Miloslav Hůla
2015-Aug-28 08:45 UTC
Allow delivery to existing accounts only with LDAP and static
Dne 28.8.2015 v 9:56 Steffen Kaiser napsal(a):>> we are using LDAP binding as a passdb, and static with >> allow_all_users=yes as an userdb. >> >> Works fine, but problem is, Maildirs are created for non-existent >> accounts too. We would like to prevent it. >> >> The LDAP binding does not supporta user lookups. Is the correct way to >> use checkpassword as a passdb before LDAP, check for account existency >> here and: > > "the correct way" is to reject messages to non-existant users by the MTA. > > Which one do you use?We are using Postfix. Thanks in advance. -- Miloslav
Steffen Kaiser
2015-Aug-28 09:07 UTC
Allow delivery to existing accounts only with LDAP and static
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 28 Aug 2015, Miloslav H?la wrote:> Dne 28.8.2015 v 9:56 Steffen Kaiser napsal(a): >>> we are using LDAP binding as a passdb, and static with >>> allow_all_users=yes as an userdb. >>> >>> Works fine, but problem is, Maildirs are created for non-existent >>> accounts too. We would like to prevent it. >>> >>> The LDAP binding does not supporta user lookups. Is the correct way to >>> use checkpassword as a passdb before LDAP, check for account existency >>> here and: >> >> "the correct way" is to reject messages to non-existant users by the MTA. >> >> Which one do you use? > > We are using Postfix.Then this link is probably helpful: http://www.postfix.org/LDAP_README.html - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEVAwUBVeAk2Hz1H7kL/d9rAQIQfAgAxS3oFXkU8wbU24x1oh+eNh9p7PsvABe2 FFwXS1VTKmaND19t7tLcz53h6NWtIXcAyuoLmA1vKXqLtQV5Y9nR4W9tpbDmultG toD6L8e22ooeT3m5ancQVYUDMJ/kEYwryRUP14HLwhXfrF1uQ5FcZGQ+nBl9rckR 8q2n9q5ZKcxVisWsECaoQU2XrNnXQ9AwPvUrX0dxz5YwUAFtNPynTDyoh5TgSLU0 Qr0hc9HazJVIVH2GBVwo0xIGMNbCVMJv4ISXc09aEN4gBXHTa3pNWUzMW+bQElEk kEfEKNQWdc3g+tv6LZKcBv1CjG3eoSpMsd/MryMXcGCjOl90cyXjNA==deBY -----END PGP SIGNATURE-----
Miloslav Hůla
2015-Aug-28 09:16 UTC
Allow delivery to existing accounts only with LDAP and static
Dne 28.8.2015 v 11:07 Steffen Kaiser napsal(a):> On Fri, 28 Aug 2015, Miloslav H?la wrote: >> Dne 28.8.2015 v 9:56 Steffen Kaiser napsal(a): >>>> we are using LDAP binding as a passdb, and static with >>>> allow_all_users=yes as an userdb. >>>> >>>> Works fine, but problem is, Maildirs are created for non-existent >>>> accounts too. We would like to prevent it. >>>> >>>> The LDAP binding does not supporta user lookups. Is the correct way to >>>> use checkpassword as a passdb before LDAP, check for account existency >>>> here and: >>> >>> "the correct way" is to reject messages to non-existant users by the >>> MTA. >>> >>> Which one do you use? >> >> We are using Postfix. > > Then this link is probably helpful: > > http://www.postfix.org/LDAP_README.htmlThank you Steffen, at first, I didn't realized that MTA should reject it. We can use LDAP only for auth binds for now, but thanks to pointing me out. Best regards, Miloslav