Active directory authentication with postfix

I want to relay mails from postfix machine to exchange server after verifying an email address exists with Active directory (AD authentication with postfix).

What are the steps to follow and configuration file changes
USTRLLCAsked:
Who is Participating?
 
bevhostConnect With a Mentor Commented:
Authentication is not required for inbound relay mail, only for external relay.
Solution for Internal clients relaying externally with AD Authentication in my fourth comment ID: 29078308
Soultion for verification that internal clients exist before accepting mail for internal relay is in first comment.

Please try the solution(s) and/or explain if/why it does not work.
0
 
bevhostCommented:
You don't really need active directory to verify if an email address exists.
postfix can do this with SMTP.
see
http://www.postfix.org/ADDRESS_VERIFICATION_README.html
0
 
bevhostCommented:
/etc/postfix/main.cf:
    smtpd_recipient_restrictions =
        permit_mynetworks
        reject_unauth_destination
        ...
        reject_unknown_recipient_domain
        reject_unverified_recipient
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
bevhostCommented:
You can also have postfix cache the lookup results if you want to.

    address_verify_map = btree:/var/lib/postfix/verify

0
 
bevhostCommented:
If you wanted to use Active Directory for SMTP AUTH for your remote users,
see
http://www.linuxmail.info/active-directory-cyrus-sasl-authentication/
0
 
USTRLLCAuthor Commented:
We need  postfix do LDAP lookups  LDAP and query for valid recipients then relaying to the exchange server
0
 
bevhostCommented:
Why does it have to use LDAP?
0
 
USTRLLCAuthor Commented:
We dont need to pull users' SMTP addresses from your Active Directory because it will take some processing time and not practical.We need to have a direct look to AD this is a valid mailid or not.

AD Authentican is for avoiding bulk mails

0
 
bevhostCommented:
You don't need to use AD to know if the email address is valid.
There are other much easier ways to achive this.

Postfix has a special feature desgined for exactly this purpose.
It is call email address verification and can be use to verify the validy of sender address or recipient address.

See my first comment for details.
0
 
USTRLLCAuthor Commented:
We need only our internal mail authentication via AD.
0
 
USTRLLCAuthor Commented:
Not recvd any practical solutions
0
All Courses

From novice to tech pro — start learning today.