[Mimedefang] integrating LDAP lookups into MD

Jim McCullars jim at info.uah.edu
Wed Oct 29 12:40:30 EST 2003 


On 29 Oct 2003, Adam Lanier wrote:

> Has anyone had any luck integrating LDAP lookups into MD with the goal
> of verifying whether inbound addresses are valid?

   I haven't integrated LDAP in MD, but I have written several scripts in
perl that talk to our directory server.  The first thing you have to
decide is which perl module you want to use.  On our Tru64 machine, I use
Net::LDAP, which is the most portable, but it is slow (because it has to
do everything in perl).  On my Solaris machine, I use Mozilla::LDAP::Conn,
but I think I had to find the right SDK (software development kit) on the
Mozilla site for Solaris.  It is faster because the "guts" are written in
C.

  If you go with Net::LDAP, then you might do something like this:
Outside of any subroutine, establish the connection:

use Net::LDAP;
$ldap = Net::LDAP->new("server-name");
unless($ldap) {
  Do whatever you want to do if the connection cant be made.
  In my scripts, I usually "die" but David says don't to that
    in a MD slave
}
#if you can connect, then bind (authenticate)
$mesg = $ldap->bind("some-dn-that-can-do-searches", password => "pw");
if($mesg->code) {
  #take some appropriate action regarding authentication failure
}

   At this point, there should be a connection for the life of the slave.
Now in filter_recipient, you might do something like this:

sub filter_recipient {
  my ($recipient, $sender, $ip, $hostname, $first, $helo,
        $rcpt_mailer, $rcpt_host, $rcpt_addr) = @_;

  unless($ldap) {
    return ('TEMPFAIL', "Directory service not available, please try later")
  }
  $recipient =~ tr/<>//d;       # strip angle brackets
  my $mesg = $ldap->search (
                          base    => "your-base-DN",
                          filter  => "(mail=$recipient)"
                             );
  if $mesg->code {
    # Some other error occurred.  I would probably tempfail the
    # email and syslog something
  }
  my $count = $mesg->count;  # number of LDAP entries that matched
  if ($count == 0)  {   # invalid recipient
    return('REJECT', "Invalid recipient")
  }
  return ('CONTINUE', "ok");
}
   The search example shown above assumes that the "mail" attribute is
populated with a value that will match the incoming email address
($recipient).  Also, please note that this is "Untested Code While
Replying To Email" so you may have to tweak it some.  But it should give
you an idea of what is involved in using LDAP connects from perl.

   HTH...

Jim

More information about the MIMEDefang mailing list