Re: [Exim] LDAP address verification by a brand new EXIM use…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
Mferdinando.simonetti at <-
 
Delete this message
Reply to this message
Author: Nigel Wade
Date:  
To: Exim users list
Subject: Re: [Exim] LDAP address verification by a brand new EXIM user...
ferdinando.simonetti@??? wrote:
> Hello everybody from an Italian brand new EXIM user/admin...
>
> My mail setup will be the following:
>
> INCOMING MAIL
>
> ASSP antispam smtp proxy (MX record pointing to it)
>
> EXISCAN+CLAMAV for the antivirus treatment
> this EXIM will be configured to have "mydomain.it" "subdomain.mydomain.it"
> ecc. inside "relay_to_domains".
>
> EXIM-OUT that does the routing:
> - the mail is for @mydomain.it, deliver it to a WIN2K LOTUS NOTES host
>
> OUTGOING MAIL
>
> WIN2K LOTUS NOTES
>
> ASSP (internal IP)
>
> EXISCAN+CLAMAV
>
> EXIM-OUT that does the routing:
> - if the mail is for someone else, deliver directly to the outside
>
> Well, inside Lotus Notes there is an LDAP tree holding the data of
> each person inside mydomain's organization
>
> I wonder how is possible, on the first EXIM, to verify that the recipient
> address (or the sender address) is present inside the Notes LDAP tree, to
> prevent subsequent deliveries (rejecting the mail ASAP during the flow).
>
> This is my first very first try (I cannot test it, I'm not actually sure
> if the attribute holding the "internet mail" for Mr. Pinco Pallino is
> "internetmail" but now I'm focusing on "verifier router" syntax) for a
> router...
>
> lotusldap:
> verify_only
> no_verify_sender
> allow_fail
> allow_defer
> domains = +relay_to_domains
> driver = accept
> data = ${lookup ldap {ldap://\
>          ${extract{internetmail}\
>             ${quote_ldap:{$address_data}}\
>           }\
>         {$value} fail}
> no_more

>
> Is it almost a bit correct?
>
> Thanks thanks a lot...
>

I don't see 'data' as an option to the 'accept' driver in my docs. I think
you could use a condition as follows:

condition = ${lookup ldap { ldap://\
internetmail?sub?(internetmail=${quote_ldap:{$local_part@$domain}})} \
{yes} fail}


I use the following LDAP lookup as a condition in an accept router to verify
users:

condition = ${if eq {""} {${lookup ldap { \
user=LDAPU pass=LDAPP LDAPS\
mail?sub?(&(objectClass=rsppgAccount)(uid=${quote_ldap:$local_part}))} \
{$value} fail}} {no} {yes} }

it tests for the attribute "mail" in all entries with
objectClass=rsppgAccount and uid=$local_part. If it doesn't find a "mail"
attribute the condition fails outright. If it finds the attribute, but the
value is "", it also fails (the value {no} is the outcome).

LDAPU/LDAPP are the bind userid and password, LDAPS is the LDAP server URL.

HTH 

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
             University of Leicester, Leicester, LE1 7RH, UK
E-mail :    nmw@???
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] Understanding acl-check_rcptRe: [Exim] Understanding acl-check_rcpt->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)