From: Harakiri on 28 Oct 2009 07:55
my current setup is using check_recipient_access with a SQL table. This works fine since i can negate the query to return REJECT when a user is not found, if the user is found, the query returns DUNNO to proceed with addtional checks (greylisting, rbl), im doing this with a simple sql union.
Now, i do also have a setup where i cant use a SQL table but an existing LDAP directory. I tried using check_recipient_access with an ldap table.
The problem is, how do i tell that the query should return REJECT if the user isnt found? The result_format allows only to define a value when a match is found, but there isnt a no_result_format option.
I know i could do the opposite way, returning PERMIT if the user is found in the LDAP query, and add , REJECT after the recipient check i.e.
check_recipient_access ldap:/ldap.cf, REJECT
however, then i couldnt do any additional checks like
check_policy_service and rbl, because PERMIT returns and does not proceed with checks.
The only solution would be to do the check_recipient_access as the final check, but that would be a quite useless configuration to do greylisting, rbls etc before a recipient check.
From: Harakiri on 28 Oct 2009 09:11
--- On Wed, 10/28/09, Noel Jones <njones(a)megan.vbhcs.org> wrote:
> The proper solution is to use postfix's built-in recipient
> validation. Valid recipients should be listed in the
> table for the address class of the recipient domain, then
> can reject all unknown recipients with a simple
> "reject_unlisted_recipient" at whatever point you
Thanks, so i should use
relay_recipient_maps = ldap:/myconfig.cf
and in smtpd_recipient_restrictions i add reject_unlisted_recipient before greylisting and rbl right?
Furthermore, if i just have relay_recipient_maps = ldap:/myconfig.cf - and NO reject_unlisted_recipient - nothing will happend ? (i.e. its easy to switch it on and off without outcommenting the maps each time)
Prev: how to remove received by headers before mail gateway
Next: Postfix-SASL-GSSAPI question