New to MailScanner

Wed Jul 30 18:06:16 IST 2014

I prefer to query my domain controllers for the list of valid 
recipients, and use this attached script to do so.  It also pages 
through the response from Active Directory (pulls 990 items) so you get 
all valid user emails.  There is no mention of an AD domain, so even if 
this doesn't help Tracy, it may help others.

Cheers,

Michael Huntley
@huntley

On 7/30/2014 5:59 AM, Alex Neuman wrote:
> You could, at least in theory, use plugins to check recipients using 
> LDAP in Active Directory - this plus proper SPF implementation reduces 
> a lot of the fake "from" and bogus "to" addresses for your domain.Web 
> Bug from 
> http://t.sigopn05.com/img.gif?ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgKCUyroKDA&key=e5ffd452-112a-466f-a727-8f104a0adba7
>
>
> *Alex Neuman van der Hans
> *Reliant Technologies / Vida Digital
> http://vidadigital.com.pa/
>
> Mobile: +507-6781-9505
> Work: +507-832-6725
> Work (USA): +1-440-253-9789
> Skype: AlexNeuman
>
> Don't miss Vida Digital on LiveStream 
> <http://new.livestream.com/accounts/5061819>!
> Saturdays 8am-10am on 104.3FM Panama
>
> Follow *@AlexNeuman <https://twitter.com/alexneuman>* on Twitter
> Like Vida Digital <https://facebook.com/vidadigital/> on Facebook
> Follow VidaDigital <http://instagram.com/vidadigital> on Instagram
> Subscribe to Vida Digital <https://youtube.com/reliantpty> on Youtube
>
>
> On Tue, Jul 29, 2014 at 3:06 PM, Tracy Greggs 
> <mailscanner-list at okla.com <mailto:mailscanner-list at okla.com>> wrote:
>
>     BTW, Exchange 2013 does not have recipient checking integrated
>     into their antispam feature set.  This has proven to be a real
>     PITA when using MailScanner as a gateway.  Another brilliant move
>     from Microsoft!
>
>     Regards
>
>     *From:*mailscanner-bounces at lists.mailscanner.info
>     <mailto:mailscanner-bounces at lists.mailscanner.info>
>     [mailto:mailscanner-bounces at lists.mailscanner.info
>     <mailto:mailscanner-bounces at lists.mailscanner.info>] *On Behalf Of
>     *Tracy Greggs
>     *Sent:* Tuesday, July 29, 2014 1:48 PM
>     *To:* 'MailScanner discussion'
>     *Subject:* RE: New to MailScanner
>
>     I use sendmail, so someone else can comment on your postfix question.
>
>     I would make a suggestion to turn on the Exchange antispam feature
>     for recipient checking and run MILTER-AHEAD with your MailScanner
>     MTA.  It is cheap but not free, but well worth the expense.
>
>     Regards,
>
>     Tracy Greggs
>
>     *From:*mailscanner-bounces at lists.mailscanner.info
>     <mailto:mailscanner-bounces at lists.mailscanner.info>
>     [mailto:mailscanner-bounces at lists.mailscanner.info] *On Behalf Of
>     *Greg Ledford
>     *Sent:* Tuesday, July 29, 2014 10:49 AM
>     *To:* 'mailscanner at lists.mailscanner.info
>     <mailto:mailscanner at lists.mailscanner.info>'
>     *Subject:* New to MailScanner
>
>     Hello. Please be kind as I'm still learning the program and I'll
>     have lots of questions. Is there a webpage that lists the
>     instructions to install MailScanner + Postfix if you are using it
>     as a front-end for an Exchange 2010 server? Thanks for any help
>     you can provide.
>
>
>     *Greg Ledford*
>     *_PHHW Technology Services LLC_*
>     1000 Corporate Centre Dr, Ste 200
>     Franklin, TN 37067
>     Office (615) 778-1777 <tel:%28615%29%20778-1777>
>     Cell (615) 403-6989 <tel:%28615%29%20403-6989>
>
>     Fax (615) 771-0081 <tel:%28615%29%20771-0081>
>     Email gledford at phhwtechnology.com <mailto:gledford at phhwtechnology.com>
>
>
>     -- 
>     This message has been scanned for viruses and
>     dangerous content by *MailScanner* <http://www.mailscanner.info/>,
>     and is
>     believed to be clean.
>
>
>     -- 
>     This message has been scanned for viruses and
>     dangerous content by *MailScanner* <http://www.mailscanner.info/>,
>     and is
>     believed to be clean.
>
>
>     -- 
>     This message has been scanned for viruses and
>     dangerous content by *MailScanner* <http://www.mailscanner.info/>,
>     and is
>     believed to be clean.
>
>     --
>     MailScanner mailing list
>     mailscanner at lists.mailscanner.info
>     <mailto:mailscanner at lists.mailscanner.info>
>     http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>     Before posting, read http://wiki.mailscanner.info/posting
>
>     Support MailScanner development - buy the book off the website!
>
>
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20140730/e8e0137a/attachment.html 
-------------- next part --------------

#!/usr/bin/perl -T -w

# Version 1.02

# This script will pull all users' SMTP addresses from your Active Directory
# (including primary and secondary email addresses) and list them in the
# format "user at example.com OK" which Postfix uses with relay_recipient_maps.
# Be sure to double-check the path to perl above.

# This requires Net::LDAP to be installed.  To install Net::LDAP, at a shell
# type "perl -MCPAN -e shell" and then "install Net::LDAP"

use Net::LDAP;
use Net::LDAP::Control::Paged;
use Net::LDAP::Constant ( "LDAP_CONTROL_PAGED" );

# Enter the path/file for the output
$VALID = "/etc/postfix/valid_recipients";

# Enter the FQDN of your Active Directory domain controllers below
#
#
$dc1="hostname1.yourdomain.com";
$dc2="hostname2.yourdomain.com";

# Enter the LDAP container for your userbase.
# The syntax is CN=Users,dc=example,dc=com
# This can be found by installing the Windows 2000 Support Tools
# then running ADSI Edit.
# In ADSI Edit, expand the "Domain NC [domaincontroller1.example.com]" &
# you will see, for example, DC=example,DC=com (this is your base).
# The Users Container will be specified in the right pane as
# CN=Users depending on your schema (this is your container).
# You can double-check this by clicking "Properties" of your user
# folder in ADSI Edit and examining the "Path" value, such as:
# LDAP://domaincontroller1.example.com/CN=Users,DC=example,DC=com
# which would be $hqbase="cn=Users,dc=example,dc=com"
# Note:  You can also use just $hqbase="dc=example,dc=com"
#
#
$hqbase="cn=Users,dc=yourdomain,dc=com";

# Enter the username & password for a valid user in your Active Directory
# with username in the form cn=username,cn=Users,dc=example,dc=com
# Make sure the user's password does not expire.  Note that this user
# does not require any special privileges.
# You can double-check this by clicking "Properties" of your user in
# ADSI Edit and examining the "Path" value, such as:
# LDAP://domaincontroller1.example.com/CN=user,CN=Users,DC=example,DC=com
# which would be $user="cn=user,cn=Users,dc=example,dc=com"
# Note: You can also use the UPN login: "user\@example.com"
#$user="cn=mail,cn=Users,dc=wavien,dc=com";
#
#
#Best format is user\@yourdomain.com
#
$user="user\@yourdomain.com";
$passwd="password";

#
# No additional configuration required beyond here
#
# Connecting to Active Directory domain controllers
$noldapserver=0;
$ldap = Net::LDAP->new($dc1) or
   $noldapserver=1;
if ($noldapserver == 1)  {
   $ldap = Net::LDAP->new($dc2) or
      die "Error connecting to specified domain controllers $@ \n";
}

$mesg = $ldap->bind ( dn => $user,
                     password =>$passwd);
if ( $mesg->code()) {
    die ("error:", $mesg->code(),"\n","error name: ",$mesg->error_name(),
        "\n", "error text: ",$mesg->error_text(),"\n");
}

# How many LDAP query results to grab for each paged round
# Set to under 1000 for Active Directory
$page = Net::LDAP::Control::Paged->new( size => 990 );

@args = ( base     => $hqbase,
# Play around with this to grab objects such as Contacts, Public Folders, etc.
# A minimal filter for just users with email would be:
# filter => "(&(sAMAccountName=*)(mail=*))"
         filter => "(& (mailnickname=*) (| (&(objectCategory=person)
                    (objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))
                    (&(objectCategory=person)(objectClass=user)(|(homeMDB=*)
                    (msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))
                    (objectCategory=group)(objectCategory=publicFolder)(objectClass=msExchDynamicDistributionList) ))",
          control  => [ $page ],
          attrs  => "proxyAddresses",
);

my $cookie;
while(1) {
  # Perform search
  my $mesg = $ldap->search( @args );

# Filtering results for proxyAddresses attributes  
  foreach my $entry ( $mesg->entries ) {
    my $name = $entry->get_value( "cn" );
    # LDAP Attributes are multi-valued, so we have to print each one.
    foreach my $mail ( $entry->get_value( "proxyAddresses" ) ) {
     # Test if the Line starts with one of the following lines:
     # proxyAddresses: [smtp|SMTP]:
     # and also discard this starting string, so that $mail is only the
     # address without any other characters...
     if ( $mail =~ s/^(smtp|SMTP)://gs ) {
       push(@valid, $mail." OK\n"); 
     }
    }
  }

  # Only continue on LDAP_SUCCESS
  $mesg->code and last;

  # Get cookie from paged control
  my($resp)  = $mesg->control( LDAP_CONTROL_PAGED ) or last;
  $cookie    = $resp->cookie or last;

  # Set cookie in paged control
  $page->cookie($cookie);
}

if ($cookie) {
  # We had an abnormal exit, so let the server know we do not want any more
  $page->cookie($cookie);
  $page->size(0);
  $ldap->search( @args );
  # Also would be a good idea to die unhappily and inform OP at this point
     die("LDAP query unsuccessful");
}
# Only write the file once the query is successful
open VALID, ">$VALID" or die "CANNOT OPEN $VALID $!";
print VALID @valid;
# Add additional restrictions, users, etc. to the output file below.
#print VALID "user\@example.com OK\n";
#print VALID "user1\@example.com 550 User unknown.\n";
#print VALID "bad.example.com 550 User does not exist.\n";

close VALID;