Hi,
I've set up a relaying server for all our exchange sourced outgoing
mail scanning for viruses and spam. One of the reasons we did this was
because we also wanted to lock down users that could send mail out via
our servers to only those that are in Active Directory.
I set up a verification only router as follows:
# This router checks the users sending outbound are valid in the AD
sender_vfry_ad:
driver = accept
verify_only = true
verify_recipient = false
verify_sender = true
condition = ${if !eq {${lookup ldap {LDAP_AD_MAIL_FROM}}} {}}
with the following LDAP query:
LDAP_AD_MAIL_FROM = \
user=LDAP_AD_BINDDN \
pass=LDAP_AD_PASS \
ldap:///LDAP_AD_BASE_DN\
?mail?sub?\
(&\
(|\
(objectClass=user)\
(objectClass=publicFolder)\
(objectClass=group)\
)\
(proxyAddresses=SMTP:${quote_ldap:${local_part}@${domain}})\
)
And put require sender = verify in the acl_smtp_rcpt.
Which all worked fine...
...until we realised that we had some users that forwarded their mail
out to their blackberries at email accounts offsite, so I created an
LDAP query that gives me the email address back if the rcpt address is a
forward address in the AD:
LDAP_AD_MAIL_TO_FORWARDS = \
user=LDAP_AD_BINDDN \
pass=LDAP_AD_PASS \
ldap:///LDAP_AD_BASE_DN\
?mail?sub?\
(&\
(objectClass=user)\
(targetAddress=SMTP:${quote_ldap:${local_part}@${domain}})\
)
And created the following router:
recepient_vfry_ad:
driver = accept
verify_only = true
verify_recipient = true
verify_sender = false
condition = ${if !eq {${lookup ldap {LDAP_AD_MAIL_TO_FORWARDS}}} {}}
However, now I'm stuck. I can't work out how to say:
require verify sender or verify recepient in an acl.
Does anyone have any idea how I can implement this? Is it even sensible?
--
Toby
