> Also, both can be configured to refuse mail for non-existent user
> accounts. Which I don't believe Sendmail can.

Of course it can.  sendmail can do anything.  Never believe anyone
who tells you there's something sendmail can't do.

It does it by default if it's the final delivery host, if it's not
then either use an existing set of rules to do rewrites or write
your own. 

Example (from a backup MX for many domains):

KPIuserdb btree /etc/pidata/piuserdb
KMIRAuserdb btree /etc/pidata/mirauserdb
KZIPuserdb btree /etc/zipdata/zipuserdb
F{PIdomains} /etc/pidata/pidomains
F{MIRAdomains} /etc/pidata/miradomains
F{ZIPdomains} /etc/zipdata/zipdomains

R$+<@$={PIdomains}.>$*          $: <@P><$(PIuserdb $1:maildrop$)>$3
R$+<@$={MIRAdomains}.>$*        $: <@M><$(MIRAuserdb [EMAIL PROTECTED]:maildrop$)>$3
R$+<@$={ZIPdomains}.>$*         $: <@Z><$(ZIPuserdb $1:maildrop$)><$2>$3
R<@P><[EMAIL PROTECTED]>$*                      $#esmtp $@ $2 $: $1<@pacific.net.au.>$3
R<@M><[EMAIL PROTECTED]@$+>$*                   $#esmtp $@ $3 $: $1<@$2.>$4
R<@Z><[EMAIL PROTECTED]><$+>$*          $#esmtp $@ $2 $: $1<@$3.>$4
R<@$-><$+:maildrop>$*           $#error $: 553 User unknown to database

In this example:

  for domains in /etc/pidata/pidomains, /etc/pidata/piuserdb contains:
    user:maildrop [EMAIL PROTECTED]
  and the domain 'pacific.net.au' is appended for delivery

  for domains in /etc/pidata/miradomains, /etc/pidata/mirauserdb contains:
    [EMAIL PROTECTED]:maildrop [EMAIL PROTECTED]@realmailhost

  for domains in /etc/zipdata/zipdomains, /etc/zipdata/zipuserdb contains:
    user:maildrop [EMAIL PROTECTED]
  and the original domain is preserved for delivery

...and users not in the database, but in the any of the domain lists,
are flat out refused.  Solves the problem of backup MXs accepting email
that the primaries have bounced, only to queue it up for days as it can't
bounce to the (spam) sender.

(and yes, the above could all have been done as per 'MIRAuserdb', it's
just that each data source has it's own export method and transport)
> I don't know Sendmail at all, but as I said, both SA-Exim 4.20/3.0 and
> Postfix 2.0 could be configured to whitelist your ldap users without
> altering any SA code. SA-Exim would do that with inclusion in the
> exception rule, Postfix with a custom transport.

It's always possible, the question is whether it's worth the complexity
when you could just do it in SA.  After all, SA has a whitelist feature,
I don't see a good reason it shouldn't support LDAP in it just because
you could do it at another layer - you could do the whole whitelist
feature at another layer if you wanted to, but it's still there.


This SF.NET email is sponsored by: eBay
Great deals on office technology -- on eBay now! Click here:
Spamassassin-talk mailing list

Reply via email to