HiEl mié, 07-12-2005 a las 08:47 +0100, Claudio Jeker escribió: > On Tue, Dec 06, 2005 at 09:07:22PM -0500, johnny yu wrote: > > > > Hi, > > > > I have been using Netqmail 1.05 in my DMZ for a long time. I use it as a > > smarthost in my DMZ for all incoming and outgoing email. My primary reason > > this is not waiting to expose the Microsoft SMTP service on my Exchange > > server to the world due to secutiry concerns. For this purpose Qmail has > > been great, and I have added a lot of add ons to it like Qmail Scanner and > > rblsmtpd. > > > > However, I would like add the ability to Qmail to have it check to see if a > > user exists before accepting mail and sending it to Excahgne. It seemed > > like Qmail LDAP would do this. I set up a test system and installed Qmail > > 1.03 and patched it with the latest Qmail LDAP patch. I got communication > > working between my Qmail test system and the directory, but from my testing > > it seems Qmail LDAP is more ment to deliver mail locally and just use LDAP > > to store information about the users. I guess the only functionality I > > want out of Qmail LDAP is for it to query AD when recieving a message to > > make sure the recipient in the message is valid. Is there some way to make > > Qmail LDAP work in this manner? > > > > I have also looked at qmail-activedir, but it doesn't appear to do what I > > want either. > > > > The trick is to use only part of qmail-ldap. So using qmail-smtpd and > qmail-verify but not the backend part. Anotherthing that needs some > consideration is to make qmail-smtpd parse a different locals file. > Currently I think it would be possible by using some sort of chroot hack. > > I'll probably add a way to have additional domains checked by > qmail-verify. This function could be very interesting. I have a server that works like a secondary SMTP for several domains. It has no local delivery, in rcpthosts file are configured all domains managed by primary SMTP. This way, when a mail comes to secondary one, is spam and virus checked, but recipient is not verified because is not a local deliver. Is there any way to make this work? My secondary server receives a lot of spam mails, and may of them could be deferred with a LDAP recipient verification.
I would think it was easy, just change "qmail-smtpd.c" from line 1113. To:
--------------
/* check if recipient exists in ldap */
if (rcptcheck) {
if (!goodmailaddr()) {
logline(4,"recipient verify, recipient not in goodmailaddr");
// if (addrlocals()) {
char *s;
logline(4,"recipient verify, recipient is local");
switch (ldaplookup(addr.s, &s)) {
case 1: /* valid */
logline(4,"recipient verify OK");
break;
case 0: /* invalid */
logline(3,"message denied because of recipient verify");
err_554msg(s);
if (errdisconnect) err_quit();
return;
case -1:
default: /* other error, treat as soft 4xx */
if (ldapsoftok)
break;
logline(3,"recipient verify soft error");
err_ldapsoft();
if (errdisconnect) err_quit();
return;
}
// } /* else this is relaying, don't do anything */
}
}
---------
See that I have commented out the check for local delivery.
I have not tested this and not sure it works, but I would think so.
Good luck
/Mikkel
