Presentation is loading. Please wait.

Presentation is loading. Please wait.

LDAP-Based Mail Routing Using Linux David Boyes Sine Nomine Associates Session L53.

Published byClemence Chapman Modified over 9 years ago

Similar presentations

Presentation on theme: "LDAP-Based Mail Routing Using Linux David Boyes Sine Nomine Associates Session L53."— Presentation transcript:

1 LDAP-Based Mail Routing Using Linux David Boyes Sine Nomine Associates Session L53

2 Presentation File Location This presentation is not available on the IBM WWW site. It can be downloaded from: http://www.sinenomine.net/downloads/

3 Agenda Why Do LDAP-based Mail Routing? What Software is Needed What do the LDAP schemas look like? Example Implementation with sendmail

4 Why Do LDAP-Based Mail Routing As organizations grow and change, user information and mailbox location often migrates between systems Chaotic behaviour Lost mail Lost productivity Multiple mailbox systems Merger of authentication sources

5 Why? LDAP becoming the basis for majority of enterprise directory servers Flexible implementation User-defined attributes Ubiquitous application client support Trend toward “ self-service ” personal information management

6 Why? LDAP based mail routing allows a central directory service to control the flow of mail delivery within an organization w/o hard- coded tables. Simple to implement Easy to change (if thought out)

7 Concept

8 Mail is delivered to user ’ s preferred location via SMTP Preferred location is determined by LDAP lookup Mail to non-existent users is rejected at mail router; aliases processed as special cases Mail router also effective point to implement virus scans or spam detection w/o impacting individual mail host performance

9 What Software is Needed? A LDAP-enabled mail transfer agent Sendmail 8.12.x or higher Postfix Exim Qmail (capable, but more difficult) Berkeley NEWDB code db-3.2 or higher

10 What Software is Needed? A LDAP server OpenLDAP Netscape Directory Server IBM Directory Server RACF LDAP Support Note that user-defined fields are required to implement mail routing; some of the products listed above make this more difficult than others.

11 What Software is Needed? A Linux or Unix system Debian SuSE Red Hat Other Generic Unix (Solaris, AIX, etc) USS (possible, but *very* difficult) – last resort

12 Versions Most Linux distributions are now shipping sendmail 8.12 as the default sendmail SuSE 8.x Red Hat Debian Even if your distribution ships a LDAP-enabled sendmail RPM, you may need to compile from source to get all the options you want.

13 Places to Download www.debian.org ftp.sendmail.org/pub/sendmail/sendmail8. 12.xx.tar.gz ftp.sendmail.org/pub/sendmail/sendmail8. 12.xx.tar.gz www.sleepycat.com/db/db-3.2.tar.gz

14 Building sendmail Too complex to cover here; read README in the code package. Configuration should include: APPENDDEF(‘confMAPDEF’,’-DLDAPMAP’) APPENDDEF(‘confLIBS’,’-lldap’)

15 50,000 ft /etc/sendmail.cf Tutorial Use the.mc macro files Create a local.mc file that includes the architecture-specific and vendor specific.mc file (eg, SuSE-generic.mc) Process local.mc with m4 m4 local.cf Move local.cf into place as /etc/sendmail.cf

16 Specific Config Options FEATURE( ‘ ldap_routing ’,,,, ) Enables LDAP routing code and defines a set of maps to be used for lookups Looks for “ mailRecipient ” object class in LDAP entry to identify end user (if not present, entry is an alias)

17 Example FEATURE( ‘ ldap_routing ’ ) FEATURE(‘ldap_routing’, \ ‘ldap –l –v mailHost –k \ (&(objectClass=MailRecipient)(mail=&0))’, \ ‘ldap –l –v mailRoutingAddress –k \ (&(objectClass=MailRecipient)(mail=&0))’, \ ‘’, ‘’)dnl

18 Mailhost/mailRoutingAddress Mailhost ismailRouting Address is Result Set to “ local ” host SetMail delivered to MRA Set to “ local ” host Not SetDelivered to original address Set to remote hostSetMRA relayed to mailhost Set to remote hostNot setOriginal address relayed to mailhost Not setSetMail delivered to MRA Not set Bounced

19 ALIAS_FILE Defines location of alias file and lookups LDAP with traditional alias file as backup Example: define(‘ALIAS_FILE’, ‘ldap:-k \ (&(objectClass=mailGroup)(!(objectClass=nisMap))\ (mail=&0)) –v mgrpRFC822MailMember,/etc/mail/aliases’)dnl

20 Aliases LDAP entries w/o mailRecipient class in LDAP are considered aliases Fallback to /etc/mail/aliases in case LDAP not available.

21 LDAPROUTE_DOMAIN Primary o= value for domain to be handled by LDAP LDAPROUTE_DOMAIN(‘foobar.com’)dnl dnl LDAPROUTE_DOMAIN(‘/etc/mail/ldap-route’) dnl

22 Specifying LDAP Servers define (‘confLDAP_DEFAULT_SPEC’, \ ‘-p 389 –h ‘ldap1 ldap2 ldap3’ \ -b o=foobar.com’)dnl Specify ldap search options note multiple server hosts in –h list -b indicates point in LDAP schema to begin search for attributes

23 Example LDAP Entry dn: uid=dboyes, ou=People, o=foobar.com objectclass:top objectclass:person objectclass:organizationalPerson objectclass:inetOrgPerson objectclass:mailRecipient uid:dboyes sn:Boyes cn:David Boyes mail:dboyes@foobar.com mailroutingaddress:dboyes@mail.va.foobar.com mailhost:mail.va.foobar.com

24 Example Alias Entry dn: cn=alias, ou=aliases, ou=sendmail, ou=services, o=foobar.com objectclass:top objectclass:mailGroup cn:alias mail:alias mailhost:mail.va.foobar.com mgrprfc822mailmember:alias@mail.va.foobar.com

25 An Example Implementation dnl # example # dnl divert(0)dnl VERSIONID(‘$id, mailbox.mc, v 8.12.1 $’) OSTYPE(‘debian-linux’)dnl EXPOSED_USER(‘root’)dnl DOMAIN(‘generic’)dnl FEATURE(‘ldap_routing’, \ ‘ldap –l –v mailHost –k \ (&(objectClass=MailRecipient)(mail=&0))’, \ ‘ldap –l –v mailRoutingAddress –k \ (&(objectClass=MailRecipient)(mail=&0))’, \ ‘’, ‘’)dnl define(‘ALIAS_FILE’, ‘ldap:-k \ (&(objectClass=mailGroup)(!(objectClass=nisMap))\ (mail=&0)) – v mgrpRFC822MailMember,/etc/mail/aliases’)dnl define(‘confLDAP_DEFAULT_SPEC’,’-p 389 –h “ldap1 ldap2 ldap3” –b o=foobar.com’)dnl LDAPROUTE_DOMAIN(‘foobar.com’)dnl

26 Questions

27 Contact Info David Boyes Sine Nomine Associates dboyes@sinenomine.net www.sinenomine.net

28

Download ppt "LDAP-Based Mail Routing Using Linux David Boyes Sine Nomine Associates Session L53."

Similar presentations

IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – 6.0.1 Domino Access for MS Outlook - Notes Domino.

IBM Software Group ® Accessing Domino via Outlook iNotes Access for Microsoft Outlook - Notes Domino 5.5 – Domino Access for MS Outlook - Notes Domino.
1 Linux Networking and Security Chapter 2. 2 Configuring Basic Networking Describe how networking devices differ from other Linux devices Configure Linux.

1 Linux Networking and Security Chapter 2. 2 Configuring Basic Networking Describe how networking devices differ from other Linux devices Configure Linux.
Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.

Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.
Email Server Upgrade From UW to Cyrus. What is an IMAP Server? Provides access to your mail messages stored on the mail server Requires authentication.

Server Upgrade From UW to Cyrus. What is an IMAP Server? Provides access to your mail messages stored on the mail server Requires authentication.
Directory & Naming Services CS-328 Dick Steflik. A Directory.

Directory & Naming Services CS-328 Dick Steflik. A Directory.
Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.

Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.
Security SIG: Introduction to Tripwire Chris Harwood John Ives.

Security SIG: Introduction to Tripwire Chris Harwood John Ives.
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.

What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.

Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.
Guide to Operating System Security Chapter 10 E-mail Security.

Guide to Operating System Security Chapter 10 Security.
2440: 141 Web Site Administration Email Services Instructor: Enoch E. Damson.

2440: 141 Web Site Administration Services Instructor: Enoch E. Damson.
Tripwire Enterprise Server – Getting Started Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006.

Tripwire Enterprise Server – Getting Started Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006.
WebReport/400 TCP/IP Configuration Presented by Kisco Information Systems.

WebReport/400 TCP/IP Configuration Presented by Kisco Information Systems.
E-mail-I CS-3505 Wb_e-mail-I.ppt. Email 4 The most useful feature of the internet 4 Lots of different email programs, but most of them can talk to each.

-I CS-3505 Wb_ -I.ppt. 4 The most useful feature of the internet 4 Lots of different programs, but most of them can talk to each.
HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,

HalFILE 3.0 Active Directory Integration. halFILE 3.0 AD – What is it? Centralized organization of network objects and security – servers, computers,
Exchange 2010 Recipient and Mailbox Management IT:Network:Applications.

Exchange 2010 Recipient and Mailbox Management IT:Network:Applications.
1 Linux Networking and Security Chapter 3. 2 Configuring Client Services Configure DNS name resolution Configure dial-up network access using PPP Understand.

1 Linux Networking and Security Chapter 3. 2 Configuring Client Services Configure DNS name resolution Configure dial-up network access using PPP Understand.
Hosted Exchange 2007. The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.

Hosted Exchange The purpose of this Startup Guide is to familiarize you with ExchangeDefender's Exchange and SharePoint Hosting. ExchangeDefender.
DNS & Mail in the DMZ Jason Heiss Collective Technologies

DNS & Mail in the DMZ Jason Heiss Collective Technologies
Microsoft System Center 2012 Configuration Manager SP1 Overview Russ Rimmerman Senior Premier Field Engineer Microsoft Corporation Matthew Hudson, MVP.

Microsoft System Center 2012 Configuration Manager SP1 Overview Russ Rimmerman Senior Premier Field Engineer Microsoft Corporation Matthew Hudson, MVP.

Similar presentations

Ads by Google