On 10/16/2013 3:46 PM, David F. Skoll wrote:
On Wed, 16 Oct 2013 15:41:04 -0400
"Kevin A. McGrail" <kmcgr...@pccc.com> wrote:
So in the beginning for our issue, our firm implemented something
similar and it's documented at http://www.pccc.com/downloads/ldap/
thanks primarily to Brian Landers <br...@packetslave.com> and his
work. This is a nice solution that uses LDAP and queries it to build
an access list with sendmail.
We use MIMEDefang and we make real-time LDAP calls in filter_recipient.
So when a modification to Active Directory is made, it's instant... no
need to wait for the data to be updated on the Sendmail server.
The downside is that you can get a *lot* of LDAP traffic if there's
a dictionary attack.
We've done similar real time checks using Sendmail but seen this
actually bring down Exchange Servers (more like bringing it to its
knees from a resource perspective than actually crashing it) from the
LDAP queries associated with these type of issues. So I agree the
instantaneous nature is nice but we switch to the store because the
volume we could handle with Sendmail was so much higher than what was
effectively halting Exchange Servers.
This was back in 2007 and revolved around small companies with one
server so it was bringing down other operations as well. We wrote about
it a bit on this page
https://raptor.pccc.com/raptor.cgim?template=raptorFAST (warning
commercial site not affiliated with project though it's where I put a
lot of stuff I'm working on. I'll open a ticket to add as much as we
can. Anyway, please ignore if you aren't interested in my day job).
Regards,
KAM
