How to use Microsoft Active Directory with postfix

Some of you might know: Microsoft AD is a LDAP server. So we can use it to verify if a email address exists. This is especially useful for mailgateways. First we have to create a account for postfix, because the ADS does not allow anonymous binds. I called it "postfix" with password "4mail". In this example i assume that the AD Domainname is and that i created a oganisational unit (ou) "misc" where the postfix user is located. Further i only want to accept mail for the ou "staff".

in the /etc/postfix/ add/edit:
relay_recipient_maps = hash:/etc/postfix/relay_recipients, ldap:/etc/postfix/

You can then add special accounts in the local table /etc/postfix/relay_recipients and also do ldap searches against your ADS. In the file /etc/postfix/ you put something like this:

server_host =
version = 3
search_base = ou=staff,dc=redflo,dc=de
query_filter = (&(objectClass=user)(mail=%s))
result_attribute = mail
bind_dn = cn=postfix,ou=misc,dc=redflo,dc=de
bind_pw = 4mail

Test your postfix server:
telnet 25

220 ESMTP Postfix

250-SIZE 102400000

mail from: <>
250 Ok

rcpt to: <>
250 Ok

rcpt to: <>
550 <>: Recipient address rejected: User unknown in relay recipient table

Errors should go to /var/log/mail or similar.

You can also use a secure connection to your ADS Server. See "man ldap_table"

Erstellt von admin. Letzte Änderung: Mittwoch Dezember 14, 2005 15:06:37 GMT-0000 by admin.