On Fri, Mar 08, 2013 at 03:45:57PM +0200, Geoff Shang wrote: > Given the high focus on secrity at our company, we've determined > that password verification in LDAP is a costly operation.
Why is it costly? And how does "costly" fit into security? And password verification is not necessary for looking up stuff. > Therefore, we need to try to limit LDAP lookups, specifically ones > that depend on either verifying a customer's password or logging in > (binding) with an account (which obviously needs to verify a > password). Add a LDAP replica on each postfix and dovecot server. This is a good idea for scallability and rudandancy anyway. > My question is, is it possible to get proxymap to open a persistant > connection for LDAP to do relay_domain and relay_recipient lookups? It does this in all of my setups. They use Postfix 2.9. > mydestination = mx.ourdomain.com, localhost > myhostname = mx.ourdomain.com I don't think this is correct. Maybe mx.example.com. Bastian -- History tends to exaggerate. -- Col. Green, "The Savage Curtain", stardate 5906.4