AD Integration for select domains

Questions and answers about how to do stuff
Post Reply
mcit
Posts: 27
Joined: 23 May 2014 01:24

AD Integration for select domains

Post by mcit »

Does anyone know if it is possible [and ultimately how] I can have EFA verify emails against an Active Directory server for a select number of the mail domains configured on the system?

ie.

abc.com > EFA > Destination Server [Postfix]
xyz.com > EFA > [AD lookup] > Destination Server 1 [Exchange 2007]
qrs.com > EFA > [AD lookup] > Destination Server 2 [Exchange 2010]

etc.

Or am I asking too much for AD lookups?

Matthew
Top
Widmo
Posts: 17
Joined: 23 Jun 2014 12:45

Re: AD Integration for select domains

Post by Widmo »

Do You want to check if email is correct?

I think that's possible:

http://blog.widmo.biz/postfix-check-use ... tory-ldap/

Just use more files:

Code: Select all

check_recipient_access ldap:/etc/postfix/ldap-users-domain_1.cf, ldap:/etc/postfix/ldap-users-domain_2.cf, hash:/etc/postfix/recipient_access,
And ask each domain. If it possible to filter query to one domain? I don't know... :(

http://forums.opensuse.org/showthread.p ... th-postfix
Top
mcit
Posts: 27
Joined: 23 May 2014 01:24

Re: AD Integration for select domains

Post by mcit »

Thanks for the reply.

That is very helpful thank you.
My concern is though with this section:

Code: Select all

4) Modify your /etc/postfix/main.cf to achieve this one:

smtpd_recipient_restrictions =  permit_sasl_authenticated,
                                permit_mynetworks,
                                reject_unauth_destination,
                                reject_non_fqdn_recipient,
                                reject_unknown_recipient_domain,
                                check_recipient_access ldap:/etc/postfix/ldap-users.cf, hash:/etc/postfix/recipient_access,
                                reject
If it checks each of the domains against the ldap servers listed, and the domain in question has no associated ldap lookup, will the email address be deemed as invalid and therefore rejected. Or will it realise that the ldap lookups do not contain the domain being checked, and allow all addresses to pass [like the default configuration does]
Top
Widmo
Posts: 17
Joined: 23 Jun 2014 12:45

Re: AD Integration for select domains

Post by Widmo »

if found in ldap:/etc/postfix/ldap-users.cf or hash:/etc/postfix/recipient_access, it will pass email,
and if not found it will drop it, cause of

Code: Select all

check_recipient_access ldap:/etc/postfix/ldap-users.cf, hash:/etc/postfix/recipient_access,
 >>> reject  <<<
reject on end of config.

You can remove reject, but it doesn't have any sense ;)
Top
Post Reply

Return to “How-to”