 |
Index for
Section 8C |
|
 |
Alphabetical
listing for M |
|
 |
Bottom of
page |
|
MAIL500(8C)
NAME
mail500 - X.500 capable mailer
fax500 - X.500 capable fax delivery agent
SYNOPSIS
/usr/internet/openldap/libexec/mail500 [-d level] [-f mailfrom] [-h
hostname] [-l ldaphost] [-m address] [-v vacationhost]
/usr/internet/openldap/libexec/fax500 [-d level] [-f mailfrom] [-h
hostname] [-l ldaphost] [-m address]
DESCRIPTION
mail500 is an LDAP/X.500-capable mailer, suitable to be invoked from a mail
delivery agent such as sendmail(8). It supports mail to both individuals
and groups. fax500 is an LDAP/X.500-capable facsimile delivery agent. It
utilizes the Internet remote-printing experiment (tpc.int). For more
information on tpc.int, look in /mrose/tpc on ftp.ics.uci.edu, or send mail
to tpc-faq@town.hall.org.
OPTIONS
-dlevel Turn on debugging as defined by level. This option directs
mail500/fax500 to produce various debugging output via the syslog(8)
facility at the LOG_ALERT level.
-f mailfrom
This option tells mail500/fax500 what to set the envelop from address
to when (re)invoking sendmail to deliver mail. mailfrom should be a
valid email address. Normally, this option is passed to
mail500/fax500 via the sendmail.cf(5) mailer definition, and is set to
something like the $f macro.
-l ldaphost
Specify an alternate host on which the LDAP server is running.
-m address
If mail500/fax500 produces a rejection message, this is the address
from which it will com. Normally, this option is passed to
mail500/fax500 via the sendmail.cf(5) mailer definition, and is set to
something like $n@$w (typically, mailer-daemon@hostname).
-v vacationhost
If the vacation facility is operative, this option specifies the host
to which the mail of users who are on vacation should be sent.
HOW MAIL500 AND FAX500 WORK
When mail500/fax500 gets invoked with one or more names to which to deliver
mail, it searches for each name in X.500. Where it searches, and what
kind(s) of search(es) it does are compile-time configurable by changing the
base array in main.c. For example, the configuration we use at U-M is like
this:
Base base[] =
{ "ou=People, o=University of Michigan, c=US", 0
"uid=%s", "cn=%s", NULL,
"ou=System Groups, ou=Groups, o=University of Michigan, c=US", 1
"(&(cn=%s)(associatedDomain=%h))", NULL, NULL,
"ou=User Groups, ou=Groups, o=University of Michigan, c=US", 1
"(&(cn=%s)(associatedDomain=%h))", NULL, NULL,
NULL
};
which means that in delivering mail to "name@umich.edu" mail500/fax500would
do the the following searches, stopping if it finds a match at any step:
subtree search of "ou=People, o=University of Michigan, c=US"
for (uid=name)
subtree search of "ou=People, o=University of Michigan, c=US"
for (cn=name)
subtree search of "ou=System Groups, ou=Groups, o=University of Michigan, c=US"
for (&(cn=name)(associatedDomain=umich.edu))
subtree search of "ou=User Groups, ou=Groups, o=University of Michigan, c=US"
for (&(cn=name)(associatedDomain=umich.edu))
Notice that when specifying a filter %s is replaced by the name, or user
portion of the address while %h is replaced by whatever is passed in to
mail500/fax500 via the -h option (typically the host portion of the
address).
You can also specify whether you want search results that matched because
the entry's RDN matched the search to be given preference or not. At U-M,
we only give such preference in the mail group portion of the searches.
Beware with this option: the algorithm used to decide whether an entry's
RDN matched the search is very simple-minded, and may not always be
correct.
There is currently no limit on the number of areas searched (the base array
can be as large as you want), and an arbitrary limit of 2 filters for each
base. If you want more than that, simply changing the 3 in the typedef for
Base should do the trick.
X.500 SUPPORT
In X.500, there are several new attribute types and one new object class
defined that mail500/fax500 uses. At its most basic, for normal entries
mail500 will deliver to the value(s) listed in the mail attribute of the
entry, and fax500 will attempt to deliver a fax to the telephone number
listed in the facsimileTelephoneNumber attribute. For example, at U-M my
entry has the attribute
mail= tim@terminator.rs.itd.umich.edu
So mail sent to tim@umich.edu will be delivered via mail500 to that address
(assuming the sendmail.cf(5) file is set up to call mail500 for mail to
somebody@umich.edu - see below). If there were multiple values for the
mail attribute, multiple copies of the mail would be sent.
In the case of fax500,ifmyentryhas
facsimileTelephoneNumber= +1 313 764 5140
A message sent to tim@fax.umich.edu (assuming the sendmail.cf file is set
up to pass mail @fax.umich.edu to fax500- see below) will generate a
message to remote-printer.Timothy_A_Howes@0.4.1.5.4.6.7.3.1.3.1.tpc.int.
A new object class, rfc822MailGroup, and several new attributes have been
defined to handle email groups/mailing lists. To use this, you will need
to add this to your local oidtable.oc:
# object class for representing rfc 822 mailgroups
rfc822MailGroup: umichObjectClass.2 : \
top : \
cn : \
rfc822Mailbox, member, memberOfGroup, owner, \
errorsTo, rfc822ErrorsTo, requestsTo, rfc822RequestsTo, \
joinable, associatedDomain, \
description, multiLineDescription, \
userPassword, krbName, \
telecommunicationAttributeSet, postalAttributeSet
And you will need to add these to your local oidtable.at:
# attrs for rfc822mailgroups
multiLineDescription: umichAttributeType.2 : CaseIgnoreList
rfc822ErrorsTo: umichAttributeType.26 : CaseIgnoreIA5String
rfc822RequestsTo: umichAttributeType.27 : CaseIgnoreIA5String
joinable: umichAttributeType.28 : Boolean
memberOfGroup: umichAttributeType.29 : DN
errorsTo: umichAttributeType.30 : DN
requestsTo: umichAttributeType.31 : DN
The idea was to define a kind of hybrid mail group that could handle people
who were in X.500 or not. So, for example, members of a group can be
specified via the member attribute (for X.500 members) or the rfc822MailBox
attribute (for non-X.500 members). Similarly for the errorsTo and
rfc822ErrorsTo, and the requestsTo and rfc822RequestsTo attributes.
To create a real mailing list, with a list maintainer, all you have to do
is create an rfc822MailGroup and fill in the errorsTo or rfc822ErrorsTo
attributes (or both). That will cause any errors encountered when
delivering mail to the group to go to the addresses listed (or X.500 entry
via it's mail attribute).
If you fill in the requestsTo or rfc822RequestsTo (or both) attributes,
mail sent to groupname-request will be sent to the addresses listed there.
If you fill in the owner attribute, mail sent to groupname-owner will be
sent to the addresses listed there. mail500 does this automatically, so
you don't have to explicitly add the groupname-request or groupname-owner
aliases to your group.
To allow users to join a group, there is the joinable flag. If TRUE,
mail500 will search for entries that have a memberOfGroup attribute equal
to the DN of the group, using the same algorithm it used to find the group
in the first place (i.e. the DNs and filters listed in the base array).
This allows people to join (or subscribe to) a group without having to
modify the group entry directly. If joinable is FALSE, the search is not
done.
SENDMAIL CONFIGURATION
The idea is that you might have a rule like this in your sendmail.cf file
somewhere in rule set 0:
R$*<@umich.edu>$* $#mail500$@umich.edu$:<$1>
R$*<@fax.umich.edu>$* $#fax500$@fax.umich.edu$:<$1>
These rules say that any address that ends in @umich.edu will cause the
mail500 mailer to be called to deliver the mail, and any address that ends
in @fax.umich.edu will cause the fax500 mailer to be called. You probably
also want to do something to prevent addresses like
terminator!tim@umich.edu or tim%terminator.rs.itd.umich.edu@umich.edu from
being passed to mail500. At U-M, we do this by adding rules like this to
rule set 9 where we strip off our local names:
R<@umich.edu>$*:$* $>10<@>$1:$2
R$+%$+<@umich.edu> $>10$1%$2<@>
R$+!$+<@umich.edu> $>10$1!$2<@>
Of course, you would substitute your domain name for umich.edu in the above
examples. See the sample sendmail.cf file in the ldap source directory
clients/mail500/ for more details.
The mail500 and fax500 mailers should be defined similar to this in the
sendmail.cf file:
Mmail500, P=/usr/internet/openldap/libexec/mail500, F=DFMSmnXuh, A=mail500 -f $f -h $h -m $n@$w $u
Mfax500, P=/usr/internet/openldap/libexec/fax500, F=DFMSmnXuh, A=fax500 -f $f -h $h -m $n@$w $u
This defines how mail500/fax500 will be treated by sendmail and what
arguments it will have when it's called. The various flags specified by
the F=... parameter are explained in your local sendmail book (with any
luck). The arguments to mail500/fax500 are as defined under OPTIONS above.
The final argument $u is used to stand for the addresses to which to
deliver the mail.
NOTES
The default values for several #defines that control how mail500 and fax500
works are configured at compile time in the include/ldapconfig.h.edit
include file. You should edit this file to suit your site.
BUGS
mail500/fax500 should use the ldap_getfilter(3) facility, instead of
compiling in the search filters to use. This is shameful.
The support for joinable groups (searching to find members who have set
something in their own entry) is really a hack because we did not have good
enough access control to allow people to add and delete themselves from the
group itself.
At one point, mail500 and fax500 were exactly the same binary, and would
behave appropriately based on how they were invoked. Unfortunately,
several new features (e.g. vacation support) were added to mail500 but not
to fax500.
SEE ALSO
ldap(3), sendmail.cf(5), sendmail(8),
ACKNOWLEDGEMENTS
OpenLDAP is developed and maintained by The OpenLDAP Project
(http://www.openldap.org/). OpenLDAP is derived from University of
Michigan LDAP 3.3 Release.
|
Index for
Section 8C |
|
|
Alphabetical
listing for M |
|
 |
Top of
page |
|