Querying zimbra LDAP hidden accounts

[inigoml]

We are implementing an SMTP tarpit spam system in front of Zimbra in order to lower spam rate with postfix.
For our system, we query zimbra via LDAP in order to detect it an email is or not valid, enabling postfix tarpit if the error number in reception emails is high. So, our architecture is postfix -------> zimbra (postfix also)

The system is working without problem, and front postfix queries zimbra LDAP without problem. Our base query es "mail=%s"

However, if an email address is marked as hidden in Zimbra GAL, we cannot query it via LDAP althought address is in fact there and it is valid, so our postfix should forward email to zimbra but it doesn't due to does not appear in LDAP query.

So the question is, how can we query a valid email address vía LDAP if this is marked as hidden in GAL from Zimbra.

Thanks in advance.

[inigoml]

Sometimes it's better stop and think....
The problem was due to the attribute type we are requesting.

Since we where expecting a "mail" attribute and hidden lists, for example, don't have mail attribute, there were no response for them.
Postfix only wait to receive SOMETHING when querying LDAP, so all we had to do is find something that all accounts have in common, for example, objectclass.

So, we configured postfix for theses parameters:
query_filter= (|(zimbraMailDeliveryAddress=%s)(zimbraMailAddress =%s)(zimbraMailAlias=%s)(mail=%s))
result_attribute = objectClass

Now our postfix checks against zimbra LDAP in order to verify that an email is valid. If it's valid, there is no delay (tarpit). If there are invalid addresses in SMTP envelope, (that is, lots of "MAIL TO: invalid@foo.com" then it starts to slow reponses.

Now we have to "feed" spammers with lot of invalid addresses for my company. We will put them hidden in our corporate site so when some spammer send something, there will be some valid email addresses and hundred or thousand invalid ones and tarpitting will start slowing connection.