On Tue, Apr 06, 2004 at 10:50:18AM +0200, Bauer, Felix wrote:
> [snip]
> > Well, assuming you can configure Exchange to reject mail for invalid
> > accounts at the smtp conversation stage, then you can, if you like,
> > avoid ldap altogether and use smtp callout verification. The way this
> > works is, when Exim is receiving a message, it checks each recipient
> > with the machine that it will ultimately deliver the message to. If
> the
> > destination machine rejects the message, Exim rejects it.
> >
> > Now, if you can't configure Exchange to do that, read no further.
> > According to a recent thread in this list, Exchange 2003 can do it
> quite
> > easily while (iirc) Exchange 2000 can be persuaded with a bit of
> > kicking. If you manage that, then a config something like this will
> > work:
>
> If I get this right, you're saying that I should stop focusing on
> "getting exim to check in AD-ldap for the user" and let exchange do the
> trick?
What Exim would do with this config would be to do a dummy smtp run for
each recipient, so if it received mail from X for Y it would connect to
the Exchange box and do
mail from: x
rcpt to: y
and see if Exhange accepted or rejected it. There are some
advantages to this approach:
* It's very simple.
* You don't need to do multiple checks for the different kinds
of objects on Exchange that might represent a valid e-mail
address, you simply check for valid e-mail addresses.
* Assuming Exchange has been configured to reject invalid
addresses (rather than accepting them and bouncing them
later), you don't need to know a thing about the technical
set-up of the Exchange box or the Windows domain. You just
need to know the name/address of the Exchange box and the
e-mail domain that it hosts.
In fact, all those points reduce to "It's very simple".
--
Bruce
I unfortunately do not know how to turn cheese into gold.
