Re: [Exim] Accept only addresses in LDAP database

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MDarren Mackay - Lists at <-
 
Delete this message
Reply to this message
Author: Brian Candler
Date:  
To: exim-users
Subject: Re: [Exim] Accept only addresses in LDAP database
> I am current runnging exim v3.13 as a mailhub for 2 internal mail servers
> (MS Exchange 5.5 SP3). There are no local deliveries on the exim box.
>
> Is is possible to get get exim to perform an LDAP query to the internal mail
> servers for the existance of a recipient address on 1 of the internal mail
> servers prior to accepting an inbound mail for delivery? If so, does exim
> also support multiple values returned (ie- some users have secondary smtp
> addresses in exchange).

Yes, using ${lookup ldap {URL}{trueval}{falseval}}, documented in section
6.11 in the manual, you can do lots of cool things. Some improvements were
made recently so you might want to upgrade to 3.22 - especially if you
didn't build exim with LOOKUP_LDAP=yes so you have to recompile it anyway. 

Don't ask me anything about Microsoft's LDAP implementation, but let's say
you have an ldap database with entries of the form:
      mail: fred.smith@???            # incoming address
      maildrop: fred@???        # deliver to these
      maildrop: archive@???     #   addresses


then you can use a director something like this, which is effectively an
LDAP implementation of an alias file:

ldap_default_hosts = 192.0.2.1 : 192.0.2.2
...

ldap_alias:
driver = smartuser
new_address = "${lookup ldap {ldap:///dc=example,dc=com?maildrop?sub?(mail=${quote_ldap:$local_part@$domain})}{$value}fail}"
#forbid_file # exim >=3.168 only
#forbid_pipe

(Note that this actually rewrites the SMTP envelope. If you want to forward
mail to a specific host with the envelope unchanged, you can do so by
setting up another smtp transport using the 'hosts' option also from an LDAP
lookup)

If you need to bind to the LDAP database before it will answer your query,
then you can hardcode the DN and password into the config:

ldap_delivery:
driver = smartuser
hide new_address = "${lookup ldap {user="cn=admin,dc=example,dc=com" pass="mypassword" ldap:///dc=example,dc=com?maildrop?sub?(mail=${quote_ldap:$local_part@$domain})}{$value}fail}"

Final note: these LDAP expressions are a pain to get right, so make good use
of the 'debug_print' facility and exim's wonderful -be expression testing
mode:

# exim -be '${lookup ldap {ldap://192.0.2.1/dc=example,dc=com?maildrop?sub?(mail=fred.smith@???)}{$value}fail}'

Use single quotes to stop your shell interpreting ${...} itself

HTH,

Brian.


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Stopping delivery errors[Exim] Exim 4: Opinion wanted on file checking->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)