Hello all,
I am trying to implement a verify = recipient scheme that does the
lookup via LDAP (no local accounts, just forwarding on to another
machine). Right now we're using callouts to verify users, but the
machine we're forwarding to often gets a very high load, and starts
rejecting connections, and then we end up queuing all sorts of random
local parts, so I'd like to switch to LDAP for this. We should also at
some point add some redundancy to the back end machine, but since
spending money is currently out of the question, we're doing what we can
:)
This is the router that I think will work:
forward_manualroute:
driver = manualroute
domains = +forward_domains
transport = remote_smtp
address_data = ${lookup ldap {ldap:///ou=people,dc=example,dc=com?uid?one? \
(&(uid=${quote_ldap:$local_part})(emailAccess=TRUE))}{$value}fail}
condition = ${if match {$local_part}{extract{uid}{$address_data}}}
route_data = pop3.example.com
no_more
(Sorry about the line length)
Where the LDAP structure is:
dc=example,dc=com
ou=people,dc=example,dc=com
uid=foo,ou=people,dc=example,dc=com
. . .
emailAccess=TRUE is part of our local schema that we use for access to
various services (I know there's a newer way to do it that's supposed to
be better, 'services' or so, but we haven't wanted to change the existing
setup). It is just a boolean that controls whether or not that user can
receive email, or check email via pop3/imap. I think my lookup is
right, but I would apopreciate more eyes - I am still pretty new to
LDAP, and I wouldn't consider myself more than decent with exim. If any
one can suggest a better/cleaner way to do the same thing, I would be
very appreciative.
TIA,
--
--------------------------------------------------------------------------
| Stephen Gran | Love thy neighbor as thyself, but |
| steve@??? | choose your neighborhood. -- Louise |
| http://www.lobefin.net/~steve | Beal |
--------------------------------------------------------------------------
