[Date Prev][Date Next] [Chronological] [Thread] [Top]
Re: SENDMAIL and mail500 delivery agent

To: <kristina@fsas.fujitsu.co.jp>
Subject: Re: SENDMAIL and mail500 delivery agent
From: "Alan Sparks" <asparks@cpd.harris.com>
Date: Mon, 8 Nov 1999 16:28:28 -0800
Cc: <openldap-software@OpenLDAP.org>
What I do here is use the LDAP map compiled into sendmail (not using
mail500).
The cheat sheet by Bense at http://www.stanford.edu/~bbense/Inst.html
without much other work...

I simply use the "mail" and "uid" attributes myself, with a map like:
Kldap ldapx -b"o=Harris/NSS" -h"ldap.cpd.harris.com" -k"uid=%s" -v"mail"

This serves the purpose I needed, which was to route mail from the hub to
either other servers or arrange local delivery.  The aforementioned page
suggests you can add a maildrop attribute, which would be better for routing
I'd imagine... all depends on how the mail hub was set up (esp. whether
masquerading was set up).

-Alan

-----Original Message-----
From: Kristina <kristina@fsas.fujitsu.co.jp>
To: Kurt D. Zeilenga <kurt@boolean.net>
Cc: openldap-software@OpenLDAP.org <openldap-software@OpenLDAP.org>
Date: Friday, November 05, 1999 3:17 AM
Subject: Re: SENDMAIL and mail500 delivery agent


>My organization has thousands of users.  In an attempt to make management
>of user accounts easier I have been assigned with creating an LDAP
directory
>service
>for our relay mail server(mail hub).
>
>I want to register all user accouts on the LDAP server which the
>relay mail server(mail hub) will look up for email routing to our three
mail
>servers.
>**That is, the mail hub will refer to LDAP to know to which
>mail host(mail server) it should relay the mail for a particular user**
WHICH
>AT THE SAME
>TIME OFFERS A SECURITY FUNCTION AS MAIL SENT TO OR FROM A USER
>NOT REGISTERED ON THE LDAP SERVER WILL NOT BE RELAYED THE MAIL BY THE
>MAIL HUB** (Below is a basic diagram)
>
>Upon reading the Man pages for mail500 I need to write a base array which
>corresponds my LDAP.  HOWEVER, MY FIRST QUESTION IS
>WHAT OBJECT CLASSES AND ATTRIBUTES DO I USE IN LDAP TO CONTAIN
>THE EMAIL ADDRESS AND MAIL SERVER OF USERS?
>
>At first, I thought I should use the "inetOrgPerson" objectclass as it has
an
>optional "mail" attribute and I thought that putting users of server1 as
one
>ou, and
>users of server2 under another ou.  However, I am confused because the
>example in the man page of mail500 does not use the mail attribute, it uses
>"uid" and "cn".
>Then again, there is a "rfc822mailbox"  which talks about maildrop and
>........!
>
>
>Please guide me in what I should do!  Is mail500 the best option here? and
>how do I set up my LDAP objectclasses and attributes.
>
>Thanks so very much for all your replies ...........I look forward to many
>more!!
>See ya,
>Kristina
>
>
>                                     Internet
>                                        │
>                                        │
>                                        ↓
>┌───┐                ┌───┐
>│          │                │          │
>│          │<-------> │          │
>│          │                │          │
>└───┘                └───┘
>LDAP Server           Mail Hub for Entire Domain(domain.com)
>                           (relays mail for user＠server1.domain.com
etc to
>                        the appropriate server. This case, server1
>                                        │
>                                        │
>                                        ↓
>                                   Mail Server 1 or Mail Server2 or
MailServ
>er3
>
>
>
>The end****
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>At 08:14 99/11/04 -0800, you wrote:
>> At 04:17 PM 11/4/99 +0900, Kristina wrote:
>> >
>> >I was just wondering if I need to recompile Sendmail 8.9.3 to be
>> >able to use the mail500 delivery agent.
>>
>> No.  mail500 is a add-on.  It provides additional handling not
>> offerred by sendmail integrated LDAP code.
>>
>> mail500 understands a messaging schema and uses directory
>> information conforming to this schema to provide services beyond
>> simple mapping.  It knows, for example, that members of a group
>> may be specified by DN and that it must fetch the e-mail address
>> from member entries.
>>
>> Though mail500 is not for everyone, it does provide
>> functionality not found in so-called LDAP-aware MTAs (including
>> sendmail w/ integrated LDAP support).  These MTAs tend to only
>> provide basic mapping services based upon simple ldap searches.
>>
>> The significant drawback to mail500 is that it is not integrated
>> into the MTA.  The means that it must resubmit messages back to
>> the MTA.
>>
>> >Also, how do I configure
>> >OpenLDAP to use the mail500 delivery agent?
>>
>> In OpenLDAP 1.2, mail500 is configured (primarily) by modifying
>> the actual code and recompiling.  This could be considerred by
>> some an additional drawback.
>>
>> In the long term, we hope that such capabilities will integrated
>> directly into MTAs (sendmail or others).  I am still looking for
>> a quality, open-source Directory-enabled MTA.   A directory-enabled
>> MTA would be able to utilize information conforming to a
>> sophisticated messaging schema.  (Again, most open source MTAs are
>> only "LDAP-aware", that is, they can only use LDAP to do simple
>> mappings).
>>
>> Kurt
>>
>>
>>
>> ----
>> Kurt D. Zeilenga              <kurt@boolean.net>
>> Net Boolean Incorporated      <http://www.boolean.net/>
>>
>
Prev by Date: Re: Any Radius servers with "LDAP" backends?
Next by Date: Re: Any Radius servers with "LDAP" backends?
Index(es):
- Chronological
- Thread