To enable SMTP verification using LDAPS:
- Open the console of the Kaspersky Secure Mail Gateway virtual machine or connect to it via SSH.
- Go to Technical Support Mode.
- Copy the file /opt/kaspersky/klms-appliance/share/postfix/main.cf.template
- In the original file, find relay_recipient_maps
- Delete the following lines:
{% if rejectRecipient == "unlisted" -%}
{%- endif %}
- Add the following line below:
relay_recipient_maps = ldap:$config_directory/ldap_relay_recipients.cf
- Make sure the file includes the following parameters:
smtpd_recipient_restrictions = reject_unlisted_recipient, reject_non_fqdn_recipient, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_unverified_recipient
smtpd_reject_unlisted_recipient = yes
- Save the file.
Changing of the settings related to reject_unlisted_recipient will become unavailable after you save the file main.cf.template.
- Create a file /etc/postfix/ldap_relay_recipients.cf
- Fill it in according to the example:
SSL is supported. In this case, the link must start with ldaps://
- bind parameters are optional, if anonymous access to LDAP is available.
- For description of all parameters, see the Postfix official website.
- Check if you can find users by their email addresses:
postmap -q test10@test.mail.com ldap:/etc/postfix/ldap_relay_recipients.cf
If the address exists and the search works, the information about the address will appear on the screen.
- Update the configuration of postfix:
/opt/kaspersky/klms-appliance/bin/update_postfix_config.sh
If the settings are correct, upon attempts to send a message to the user outside LDAP, you will get the error:
Non existing user:
Feb 26 17:53:50 adagsd postfix/smtpd[10029]: NOQUEUE: reject: RCPT from adagsd.test.local[::1]: 550 5.1.1 <test111111@test.mail.com>: Recipient address rejected: User unknown in relay recipient table; from=<root@adagsd.test.local> to=<test111111@test.mail.com> proto=ESMTP helo=<adagsd.test.local>