Sendmail Question.
William Burns
William.Burns at AEROFLEX.COM
Mon Jun 14 20:26:00 IST 2004
Douglas:
Does this mean that you've found your solution, or not?
I *think* that mailLocalAddress is a single-value field. If so, this
still doesn't work for aliases. (unless you modify your schema)
I agree (if that's what you're saying) that there's much confusion in
the LDAP "laser" standard. The last time I looked at that stuff, I found
many debates about how it (and various attributes within it) should be used.
Here's what I've got working on a Suse9 machine, in the linux.mc file:
> define(`confLDAP_DEFAULT_SPEC', `-h "ldap4.mydomain.com
ldap1.mydomain.com ldap2.mydomain.com" -b "dc=mail,dc=mydomain,dc=com"')dnl
> LDAPROUTE_DOMAIN(`mydomain.com')dnl
> FEATURE(`ldaprouting', `', `ldap -1 -v mailRoutingAddress -k
(|(mail=%0)(mailAlternateAddress=%0))', `bounce')dnl
So... I'm doing a single query on mailAlternateAddress, which is really
intended by "laser" to be used for aliases. But, the query that I'm
doing is a sendmail "routing" query.
This way, the "standard" laser schema will allow me to put in multiple
user names (email addresses) for a single user. Sendmail will always
query w/ a single value for mailAlternateAddress. The ldap server will
return a (single) mailRoutingAddress for whichever record matches that
mailAlternateAddress, and everyone's happy.
The effect is that the sendmail ldaprouting feature is now "expanding"
my aliases.
Note: you must ensure that no two user objects contain an identical
value for mailAlternateAddress. If there is a conflict like this, an
LDAP query on that mailAlternateAddress will fail.
When sendmail does a successful LDAP query, it's behavior is to change
the address (in the QF file) that each particular message is being sent
to. This is transparent to the recipient because the recipient's mail
client shows him the "to" address from the "DF" file.
Note: This particular sendmail query (ldaprouting) assumes that it will
be routing mail to other mail servers having their own subdomains. (as
in your case) There is another kind of query to use when all mail
servers are hosting the same domain. (I believe that this requires each
mail server to have the ability to do an LDAP query, or forward mail to
unknown users to an LDAP enabled server.
-Bill
Douglas Willis wrote:
> I've got the aliases in the LDAP database but the expansion occurs after
> the LDAP lookup.
>
> The LDAP lookup is made using the following query to return the
> mailRoutingAddress value.
>
> (&(objectClass=inetLocalMailRecipient)(mailLocalAddress=%0))
>
> If this lookup does not suceed then an error `user unknown' is generated
> and sendmail passes the delivery to the error handler rather than the
> local mailer. The mailer is the thing that does the alias expansion
> before delivery. I've tried the F=A option on the mailers but because
> of the error thay never get the option to do the lookups.
>
> The solution seems to be to addd the inetLocalMailRecipient object to
> the alias entry. Then add the mailRoutingAddress value pointing to
> alias at mail.nerc-bas.ac.uk with the mailLoaclAddress equal to
> alias at bas.ac.uk. This is a little messy as the sendmail schema for maps
> allows each to be tailered to either a cluster and/or a host specific
> entry while the LDAP mail routing is not targeted in the same way.
>
> The LDIF entry would look like this.
>
> # Entry 1: cn=admin,ou=Aliases,dc=nerc-bas,dc=ac,dc=uk
> dn:cn=admin,ou=Aliases,dc=nerc-bas,dc=ac,dc=uk
> objectClass: top
> objectClass: sendmailMTA
> objectClass: sendmailMTAAlias
> objectClass: sendmailMTAAliasObject
> objectClass: inetLocalMailRecipient
> sendmailMTAAliasGrouping: aliases
> sendmailMTACluster: Servers
> sendmailMTAKey: admin
> sendmailMTAAliasValue: unixadmin
> mailRoutingAddress: admin at mail.nerc-bas.ac.uk
> mailLocalAddress: admin at bas.ac.uk
>
> William Burns wrote:
>
>> Douglas:
>>
>> In my location, we enter all the aliases into the LDAP database.
>>
>> -Bill
>>
>> Douglas Willis wrote:
>>
>>> The problem I have is when I setup sendmail with
>>> FEATURE('ldap_routing,,,bounce) it will only accept mail for users in
>>> the LDAP database and does not do the alias expansion.
>>>
>>> Is there a way to get the alias expansion done before the LDAP lookup?
>>>
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list