Relay recipient maps using LDAP against Active Directory

From postfix

relay_recipient_maps using LDAP against Active Directory

The scenario: You have postfix 2.1 (or better) acting as a email firewall for Exchange. You want to make sure an email address exists, before accepting an email. Active Directory (LDAP) contains all the email address. When Postfix does an LDAP lookup, if the LDAP server gives any response, it is considered good, and passes the test. A no response, it is bad, and email is rejected. This means the result_attribute info is not important, but rather that some data comes back. Here is a great way to test for results. (must be root) /usr/sbin/postmap -q "postmaster@example.com" ldap:/etc/postfix/ldap_relay_recipient_maps.cf

/etc/postfix/main.cf
relay_recipient_maps =
    ldap:/etc/postfix/ldap_relay_recipient_maps.cf



/etc/postfix/ldap_relay_recipient_maps.cf
server_host = ad-01.example.com
              ad-02.example.com
search_base = dc=example, dc=com
version = 3

bind_dn = CN=postfix,CN=Users,DC=example,DC=com
bind_pw = password

query_filter = (proxyAddresses=smtp:%s)
result_attribute = mail

If you are still using Postfix 2.0, you'll need to define both the map and ldap config options directly in main.cf; furthermore, the ldap directives are defined differently:

relay_recipient_maps = ldap:ldapsource

ldapsource_server_host = ad-01.example.com
ldapsource_search_base = dc=example, dc=com
ldapsource_version = 3
ldapsource_bind_dn = CN=postfix,CN=Users,DC=example,DC=com
ldapsource_bind_pw = password
ldapsource_query_filter = (proxyAddresses=smtp:%s)
ldapsource_result_attribute = mail

Note that you can replace "ldapsource" with any string, as long as you remain consistent with the directives.