Allow delivery to existing accounts only with LDAP and static
Hi,
we are using LDAP binding as a passdb, and static with allow_all_users=yes as an userdb.
Works fine, but problem is, Maildirs are created for non-existent accounts too. We would like to prevent it.
The LDAP binding does not supporta user lookups. Is the correct way to use checkpassword as a passdb before LDAP, check for account existency here and:
result_success=continue result_failure=return-fail
?
Thank you, regards, Miloslav
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 27 Aug 2015, Miloslav Hůla wrote:
we are using LDAP binding as a passdb, and static with allow_all_users=yes as an userdb.
Works fine, but problem is, Maildirs are created for non-existent accounts too. We would like to prevent it.
The LDAP binding does not supporta user lookups. Is the correct way to use checkpassword as a passdb before LDAP, check for account existency here and:
"the correct way" is to reject messages to non-existant users by the MTA.
Which one do you use?
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVeAUFHz1H7kL/d9rAQKdQQgAsewxfUyP2p67bpQNCZQSOJz+kVmkMVl5 LBFu+fjOoPh9KH2qRsiK0ldrAj2sMljZURInedrakw9AgKQbj8HNiPkPoPylhJh7 nWfkTdMGTJc82hfN1MGDlNG0LlTErsts92UVxrJ//LzTezqwYPBXRImnYg604zLx 06ePXrgUKoQ5xXdxJUMfUzWDfC2k/JeNu3dqECGFkhuZQfcJT+Y9T9zfeJYqjJGS 6QEBJknqYihBp9Dpr3a2eJckiEaC1qqYIiYE4/6+QIDmJkWqyveRtuD/oNGmUy1P D964VNyY/jExYRCbWZjLk7Lg/TUmkAbSWIhcydctmBQZZGeRpmIHZw== =Of1j -----END PGP SIGNATURE-----
Dne 28.8.2015 v 9:56 Steffen Kaiser napsal(a):
we are using LDAP binding as a passdb, and static with allow_all_users=yes as an userdb.
Works fine, but problem is, Maildirs are created for non-existent accounts too. We would like to prevent it.
The LDAP binding does not supporta user lookups. Is the correct way to use checkpassword as a passdb before LDAP, check for account existency here and:
"the correct way" is to reject messages to non-existant users by the MTA.
Which one do you use?
We are using Postfix.
Thanks in advance.
-- Miloslav
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 28 Aug 2015, Miloslav Hůla wrote:
Dne 28.8.2015 v 9:56 Steffen Kaiser napsal(a):
we are using LDAP binding as a passdb, and static with allow_all_users=yes as an userdb.
Works fine, but problem is, Maildirs are created for non-existent accounts too. We would like to prevent it.
The LDAP binding does not supporta user lookups. Is the correct way to use checkpassword as a passdb before LDAP, check for account existency here and:
"the correct way" is to reject messages to non-existant users by the MTA.
Which one do you use?
We are using Postfix.
Then this link is probably helpful:
http://www.postfix.org/LDAP_README.html
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVeAk2Hz1H7kL/d9rAQIQfAgAxS3oFXkU8wbU24x1oh+eNh9p7PsvABe2 FFwXS1VTKmaND19t7tLcz53h6NWtIXcAyuoLmA1vKXqLtQV5Y9nR4W9tpbDmultG toD6L8e22ooeT3m5ancQVYUDMJ/kEYwryRUP14HLwhXfrF1uQ5FcZGQ+nBl9rckR 8q2n9q5ZKcxVisWsECaoQU2XrNnXQ9AwPvUrX0dxz5YwUAFtNPynTDyoh5TgSLU0 Qr0hc9HazJVIVH2GBVwo0xIGMNbCVMJv4ISXc09aEN4gBXHTa3pNWUzMW+bQElEk kEfEKNQWdc3g+tv6LZKcBv1CjG3eoSpMsd/MryMXcGCjOl90cyXjNA== =deBY -----END PGP SIGNATURE-----
Dne 28.8.2015 v 11:07 Steffen Kaiser napsal(a):
On Fri, 28 Aug 2015, Miloslav Hůla wrote:
Dne 28.8.2015 v 9:56 Steffen Kaiser napsal(a):
we are using LDAP binding as a passdb, and static with allow_all_users=yes as an userdb.
Works fine, but problem is, Maildirs are created for non-existent accounts too. We would like to prevent it.
The LDAP binding does not supporta user lookups. Is the correct way to use checkpassword as a passdb before LDAP, check for account existency here and:
"the correct way" is to reject messages to non-existant users by the MTA.
Which one do you use?
We are using Postfix.
Then this link is probably helpful:
Thank you Steffen, at first, I didn't realized that MTA should reject it.
We can use LDAP only for auth binds for now, but thanks to pointing me out.
Best regards, Miloslav
participants (2)
-
Miloslav Hůla
-
Steffen Kaiser