[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Antwort: Re: Antwort: Re: Re: LDAP and sendmail

To: Masiar Ighani <MIGHANI@debis.com>
Subject: Re: Antwort: Re: Antwort: Re: Re: LDAP and sendmail
From: Stuart Lynne <sl@fireplug.net>
Date: Fri, 5 Mar 1999 10:51:49 -0800
Cc: openldap-general@OpenLDAP.org
In-reply-to: <4125672B.003D4B7A.00@mail1.ac2.dsh.de>; from Masiar Ighani on Fri, Mar 05, 1999 at 12:16:12PM +0100
References: <4125672B.003D4B7A.00@mail1.ac2.dsh.de>

On Fri, Mar 05, 1999 at 12:16:12PM +0100, Masiar Ighani wrote:
> 
> Hi Stuart,
> 
> you´re right. Last week i patched qpopper to get his authentification
> information out of LDAP. It was really trivial.
> But what i didn´t understand (until yesterday) was, how can i tell
> sendmail/delivery agent that a given User "XYZ" is on the local machine
> WITHOUT USING /ETC/PASSWD but LDAP instead.
> Now i know that nss_ldap will do. However, i´ll figure it out in the next
> days. Thanks everybody for helping.

Well remember that it is not necessary for all mail or all users to be
considered equal or be treated the same.

Almost all mail of the form user@domain; e.g. sl@fireplug.net; gets
processed by looking the user up in the directory server for the
mailforwarding attribute of the appropriate entry found by searching for a
mail attribute of the value of the original target. 

But mail of the form user@hostname; e.g. sl@nero.fireplug.net; gets
processed by looking the local part of the address up in /etc/passwd. 

So by setting the mailforwarding values appropriately I can have my mail
sent to a pop mail box. For example: 

	pop-sl%fireplug.net@nero.fireplug.net

goes to: /var/mail/fireplug.net/sl

This is accessible only via pop or imap (and generally is unreadable except
to root or mail setuid programs). 

And: sl@nero.fireplug.net

goes to:

	/var/mail/sl

And is accessible via normal mail tools and is readable by the user sl.

Note that I'm using domain and hostname for simplicity in explaining the
concepts. We actually control the flow of the mail delivery via hints
provided either by MX records for the domain or from entries describing the
domain in a directory server. 

I like the MX hints because the mailer has to look up the MX for each domain
regardless of anything else it is going to do. But in some cases you may not
want the openess of DNS MX records (which may be available to anyone who can
interrogate your DNS server) so we also support the same functionality from
the directory where it may be easier to hide from prying eyes.

-- 
Stuart Lynne <sl@fireplug.net>      604-461-7532      <http://edge.fireplug.net>
PGP Fingerprint: 28 E2 A0 15 99 62 9A 00  88 EC A3 EE 2D 1C 15 68

Follow-Ups:
- Built tools on windows NT
  - From: "Ranjan Bagchi" <ranjan.bagchi@pobox.com>

References:
- Antwort: Re: Antwort: Re: Re: LDAP and sendmail
  - From: "Masiar Ighani" <MIGHANI@debis.com>

Prev by Date: Re: Antwort: Re: Antwort: Re: Antwort: Re: Re: LDAP and sendmail
Next by Date: Re: [ldap] newbie
Index(es):
- Chronological
- Thread