Re: substitution variables in ldap query_filter

On Wed, May 14, 2008 at 09:36:48AM -0500, John Heim wrote:

> I have a problem with a mail relay I inherited (I mention that because I'm 
> kind of ignorant). I need to make it work so that mail to addresses like 
> jheim <at> vulcan.math.wisc.edu work.
> 
> Right now, we use the canonical feature to rewrite the header. The problem 
> is that as a result, the ldap lookup is never done. So then mail to invalid 
> addresses like spock <at> vulcan.math.wisc.edu are rewritten as 
> spock <at> math.wisc.edu and relayed on. That results in a bounce by the main 
> server whereas I'd rather the ldap lookup gets done so the mail can be 
> rejected by the relay.

You can do *non-wildcard* canonical rewriting, and this won't break
recipient validation.

	domain = legacy.example.com
	query_filter = mail=%u <at> current.example.com
	result_attribute = mail

> Okay, so I re-read the ldap howto and i see that you can use other 
> substitution variables besides %s. I'm thinking my query_filter could be
> (mail=%u@%3.%2.%1)
> 
> But rather than poking and hoping and possibly breaking my mta in the mean 
> time, I was hoping someone could direct me to some examples of use of these 
> substitution variables.

The variables are documnted in ldap_table(5). You can also restrict
which domains are in scope via the "domain" list.

--

-- 
	Viktor.

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.

To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomo <at> postfix.org?body=unsubscribe%20postfix-users>

If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.