If you receive a high volume of mail, only use LDAP for SASL authentication. Don't use LDAP for inbound user lookups... the relay_recipients hash is much faster.
Bill -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mitch Planck Sent: Friday, March 26, 2004 9:58 AM To: '[EMAIL PROTECTED]' Subject: [IMGate] ldap & postfix Hi all, I'm working on setting up a second imgate server and I'm think about what I want it to do a little differently from the first one. I'd like to have the server do SASL and TLS but I'm having trouble figuring out how best to do this. We currently have two mail servers, one running imail and one running netscape mail server, both on windows. We eventually plan to get rid of the netscape server, which has been around for years and is no longer supported - that won't be for another 6 months to a year though. Both servers have ldap servers built in and the imail server is using an external database (MS SQL server) as its user database. Since odbc support for FreeBSD (what I'm using for postfix) is limitted to non-existant I don't want to go that way. That would only work for the one user database anyway. What I would like to do is have postfix do an ldap lookup to verify the username/password. It would have to be able to know which server to look at depending on the domain and then verify with that ldap database. Some of the passwords are in plaintext, some are SHA hashes. I've been looking through various ldap and sasl how-tos to try and find something that will work but I haven't been able to yet. Does anyone know of one or if what I want is possible? Keep in mind I'm not a linux guru. I started with Windows, moved to Novell admin, then Windows server admin, then Cisco router admin, with linux thrown in as needed. I built a CVS server for a client, an MRTG server for us, and a couple others but that's it. I'm getting better with FreeBSD and like it but much about the linux-variant OSs still is unknown to me. Best regards and thanks in advance, Mitch Planck ias.net P.S. Kyle Dent's postfix book from O'Reilly is good but they did a major misprint and it's missing pages 42-80 or so. Wait until mid-April to buy it if you want it. I look forward to Ralf and Patrick's postfix book coming out in June as well.
