Getting Email List from Windows Domain
David C.M. Weber
david.weber at BACKBONESECURITY.COM
Fri Feb 25 15:20:25 GMT 2005
A day late, but I had problems w/ my configuration.
On the windows side, I have an ASP script which I installed on my
Exchange box, and made a virtual IIS directory. I named the file,
default.asp. Here are the contents:
---------Start File--------------
<%
' Written by David CM Weber (rotinom at gmail dot com)
' This code is freely distributable
'
' This script (when used with the appropriate client portion) will allow
a
' sendmail/Linux box to retrieve all valid email addresses within an
Exchange
' organization. It will then place them into a format appropriate for
sendmail
' to use as an access list
' Start of the "main" function
' All this does, is essentially access the Active Directory via
LDAP, and get
' a handle to the tree, so that objects can be examined and
iterated through.
Dim rootDSE, domainObject
Set rootDSE = GetObject("LDAP://RootDSE")
domainContainer = rootDSE.Get("defaultNamingContext")
Set domainObject = GetObject("LDAP://" & domainContainer)
' Export the users
ExportEmail(domainObject)
' End of the "main" function
' This is the guts of the whole program. This will recursively
' search the entire active directory tree, and print out emails
' which are associated with either user objects, or group objects
' oObject will either be an Organizational Unit (OU) or a Container
Sub ExportEmail(oObject)
Dim oUser
' iterate through each sub-object in this object
For Each oUser in oObject
Select Case oUser.Class
' Is it a user object?
Case "user"
' Just verify that it is a user w/ an
email box
If oUser.mail <> "" then
for each email in
oUser.proxyAddresses
print_email(email)
next
End if
'Is it a group object?
Case "group"
' Verify whether it is a mail-enabled
group
If oUser.mailNickname <> "" then
for each email in
oUser.proxyAddresses
print_email(email)
next
End if
' If it is an OU or a container
Case "organizationalUnit" , "container"
' Check to see if there are any users or
groups in the
' container
If UsersGroupsinOU (oUser) then
' Call the ExportEmail function
recursively
ExportEmail(oUser)
End if
End select
Next
End Sub
' This function will print out an email address stored in an objects
"proxyAddresses" fields
Function print_email(email)
' We are only interested in SMTP email addresses. Not X400,
MSMail, etc.
' So, we only parse the SMTP addresses
if Instr(email, "SMTP:") <> 0 or Instr(email, "smtp:") <> 0
then
dim n, e
' locate the ":"
n = InStr(1, email, ":", 1)
' Cut off everything to the right of the ":"
e = Right(email, Len(email) - n)
'Write the results to the HTML document. The format is:
' email at address.com <tab> <tab> ACCEPT <LF>
' in an attempt to make it semi-legible.
response.write("To:" & e & Chr(9) & Chr(9) & "RELAY" &
Chr(10))
end if
end function
' This function determines whether there is an object of interest within
a
' container/OU object. Objects of interest are:
' OU's
' Containers
' Groups
' Users
'
' OU's and Groups will cause a recursive call to the function, whereas a
' group or user will simply return an affirmative (true) result.
Function UsersGroupsinOU (oObject)
Dim oUser
UsersGroupsinOU = False
for Each oUser in oObject
Select Case oUser.Class
Case "organizationalUnit" , "container"
UsersGroupsinOU = UsersGroupsinOU(oUser)
Case "user"
UsersGroupsinOU = True
Case "group"
UsersGroupsinOU = True
End select
Next
End Function
%>
----------End File--------------
This works with a linux bash script, which pulls this information down,
and formats it the way that the access file requires it. It uses a
"access_header" file, to prepend any static information to the beginning
(such as the contents of your existing access file). I set up a cron
job to run this script every 15 minutes. See the defines at the
beginning of the script for any requirements that you may have.
-------Begin Linux Script------------
#gen_email.sh
#
# Written by David CM Weber (rotinom at gmail dot com)
# This code is freely distributable
#
# This will generate an access file based on email addresses
# found on an exchange "back end" server.
#
# Please see the companion script for the exchange
# server portion.
# The location of the companion asp script (on some windows domain
controller)
email_http_location="https://exchange_server_name/EmailList/default.asp"
# the name of the file that you are downloading
dl_filename="/etc/mail/update/default.asp"
# the name of the "old" file that you wish to use (for caching of email
addresses)
dl_filename_old="/etc/mail/update/default.asp.old"
# Location of the access file (usually /etc/mail/access)
access_file="/etc/mail/access"
# location of the access.db file (usually /etc/mail/access/access.db)
access_db="/etc/mail/access.db"
# Location of the old "real" access file. Use this to add manual
"blacklists"
# and to make otherwise static changes to the access file
access_header="/etc/mail/access_header"
# Warning to put at the top of the created access file
header_warning="#*** WARNING! DO NOT EDIT THIS FILE DIRECTLY!
***\n#Instead, edit $access_header to make your changes\n\n\n"
# Separator to place between the static & dynamic content of the access
file
separator="\n\n# --- BEGIN ADDRESSES AUTOMATICALLY GATHERED FROM
EXCHANGE SERVER ---"
# ------------ Begin Script --------------
# Retrieve the asp results
wget -O $dl_filename $email_http_location &> /dev/null
# compare the old & new email list
cmp $dl_filename $dl_filename_old &> /dev/null
if [ $? -eq 0 ] # Test exit status of "cmp" command.
then
# No changes to the email file
exit
else
# General note: > overwrites a current or createsa new file,
# and >> appends an existing one
# Insert the warning text
echo -e $header_warning > $access_file
# Insert the static content
cat $access_header >> $access_file
# Insert the separator
echo -e $separator >> $access_file
# Insert the dynamic content
cat $dl_filename >> $access_file
# Move the new content over the old content
mv -f $dl_filename $dl_filename_old &> /dev/null
# Create the access.db file based on the access file
makemap hash $access_db < $access_file
Fi
----------End Linux Script---------------------
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list