1 / 28

LDAP-Based Mail Routing Using Linux

LDAP-Based Mail Routing Using Linux. David Boyes Sine Nomine Associates Session L53. Presentation File Location. This presentation is not available on the IBM WWW site. It can be downloaded from: http://www.sinenomine.net/downloads/. Agenda. Why Do LDAP-based Mail Routing?

cecily
Télécharger la présentation

LDAP-Based Mail Routing Using Linux

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. LDAP-Based Mail RoutingUsing Linux David Boyes Sine Nomine Associates Session L53

  2. Presentation File Location This presentation is not available on the IBM WWW site. It can be downloaded from: http://www.sinenomine.net/downloads/

  3. Agenda • Why Do LDAP-based Mail Routing? • What Software is Needed • What do the LDAP schemas look like? • Example Implementation with sendmail

  4. Why Do LDAP-Based Mail Routing • As organizations grow and change, user information and mailbox location often migrates between systems • Chaotic behaviour • Lost mail • Lost productivity • Multiple mailbox systems • Merger of authentication sources

  5. Why? • LDAP becoming the basis for majority of enterprise directory servers • Flexible implementation • User-defined attributes • Ubiquitous application client support • Trend toward “self-service” personal information management

  6. Why? • LDAP based mail routing allows a central directory service to control the flow of mail delivery within an organization w/o hard-coded tables. • Simple to implement • Easy to change (if thought out)

  7. Concept

  8. Concept • Mail is delivered to user’s preferred location via SMTP • Preferred location is determined by LDAP lookup • Mail to non-existent users is rejected at mail router; aliases processed as special cases • Mail router also effective point to implement virus scans or spam detection w/o impacting individual mail host performance

  9. What Software is Needed? • A LDAP-enabled mail transfer agent • Sendmail 8.12.x or higher • Postfix • Exim • Qmail (capable, but more difficult) • Berkeley NEWDB code • db-3.2 or higher

  10. What Software is Needed? • A LDAP server • OpenLDAP • Netscape Directory Server • IBM Directory Server • RACF LDAP Support Note that user-defined fields are required to implement mail routing; some of the products listed above make this more difficult than others.

  11. What Software is Needed? • A Linux or Unix system • Debian • SuSE • Red Hat • Other Generic Unix (Solaris, AIX, etc) • USS (possible, but *very* difficult) – last resort

  12. Versions • Most Linux distributions are now shipping sendmail 8.12 as the default sendmail • SuSE 8.x • Red Hat • Debian Even if your distribution ships a LDAP-enabled sendmail RPM, you may need to compile from source to get all the options you want.

  13. Places to Download • www.debian.org • ftp.sendmail.org/pub/sendmail/sendmail8.12.xx.tar.gz • www.sleepycat.com/db/db-3.2.tar.gz

  14. Building sendmail • Too complex to cover here; read README in the code package. • Configuration should include: APPENDDEF(‘confMAPDEF’,’-DLDAPMAP’)APPENDDEF(‘confLIBS’,’-lldap’)

  15. 50,000 ft /etc/sendmail.cf Tutorial • Use the .mc macro files • Create a local.mc file that includes the architecture-specific and vendor specific .mc file (eg, SuSE-generic.mc) • Process local.mc with m4m4 < local.mc > local.cf • Move local.cf into place as /etc/sendmail.cf

  16. Specific Config Options FEATURE(‘ldap_routing’, <mailhost>, <mailRoutingAddress>,<bounce>,<detail>) • Enables LDAP routing code and defines a set of maps to be used for lookups • Looks for “mailRecipient” object class in LDAP entry to identify end user (if not present, entry is an alias)

  17. Example FEATURE(‘ldap_routing’) FEATURE(‘ldap_routing’, \‘ldap –l –v mailHost –k \(&(objectClass=MailRecipient)(mail=&0))’, \‘ldap –l –v mailRoutingAddress –k \(&(objectClass=MailRecipient)(mail=&0))’, \‘’, ‘’)dnl

  18. Mailhost/mailRoutingAddress

  19. ALIAS_FILE • Defines location of alias file and lookups • LDAP with traditional alias file as backup Example: define(‘ALIAS_FILE’, ‘ldap:-k \(&(objectClass=mailGroup)(!(objectClass=nisMap))\ (mail=&0)) –v mgrpRFC822MailMember,/etc/mail/aliases’)dnl

  20. Aliases • LDAP entries w/o mailRecipient class in LDAP are considered aliases • Fallback to /etc/mail/aliases in case LDAP not available.

  21. LDAPROUTE_DOMAIN • Primary o= value for domain to be handled by LDAP LDAPROUTE_DOMAIN(‘foobar.com’)dnl dnl LDAPROUTE_DOMAIN(‘/etc/mail/ldap-route’) dnl

  22. Specifying LDAP Servers define (‘confLDAP_DEFAULT_SPEC’, \‘-p 389 –h ‘ldap1 ldap2 ldap3’ \-b o=foobar.com’)dnl • Specify ldap search options • note multiple server hosts in –h list • -b indicates point in LDAP schema to begin search for attributes

  23. Example LDAP Entry dn: uid=dboyes, ou=People, o=foobar.comobjectclass:top objectclass:person objectclass:organizationalPerson objectclass:inetOrgPerson objectclass:mailRecipient uid:dboyes sn:Boyes cn:David Boyes mail:dboyes@foobar.com mailroutingaddress:dboyes@mail.va.foobar.com mailhost:mail.va.foobar.com

  24. Example Alias Entry dn: cn=alias, ou=aliases, ou=sendmail, ou=services, o=foobar.comobjectclass:topobjectclass:mailGroupcn:aliasmail:aliasmailhost:mail.va.foobar.commgrprfc822mailmember:alias@mail.va.foobar.com

  25. An Example Implementation dnl # example # dnldivert(0)dnlVERSIONID(‘$id, mailbox.mc, v 8.12.1 $’)OSTYPE(‘debian-linux’)dnlEXPOSED_USER(‘root’)dnlDOMAIN(‘generic’)dnlFEATURE(‘ldap_routing’, \‘ldap –l –v mailHost –k \(&(objectClass=MailRecipient)(mail=&0))’, \‘ldap –l –v mailRoutingAddress –k \(&(objectClass=MailRecipient)(mail=&0))’, \‘’, ‘’)dnl define(‘ALIAS_FILE’, ‘ldap:-k \(&(objectClass=mailGroup)(!(objectClass=nisMap))\ (mail=&0)) –v mgrpRFC822MailMember,/etc/mail/aliases’)dnl define(‘confLDAP_DEFAULT_SPEC’,’-p 389 –h “ldap1 ldap2 ldap3” –b o=foobar.com’)dnl LDAPROUTE_DOMAIN(‘foobar.com’)dnl

  26. Questions

  27. Contact Info David Boyes Sine Nomine Associates dboyes@sinenomine.net www.sinenomine.net

More Related