Using Postfix to Bounce Invalid Recipent Email Before it Reaches Microsoft Exchange

Postfix is great for filtering SPam

Many email administrators prefer to filter inbound email using Postfix running on Linux, FreeBSD, OpenBSD or some other UNIX platform before relaying it to an internal Microsoft Exchange server. This strategy allows administrators to take advantage of the flexibility of Postfix and a wide variety of open source SPAM filtering solutions like Spamassassin, Amavisd-new, ClamAV, and a host of other open source solutions.

The challenge of invalid recipients

One of the challenges of relaying email for an internal system is dealing with invalid recipient email addresses. If an inbound message is addressed to a non-existent address then we really want to bounce it immediately on the Postfix system. There is no point in wasting resources on expensive Spamassassin checks if we can just bounce it right way! We certainly don’t want messages addressed to invalid users getting relay through to the Microsoft Exchange server.

Net::LDAP to the rescue!

The tricky part in all of this is keeping a current list of valid Exchange based email addresses on the Postfix server. The best solution that I’ve found is a Perl script that runs periodically as a cron job on the Postfix server. It makes use of the Net::LDAP Perl module to do an LDAP query of Microsoft Active Directory and then build a Postfix “relay_recipient_maps” file that contains all valid internal email addresses. Postfix uses the “relay_recipient_maps” file to bounce invalid recipients immediately before wasting time on relaying or SPAM filtering.

I’ve had this solution running at a relatively large client site for a couple of years and it just works.