From: Harakiri on

my current setup is using check_recipient_access with a SQL table. This works fine since i can negate the query to return REJECT when a user is not found, if the user is found, the query returns DUNNO to proceed with addtional checks (greylisting, rbl), im doing this with a simple sql union.

Now, i do also have a setup where i cant use a SQL table but an existing LDAP directory. I tried using check_recipient_access with an ldap table.
The problem is, how do i tell that the query should return REJECT if the user isnt found? The result_format allows only to define a value when a match is found, but there isnt a no_result_format option.

I know i could do the opposite way, returning PERMIT if the user is found in the LDAP query, and add , REJECT after the recipient check i.e.

check_recipient_access ldap:/, REJECT

however, then i couldnt do any additional checks like
check_policy_service and rbl, because PERMIT returns and does not proceed with checks.

The only solution would be to do the check_recipient_access as the final check, but that would be a quite useless configuration to do greylisting, rbls etc before a recipient check.

Any ideas?

From: Harakiri on
--- On Wed, 10/28/09, Noel Jones <njones(a)> wrote:

> The proper solution is to use postfix's built-in recipient
> validation.  Valid recipients should be listed in the
> proper
> table for the address class of the recipient domain, then
> you
> can reject all unknown recipients with a simple
> "reject_unlisted_recipient" at whatever point you

Thanks, so i should use

relay_recipient_maps = ldap:/

and in smtpd_recipient_restrictions i add reject_unlisted_recipient before greylisting and rbl right?

Furthermore, if i just have relay_recipient_maps = ldap:/ - and NO reject_unlisted_recipient - nothing will happend ? (i.e. its easy to switch it on and off without outcommenting the maps each time)