Re: [exim] Mysql or ldap lookup

Top Page
Delete this message
Reply to this message
Author: Drav Sloan
Date:  
To: Brent Clark
CC: exim-users
Subject: Re: [exim] Mysql or ldap lookup
Brent Clark wrote:
> Hi all
>
> I would like to build a system where by the MTA, will relay all
> mail, will do a lookup at against either a SQL, or more preferably
> a LDAP server. Basically this machien will sit in front of my
> exchange machine, but I dont want it to just relay all mail, I
> would like it at SMTP time to check for the existance of the user
> / email address.
>
> If anyone has any tips or even better a working example, it would
> be most helpful.


Define the following expansions:

LDAPBaseDN = DC=myorg,DC=co,DC=uk
LDAPUser = CN=MYLdapUser,OU=Service Accounts,DC=myorg,DC=co,DC=uk
UserBaseDN = OU=BIS User Accounts,BISBaseDN
LDAPPw = mypass    
LDAPIP = 192.168.240.3


MSUserCond = \
       (& \
           (| \
              (objectClass=user)\
              (objectClass=publicFolder)\
              (objectClass=group)\
           )\  
           (proxyAddresses=SMTP:$local_part@$domain)\
        )


LDAP_Condition = \
     user="LDAPUser" pass=LDAPPw ldap://LDAPIP/UserBaseDN?mail?sub?\
     MSUserCond


You will need to tweak LDAPBaseDN, LDAPUser, UserBaseDN, LDAPPw
and LDAPIP to reflect your setup. MSUserCond and LDAP_Condition
are fine as are.

Then configure the following router, _before_ your smtp router.

# Validate M$ users, so we don't accept non-existant user spam
validate_ms_user:
driver = redirect
redirect_router = remote_smtp
domains = +ms_domains
condition = ${lookup ldap {LDAP_Condition}{true}{false}}
verify_recipient
no_verify_sender
forbid_file
forbid_pipe
data = ${local_part}@${domain}

Then make sure you have a 'deny !verify = recipient' in your rcpt_acl
to make exim validate against the Microsoft AD LDAP.

Regards

Drav.