Mail Filter Server with Postfix

[ROGA]

Hi,

I would like to build a front-Mail-Server to filtering spam, av, dnsbl etc. from scratch with postfix. It should only receive emails for recipient, that exists in a windows active directory. So, I need support for ldap. But which use-flag do i need for compiling postfix? ldap or ldap-bind? What's difference? Do I also need the use-flags sasl?

thanks for explanation and help!

[szatox]

From https://www.gentoo.org/support/use-flags/

Code: Select all

global
ldap 	Add LDAP support (Lightweight Directory Access Protocol)

postfix
dovecot-sasl 	Enable net-mail/dovecot protocol version 1 (server only) SASL implementation
eai 	Add support for SMTPUTF8
ldap-bind 	Add support for binding to LDAP backend using dev-libs/cyrus-sasl
lmdb 	Add support for using dev-db/lmdb for lookup tables
memcached 	Add support for using net-misc/memcached for lookup tables

If I understand you correctly, this postfix instance is supposed to only act as a sanitizing proxy for incoming mail. You want to filter mail before passing it to another server equipped with some storage backend, right?
In this case I'd try use ldap. Receiving mail does not call for authentication, so sasl is not required on a proxy (MTA).


Im my personal setup I'm using dovecot-sasl, which delegates authentication to the storage backend which in turn queries mysql database, however this authentication is only used for mail submission. When it comes to receiving mail, I have postfix run SQL query for virtual mailboxes and virtual aliases directly, before forwarding it to dovecot.
You'll need an ldap query there and probably a relay host instead, but the idea is not too different.

[ROGA]

@szatox:

Thanks for your answer. I have already read this summary for use-flags but could not determine the difference between ldap and ldap-bind.

You understand me right. The Mail-Filter Server should only act as a sanitizing proxy for the incoming mails. Therefore I do not need virtual Users nor do I need a mysql Server Instance. I only want to query the AD-Server for an answer, if a E-Mail User exist or not. So whitch USE-Flag do I need to build postfix correctly to make this query? Is it possible, that the USE-Flag ldap does have more functionality as ldap-bind?

[szatox]

From postifx's ebuild:

DEPEND="[...]
ldap? ( net-nds/openldap:= )
ldap-bind? ( net-nds/openldap:=[sasl] )
"
REQUIRED_USE="ldap-bind? ( ldap sasl )"

So, ldap-bind requires ldap and sasl in postfix and also sasl in openldap.
Well, if your MTA won't be used for mail submission, there is no need for authentication mechanisms. You need ldap anyway, but ldap-bind is not necessary for your use case.

Therefore I do not need virtual Users nor do I need a mysql Server Instance

You don't need mysql, since you want to query LDAP, but you do need virtual users because that's where you will put a path to your LDAP query.
Unless you found another hook for that?