Brent Clark wrote:
> Hi all
>
> I would like to build a system where by the MTA, will relay all
> mail, will do a lookup at against either a SQL, or more preferably
> a LDAP server. Basically this machien will sit in front of my
> exchange machine, but I dont want it to just relay all mail, I
> would like it at SMTP time to check for the existance of the user
> / email address.
>
> If anyone has any tips or even better a working example, it would
> be most helpful.
Define the following expansions:
LDAPBaseDN = DC=myorg,DC=co,DC=uk
LDAPUser = CN=MYLdapUser,OU=Service Accounts,DC=myorg,DC=co,DC=uk
UserBaseDN = OU=BIS User Accounts,BISBaseDN
LDAPPw = mypass
LDAPIP = 192.168.240.3
MSUserCond = \
(& \
(| \
(objectClass=user)\
(objectClass=publicFolder)\
(objectClass=group)\
)\
(proxyAddresses=SMTP:$local_part@$domain)\
)
LDAP_Condition = \
user="LDAPUser" pass=LDAPPw ldap://LDAPIP/UserBaseDN?mail?sub?\
MSUserCond
You will need to tweak LDAPBaseDN, LDAPUser, UserBaseDN, LDAPPw
and LDAPIP to reflect your setup. MSUserCond and LDAP_Condition
are fine as are.
Then configure the following router, _before_ your smtp router.
# Validate M$ users, so we don't accept non-existant user spam
validate_ms_user:
driver = redirect
redirect_router = remote_smtp
domains = +ms_domains
condition = ${lookup ldap {LDAP_Condition}{true}{false}}
verify_recipient
no_verify_sender
forbid_file
forbid_pipe
data = ${local_part}@${domain}
Then make sure you have a 'deny !verify = recipient' in your rcpt_acl
to make exim validate against the Microsoft AD LDAP.
Regards
Drav.
