On Sat, Feb 25, 2012 at 01:27:53PM -0800, Kyle King wrote:
> I am using the ldap lookup for relay_domains,
The lookup keys for this table are domains, not email addresses.
> relay_domains = ldap:/etc/postfix/ldap-domains.cf
Fine, this is used by trivial-rewrite(8) only, and so there is not
point in using proxymap(8) here as each trivial-rewrite already
handles multiple clients including the queue-manager, so the
indirection mostly would add latency. So indeed avoid "proxy:ldap"
here, or avoid LDAP entirely if you can keep the domain list
up-to-date in an indexed table.
> ldap-domains.cf:
> server_host = localhost
> search_base = dc=example,dc=com
> scope = sub
> query_filter = (registeredAddress=%d)
This query filter is no good, there is never an @domain part in a
lookup key that is just the domain, so the query never happens. You
need:
query_filter = registeredAddress=%s
> result_attribute = registeredAddress
Better to use a single-valued attribute as the result attribute. You can
then set:
result_format = %S
to just return the lookup key (in an access(5) map you could return
OK %S) if that's preferable to the randomly chosen single-valued attribute.
With relay_domains, the selected attribute is not important as the lookup
result is ignored, it just needs to be non-empty, but it is best to avoid
accumulating multiple values just to ignore them. A single result scales
better.
> typical ldap entry:
>
> dn: o=company,dc=example,dc=com
> o: company
> objectClass: organization
> structuralObjectClass: organization
> entryUUID: <uuid>
> creatorsName: cn=admin,dc=example,dc=com
> createTimestamp: <timestamp>
> registeredAddress: example.com
> registeredAddress: mydomain.com
For example, "o" or "entryUUID".
--
Viktor.
