On Fri, Mar 08, 2013 at 03:45:57PM +0200, Geoff Shang wrote:
> Given the high focus on secrity at our company, we've determined
> that password verification in LDAP is a costly operation.
Why is it costly? And how does "costly" fit into security? And password
verification is not necessary for looking up stuff.
> Therefore, we need to try to limit LDAP lookups, specifically ones
> that depend on either verifying a customer's password or logging in
> (binding) with an account (which obviously needs to verify a
> password).
Add a LDAP replica on each postfix and dovecot server. This is a good
idea for scallability and rudandancy anyway.
> My question is, is it possible to get proxymap to open a persistant
> connection for LDAP to do relay_domain and relay_recipient lookups?
It does this in all of my setups. They use Postfix 2.9.
> mydestination = mx.ourdomain.com, localhost
> myhostname = mx.ourdomain.com
I don't think this is correct. Maybe mx.example.com.
Bastian
--
History tends to exaggerate.
-- Col. Green, "The Savage Curtain", stardate 5906.4
