| View previous topic :: View next topic |
| Author |
Message |
ROGA
Apprentice
Joined: 17 Feb 2018
Posts: 158
Location: Zurich, Switzerland
|
 Posted: Sat Oct 22, 2022 8:23 am Post subject: Mail Filter Server with Postfix |
 |
|
Hi,
I would like to build a front-Mail-Server to filtering spam, av, dnsbl etc. from scratch with postfix. It should only receive emails for recipient, that exists in a windows active directory. So, I need support for ldap. But which use-flag do i need for compiling postfix? ldap or ldap-bind? What's difference? Do I also need the use-flags sasl?
thanks for explanation and help!
_________________
regards,
Roland |
|
| Back to top |
|
 |
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3136
|
| Posted: Sat Oct 22, 2022 10:50 am Post subject: |
|
|
From https://www.gentoo.org/support/use-flags/
| Code: |
global
ldap Add LDAP support (Lightweight Directory Access Protocol)
postfix
dovecot-sasl Enable net-mail/dovecot protocol version 1 (server only) SASL implementation
eai Add support for SMTPUTF8
ldap-bind Add support for binding to LDAP backend using dev-libs/cyrus-sasl
lmdb Add support for using dev-db/lmdb for lookup tables
memcached Add support for using net-misc/memcached for lookup tables |
If I understand you correctly, this postfix instance is supposed to only act as a sanitizing proxy for incoming mail. You want to filter mail before passing it to another server equipped with some storage backend, right?
In this case I'd try use ldap. Receiving mail does not call for authentication, so sasl is not required on a proxy (MTA).
Im my personal setup I'm using dovecot-sasl, which delegates authentication to the storage backend which in turn queries mysql database, however this authentication is only used for mail submission. When it comes to receiving mail, I have postfix run SQL query for virtual mailboxes and virtual aliases directly, before forwarding it to dovecot.
You'll need an ldap query there and probably a relay host instead, but the idea is not too different. |
|
| Back to top |
|
|
ROGA
Apprentice
Joined: 17 Feb 2018
Posts: 158
Location: Zurich, Switzerland
|
| Posted: Sat Oct 22, 2022 12:43 pm Post subject: |
|
|
@szatox:
Thanks for your answer. I have already read this summary for use-flags but could not determine the difference between ldap and ldap-bind.
You understand me right. The Mail-Filter Server should only act as a sanitizing proxy for the incoming mails. Therefore I do not need virtual Users nor do I need a mysql Server Instance. I only want to query the AD-Server for an answer, if a E-Mail User exist or not. So whitch USE-Flag do I need to build postfix correctly to make this query? Is it possible, that the USE-Flag ldap does have more functionality as ldap-bind?
_________________
regards,
Roland |
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3136
|
| Posted: Sat Oct 22, 2022 1:22 pm Post subject: |
|
|
From postifx's ebuild:
| Quote: | DEPEND="[...]
ldap? ( net-nds/openldap:= )
ldap-bind? ( net-nds/openldap:=[sasl] )
"
REQUIRED_USE="ldap-bind? ( ldap sasl )"
|
So, ldap-bind requires ldap and sasl in postfix and also sasl in openldap.
Well, if your MTA won't be used for mail submission, there is no need for authentication mechanisms. You need ldap anyway, but ldap-bind is not necessary for your use case.
| Quote: | | Therefore I do not need virtual Users nor do I need a mysql Server Instance |
You don't need mysql, since you want to query LDAP, but you do need virtual users because that's where you will put a path to your LDAP query.
Unless you found another hook for that? |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
