On Sat, Feb 25, 2012 at 01:27:53PM -0800, Kyle King wrote: > I am using the ldap lookup for relay_domains,
The lookup keys for this table are domains, not email addresses. > relay_domains = ldap:/etc/postfix/ldap-domains.cf Fine, this is used by trivial-rewrite(8) only, and so there is not point in using proxymap(8) here as each trivial-rewrite already handles multiple clients including the queue-manager, so the indirection mostly would add latency. So indeed avoid "proxy:ldap" here, or avoid LDAP entirely if you can keep the domain list up-to-date in an indexed table. > ldap-domains.cf: > server_host = localhost > search_base = dc=example,dc=com > scope = sub > query_filter = (registeredAddress=%d) This query filter is no good, there is never an @domain part in a lookup key that is just the domain, so the query never happens. You need: query_filter = registeredAddress=%s > result_attribute = registeredAddress Better to use a single-valued attribute as the result attribute. You can then set: result_format = %S to just return the lookup key (in an access(5) map you could return OK %S) if that's preferable to the randomly chosen single-valued attribute. With relay_domains, the selected attribute is not important as the lookup result is ignored, it just needs to be non-empty, but it is best to avoid accumulating multiple values just to ignore them. A single result scales better. > typical ldap entry: > > dn: o=company,dc=example,dc=com > o: company > objectClass: organization > structuralObjectClass: organization > entryUUID: <uuid> > creatorsName: cn=admin,dc=example,dc=com > createTimestamp: <timestamp> > registeredAddress: example.com > registeredAddress: mydomain.com For example, "o" or "entryUUID". -- Viktor.