Jonathan Engbrecht:
> I route mail for a number of relay_domains - recipient addresses are
> validated using verify via address_verify_transport
>
> For *one* of these domains, I'd like to validate addresses using an ldap
> map configured with relay_recipient_maps rather than smtp lookahead.
>
> I have the ldap connection working based on postmap -q ..., but I'm not
> sure how to configure to make some domains work using the lookahead, and
> one to work using relay_recipient_maps.
This should be easier, but 1) relay_recipient_maps is global, so you
have to leave that 'empty' and use check_recipient_access instead
(*); and 2) restriction_classes is needed for a nested table lookup.
Untested example!
restriction_classes = verify_with_lookup
verify_with_lookup =
check_recipient_access ldap:/some/file static:{reject 5.1.1 user unknown}
# Where the LDAP returns 'permit' or 'ok' for a user that exists.
smtpd_recipient_restrictions =
...
reject_unauth_destination
...
# Needs to go last, because verify_with_lookup returns permit or reject.
check_recipient_access pcre:/etc/postfix/rcpt_access
/etc/postfix/rcpt_access:
/@example\.com$/ verify_with_lookup
/./ reject_unverified_recipient
More at http://www.postfix.org/RESTRICTION_CLASS_README.html
(*) relay_recipient_maps can be changed to be not global,
but doing that would complicate other things.
Wietse
