Receiver (To/CC envelope fields) addresses verification against LDAP/Active Directory in sendmail

Christopher Martin outsidefactor at iinet.net.au
Sat Apr 7 12:23:08 UTC 2007


> -----Original Message-----
> From: Mikhail Goriachev [mailto:mikhailg at webanoide.org]
> Sent: Saturday, 7 April 2007 3:23 PM
> 
> 
> You could use /usr/ports/mail/mimedefang (www.mimedefang.org) miltered
> into your sendmail. Sorta like py-milter but in perl. The simplest,
> quickest and dirtiest solution would be to feed a list of valid
> recipients into mimedefang and let it "accept" or "reject" incoming
> mail. Then it is a matter of finding a way to keep the list up to date.
> 
> Or, instead of feeding mimedefang with a list, you could instruct it to
> poll your internal mail server like you already suggested.
> 
> For a long term solution I prefer storing aliases, maps, etc. in LDAP.

The LDAP solution would be ideal. The export/access list method you suggest
is what LDAPMAP seems to do, but it doesn't compile. I am no coder, so if it
doesn't compile right off I won't use it, figuring it will be a hack each
time it has to be updated even if I manage to figure out what's stopping it
from compiling.

I am considering writing a script that exports all valid addresses from
Active Directory via LDAP and then processes the results and appends it to
the sendmail access database (I hope that there is an alternative to REJECT,
as that would enable directory harvesting), a catch-all in virtual users to
send anything that isn't valid straight to /dev/null. This poses some risks,
however. I would have to build in checks to make sure that an empty or
incomplete list was never posted, otherwise, whammo, all mail gone.

Will give it some thought. I see Mimedefang everywhere, but I have not
messed about with it yet. I guess I need to run up a trial VM to have a go,
though I have absolutely no perl skills at all.

Thanks for the suggestions!

Chris Martin


More information about the freebsd-questions mailing list