Loading ...
Sorry, an error occurred while loading the content.

Re: Verifying relay recipients for upstream Exchange backend

Expand Messages
  • Ansgar Wiechers
    ... Ah, yes, that seems to be it. Thank you. Regards Ansgar Wiechers -- Abstractions save us time working, but they don t save us time learning. --Joel
    Message 1 of 8 , Jun 1, 2011
    • 0 Attachment
      On 2011-06-01 lst_hoe02@... wrote:
      > Zitat von Ansgar Wiechers <lists@...>:
      >> I'm aware of two ways to verify recipients when relaying mail to
      >> upstream Exchange servers:
      >>
      >> - Export recipient addresses from AD and use that list as
      >> $relay_recipient_maps.
      >> - Use an LDAP query in $relay_recipient_maps.
      >>
      >> I seem to recall that there was a third option where Postfix would probe
      >> the nexthop before accepting the mail, but was unable to find it in the
      >> list archive. Can someone refresh my memory? Or did I mis-remember that?
      >
      > As always the really fine documentation is of help:
      >
      > http://www.postfix.org/postconf.5.html#reject_unverified_recipient

      Ah, yes, that seems to be it. Thank you.

      Regards
      Ansgar Wiechers
      --
      "Abstractions save us time working, but they don't save us time learning."
      --Joel Spolsky
    • Shawn Heisey
      ... I do the first option by running a script on the exchange server every 15 minutes, then grabbing the result five minutes later from the mail relays. It
      Message 2 of 8 , Jun 1, 2011
      • 0 Attachment
        On 6/1/2011 12:57 PM, Ansgar Wiechers wrote:
        > I'm aware of two ways to verify recipients when relaying mail to
        > upstream Exchange servers:
        >
        > - Export recipient addresses from AD and use that list as
        > $relay_recipient_maps.
        > - Use an LDAP query in $relay_recipient_maps.
        >
        > I seem to recall that there was a third option where Postfix would probe
        > the nexthop before accepting the mail, but was unable to find it in the
        > list archive. Can someone refresh my memory? Or did I mis-remember that?

        I do the first option by running a script on the exchange server every
        15 minutes, then grabbing the result five minutes later from the mail
        relays. It does some sanity checks before replacing relay_recipients
        and postmapping it.

        The Windows side (Exchange 2010 on 2008R2) of the process consists of
        VBScript to grab the info from AD, which then runs a perl script to
        clean up the file. The Linux server has a shell script that uses
        smbclient to retrieve the data. The perl part could be run on Linux if
        you don't want to install Perl on your Windows machine.

        If anyone is interested, I can sanitize the scripts and make them available.
      • Ansgar Wiechers
        ... What for? You can easily do all the cleaning with VBScript. Regards Ansgar Wiechers -- Abstractions save us time working, but they don t save us time
        Message 3 of 8 , Jun 1, 2011
        • 0 Attachment
          On 2011-06-01 Shawn Heisey wrote:
          > On 6/1/2011 12:57 PM, Ansgar Wiechers wrote:
          >> I'm aware of two ways to verify recipients when relaying mail to
          >> upstream Exchange servers:
          >>
          >> - Export recipient addresses from AD and use that list as
          >> $relay_recipient_maps.
          >> - Use an LDAP query in $relay_recipient_maps.
          >>
          >> I seem to recall that there was a third option where Postfix would
          >> probe the nexthop before accepting the mail, but was unable to find
          >> it in the list archive. Can someone refresh my memory? Or did I mis-
          >> remember that?
          >
          > I do the first option by running a script on the exchange server every
          > 15 minutes, then grabbing the result five minutes later from the mail
          > relays. It does some sanity checks before replacing relay_recipients
          > and postmapping it.
          >
          > The Windows side (Exchange 2010 on 2008R2) of the process consists of
          > VBScript to grab the info from AD, which then runs a perl script to
          > clean up the file.

          What for? You can easily do all the cleaning with VBScript.

          Regards
          Ansgar Wiechers
          --
          "Abstractions save us time working, but they don't save us time learning."
          --Joel Spolsky
        • Len Conrad
          ... I ve been using this one for a couple years:
          Message 4 of 8 , Jun 1, 2011
          • 0 Attachment
            At 04:48 PM 6/1/2011, you wrote:
            On 2011-06-01 Shawn Heisey wrote:
            > On 6/1/2011 12:57 PM, Ansgar Wiechers wrote:
            >> I'm aware of two ways to verify recipients when relaying mail to
            >> upstream Exchange servers:
            >>
            >> - Export recipient addresses from AD and use that list as
            >>   $relay_recipient_maps.
            >> - Use an LDAP query in $relay_recipient_maps.
            >>
            >> I seem to recall that there was a third option where Postfix would
            >> probe the nexthop before accepting the mail, but was unable to find
            >> it in the list archive. Can someone refresh my memory? Or did I mis-
            >> remember that?
            >
            > I do the first option by running a script on the exchange server every
            > 15 minutes, then grabbing the result five minutes later from the mail
            > relays.  It does some sanity checks before replacing relay_recipients
            > and postmapping it.
            >
            > The Windows side (Exchange 2010 on 2008R2) of the process consists of
            > VBScript to grab the info from AD, which then runs a perl script to
            > clean up the file.

            What for? You can easily do all the cleaning with VBScript.

            I've been using this one for a couple years:

            http://www-personal.umich.edu/~malth/gaptuning/postfix/getadsmtp.pl

            awk to format it to a two-field ";" delimited file, and then mysqlimport

            Len




          • Ansgar Wiechers
            ... I m aware that this can be done in Perl. I just don t see any point in using VBScript to extract the data, and then switching to Perl for further
            Message 5 of 8 , Jun 2, 2011
            • 0 Attachment
              On 2011-06-01 Len Conrad wrote:
              > At 04:48 PM 6/1/2011, you wrote:
              >> On 2011-06-01 Shawn Heisey wrote:
              >>> I do the first option by running a script on the exchange server every
              >>> 15 minutes, then grabbing the result five minutes later from the mail
              >>> relays. It does some sanity checks before replacing relay_recipients
              >>> and postmapping it.
              >>>
              >>> The Windows side (Exchange 2010 on 2008R2) of the process consists of
              >>> VBScript to grab the info from AD, which then runs a perl script to
              >>> clean up the file.
              >>
              >> What for? You can easily do all the cleaning with VBScript.
              >
              > I've been using this one for a couple years:
              >
              > <http://www-personal.umich.edu/~malth/gaptuning/postfix/getadsmtp.pl>http://www-personal.umich.edu/~malth/gaptuning/postfix/getadsmtp.pl
              >
              > awk to format it to a two-field ";" delimited file, and then mysqlimport

              I'm aware that this can be done in Perl. I just don't see any point in
              using VBScript to extract the data, and then switching to Perl for
              further processing.

              I also don't see any point in using awk to transform the output of a
              Perl script, BTW.

              Regards
              Ansgar Wiechers
              --
              "Abstractions save us time working, but they don't save us time learning."
              --Joel Spolsky
            • Shawn Heisey
              ... I didn t write the VBScript, I found it on the Internet. When I upgraded from Exchange 2003 to Exchange 2010, I had to find a whole new script, as the old
              Message 6 of 8 , Jun 2, 2011
              • 0 Attachment
                On 6/2/2011 4:46 AM, Ansgar Wiechers wrote:
                > I'm aware that this can be done in Perl. I just don't see any point in
                > using VBScript to extract the data, and then switching to Perl for
                > further processing.
                >
                > I also don't see any point in using awk to transform the output of a
                > Perl script, BTW.

                I didn't write the VBScript, I found it on the Internet. When I
                upgraded from Exchange 2003 to Exchange 2010, I had to find a whole new
                script, as the old one didn't work.

                The inital output leaves a lot to be desired from an automation
                standpoint, though I'm sure it's perfectly acceptable to your average
                Windows admin. Although VBScript is not completely opaque to me, I do
                not know it very well. The transformations required were very easy in
                Perl, which I do know. The sanity check and deployment on Linux was
                easiest in shell. If I were experienced in VBScript, I would have
                handled it without the intermediate step.

                I'm going to investigate Mr. Conrad's Perl/LDAP solution, which would be
                easy to customize and much less prone to breakage.

                Thanks,
                Shawn
              Your message has been successfully submitted and would be delivered to recipients shortly.