Loading ...
Sorry, an error occurred while loading the content.

Verifying relay recipients for upstream Exchange backend

Expand Messages
  • Ansgar Wiechers
    Hello list I m aware of two ways to verify recipients when relaying mail to upstream Exchange servers: - Export recipient addresses from AD and use that list
    Message 1 of 8 , Jun 1, 2011
    • 0 Attachment
      Hello list

      I'm aware of two ways to verify recipients when relaying mail to
      upstream Exchange servers:

      - Export recipient addresses from AD and use that list as
      $relay_recipient_maps.
      - Use an LDAP query in $relay_recipient_maps.

      I seem to recall that there was a third option where Postfix would probe
      the nexthop before accepting the mail, but was unable to find it in the
      list archive. Can someone refresh my memory? Or did I mis-remember that?

      TIA

      Regards
      Ansgar Wiechers
      --
      "Abstractions save us time working, but they don't save us time learning."
      --Joel Spolsky
    • lst_hoe02@kwsoft.de
      ... As always the really fine documentation is of help: http://www.postfix.org/postconf.5.html#reject_unverified_recipient Regards Andreas
      Message 2 of 8 , Jun 1, 2011
      • 0 Attachment
        Zitat von Ansgar Wiechers <lists@...>:

        > Hello list
        >
        > I'm aware of two ways to verify recipients when relaying mail to
        > upstream Exchange servers:
        >
        > - Export recipient addresses from AD and use that list as
        > $relay_recipient_maps.
        > - Use an LDAP query in $relay_recipient_maps.
        >
        > I seem to recall that there was a third option where Postfix would probe
        > the nexthop before accepting the mail, but was unable to find it in the
        > list archive. Can someone refresh my memory? Or did I mis-remember that?

        As always the really fine documentation is of help:

        http://www.postfix.org/postconf.5.html#reject_unverified_recipient

        Regards

        Andreas
      • Ansgar Wiechers
        ... Ah, yes, that seems to be it. Thank you. Regards Ansgar Wiechers -- Abstractions save us time working, but they don t save us time learning. --Joel
        Message 3 of 8 , Jun 1, 2011
        • 0 Attachment
          On 2011-06-01 lst_hoe02@... wrote:
          > Zitat von Ansgar Wiechers <lists@...>:
          >> I'm aware of two ways to verify recipients when relaying mail to
          >> upstream Exchange servers:
          >>
          >> - Export recipient addresses from AD and use that list as
          >> $relay_recipient_maps.
          >> - Use an LDAP query in $relay_recipient_maps.
          >>
          >> I seem to recall that there was a third option where Postfix would probe
          >> the nexthop before accepting the mail, but was unable to find it in the
          >> list archive. Can someone refresh my memory? Or did I mis-remember that?
          >
          > As always the really fine documentation is of help:
          >
          > http://www.postfix.org/postconf.5.html#reject_unverified_recipient

          Ah, yes, that seems to be it. Thank you.

          Regards
          Ansgar Wiechers
          --
          "Abstractions save us time working, but they don't save us time learning."
          --Joel Spolsky
        • Shawn Heisey
          ... I do the first option by running a script on the exchange server every 15 minutes, then grabbing the result five minutes later from the mail relays. It
          Message 4 of 8 , Jun 1, 2011
          • 0 Attachment
            On 6/1/2011 12:57 PM, Ansgar Wiechers wrote:
            > I'm aware of two ways to verify recipients when relaying mail to
            > upstream Exchange servers:
            >
            > - Export recipient addresses from AD and use that list as
            > $relay_recipient_maps.
            > - Use an LDAP query in $relay_recipient_maps.
            >
            > I seem to recall that there was a third option where Postfix would probe
            > the nexthop before accepting the mail, but was unable to find it in the
            > list archive. Can someone refresh my memory? Or did I mis-remember that?

            I do the first option by running a script on the exchange server every
            15 minutes, then grabbing the result five minutes later from the mail
            relays. It does some sanity checks before replacing relay_recipients
            and postmapping it.

            The Windows side (Exchange 2010 on 2008R2) of the process consists of
            VBScript to grab the info from AD, which then runs a perl script to
            clean up the file. The Linux server has a shell script that uses
            smbclient to retrieve the data. The perl part could be run on Linux if
            you don't want to install Perl on your Windows machine.

            If anyone is interested, I can sanitize the scripts and make them available.
          • Ansgar Wiechers
            ... What for? You can easily do all the cleaning with VBScript. Regards Ansgar Wiechers -- Abstractions save us time working, but they don t save us time
            Message 5 of 8 , Jun 1, 2011
            • 0 Attachment
              On 2011-06-01 Shawn Heisey wrote:
              > On 6/1/2011 12:57 PM, Ansgar Wiechers wrote:
              >> I'm aware of two ways to verify recipients when relaying mail to
              >> upstream Exchange servers:
              >>
              >> - Export recipient addresses from AD and use that list as
              >> $relay_recipient_maps.
              >> - Use an LDAP query in $relay_recipient_maps.
              >>
              >> I seem to recall that there was a third option where Postfix would
              >> probe the nexthop before accepting the mail, but was unable to find
              >> it in the list archive. Can someone refresh my memory? Or did I mis-
              >> remember that?
              >
              > I do the first option by running a script on the exchange server every
              > 15 minutes, then grabbing the result five minutes later from the mail
              > relays. It does some sanity checks before replacing relay_recipients
              > and postmapping it.
              >
              > The Windows side (Exchange 2010 on 2008R2) of the process consists of
              > VBScript to grab the info from AD, which then runs a perl script to
              > clean up the file.

              What for? You can easily do all the cleaning with VBScript.

              Regards
              Ansgar Wiechers
              --
              "Abstractions save us time working, but they don't save us time learning."
              --Joel Spolsky
            • Len Conrad
              ... I ve been using this one for a couple years:
              Message 6 of 8 , Jun 1, 2011
              • 0 Attachment
                At 04:48 PM 6/1/2011, you wrote:
                On 2011-06-01 Shawn Heisey wrote:
                > On 6/1/2011 12:57 PM, Ansgar Wiechers wrote:
                >> I'm aware of two ways to verify recipients when relaying mail to
                >> upstream Exchange servers:
                >>
                >> - Export recipient addresses from AD and use that list as
                >>   $relay_recipient_maps.
                >> - Use an LDAP query in $relay_recipient_maps.
                >>
                >> I seem to recall that there was a third option where Postfix would
                >> probe the nexthop before accepting the mail, but was unable to find
                >> it in the list archive. Can someone refresh my memory? Or did I mis-
                >> remember that?
                >
                > I do the first option by running a script on the exchange server every
                > 15 minutes, then grabbing the result five minutes later from the mail
                > relays.  It does some sanity checks before replacing relay_recipients
                > and postmapping it.
                >
                > The Windows side (Exchange 2010 on 2008R2) of the process consists of
                > VBScript to grab the info from AD, which then runs a perl script to
                > clean up the file.

                What for? You can easily do all the cleaning with VBScript.

                I've been using this one for a couple years:

                http://www-personal.umich.edu/~malth/gaptuning/postfix/getadsmtp.pl

                awk to format it to a two-field ";" delimited file, and then mysqlimport

                Len




              • Ansgar Wiechers
                ... I m aware that this can be done in Perl. I just don t see any point in using VBScript to extract the data, and then switching to Perl for further
                Message 7 of 8 , Jun 2, 2011
                • 0 Attachment
                  On 2011-06-01 Len Conrad wrote:
                  > At 04:48 PM 6/1/2011, you wrote:
                  >> On 2011-06-01 Shawn Heisey wrote:
                  >>> I do the first option by running a script on the exchange server every
                  >>> 15 minutes, then grabbing the result five minutes later from the mail
                  >>> relays. It does some sanity checks before replacing relay_recipients
                  >>> and postmapping it.
                  >>>
                  >>> The Windows side (Exchange 2010 on 2008R2) of the process consists of
                  >>> VBScript to grab the info from AD, which then runs a perl script to
                  >>> clean up the file.
                  >>
                  >> What for? You can easily do all the cleaning with VBScript.
                  >
                  > I've been using this one for a couple years:
                  >
                  > <http://www-personal.umich.edu/~malth/gaptuning/postfix/getadsmtp.pl>http://www-personal.umich.edu/~malth/gaptuning/postfix/getadsmtp.pl
                  >
                  > awk to format it to a two-field ";" delimited file, and then mysqlimport

                  I'm aware that this can be done in Perl. I just don't see any point in
                  using VBScript to extract the data, and then switching to Perl for
                  further processing.

                  I also don't see any point in using awk to transform the output of a
                  Perl script, BTW.

                  Regards
                  Ansgar Wiechers
                  --
                  "Abstractions save us time working, but they don't save us time learning."
                  --Joel Spolsky
                • Shawn Heisey
                  ... I didn t write the VBScript, I found it on the Internet. When I upgraded from Exchange 2003 to Exchange 2010, I had to find a whole new script, as the old
                  Message 8 of 8 , Jun 2, 2011
                  • 0 Attachment
                    On 6/2/2011 4:46 AM, Ansgar Wiechers wrote:
                    > I'm aware that this can be done in Perl. I just don't see any point in
                    > using VBScript to extract the data, and then switching to Perl for
                    > further processing.
                    >
                    > I also don't see any point in using awk to transform the output of a
                    > Perl script, BTW.

                    I didn't write the VBScript, I found it on the Internet. When I
                    upgraded from Exchange 2003 to Exchange 2010, I had to find a whole new
                    script, as the old one didn't work.

                    The inital output leaves a lot to be desired from an automation
                    standpoint, though I'm sure it's perfectly acceptable to your average
                    Windows admin. Although VBScript is not completely opaque to me, I do
                    not know it very well. The transformations required were very easy in
                    Perl, which I do know. The sanity check and deployment on Linux was
                    easiest in shell. If I were experienced in VBScript, I would have
                    handled it without the intermediate step.

                    I'm going to investigate Mr. Conrad's Perl/LDAP solution, which would be
                    easy to customize and much less prone to breakage.

                    Thanks,
                    Shawn
                  Your message has been successfully submitted and would be delivered to recipients shortly.