We've taken a different approach to this and run a nightly cron job gets a list
of valid email addresses from the ldap server and compares it against the
current valid list - if there are changes it emails the changes to me and I
can manually recreate the list. It would be trivial to make this automatic if
you so wished .
The valid addresses are stored in a local DBM and the valid recipient lookup
is done against this.... Generally we went this way as it is less resource
intensive to do a dbm lookup as opposed to an ldap lookup, and in the event of
an LDAP failure you could end up bouncing good emails.......
Ruairi
cat /usr/local/sbin/validEmailAddresses
#!/bin/sh
get_ldap_mailaddresses()
{
ldapsearch -x -h MyLdapServer -b "My Top Level OU" '(!
(&(objectCategory=person)(objectClass=user)
(userAccountControl:1.2.840.113556.1.4.803:=3)))' mail proxyAddresses | grep -
i -e ^mail: -e '^proxyAddresses: smtp:' | sed -e 's/mail: //i' -e
's/proxyAddresses: SMTP://i' | awk '{ print tolower($1); }; ' | sort -n | grep
-v .local | uniq > /etc/exim4/validEmailAddresses.NEW
}
case "$1" in
showchanges)
touch /etc/exim4/validEmailAddresses
get_ldap_mailaddresses
if ((cat /etc/exim4/validEmailAddresses | fgrep -v -f
/etc/exim4/validEmailAddresses.NEW > /dev/null) || \
(cat /etc/exim4/validEmailAddresses.NEW | fgrep -v -f
/etc/exim4/validEmailAddresses > /dev/null))
then
echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-="
echo " Email addresses waiting to be removed from `hostname -
f` exim DBM file:"
echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-="
cat /etc/exim4/validEmailAddresses | fgrep -v -f
/etc/exim4/validEmailAddresses.NEW
echo
echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-="
echo " Email addresses waiting to be added to `hostname -f`
exim DBM file:"
echo "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-="
cat /etc/exim4/validEmailAddresses.NEW | fgrep -v -f
/etc/exim4/validEmailAddresses
fi
# diff /etc/exim4/validEmailAddresses /etc/exim4/validEmailAddresses.NEW
| grep [\>\<]
;;
check-dups)
get_ldap_mailaddresses
cat /etc/exim4/validEmailAddresses.NEW | sort | uniq -id || echo
"ERROR: something bad just happened while checking for duplicate addresses"
;;
simulate-builddb)
get_ldap_mailaddresses
echo "Simulating exim users DB build"
exim_dbmbuild /etc/exim4/validEmailAddresses.NEW
/etc/exim4/validEmailAddresses_temp.dbm || echo "ERROR: could not simulate
database build"
rm /etc/exim4/validEmailAddresses_temp.dbm || echo "ERROR: could not
remove temporary database file"
;;
builddb)
get_ldap_mailaddresses
exim_dbmbuild /etc/exim4/validEmailAddresses.NEW
/etc/exim4/validEmailAddresses.dbm || echo "WARNING: there were problems while
building the database"
cp /etc/exim4/validEmailAddresses.NEW /etc/exim4/validEmailAddresses
|| echo "ERROR: could not update the /etc/exim4/validEmailAddresses file"
#echo "The email database script on `hostname -f` ran successfully" |
mail -s "`hostname -f` - email list updated" hickey@???
;;
usercount)
get_ldap_mailaddresses
echo -n "Current email users number count: "
cat /etc/exim4/validEmailAddresses | wc -l
echo -n "New email users number count: "
cat /etc/exim4/validEmailAddresses.NEW | wc -l
;;
view)
get_ldap_mailaddresses
echo -n "Current email users : "
cat /etc/exim4/validEmailAddresses
;;
*)
echo "Usage: /usr/local/sbin/validEmailAddresses {showchanges|check-
dups|builddb|simulate-builddb|usercount|view}" >&2
exit 1
;;
esac
exit 0
The ACL to check for valid recipients is
acl_check_rcpt:
deny
log_message = Recipient Verification Failed
message = local error
condition =
${lookup{$local_part@$domain}dbm{CONFDIR/validEmailAddresses.dbm} {no} {yes} }
