check_recipient_access - negate ldap query to return reject if user is NOT found?
in [Postfix]
|
From: Harakiri on 28 Oct 2009 07:55 Hi, my current setup is using check_recipient_access with a SQL table. This works fine since i can negate the query to return REJECT when a user is not found, if the user is found, the query returns DUNNO to proceed with addtional checks (greylisting, rbl), im doing this with a simple sql union. Now, i do also have a setup where i cant use a SQL table but an existing LDAP directory. I tried using check_recipient_access with an ldap table. The problem is, how do i tell that the query should return REJECT if the user isnt found? The result_format allows only to define a value when a match is found, but there isnt a no_result_format option. I know i could do the opposite way, returning PERMIT if the user is found in the LDAP query, and add , REJECT after the recipient check i.e. check_recipient_access ldap:/ldap.cf, REJECT however, then i couldnt do any additional checks like check_policy_service and rbl, because PERMIT returns and does not proceed with checks. The only solution would be to do the check_recipient_access as the final check, but that would be a quite useless configuration to do greylisting, rbls etc before a recipient check. Any ideas?
From: Harakiri on 28 Oct 2009 09:11 --- On Wed, 10/28/09, Noel Jones <njones(a)megan.vbhcs.org> wrote: > > The proper solution is to use postfix's built-in recipient > > validation. Valid recipients should be listed in the > proper > table for the address class of the recipient domain, then > you > can reject all unknown recipients with a simple > "reject_unlisted_recipient" at whatever point you Thanks, so i should use relay_recipient_maps = ldap:/myconfig.cf and in smtpd_recipient_restrictions i add reject_unlisted_recipient before greylisting and rbl right? Furthermore, if i just have relay_recipient_maps = ldap:/myconfig.cf - and NO reject_unlisted_recipient - nothing will happend ? (i.e. its easy to switch it on and off without outcommenting the maps each time)
|
Pages: 1 Prev: how to remove received by headers before mail gateway Next: Postfix-SASL-GSSAPI question |