On 1/4/2016 12:47 PM, Gomes, Rich wrote: > I have read over the suggested documentation and I have some questions. But > perhaps it would be good to break down my goals here first. > First by the postfix\relaying part, then by the validation. > > Years ago I used qmail on the 'nix side but since then I have been using > Sendmail so some of this may be part of the expected learning curve. > > I am trying to configure a relay that will accept mail from applications and > send the mail either to Exchange or to the Internet. > In Sendmail I would do this by adding internal domains and their Exchange > FrontEnd server in the mailertable file and any domains not listed there > would be handled by the SmartHost entry in sendmail.cf. > In Postfix I setup relay_domains and transport maps to handle the internal > domains while the relay_host setting handles all other domains. > > This is all working as expected.
Yes, that's the correct way to configure relay_domains. And yes, that's the correct use of the relay domain class. http://www.postfix.org/ADDRESS_CLASS_README.html#relay_domain_class > > > Now for the LDAP validation part. > The server will not host any mailboxes since it is just a relay. > I don't want to use a local table for validation, I want it to query AD in > real-time > NOTE: If there is a way to cache these entries, great. If not, great. > > If I setup the LDAP queries according to this article, > http://blog.yenlo.com/nl/using-postfix-ldap-search-against-active-directory > It works great at the postmap -vq johnpaulvanhelvo...@domain.nl > ldap:/etc/postfix/ldap-aliases.cf part but does not validate while relaying > mail. The article you refer to doesn't use relay_domains. Some differences will be needed for your setup. > Given my configuration, should I be using the virtual_mailbox_domain address > class to enable the real-time validation? > Or can it be done using relay_domains address class? Valid users for relay_domains are listed in relay_recipient_maps. That's where your ldap: map goes. http://www.postfix.org/ADDRESS_CLASS_README.html#relay_domain_class You're not using virtual_mailbox_domains, so it would not be appropriate to add your ldap: lookup there. -- Noel Jones
