Active directory authentication with postfix

I want to relay mails from postfix machine to exchange server after verifying an email address exists with Active directory (AD authentication with postfix).

What are the steps to follow and configuration file changes
USTRLLCAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bevhostCommented:
You don't really need active directory to verify if an email address exists.
postfix can do this with SMTP.
see
http://www.postfix.org/ADDRESS_VERIFICATION_README.html
0
bevhostCommented:
/etc/postfix/main.cf:
    smtpd_recipient_restrictions =
        permit_mynetworks
        reject_unauth_destination
        ...
        reject_unknown_recipient_domain
        reject_unverified_recipient
0
bevhostCommented:
You can also have postfix cache the lookup results if you want to.

    address_verify_map = btree:/var/lib/postfix/verify

0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

bevhostCommented:
If you wanted to use Active Directory for SMTP AUTH for your remote users,
see
http://www.linuxmail.info/active-directory-cyrus-sasl-authentication/
0
USTRLLCAuthor Commented:
We need  postfix do LDAP lookups  LDAP and query for valid recipients then relaying to the exchange server
0
bevhostCommented:
Why does it have to use LDAP?
0
USTRLLCAuthor Commented:
We dont need to pull users' SMTP addresses from your Active Directory because it will take some processing time and not practical.We need to have a direct look to AD this is a valid mailid or not.

AD Authentican is for avoiding bulk mails

0
bevhostCommented:
You don't need to use AD to know if the email address is valid.
There are other much easier ways to achive this.

Postfix has a special feature desgined for exactly this purpose.
It is call email address verification and can be use to verify the validy of sender address or recipient address.

See my first comment for details.
0
USTRLLCAuthor Commented:
We need only our internal mail authentication via AD.
0
bevhostCommented:
Authentication is not required for inbound relay mail, only for external relay.
Solution for Internal clients relaying externally with AD Authentication in my fourth comment ID: 29078308
Soultion for verification that internal clients exist before accepting mail for internal relay is in first comment.

Please try the solution(s) and/or explain if/why it does not work.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
USTRLLCAuthor Commented:
Not recvd any practical solutions
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Databases

From novice to tech pro — start learning today.