Up to Something

This is a simple, but cool, recipe for querying Exchange from Postfix. This is used with a Windows 2003 Small Business Server, running (s)Exchange 2003.

We don’t often use this, because of the obvious problem of being unable to receive mail when Exchange crashes or must be rebooted. It is nice though, and a straight forward solution.

exchange_map.cf

bind_dn          = cn=Spamfilter User,cn=Users,dc=MySBS,dc=org
bind_pw          = kill$pam
scope            = sub
search_base      = dc=MySBS,dc=org
server_host      = ldaps://Server.MySBS.org:636
start_tls        = no
version          = 3
result_attribute = mail
query_filter     = (&(objectClass=user)(|(mail=%s)(proxyAddresses=SMTP:%s)))

test

firewall postfix #  postmap -q kelly@MySBS.org ldap:/etc/postfix/exchange_map.cf
kelly@MySBS.org
firewall postfix #  postmap -q fakeuser@MySBS.org ldap:/etc/postfix/exchange_map.cf
firewall postfix #  postmap -q joshua@imrnet.com ldap:/etc/postfix/exchange_map.cf

main.cf

.....
relay_recipient_maps  =  ldap:/etc/postfix/exchange_map.cf
.....

So, Kelly exists, but fakeuser, and Joshua are (mysteriously) absent.

Everyone wants to know what to do with Postfix. I have tried to find a way to publish something. Everyone who does seems to always be out of date.

Not so for this guy or that guy.

A growing number of small businesses are using Blackberry handhelds. Microsofts services haven't taken off as strong, but in a year or two I suspect Microsofts products will be kings of the market.

For now, we have a wide range of Blackberry services. Most of my clients use the Blackberry Enterprise Server (BES) with Exchange. It's terribly expensive, the entire operation works nicely and people like it.

Some of my customers use SMTP + POP3, and one in particular uses this with a Postfix based spamfilter.

Postfix uses SPF (policy-spf.pl) and that, in turn, depends on internal SPF records to help reduce spoofing of addresses. Naturally sending from the Blackberry creates a bounce. We fianlly figured out how to set this up with SPF. It was a simple change:

Old Record

v=spf1 a mx mx:spamfilter.domain.com mx:gw.domain.com mx:gw1.domaim.com 
ip4:10.1.1.0/24 a:server.otherdomain.com -all

New Record

v=spf1 a mx mx:spamfilter.domain.com mx:gw.domain.com mx:gw1.domaim.com 
ip4:10.1.1.0/24 a:server.otherdomain.com ?ptr:blackberry.com -all

See? Just add the "?ptr:blackberry.com", and boom - all is good.

Gmail is cool and everything. GmailFS is one example of the coolness of Google, and Gmail. Google tends to publish AJAX Api's for everything, making things extensible, even if XML Situps suck.

However, a new sucky thing (for me) has developed. I did not realize that the Google Spam filter was Bayesian. So, I have been happily training the HAM side, and neglecting to review the SPAM. Whoops! I primarily use Gmail to deal with Mailing Lists, it's so handy after all, and I have so far found over 500 conversations in the Spam Folder.

• The Good: they are all marked with the appropriate labels.
• The Bad: I have thus-far been unable to find a way to search through the spam folder.

The moral of the story is this: Google needs to provide a simple way to search through their Spam folder, and we should all stay on top of what's in there.

We use CRM114, SpamAssassin and Postfix for most of our antispam solutions. We have somehow avoided using LDAP up to this point. Postfix 2.2 seems to have made a lot of relavent changesd regarding LDAP support, and now things are working smoothly and more clearly than ever.

Some don't recommend this, and they will want you to use all sorts of bastardized Perl or God help us, VBS to get entries from LDAP and ship them off to Linux.

Bollocks! I say, use LDAP queries directly, and manage load with proxymap.