On Mon, Jul 14, 2014 at 02:37:02PM +0200, Stefan Sieg wrote:
> Hello,
>
Hello,
> i had the chance to test the ldap mailaddr_filter and use it to check
> recipients in an active diretory server.
> This is a low volume site (250 user / 1000 mails per day) with opensmtpd
> as relay/filter in front of another mailserver. Everthing is just perfect.
>
Nice,
> But :) the server close idle connections after 15 minutes and i get
> TempFails for all ldap recipient checks.
> To keep it running i have added a reconnect to ldap_query. I am not sure
> if this is good solution at all, but at least it has survived the night :)
>
> I understand that ldap is not on your prio list but are there any plans
> for some kind of connection check/reconnect?
>
Did I ever get back to you regarding this diff ? I think not :-(
The way you're fixing the issue works but it should be handled differently,
I'm willing to discuss this with you if you want to work on the diff.
Gilles
> ===================================================================
> RCS file: /cvs/src/usr.sbin/smtpd/table_ldap.c,v
> retrieving revision 1.12
> diff -u -p -r1.12 table_ldap.c
> --- table_ldap.c 9 Jul 2014 08:38:08 -0000 1.12
> +++ table_ldap.c 14 Jul 2014 11:43:31 -0000
> @@ -22,6 +22,7 @@
> #include <stdlib.h>
> #include <string.h>
> #include <unistd.h>
> +#include <time.h>
>
> #include "smtpd-defines.h"
> #include "smtpd-api.h"
> @@ -79,6 +80,9 @@ static char *basedn;
> static struct aldap *aldap;
> static struct query queries[LDAP_MAX];
>
> +static int open_wait = 30;
> +static time_t open_last;
> +
> int
> main(int argc, char **argv)
> {
> @@ -118,6 +122,8 @@ main(int argc, char **argv)
> }
>
> log_debug("debug: table-ldap: connected");
> +
> + open_last = time(NULL);
>
> table_api_on_update(table_ldap_update);
> table_api_on_check(table_ldap_check);
> @@ -452,7 +458,8 @@ ldap_query(const char *filter, char **at
> if ((ret = aldap_search(aldap, basedn__,
> LDAP_SCOPE_SUBTREE,
> filter__, NULL, 0, 0, 0, pg)) == -1) {
> log_debug("ret=%d", ret);
> - return -1;
> + goto reconnect;
> +
> }
> if (pg != NULL) {
> aldap_freepage(pg);
> @@ -483,6 +490,26 @@ ldap_query(const char *filter, char **at
>
> ret = found ? 1 : 0;
> goto end;
> +
> +reconnect:
> +
> + if (time(NULL) - open_last < open_wait)
> + goto error;
> +
> + if (aldap) {
> + aldap_close(aldap);
> + log_warnx("warn: table-ldap: disconnected");
> + }
> +
> + if (!ldap_open()) {
> + log_warnx("warn: table-ldap: failed to connect");
> + return (-1);
> + }
> +
> + log_debug("debug: table-ldap: connected");
> +
> + open_last = time(NULL);
> +
>
> error:
> ret = -1;
>
>
> ===================================================================
>
>
> /etc/mail/ldap.conf
>
> url ldap://1.2.3.6
> username CN=LDAP\,
> mx01,OU=Dienstekonten,OU=Users,OU=MyBusiness,DC=domain,DC=local
> password password
> basedn OU=Users,OU=MyBusiness,DC=domain,DC=local
>
>
> mailaddr_filter
> (&(objectClass=user)(proxyAddresses=smtp:%s))
> mailaddr_attributes mail
>
>
>
>
> /etc/mail/smpd.conf
>
> #############################################################################
>
> pki mx01.example.com key "/etc/ssl/private/mx01.example.com.key"
> pki mx01.example.com certificate "/etc/ssl/mx01.example.com.crt"
>
> #############################################################################
> listen on lo0
>
> listen on egress hostname mx01.example.com tls pki mx01.example.com
>
> listen on lo0 hostname mx01.agri.local port 10025 tag EXT_AMAVIS_INT
> listen on lo0 hostname mx01.agri.local port 10027 tag INT_AMAVIS_EXT
>
> ##############################################################################
>
> table aliases db:/etc/mail/aliases.db
>
> table domain_map file:/etc/mail/spamd.alloweddomains
> table auth_out file:/etc/mail/auth_out.txt
> table ldap_user ldap:/etc/mail/ldap.conf
>
> ##############################################################################
>
> ### SPAM
> accept for local recipient "spam@localhost" deliver to maildir
>
> accept for local alias <aliases> deliver to mbox
>
> ##############################################################################
> #
> # <- AMAVIS
> #
>
> ### AMAVIS -> INTERN
>
> # -> SMIME
> accept from local tagged EXT_AMAVIS_INT for any recipient <.....> relay via
> smtp://1.2.3.5 hostname mx01.agri.local
>
> # -> WEBMAIL ACCOUNTS
> accept from local tagged EXT_AMAVIS_INT for any recipient <.....> relay via
> tls+auth://[email protected] auth <auth_out> hostname
> mx01.agri.local
>
> # -> EXCHANGE
> accept from local tagged EXT_AMAVIS_INT for any relay via smtp://1.2.3.4
> hostname mx01.agri.local
>
>
> ### AMAVIS -> EXTERN
> accept from local tagged INT_AMAVIS_EXT for any relay hostname
> mx01.example.com pki mx01.example.com
>
>
> ##############################################################################
> #
> # -> AMAVIS
> #
>
> ### INTERN -> AMAVIS
> accept from source 1.2.3.4 for any relay via smtp://127.0.0.1:10026 hostname
> mx01.agri.local
>
> ### EXTERN -> AMAVIS
> accept from any for domain <domain_map> recipient <ldap_user> relay via
> smtp://127.0.0.1:10024 hostname mx01.example.com
> #accept from any for domain <domain_map> relay via smtp://127.0.0.1:10024
> hostname mx01.example.com
>
> ##############################################################################
>
>
>
> --
> You received this mail because you are subscribed to [email protected]
> To unsubscribe, send a mail to: [email protected]
>
--
Gilles Chehade
https://www.poolp.org @poolpOrg
--
You received this mail because you are subscribed to [email protected]
To unsubscribe, send a mail to: [email protected]
