On Sat, Feb 25, 2012 at 01:27:53PM -0800, Kyle King wrote:

> I am using the ldap lookup for relay_domains,

The lookup keys for this table are domains, not email addresses.

> relay_domains = ldap:/etc/postfix/ldap-domains.cf

Fine, this is used by trivial-rewrite(8) only, and so there is not
point in using proxymap(8) here as each trivial-rewrite already
handles multiple clients including the queue-manager, so the
indirection mostly would add latency. So indeed avoid "proxy:ldap"
here, or avoid LDAP entirely if you can keep the domain list
up-to-date in an indexed table.

> ldap-domains.cf:
>       server_host = localhost
>       search_base = dc=example,dc=com
>       scope = sub
>       query_filter = (registeredAddress=%d)

This query filter is no good, there is never an @domain part in a
lookup key that is just the domain, so the query never happens. You
need:

        query_filter = registeredAddress=%s

>       result_attribute = registeredAddress

Better to use a single-valued attribute as the result attribute. You can
then set:

        result_format = %S

to just return the lookup key (in an access(5) map you could return
OK %S) if that's preferable to the randomly chosen single-valued attribute.
With relay_domains, the selected attribute is not important as the lookup
result is ignored, it just needs to be non-empty, but it is best to avoid
accumulating multiple values just to ignore them. A single result scales
better.

> typical ldap entry:
>
>        dn: o=company,dc=example,dc=com
>        o: company
>        objectClass: organization
>        structuralObjectClass: organization
>        entryUUID: <uuid>
>        creatorsName: cn=admin,dc=example,dc=com
>        createTimestamp: <timestamp>
>        registeredAddress: example.com
>        registeredAddress: mydomain.com

For example, "o" or "entryUUID".

-- 
        Viktor.

Reply via email to