On Wed, 19 May 2010, Mikael Syska wrote:
> Hi,
>
> Not to highjack the thread, but there are also other things to consider.
>
> I have no idea how on Postfix, but this could help you too Scott Lavoie.
>
> If there are multiple exchange backends for postfix/spamasassin
> gateway ... how could one validate that users exists, given that you
> only have a list of valid users for some of the exchange servers and
> the mailahead/milterahead/smtp are not an option?
>
> I'm looking for a pointer here ...
>
> transport_maps is for the entire domain and where to send the mail ...
> but, I'm lost about the validations of users for some of the domains
> ...
One other thought, assuming just one AD Domain as the target and AD admins
who are cooperative, just set up MSFU (MicroSoft services for Unix) on
the DCs and populate the extra attributes in each user's account entry.
(set the shell to '/bin/false' to prevent them from trying to login on
the postfix box) export the "account" entries as either a NIS domain
or LDAP accounts. Make sure the Unix user-IDs 'look' like the incoming
e-mail names.
Then all you should need to do on the postfix box is add that data source
to the nsswitch.conf file and voila, they become valid users for postfix
to check against. Use nscd to prevent abuse of the DCs when dictionary
attack spam floods come by. ;)
Untested but should be do-able w/o too much work and will be auto-magic
one set up.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
