
Theoretically you could do that with LDAP. Assuming a cluster of Exchange
servers for one AD Domain, all users should have an entry in the GAL.
So in your filtering front end you could do an LDAP query against the
GAL for each recipient and reject the message if not found.
However if that is a busy system you would do a -lot- of queries and
risk running your DC out of LDAP threads, causing real problems.
(we ran into a similar problem with a password checking module under
heavy authetication loads ;(.
If your user population is not too dynamic, it might be more efficient
to do user list exports & map rebuilds on a periodic basis.
You could pull the user list using LDAP and build the maps on the postifx
box using a cron job.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
