[SOLVED] LDAP receiver verification / individual and groups forwards

K

KatyComputer

Well-Known Member
Sep 26, 2019
193
16
58
61
St Louis
katycomputer.com
In a perfect world, PMG would use the LDAP directory for:
- receiver verification
- receiver forwards (sally@bigcompany.com ==> sallyworksfromhome@aol.com)
- group forwards (tech@bigcompany.com==> joe@bigcompany.com, sam@bigcompany.com, sally@bigcompany.com)
- provide quarantine interface credentials

Currently, we have this information in various text files. We are implementing PMG on a PVE host, is there a preferred LDAP implementation?

I have a few hundred email addresses, approximately 20 groups and another 20 individual forwards. Email lives on a mixture of Google Apps, Office 365 and Dovecot.
Is this a good idea, would it be better to keep this information in various Postfix configuration files?
 
IMO part of the requested functionality is not in the scope of PMG (which acts as a proxy for spam and virus scanning, less as final e-mail delivery hub).

KatyComputer said:
- receiver verification
Click to expand...
In PMG you can use the postfix-builtin receiver verification, which works by trying to deliver a mail to a receiver and caches both positive (200) and negative (4xx and 5xx) results. This has the advantage, that it also detects conditions which are not only based on whether the e-mail address exists (e.g. some setups use quotas and reply with a 4xx if the mailbox is over quota). Another upside is that it is quite robust, should the downstream server be down ... (it just sends a tempfail 4xx and the initial sender tries again later) - see http://www.postfix.org/ADDRESS_VERIFICATION_README.html . In PMG it can be enabled in Configuration -> Mail Proxy -> Options.

KatyComputer said:
- provide quarantine interface credentials
Click to expand...
This already works: Configuration -> Spam Detector -> Quarantine -> Authentication Mode

The other 2 Points I would rather implement in the downstream server (you can also use a GroupWare solution like Zimbra, which brings those features (and AFAIR an LDAP-server))

KatyComputer said:
Is this a good idea, would it be better to keep this information in various Postfix configuration files?
Click to expand...
With 20-40 entries this is a good question - for 4-5 I'd say keep it in config-files - for 100 I'd definitely chose LDAP - in-between it depends on whether they change quite often, or if you plan to add more entries.
* LDAP makes it simpler for the users to change their settings by themselves (and it is easier to get setup in a fault-tolerant setup)
* config-files are simpler as a concept and for singe-node setups probably more robusst

I hope this helps!
 
  • Like
Reactions: KatyComputer
My primary concern is the elimination of backscatter. I don't want PMG to accept a message for joeblow@bigcompany.com, forward that message to Office365, then have that message returned to sender in a separate transaction.

It seems PMG handles this situation brilliantly. The first time Joe gets an email PMG replies with:
SERVER -> CLIENT: 450 4.7.1 <joeblow@bigcompany.com>: Recipient address rejected: Service is unavailable (try later)
SMTP ERROR: RCPT TO command failed: 450 4.7.1 <joeblow@bigcompany.com>: Recipient address rejected: Service is unavailable (try later)

The second attempt looks like this:
SERVER -> CLIENT: 250 2.0.0 Ok: queued as D742E4217B
CLIENT -> SERVER: QUIT
SERVER -> CLIENT: 221 2.0.0 Bye
Connection: closed
Message completed successfully.

BTW: Wormly provides a nice SMTP diagnostic tool, I used it to test PMG's handling of incoming mail. https://www.wormly.com/test-smtp-server

Nice job Proxmox & Postfix!
 
Thanks for sharing the tip with wormly!

So Recepient Verification works for you? - If yes please mark the thread as 'SOLVED' - it might help others!
 
  • Like
Reactions: KatyComputer
KatyComputer said:
How do I mark the thread "Solved"? I spent a bit of time on the Xenforo site -no joy...
Click to expand...
On top (above the first post) -> klick on the 3 dots (... ) -> Edit thread -> select prefix SOLVED :) (I changed it for you).

KatyComputer said:
I am looking forward to getting my "Proxmox Subscriber" trophy :)
Click to expand...
Click on your account -> Account Details (where your email is shown) -> Proxmox Subscription Key (there you enter your Subscription Key :)
 
  • Like
Reactions: KatyComputer
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom