On Wed, May 19, 2010 at 15:14, Kaleb Hosie <kho...@spectraaluminum.com> wrote: >> Hi, >> >> Not to highjack the thread, but there are also other things to consider. >> >> I have no idea how on Postfix, but this could help you too Scott Lavoie. >> >> If there are multiple exchange backends for postfix/spamasassin >> gateway ... how could one validate that users exists, given that you >> only have a list of valid users for some of the exchange servers and >> the mailahead/milterahead/smtp are not an option? >> >> I'm looking for a pointer here ... >> >> transport_maps is for the entire domain and where to send the mail ... >> but, I'm lost about the validations of users for some of the domains >> ... > >>Theoretically you could do that with LDAP. Assuming a cluster of Exchange >>servers for one AD Domain, all users should have an entry in the GAL. >>So in your filtering front end you could do an LDAP query against the >>GAL for each recipient and reject the message if not found. >> >>However if that is a busy system you would do a -lot- of queries and >>risk running your DC out of LDAP threads, causing real problems. >>(we ran into a similar problem with a password checking module under >>heavy authetication loads ;(. >> >>If your user population is not too dynamic, it might be more efficient >>to do user list exports & map rebuilds on a periodic basis. >>You could pull the user list using LDAP and build the maps on the postifx >>box using a cron job. > > Take a look at: > http://www2.origogeneris.com:4000/relay_recipients.html > > This script is what we're using at our organization to update the list of > exchange emails. > > > PS: You really started something there Scott :P >
It would be nice if you didn't run web servers on non-standard ports... Our firewall only allows out ports 80 and 443. Kurt
