Monday, December 1, 2008

Postfix and LDAP

Postfix and LDAP

   One of the absolute most important pieces of a successful Linux migration is housing email. We chose Postfix for a number of reasons, one of them is it's very easy to work directly with ldap, or work from a cached map for more efficient.

   First let's look under the hood up postfix. It has 2 main files, main.cf and master.cf and any number of other configs that will contain hashes, maps, regex and other files mainly used as lists.

main.cf - As the name implies, this main config file to sets most options you'll ever need to tweak.

master.cf - The file that tells postfix what services to use and how to use them. It sets all the ports, 3rd party applications, plugins and whatever else would effect the main services postfix would use.

   In this section we're only going to touch on the main options you'll need to get postfix working in a corporate setting. Inside the main.cf file there is a handful of options that needs to be pointed out. They are: mynetworks, relay_recipient_maps, server_host, and an optional smtpd_tls_*

mynetworks - A list of IP networks allowed to send email (relay) mail through your server without authentication.
Example: mynetworks = 127.0.0.0/8, 192.168.0.0/16

relay_recipient_maps - This is used in the caching system mentioned above. It takes a filename as a parameter which contains your transport map.
Example: relay_recipient_maps = hash:/etc/postfix/addresses

The contents of /etc/postfix/addresses are in the format of:
tester@test.com OK
testuser@test.com OK
test123@beta.test.com OK

server_host- Tying directly to ldap. This is an expensive option, as it queries ldap in realtime as email comes in. As you can imagine, heavy volume can hinder preformance. I strongly suggest using a relay_recipient_maps as seen above.
Example: server_host = ldap://ldap.example.com:389

So you may be asking, if I want to run a cached version, how do I keep it updated? The solution is pretty simple, crontab and a quick shell script:

#!/bin/sh
PATH=/bin:/usr/bin:/usr/sbin

[ -f /tmp/addresses.1 ] && /bin/mv /tmp/addresses{.1,.2}
/bin/mv /tmp/addresses{,.1}

ldapsearch -x -LLL -h directory.mycompany.com -b dc=mycompany,dc=com -s sub objectClass=inetLocalMailRecipient mail mailLocalAddress|awk '/^mail/ {FS=" " ; print $2}' |sort -u |sed 's/$/ OK/' > /tmp/addresses

[ -s /tmp/addresses ] || exit 1

if [ -f /etc/postfix/maps/addresses ]; then
diff /etc/postfix/maps/addresses /tmp/addresses > /dev/null
RETVAL="$?"
else
mv /tmp/addresses /etc/postfix/maps/
RETVAL="1"
fi

if [ "$RETVAL" = "1" ] ; then
cd /etc/postfix/maps
/bin/cp /tmp/addresses /etc/postfix/maps/addresses
postmap /etc/postfix/maps/addresses
postfix reload
exit 0
else
exit 0
fi

I hope you find this post helpful. Please feel free to comment and correct me.