Some of you might know: Microsoft AD is a LDAP server. So we can use it to verify if a email address exists. This is especially useful for mailgateways. First we have to create a account for postfix, because the ADS does not allow anonymous binds. I called it "postfix" with password "4mail". In this example i assume that the AD Domainname is redflo.de and that i created a oganisational unit (ou) "misc" where the postfix user is located. Further i only want to accept mail for the ou "staff".
in the /etc/postfix/main.cf add/edit:
relay_recipient_maps = hash:/etc/postfix/relay_recipients, ldap:/etc/postfix/ldap-relay_recipients.cf
You can then add special accounts in the local table /etc/postfix/relay_recipients and also do ldap searches against your ADS. In the file /etc/postfix/ldap-relay_recipients.cf you put something like this:
server_host = ads-server.redflo.de
version = 3
search_base = ou=staff,dc=redflo,dc=de
query_filter = (&(objectClass=user)(mail=%s))
result_attribute = mail
bind_dn = cn=postfix,ou=misc,dc=redflo,dc=de
bind_pw = 4mail
Test your postfix server:
telnet postfix-server.redflo.de 25
220 postfix-server.redflo.de ESMTP Postfix
ehlo bla.de
250-postfix-server.redflo.de
250-PIPELINING
250-SIZE 102400000
250-VRFY
250-ETRN
250 8BITMIME
mail from: <test@bla.de>
250 Ok
rcpt to: <someone@redflo.de>
250 Ok
rcpt to: <noone@redflo.de>
550 <noone@redflo.de>: Recipient address rejected: User unknown in relay recipient table
Errors should go to /var/log/mail or similar.
You can also use a secure connection to your ADS Server. See "man ldap_table"
in the /etc/postfix/main.cf add/edit:
relay_recipient_maps = hash:/etc/postfix/relay_recipients, ldap:/etc/postfix/ldap-relay_recipients.cf
You can then add special accounts in the local table /etc/postfix/relay_recipients and also do ldap searches against your ADS. In the file /etc/postfix/ldap-relay_recipients.cf you put something like this:
server_host = ads-server.redflo.de
version = 3
search_base = ou=staff,dc=redflo,dc=de
query_filter = (&(objectClass=user)(mail=%s))
result_attribute = mail
bind_dn = cn=postfix,ou=misc,dc=redflo,dc=de
bind_pw = 4mail
Test your postfix server:
telnet postfix-server.redflo.de 25
220 postfix-server.redflo.de ESMTP Postfix
ehlo bla.de
250-postfix-server.redflo.de
250-PIPELINING
250-SIZE 102400000
250-VRFY
250-ETRN
250 8BITMIME
mail from: <test@bla.de>
250 Ok
rcpt to: <someone@redflo.de>
250 Ok
rcpt to: <noone@redflo.de>
550 <noone@redflo.de>: Recipient address rejected: User unknown in relay recipient table
Errors should go to /var/log/mail or similar.
You can also use a secure connection to your ADS Server. See "man ldap_table"
;){kind=link}