I’ve used this in the past to limit the amount of SPAM by only allowing relay back to my exchange server of email addresses that are valid.<\/p>\n
in \/etc\/postfix\/main.cf you will need to modify “smtpd_recipient_rectrictions” adding the following. I called my file user-list.<\/p>\n
Adding this will accept mail for email addresses that are listed in the file.<\/p>\n
On the Windows Exchange server, for this I’ll assume we are using OWA and we can drop the list of addresses within the inetpub directory, allowing us to pick it up using wget.<\/p>\n
On the exchange server I use the following script:<\/p>\n
'==================================================================================================\r\n'\r\n' VBScript Source File \r\n'\r\n' NAME: LISTPROXYADDRESSES.VBS\r\n' VERSION: 0.9\r\n' AUTHOR: Bharat Suneja , Bharat Suneja\r\n' CREATE DATE : 5\/06\/2004\r\n' LAST MODIFIED : 9\/23\/2005\r\n'==================================================================================================\r\n' COMMENT: \r\n' \r\n'==================================================================================================\r\n\r\n'Set up constant for deleting values from multivalued attribute memberOf\r\n\r\nConst ADS_PROPERTY_NOT_FOUND = &h8000500D\r\nConst ADS_UF_ACCOUNTDISABLE = 2 'For UserAccountControl\r\nConst strX400Search = \"X400\"\r\n'______________________________________________________\r\n\r\n'Set RootDSE\r\nSet objRootDSE = GetObject(\"LDAP:\/\/rootDSE\")\r\nstrDomain = objRootDSE.Get(\"defaultNamingContext\")\r\nstrADPath = \"LDAP:\/\/\" & strDomain\r\n'wscript.Echo strADPath\r\nSet objDomain = GetObject(strADPath)\r\n'wscript.echo \"objDomain: \" & objDomain.distinguishedName\r\n\r\n'Setup ADODB connection\r\nSet objConnection = CreateObject(\"ADODB.Connection\")\r\nobjConnection.Open \"Provider=ADsDSOObject;\"\r\nSet objCommand = CreateObject(\"ADODB.Command\")\r\nobjCommand.ActiveConnection = objConnection\r\n\r\n'Execute search command to look for Contacts & Groups\r\n objCommand.CommandText = _\r\n \"<\" & strADPath & \">\" & \";(&(|(objectClass=contact)(objectClass=group))(mail=*))\" & \";distinguishedName,displayName,mail,proxyAddresses;subtree\"\r\n\r\n 'Execute search to get Recordset\r\n Set objRecordSet = objCommand.Execute\r\n \r\n \r\n 'Start procedure\r\n \r\n strResult = strResult & VbCrLf & \"Domain: \" & strDomain\r\n\r\n strResult = strResult & VbCrlf & \"#Total Records Found (other accounts): \" & objRecordSet.RecordCount & VbCrlf\r\n AddressCount = 0\r\n\r\n While Not objRecordSet.EOF 'Iterate through the search results\r\n \r\n strUserDN = objRecordSet.Fields(\"distinguishedName\") 'Get User's distinguished name from Recordset into a string\r\n set objUser= GetObject(\"LDAP:\/\/\"& strUserDN & \"\") 'Use string to bind to user object\r\n \r\n\r\n\r\n strResult = strResult & VbCrlf & \"cn: \" & objUser.cn\r\n strResult = strResult & VbCrlf & \"mail: \" & objUser.mail\r\n arrProxyAddresses = objRecordSet.Fields(\"proxyAddresses\")\r\n If IsArray(objRecordSet.Fields(\"proxyAddresses\")) Then\r\n strResult = strResult & VbCrLf & \"Proxy Addresses\" \r\n \r\n For Each ProxyAddress in arrProxyAddresses\r\n \r\n 'Sub: Check X400 \r\n If InStr(ProxyAddress, strX400Search) <> 0 Then \r\n \t\t'Wscript.Echo \"#This was an x400\"\r\n \t\t Else\r\n strResult = strResult & VbCrlf & proxyAddress\r\n End If 'Ends loop for X400 address\r\n Next\r\n\r\n Else\r\n strResult = strResult & VbCrlf & \"#Object does not have proxy addresses\"\r\n End If\r\n strResult = strResult & VbCrLf\r\n\r\n objRecordSet.MoveNext\r\nWend\r\n\r\n'*************************************\r\n'Begin second query for users\r\nvarDisabledCounter = 0 \r\n\r\n'Execute search command to look for user\r\n objCommand.CommandText = _\r\n \"<\" & strADPath & \">\" & \";(&(objectClass=user)(mail=*))\" & \";distinguishedName,displayName,mail,proxyAddresses;subtree\"\r\n\r\n 'Execute search to get Recordset\r\n Set objRecordSet = objCommand.Execute\r\n \r\n strResult = strResult & vbCrlf & \"#Users\"\r\n strResult = strResult & VbCrlf & \"#Total Records Found (users): \" & objRecordSet.RecordCount & VbCrlf\r\n \r\n\r\n\r\n While Not objRecordSet.EOF 'Iterate through the search results\r\n strUserDN = objRecordSet.Fields(\"distinguishedName\") 'Get User's distinguished name from Recordset into a string\r\n set objUser= GetObject(\"LDAP:\/\/\"& strUserDN & \"\") 'Use string to bind to user object\r\n \r\n \r\n If objUser.AccountDisabled = TRUE Then 'If User account disabled, then skip proxy address enum\r\n varDisabledCounter = varDisabledCounter + 1\r\n strResult2 = strResult2 & VbCrLf & varDisabledCounter & \" \" & objUser.displayName & VbCrLf\r\n \r\n strResult2 = strResult2 & \"cn: \" & objUser.cn\r\n strResult2 = strResult2 & VbCrlf & \"mail: \" & objUser.mail\r\n arrProxyAddresses = objRecordSet.Fields(\"proxyAddresses\")\r\n If IsArray(objRecordSet.Fields(\"proxyAddresses\")) Then\r\n strResult2 = strResult2 & VbCrLf & \"Proxy Addresses\" \r\n \r\n \r\n For Each ProxyAddress in arrProxyAddresses\r\n 'Sub: Check X400\r\n If InStr(ProxyAddress, strX400Search) <> 0 Then \r\n \t\t'Wscript.Echo \"#This was an x400\"\r\n \t\t Else\r\n \t\t strResult2 = strResult2 & VbCrlf & proxyAddress\r\n AddressCount = AddressCount + 1\r\n End If 'Ends loop for X400 address\r\n Next\r\n Else\r\n strResult2 = strResult2 & VbCrLf & \"#Object does not have proxy addresses\"\r\n End If\r\n strResult2 = strResult2 & VbCrLf\r\n \r\n \r\n \r\n \r\n \r\n Else\r\n \r\n\r\n\r\n strResult = strResult & VbCrlf & \"cn: \" & objUser.cn\r\n strResult = strResult & VbCrlf & \"mail: \" & objUser.mail\r\n arrProxyAddresses = objRecordSet.Fields(\"proxyAddresses\")\r\n If IsArray(objRecordSet.Fields(\"proxyAddresses\")) Then\r\n strResult = strResult & VbCrLf & \"Proxy Addresses\" \r\n \r\n For Each ProxyAddress in arrProxyAddresses\r\n 'Sub: Check X400\r\n If InStr(ProxyAddress, strX400Search) <> 0 Then \r\n \t\t'Wscript.Echo \"#This was an x400\"\r\n \t\t Else\r\n \t\t strResult = strResult & VbCrlf & proxyAddress\r\n AddressCount = AddressCount + 1\r\n End If 'Ends loop for X400 address\r\n Next\r\n Else\r\n strResult = strResult & VbCrLf & \"#Object does not have proxy addresses\"\r\n End If\r\n strResult = strResult & VbCrLf\r\n \r\n End If 'End check for disabled user \r\n \r\n objRecordSet.MoveNext \r\nWend 'End second query for users\r\n\r\n \r\nstrResult = \"Users, Groups & Contacts\" & VbCrLf & \"-------------------------\" & VbCrLf & strResult\r\nstrResult = strResult & VbCrLf & \"Disabled Users\" & VbCrLf & \"-------------------------\" & VbCrLf & strResult2\r\n'WScript.Echo strResult\r\n\r\n'Output to a text file\r\nSet objFileSystem = CreateObject(\"Scripting.FileSystemObject\")\r\nSet objOutputFile = objFileSystem.CreateTextFile(\"C:\\inetpub\\wwwroot\\postfix\\proxyaddresses.txt\")\r\nobjOutputFile.Write strResult\r\n\r\n\r\n \r\n \r\n\r\n\r\n \r\n\r\n\r\n\r\n\r\n<\/pre>\nYou will want to modify the location that it places the file to the correct location for you “Set objOutputFile = objFileSystem.CreateTextFile(“C:\\inetpub\\wwwroot\\postfix\\proxyaddresses.txt”)”<\/p>\n
After testing this I also created a scheduled task on the exchange server to run this every 15 min. This way when users are added or new email addresses are created they will automatically be placed in a location where they can be picked up by our postfix server.<\/p>\n
<\/p>\n
On the postfix server, I created the following script to pull the file from the exchange server and format it correctly for postfix:<\/p>\n
<\/p>\n
#!\/bin\/bash\r\n#pull exhange user email \r\n#written by David Hedges \r\n\r\nmkdir \/tmp\/exch-users\r\ncd \/tmp\/exch-users\r\nwget http:\/\/<YOUR SERVER IP or FQDN>\/postfix\/proxyaddresses.txt\r\n\r\n#you may need to add sed statements for other domain extensions if you use one that is not listed\r\ngrep -i smtp proxyaddresses.txt |grep -v ADdomain.local |sed 's\/smtp:\/\/g' |sed 's\/SMTP:\/\/g'|sed 's\/\\.com\/\\.com\\tOK\/g' |sed 's\/\\.COM\/\\.COM\\tOK\/g' |sed 's\/\\.net\/\\.net\\tOK\/g' |sed 's\/\\.NET\/\\.NET\\tOK\/g' |sed 's\/\\.tv\/\\.tv\\tOK\/g' |sed 's\/\\.TV\/\\.TV\\tOK\/g' |sed 's\/\\.org\/\\.org\\tOK\/g' |sed 's\/\\.ORG\/\\.ORG\\tOK\/g' |sed 's\/\\.info\/\\.info\\tOK\/g' |sed 's\/\\.INFO\/\\.INFO\\tOK\/g' | sed 's\/\\.us\/\\.us\\tOK\/g' | sed 's\/\\.US\/\\.US\\tOK\/g' >\/tmp\/exch-users\/user-list\r\n\r\n\r\n\/usr\/sbin\/postmap user-list\r\nmv .\/user-list.db \/etc\/postfix\/\r\nmv .\/user-list \/etc\/postfix\r\ncd \/tmp\r\nrm -R \/tmp\/exch-users\r\n<\/pre>\nThis will place both a plain text and a hash file in your \/etc\/postfix directory.<\/p>\n
For this I also created a cron job to run it every 5 min. That way it will pick up the changes as the exchange host publishes them.<\/p>\n
Finally, you will need to restart your postfix instance for the change to read the user-list.db file to begin.<\/p>\n
<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
I’ve used this in the past to limit the amount of SPAM by only allowing relay back to my exchange server of email addresses that are valid. in \/etc\/postfix\/main.cf you will need to modify “smtpd_recipient_rectrictions” adding the following. I called my file user-list. “check_recipient_access hash:\/etc\/postfix\/user-list.db” Adding this will accept mail for email addresses that are […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[3],"tags":[],"class_list":["post-172","post","type-post","status-publish","format-standard","category-it-blog","entry"],"_links":{"self":[{"href":"https:\/\/www.davidhedges.info\/index.php\/wp-json\/wp\/v2\/posts\/172","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.davidhedges.info\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.davidhedges.info\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.davidhedges.info\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.davidhedges.info\/index.php\/wp-json\/wp\/v2\/comments?post=172"}],"version-history":[{"count":3,"href":"https:\/\/www.davidhedges.info\/index.php\/wp-json\/wp\/v2\/posts\/172\/revisions"}],"predecessor-version":[{"id":175,"href":"https:\/\/www.davidhedges.info\/index.php\/wp-json\/wp\/v2\/posts\/172\/revisions\/175"}],"wp:attachment":[{"href":"https:\/\/www.davidhedges.info\/index.php\/wp-json\/wp\/v2\/media?parent=172"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.davidhedges.info\/index.php\/wp-json\/wp\/v2\/categories?post=172"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.davidhedges.info\/index.php\/wp-json\/wp\/v2\/tags?post=172"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}