[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Virtual users in sendmail (and vacation/.forward support?)




On Thu, 21 Aug 2003, Paul Dlug wrote:

> I'm using sendmail with OpenLDAP integration to handle mail aliases and
> would like to support virtual user accounts (accounts are looked up in
> the LDAP server and mapped to a single local user with delivery via
> procmail). I'm not clear on how this is supposed to work, virtusertable
> seems to be designed to forward mail for a virtual host on to another
> system not deliver it locally. If anyone could provide some explanation
> or examples I would appreciate it.
>
> Also, is anyone aware of a mechanism for supporting vacation messages
> and basic forwarding from LDAP? I'd like to provide an interface for my
> users to set an away message or forward their mail. It would be easy to
> write a quick web app to do this but I need the support in the MTA for
> it.
>
>
> Thanks,
> Paul
>

I can help with the first part, I have this working now.  Not in
production yet, but on a test machine.

My ldap is setup like this (I changed some of it to make it generic).

dn: uid=dusty,ou=users,dc=mydomain,dc=com
objectClass: inetorgperson
objectClass: posixaccount
cn: Dustin Doris
sn: Doris
labeledURI: http://www.mydomain.com/~dusty
telephoneNumber: 333-333-3333
uid: dusty
loginShell: /usr/local/bin/bash
uidNumber: 1001
gidNumber: 1001
homeDirectory: /home/dusty
gecos: Dustin Doris
userPassword:: e2NyeXB0fSQxJFBmNXNCNS5KJERhN25aLnIyWVpjWFFUNFE1VUNHNzA=
mail: dusty@mydomain.com
mail: monkey@mydomain.com
mail: test@myotherdomain.com

In my sendmail.mc I have added the following:  Comments w/ *.

define(confLDAP_DEFAULT_SPEC, '-h localhost')dnl
  *that defines what ldap server to use
FEATURE(`ldap_routing')dnl
  *enable ldap routing
FEATURE(virtusertable, `ldap: -k (&(objectclass=posixaccount)(mail=%0)) -v
uid -b "ou=users,dc=mydomain,dc=com"')dnl
  *the virtuser table
FEATURE(genericstable, `ldap: -k (&(objectclass=posixaccount)(uid=%0)) -v
mail -b "ou=users,dc=mydomain,dc=com"')dnl
  *the genericstable

So here is what happens.

When an email comes in, sendmail will lookup the user it is to: in the
ldap virtusertable.  So say it comes in to monkey@mydomain.com, that
correspons to %0 in the virtusertable part.  So it will do an ldapsearch
for (&(objectclass=posixaccount)(mail=monkey@mydomain.com)), looking for
the uid, which is the -v part, in the base of ou=users,dc=mydomain,dc=com.
Ldap will return the uid of dusty and that is where the mail will be
delivered, to the local user dusty.

Then when a message is going out, it will use genericstable.  Say dusty
sends an email out.  Then dusty is the %0 part and it will look to ldap
for (&(objectclass=posixaccount)(uid=dusty)), looking for the mail entry
(-v mail) in the base of ou=users,dc=mydomain,dc=com.  I have three mail
entries in there, but (in my experience) sendmail will take just the first
entry.  So in this case it will rewrite to say it is from
dusty@mydomain.com.  If I would rather have it rewrite to something else,
then I change the order of those entries.  No idea if that is correct, but
its working for me in my tests.

Now, I have the rest in files, but you can put those in ldap as well.  The
links at the end show you how.
define(`ALIAS_FILE', `/etc/mail/aliases')dnl
FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')dnl
FEATURE(masquerade_envelope)dnl
GENERICS_DOMAIN_FILE(`/etc/mail/genericsdomain')dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl

That is not the total mc file, but a good start for you.  Here are some
handy links that explain how to put it in ldap.

http://www.sendmail.org/m4/ldap_routing.html
http://www.sendmail.org/m4/ldap.html

Hope that helps!

-Dustin Doris