How to Sync domain emails to Postfix's relay_recipient_maps? 如何同步domain email到Postfix的relay_recipient_maps


如何同步domain email到Postfix的relay_recipient_maps?
How to Sync domain emails to Postfix's relay_recipient_maps?

Due to Linux's better network performance in nature, many are using postfix as the mail gateway. To stop getting spam from internet, you can setup RBL list in Postfix's main.cf. This will only stop those blacklist servers, however, but not those not on list. And even when someone is sending your server a unknown@example.comto, your server will accept that mail since it doesn't know who is on your recipient list. To reduce such spam or misspelling, you can setup the relay_recipient_maps table for Postfix server. This table will help Postfix to judge which recipient should be accepted and which one is not.

To do so, you need to make sure your Postfix's relay_recipient_maps table is updated and always synchronized with your domain server.

"ldapsearch" is a good tool for getting domain information in Linux.
To customize a LDAP search filter, here is for you: http://confluence.atlassian.com/display/DEV/How+to+write+a+LDAP+search+filter

Below is the script for you to sync email list from domain (LDAP) server and save as relay_recipient_maps for Postfix service.
As for how to configure the relay_recipient_maps in Postfix, you can take a look here: http://www.postfix.org/postconf.5.html#relay_recipient_maps

Here comes the script:

#MinimalCount to make sure list is not partially loaded

ldapsearch -b 'DC=example,DC=com' -h 'server.add.re.ss' -D 'username' -xw 'password' '(&(sAMAccountName=*)(mail=*))' proxyAddresses | grep -i 'smtp:' | cut -d ":" -f3 | uniq -i > $TMP

if [ -s $TMP ]; then
NUM=`wc -l $TMP | cut -f1 -d' '`
if [ $NUM > $MinimalCount]; then
#Backup last workable list
cat $TMP > $LIST

cat $TMP | sed -s 's/$/ OK/' > $OF
/usr/sbin/postmap $OF
RES="`date` : $SIG (AD Sync OK) :$NUM"

RES="AD User list is too short!! :$NUM"
RES="`date` : AD query failed!! "

rm -f $TMP
echo $RES >> $LS

Before adding it to the crontab with your desired schedule for automatically periodical update, remember to chmod this script so it can be run as a script.