Re: Verifying addresses on Exchange/AD from an edge server
Hi, i also use table_ldap. However i use a slightly patched version (https://marc.info/?l=opensmtpd-misc=142506912505805=2), because if i remember correctly Exchange will close idle connections and table_ldap as it is won't recover from it. /etc/mail/ldap_pdc.conf url ldap://x.x.x.x username CN=yyy,OU=Dienstekonten,OU=Users,OU=MyBusiness,DC=example,DC=com password zzz basedn OU=MyBusiness,DC=example,DC=com mailaddr_filter (&(proxyAddresses=smtp:%s)(|(objectClass=user)(objectClass=group))) mailaddr_attributes mail > Hi, > While I have a nice edge server now that handles inbound spam/av > using OpenSMTPd, Spam Assassin and ClamAV, I want the OpenSMTPd > server to validate legitimate email addresses on initial connection > before accepting, processing, and relaying them onto the primary > Microsoft Exchange Servers. Now I have seen some examples (over on > undeadly) of LDAP to an openldap instance but don't think that will > work in this case? AD does present and permit LDAP lookups and > provides 'proxyaddresses' of smtp addresses associated to the users > accounts but I don't think there is any facility (that I could find) > to perform this for each connection (similar to table myaddresses > ldap://activedirectory). > Has anyone solved this or know how to achieve this? Maybe even a > script that I can run say every 3 hours, a bit of hackery, uniq and > a makemap would get me by as well. > Thanks, > Jason. -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Re: Verifying addresses on Exchange/AD from an edge server
Hi, i ran into this some time ago, i have used the "ldap mailaddr_filter": https://marc.info/?l=opensmtpd-misc=140534144926275=2 (https://marc.info/?l=opensmtpd-misc=140534144926275=2) After some trouble with it i have used a little script to sync the active directory email attributes with a table. Basically it was ldapsearch with some greps, its far from perfect but worked for me. Stefan On Thu, Feb 18, 2016 at 10:29, Jason Tubnor wrote: Hi, While I have a nice edge server now that handles inbound spam/av using OpenSMTPd, Spam Assassin and ClamAV, I want the OpenSMTPd server to validate legitimate email addresses on initial connection before accepting, processing, and relaying them onto the primary Microsoft Exchange Servers. Now I have seen some examples (over on undeadly) of LDAP to an openldap instance but don't think that will work in this case? AD does present and permit LDAP lookups and provides 'proxyaddresses' of smtp addresses associated to the users accounts but I don't think there is any facility (that I could find) to perform this for each connection (similar to table myaddresses ldap://activedirectory). Has anyone solved this or know how to achieve this? Maybe even a script that I can run say every 3 hours, a bit of hackery, uniq and a makemap would get me by as well. Thanks, Jason.
Re: Verifying addresses on Exchange/AD from an edge server
Hi Jason, On 2016-02-18 Thu 20:28 PM |, Jason Tubnor wrote: > > Maybe even a script that I can run say every 3 hours, a bit of hackery, uniq > and a makemap would get me by as well. > Export the recipients from SexChange & putty scp the list to your box. Adapt these ideas to your situation: http://www.unixwiz.net/techtips/postfix-exchange-users.html extract_e3k_recipients.tar.gz from http://www.postfix-book.com/downloads.html "A collection of scripts to extract valid recipients from a Microsoft Exchange servers Active Directory. It will also build a map for Postfix to be used in recipient validation." Share your success story! -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Verifying addresses on Exchange/AD from an edge server
Hi, While I have a nice edge server now that handles inbound spam/av using OpenSMTPd, Spam Assassin and ClamAV, I want the OpenSMTPd server to validate legitimate email addresses on initial connection before accepting, processing, and relaying them onto the primary Microsoft Exchange Servers. Now I have seen some examples (over on undeadly) of LDAP to an openldap instance but don't think that will work in this case? AD does present and permit LDAP lookups and provides 'proxyaddresses' of smtp addresses associated to the users accounts but I don't think there is any facility (that I could find) to perform this for each connection (similar to table myaddresses ldap://activedirectory). Has anyone solved this or know how to achieve this? Maybe even a script that I can run say every 3 hours, a bit of hackery, uniq and a makemap would get me by as well. Thanks, Jason.