Re: [exim] Using Active Directory to verify recipient addres…

Pàgina inicial
Delete this message
Reply to this message
Autor: Phil Pennock
Data:  
A: Mike Bordignon (GMI)
CC: exim-users
Assumpte: Re: [exim] Using Active Directory to verify recipient addresses
On 2011-02-17 at 11:43 +1300, Mike Bordignon (GMI) wrote:
> Recently I've discovered I don't need to hard code the GC address, and
> instead I can use
>
> ${lookup dnsdb{srv=_gc._tcp.domain.org}{$value}fail}
>
> Now this isn't working particularly well. It seems I need to extract the
> hostname and port (3268) from the DNS SRV reply.
>
> Can anyone point me in the right direction as to how I'd achieve this?


I don't use Active Directory, but will give you an example. I'll use
_test._tcp.test.globnix.net as my query, and the dig results for that
are below.

This requires ${map ...}, present in Exim 4.67 onwards.

When parsing results, note per RFC 2782:
_Service._Proto.Name TTL Class SRV Priority Weight Port Target

We lookup the results, interpret as a newline-separated list and for
each item in the list, take the fourth item, add a colon, then the third
item, to get:

${lookup dnsdb{srv=_test._tcp.test.globnix.net}{${map{<\n $value} {${extract{4}{ }{$item}}:${extract{3}{ }{$item}}}}}}
epsilon-zero-1.dummy.test.globnix.net:9
epsilon-zero-2.dummy.test.globnix.net:9
zeta.dummy.test.globnix.net:9
omega.dummy.test.globnix.net:9
redoubt.spodhuis.org:9
alpha.dummy.test.globnix.net:9
delta.dummy.test.globnix.net:9
beta.dummy.test.globnix.net:9
gamma.dummy.test.globnix.net:9

None of this supports the correct load-balancing approach used for SRV
records; a feature request for this, filed in <http://bugs.exim.org/>,
would be quite reasonable. Exim already has SRV logic which can be
turned on for dnslookup, so its mostly a matter of figuring out sane
syntax and then doing some plumbing.

-Phil

% dig +noall +answer -t srv _test._tcp.test.globnix.net
_test._tcp.test.globnix.net. 594 IN    SRV    10 0 9 epsilon-zero-1.dummy.test.globnix.net.
_test._tcp.test.globnix.net. 594 IN    SRV    10 0 9 epsilon-zero-2.dummy.test.globnix.net.
_test._tcp.test.globnix.net. 594 IN    SRV    10 5 9 zeta.dummy.test.globnix.net.
_test._tcp.test.globnix.net. 594 IN    SRV    99 10 9 omega.dummy.test.globnix.net.
_test._tcp.test.globnix.net. 594 IN    SRV    0 5 9 redoubt.spodhuis.org.
_test._tcp.test.globnix.net. 594 IN    SRV    5 0 9 alpha.dummy.test.globnix.net.
_test._tcp.test.globnix.net. 594 IN    SRV    5 5 9 delta.dummy.test.globnix.net.
_test._tcp.test.globnix.net. 594 IN    SRV    5 20 9 beta.dummy.test.globnix.net.
_test._tcp.test.globnix.net. 594 IN    SRV    5 30 9 gamma.dummy.test.globnix.net.