I prefer to query my domain controllers for the list of valid
recipients, and use this attached script to do so. It also pages
through the response from Active Directory (pulls 990 items) so you get
all valid user emails. There is no mention of an AD domain, so even if
this doesn't help Tracy, it may help others.
Cheers,
Michael Huntley
@huntley
Post by Alex NeumanYou could, at least in theory, use plugins to check recipients using
LDAP in Active Directory - this plus proper SPF implementation reduces
a lot of the fake "from" and bogus "to" addresses for your domain.Web
Bug from
http://t.sigopn05.com/img.gif?ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgKCUyroKDA&key=e5ffd452-112a-466f-a727-8f104a0adba7
*Alex Neuman van der Hans
*Reliant Technologies / Vida Digital
http://vidadigital.com.pa/
Mobile: +507-6781-9505
Work: +507-832-6725
Work (USA): +1-440-253-9789
Skype: AlexNeuman
Don't miss Vida Digital on LiveStream
<http://new.livestream.com/accounts/5061819>!
Saturdays 8am-10am on 104.3FM Panama
Like Vida Digital <https://facebook.com/vidadigital/> on Facebook
Follow VidaDigital <http://instagram.com/vidadigital> on Instagram
Subscribe to Vida Digital <https://youtube.com/reliantpty> on Youtube
On Tue, Jul 29, 2014 at 3:06 PM, Tracy Greggs
BTW, Exchange 2013 does not have recipient checking integrated
into their antispam feature set. This has proven to be a real
PITA when using MailScanner as a gateway. Another brilliant move
from Microsoft!
Regards
*From:*mailscanner-bounces at lists.mailscanner.info
<mailto:mailscanner-bounces at lists.mailscanner.info>
[mailto:mailscanner-bounces at lists.mailscanner.info
<mailto:mailscanner-bounces at lists.mailscanner.info>] *On Behalf Of
*Tracy Greggs
*Sent:* Tuesday, July 29, 2014 1:48 PM
*To:* 'MailScanner discussion'
*Subject:* RE: New to MailScanner
I use sendmail, so someone else can comment on your postfix question.
I would make a suggestion to turn on the Exchange antispam feature
for recipient checking and run MILTER-AHEAD with your MailScanner
MTA. It is cheap but not free, but well worth the expense.
Regards,
Tracy Greggs
*From:*mailscanner-bounces at lists.mailscanner.info
<mailto:mailscanner-bounces at lists.mailscanner.info>
[mailto:mailscanner-bounces at lists.mailscanner.info] *On Behalf Of
*Greg Ledford
*Sent:* Tuesday, July 29, 2014 10:49 AM
*To:* 'mailscanner at lists.mailscanner.info
<mailto:mailscanner at lists.mailscanner.info>'
*Subject:* New to MailScanner
Hello. Please be kind as I'm still learning the program and I'll
have lots of questions. Is there a webpage that lists the
instructions to install MailScanner + Postfix if you are using it
as a front-end for an Exchange 2010 server? Thanks for any help
you can provide.
*Greg Ledford*
*_PHHW Technology Services LLC_*
1000 Corporate Centre Dr, Ste 200
Franklin, TN 37067
Office (615) 778-1777 <tel:%28615%29%20778-1777>
Cell (615) 403-6989 <tel:%28615%29%20403-6989>
Fax (615) 771-0081 <tel:%28615%29%20771-0081>
Email gledford at phhwtechnology.com <mailto:gledford at phhwtechnology.com>
--
This message has been scanned for viruses and
dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
believed to be clean.
--
This message has been scanned for viruses and
dangerous content by *MailScanner* <http://www.mailscanner.info/>, and is
believed to be clean.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
<mailto:mailscanner at lists.mailscanner.info>
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140730/e8e0137a/attachment.html
-------------- next part --------------
#!/usr/bin/perl -T -w
# Version 1.02
# This script will pull all users' SMTP addresses from your Active Directory
# (including primary and secondary email addresses) and list them in the
# format "user at example.com OK" which Postfix uses with relay_recipient_maps.
# Be sure to double-check the path to perl above.
# This requires Net::LDAP to be installed. To install Net::LDAP, at a shell
# type "perl -MCPAN -e shell" and then "install Net::LDAP"
use Net::LDAP;
use Net::LDAP::Control::Paged;
use Net::LDAP::Constant ( "LDAP_CONTROL_PAGED" );
# Enter the path/file for the output
$VALID = "/etc/postfix/valid_recipients";
# Enter the FQDN of your Active Directory domain controllers below
#
#
$dc1="hostname1.yourdomain.com";
$dc2="hostname2.yourdomain.com";
# Enter the LDAP container for your userbase.
# The syntax is CN=Users,dc=example,dc=com
# This can be found by installing the Windows 2000 Support Tools
# then running ADSI Edit.
# In ADSI Edit, expand the "Domain NC [domaincontroller1.example.com]" &
# you will see, for example, DC=example,DC=com (this is your base).
# The Users Container will be specified in the right pane as
# CN=Users depending on your schema (this is your container).
# You can double-check this by clicking "Properties" of your user
# folder in ADSI Edit and examining the "Path" value, such as:
# LDAP://domaincontroller1.example.com/CN=Users,DC=example,DC=com
# which would be $hqbase="cn=Users,dc=example,dc=com"
# Note: You can also use just $hqbase="dc=example,dc=com"
#
#
$hqbase="cn=Users,dc=yourdomain,dc=com";
# Enter the username & password for a valid user in your Active Directory
# with username in the form cn=username,cn=Users,dc=example,dc=com
# Make sure the user's password does not expire. Note that this user
# does not require any special privileges.
# You can double-check this by clicking "Properties" of your user in
# ADSI Edit and examining the "Path" value, such as:
# LDAP://domaincontroller1.example.com/CN=user,CN=Users,DC=example,DC=com
# which would be $user="cn=user,cn=Users,dc=example,dc=com"
# Note: You can also use the UPN login: "user\@example.com"
#$user="cn=mail,cn=Users,dc=wavien,dc=com";
#
#
#Best format is user\@yourdomain.com
#
$user="user\@yourdomain.com";
$passwd="password";
#
# No additional configuration required beyond here
#
# Connecting to Active Directory domain controllers
$noldapserver=0;
$ldap = Net::LDAP->new($dc1) or
$noldapserver=1;
if ($noldapserver == 1) {
$ldap = Net::LDAP->new($dc2) or
die "Error connecting to specified domain controllers $@ \n";
}
$mesg = $ldap->bind ( dn => $user,
password =>$passwd);
if ( $mesg->code()) {
die ("error:", $mesg->code(),"\n","error name: ",$mesg->error_name(),
"\n", "error text: ",$mesg->error_text(),"\n");
}
# How many LDAP query results to grab for each paged round
# Set to under 1000 for Active Directory
$page = Net::LDAP::Control::Paged->new( size => 990 );
@args = ( base => $hqbase,
# Play around with this to grab objects such as Contacts, Public Folders, etc.
# A minimal filter for just users with email would be:
# filter => "(&(sAMAccountName=*)(mail=*))"
filter => "(& (mailnickname=*) (| (&(objectCategory=person)
(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))
(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)
(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))
(objectCategory=group)(objectCategory=publicFolder)(objectClass=msExchDynamicDistributionList) ))",
control => [ $page ],
attrs => "proxyAddresses",
);
my $cookie;
while(1) {
# Perform search
my $mesg = $ldap->search( @args );
# Filtering results for proxyAddresses attributes
foreach my $entry ( $mesg->entries ) {
my $name = $entry->get_value( "cn" );
# LDAP Attributes are multi-valued, so we have to print each one.
foreach my $mail ( $entry->get_value( "proxyAddresses" ) ) {
# Test if the Line starts with one of the following lines:
# proxyAddresses: [smtp|SMTP]:
# and also discard this starting string, so that $mail is only the
# address without any other characters...
if ( $mail =~ s/^(smtp|SMTP)://gs ) {
push(@valid, $mail." OK\n");
}
}
}
# Only continue on LDAP_SUCCESS
$mesg->code and last;
# Get cookie from paged control
my($resp) = $mesg->control( LDAP_CONTROL_PAGED ) or last;
$cookie = $resp->cookie or last;
# Set cookie in paged control
$page->cookie($cookie);
}
if ($cookie) {
# We had an abnormal exit, so let the server know we do not want any more
$page->cookie($cookie);
$page->size(0);
$ldap->search( @args );
# Also would be a good idea to die unhappily and inform OP at this point
die("LDAP query unsuccessful");
}
# Only write the file once the query is successful
open VALID, ">$VALID" or die "CANNOT OPEN $VALID $!";
print VALID @valid;
# Add additional restrictions, users, etc. to the output file below.
#print VALID "user\@example.com OK\n";
#print VALID "user1\@example.com 550 User unknown.\n";
#print VALID "bad.example.com 550 User does not exist.\n";
close VALID;
