LDAP Integration for valid recipient checking
|
View:
New views
8 Messages
—
Rating Filter:
Alert me
|
 |
LDAP Integration for valid recipient checking
by Joseph L. Casale
::
Rate this Message:
Because of a Primary/Backup MX issue I am trying to avoid, I want to shift the roll
of valid recipient checking over to assp. My postfix MTA and ASSP sit in front of an a Windows 2003 Active Directory forest and I am wondering if anyone uses the LDAP feature in production with this scenario. Are their any issues you have had to work around? I see the LDAPFail parameter which is an important feature I was looking for which answers the only initial question I had. One final issue I will have is with two independent setups owned by the same company. Its been decided each will provide Backup MX for each other. Postfix behind assp queues and routes mail to the primary. Is there anyway to defer *any and all* processing for email destined to exampledomain.com so that it can safely pass through assp onto postfix? Thanks! jlc ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Assp-user mailing list Assp-user@... https://lists.sourceforge.net/lists/listinfo/assp-user |
|
|
Re: LDAP Integration for valid recipient checking
by Kevin-107
::
Rate this Message:
Joseph L. Casale wrote:
> Because of a Primary/Backup MX issue I am trying to avoid, I want to shift the roll > of valid recipient checking over to assp. > > My postfix MTA and ASSP sit in front of an a Windows 2003 Active Directory forest and > I am wondering if anyone uses the LDAP feature in production with this scenario. Are their > any issues you have had to work around? I see the LDAPFail parameter which is an important > feature I was looking for which answers the only initial question I had. What's the MTA? I use ASSP with LDAP validation against AD with Exchange 2003 for both domains and addresses and it's working perfectly. Kevin ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Assp-user mailing list Assp-user@... https://lists.sourceforge.net/lists/listinfo/assp-user |
|
|
Re: LDAP Integration for valid recipient checking
by Joseph L. Casale
::
Rate this Message:
>What's the MTA?
Postfix >I use ASSP with LDAP validation against AD with Exchange 2003 for both >domains and addresses and it's working perfectly. > >Kevin Good to know. Any creative idea about the wide open pass I would need/want for the backup mail being delivered to the primary? Thanks! jlc ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Assp-user mailing list Assp-user@... https://lists.sourceforge.net/lists/listinfo/assp-user |
|
|
Re: LDAP Integration for valid recipient checking
by Kevin-107
::
Rate this Message:
Joseph L. Casale wrote:
>> What's the MTA? > > Postfix Is this the main/final MTA or just an intermediary that forwards to the main/final server? Is it currently using LDAP validation or would this be something you are setting up from scratch? Does the AD contain all your current email addresses? Are the ASSP server(s) on the same network as an AD server? DMZ? etc... > Any creative idea about the wide open pass I would need/want for the backup > mail being delivered to the primary? Is the primary server the final destination or does it also route mail to another server? If it is the final server you can either have the MTA listen on a separate port/Ip for connections from the secondary or you can use the "No Processing IPs" setting in ASSP to allow the secondary server to bypass all ASSP processing. If it is not the final destination why bother sending it to the primary? Also you mentioned having 2 servers which are backups for each other, but that's not how MX records work, you could have two servers with the same "priority" or you can have one with a slightly lower "priority" than the other. Also keep in mind MX record "priority" is only a suggestion NOT a rule according to the RFCs, servers can and WILL ignore "priority" at times. Kevin ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Assp-user mailing list Assp-user@... https://lists.sourceforge.net/lists/listinfo/assp-user |
|
|
Re: LDAP Integration for valid recipient checking
by tanstaafl_bh
::
Rate this Message:
On 6/20/2008, Kevin (assp-users@...) wrote:
> Also keep in mind MX record "priority" is only a suggestion NOT a rule > according to the RFCs, servers can and WILL ignore "priority" at times. Right... while there may be some corner cases where a backup mx *might* actually be desired, in most cases, they are far more troublethan they are worth. I prefer simplicity... -- Best regards, Charles ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Assp-user mailing list Assp-user@... https://lists.sourceforge.net/lists/listinfo/assp-user |
|
|
Re: LDAP Integration for valid recipient checking
by Jeroen van Aart
::
Rate this Message:
Charles Marcus wrote:
> Right... while there may be some corner cases where a backup mx *might* > actually be desired, in most cases, they are far more troublethan they > are worth. Right, it makes more sense to have 2 or more MTAs which basically are clones of eachother, i.e. with the same functionality. A real backup would be a hotspare server, again a clone, which you can quickly put into action whenever needed. > I prefer simplicity... Wait, so you don't like nested raids with lvm for partition management? ;-) Regards, Jeroen ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Assp-user mailing list Assp-user@... https://lists.sourceforge.net/lists/listinfo/assp-user |
|
|
Re: LDAP Integration for valid recipient checking
by Kevin-107
::
Rate this Message:
Jeroen van Aart wrote:
> Charles Marcus wrote: >> Right... while there may be some corner cases where a backup mx *might* >> actually be desired, in most cases, they are far more troublethan they >> are worth. > > Right, it makes more sense to have 2 or more MTAs which basically are > clones of eachother, i.e. with the same functionality. A real backup > would be a hotspare server, again a clone, which you can quickly put > into action whenever needed. I run a two incoming SMTP servers on separate providers for redundancy. The only reason one has a lower priority is because it's a slightly smaller pipe. I prefer having a second (live) server, if one fails I can usually fix it at my leisure. Saves me much stress and is not really that much work aside from initial setup. >> I prefer simplicity... > > Wait, so you don't like nested raids with lvm for partition management? ;-) I do. But only if you leave the drives and cables unlabeled. I just LOVE playing "Which Drive is it again?" when one fails. :) Kevin ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Assp-user mailing list Assp-user@... https://lists.sourceforge.net/lists/listinfo/assp-user |
|
|
Re: LDAP Integration for valid recipient checking
by tanstaafl_bh
::
Rate this Message:
On 6/20/2008, Kevin (assp-users@...) wrote:
>>> Right... while there may be some corner cases where a backup mx >>> *might* actually be desired, in most cases, they are far more >>> troublethan they are worth. >> Right, it makes more sense to have 2 or more MTAs which basically >> are clones of eachother, i.e. with the same functionality. A real >> backup would be a hotspare server, again a clone, which you can >> quickly put into action whenever needed. > I run a two incoming SMTP servers on separate providers for > redundancy. The only reason one has a lower priority is because it's > a slightly smaller pipe. > > I prefer having a second (live) server, if one fails I can usually > fix it at my leisure. Saves me much stress and is not really that > much work aside from initial setup. What I was talking about was using a backup mx that simply queued mail until the primary came back up... in todays internet, it provides very little benefit, since the servers attempting delivery will simply retry later anyway... Having a backup smtp server that can actually step in and REPLACE the funcitonality of your primary is another thing entirely, and I'm all for redundancy where practical... :) -- Best regards, Charles ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Assp-user mailing list Assp-user@... https://lists.sourceforge.net/lists/listinfo/assp-user |
| Free Forum Powered by Nabble | Forum Help |