On Fri, Mar 08, 2013 at 03:45:57PM +0200, Geoff Shang wrote:
> Given the high focus on secrity at our company, we've determined
> that password verification in LDAP is a costly operation.

Why is it costly? And how does "costly" fit into security? And password
verification is not necessary for looking up stuff.

> Therefore, we need to try to limit LDAP lookups, specifically ones
> that depend on either verifying a customer's password or logging in
> (binding) with an account (which obviously needs to verify a
> password).

Add a LDAP replica on each postfix and dovecot server. This is a good
idea for scallability and rudandancy anyway.

> My question is, is it possible to get proxymap to open a persistant
> connection for LDAP to do relay_domain and relay_recipient lookups?

It does this in all of my setups. They use Postfix 2.9.

> mydestination = mx.ourdomain.com, localhost
> myhostname = mx.ourdomain.com

I don't think this is correct. Maybe mx.example.com.

Bastian

-- 
History tends to exaggerate.
                -- Col. Green, "The Savage Curtain", stardate 5906.4

Reply via email to