1 This is the README file for mail500, a mailer that does directory
2 lookups via LDAP. The name is historical and refers to X.500.
4 If you are planning to run mail500 at your site, there are several
5 things you will have to tailor in main.c:
7 LDAPHOST - The host running an LDAP server
9 base[] - The array telling mail500 where/how to search for
10 things. See the explanation below.
12 *** WHAT mail500 DOES: ***
14 mail500 is designed to be invoked as a mailer (e.g., from sendmail),
15 similar to the way /bin/mail works. It takes a few required arguments
16 and then a list of addresses to deliver to. It expects to find the
17 message to deliver on its standard input. It looks up the addresses in
18 directory to figure out where to route the mail, and then execs sendmail
19 to do the actual delivery. It supports simple aliases, groups, and
20 mailing lists, the details of which are given below.
22 *** HOW IT WORKS (from the sendmail side): ***
24 The idea is that you might have a rule like this in your sendmail.cf
25 file somewhere in rule set 0:
27 R$*<@example.com>$* $#mail500$@example.com$:<$1>
29 This rule says that any address that ends in @example.com will cause the
30 mail500 mailer to be called to deliver the mail. You probably also want
31 to do something to prevent addresses like uuhost!user@example.com or
32 user%host@example.com from being passed to mail500. This can be done by
33 adding rules like this to rule set 9 where we strip off our local names:
35 R<@example.com>$*:$* $>10<@>$1:$2
36 R$+%$+<@example.com> $>10$1%$2<@>
37 R$+!$+<@example.com> $>10$1!$2<@>
39 See the sample sendmail.cf in this directory for more details.
40 For sendmail 8.9 (and later) users can use MAILER(mail500) if
41 mail500.m4 is placed within sendmail's cf/mailer directory.
43 The mail500 mailer should be defined similar to this in the
46 Mmail500, P=/usr/local/etc/mail500, F=DFMSmnXuh, A=mail500 -f $f -h $h -m $n@$w $u
48 This defines how mail500 will be treated by sendmail and what
49 arguments it will have when it's called. The various flags specified
50 by the F=... parameter are explained in your local sendmail book (with
51 any luck). The arguments to mail500 are as follows:
53 -f Who the mail is from. This will be used as the address
54 to which any errors should be sent (unless the address
55 specifies a mailing list - see below). Normally, sendmail
56 defines the $f macro to be the sender.
58 -h The domain for which the mail is destined. This is passed
59 in to mail500 via the $h macro, which is set by the
60 $@ metasymbol in the rule added to rule set 0 above.
61 It's normally used when searching for groups.
63 -m The mailer-daemon address. If errors have to be sent,
64 this is the address they will come from. $n is normally
65 set to mailer-daemon and $w is normally the local host
68 The final argument $u is used to stand for the addresses to which to
71 *** HOW IT WORKS (from the mail500 side): ***
73 When mail500 gets invoked with one or more names to which to
74 deliver mail, it searches for each name in LDAP. Where it searches,
75 and what kind(s) of search(es) it does are compile-time configurable
76 by changing the base array in main.c. The configuration:
79 { "ou=People, dc=example, dc=com", 0
80 "uid=%s", "cn=%s", NULL,
81 "ou=System Groups, ou=Groups, dc=example, dc=com", 1
82 "(&(cn=%s)(associatedDomain=%h))", NULL, NULL,
83 "ou=User Groups, ou=Groups, dc=example, dc=com", 1
84 "(&(cn=%s)(associatedDomain=%h))", NULL, NULL,
88 means that in delivering mail to "name" mail500 would do the
89 the following searches, stopping if it found anything at any step:
91 Search (18) [2]: dc=com@dc=example@ou=People
92 Search subtree (uid=name)
93 Search (18) [3]: dc=com@dc=example@ou=People
94 Search subtree (cn=name)
96 Search (18) [4]: dc=com@dc=example@ou=Groups@ou=System Groups
97 Search subtree & ((cn=name)(associatedDomain=OpenLDAP.org))
99 Search (18) [5]: dc=com@dc=example@ou=Groups@ou=User Groups
100 Search subtree & ((cn=name)(associatedDomain=example.com))
102 Notice that when specifying a filter %s is replaced by the name,
103 or user portion of the address while %h is replaced by whatever is
104 passed in to mail500 via the -h option (typically the host portion
107 You can also specify whether you want search results that matched
108 because the entry's RDN matched the search to be given preference
109 or not. We only give such preference in the mail group
110 portion of the searches. Beware with this option: the algorithm
111 used to decide whether an entry's RDN matched the search is very
112 simple-minded, and may not always be correct.
114 There is currently no limit on the number of areas searched (the base
115 array can be as large as you want), and an arbitrary limit of 2 filters
116 for each base. If you want more than that, simply changing the 3 in
117 the typedef for Base should do the trick.
119 *** HOW IT WORKS (from the LDAP side): ***
121 In LDAP, there are several new attribute types and one new object
122 class defined that mail500 makes use of. At its most basic, for normal
123 entries mail500 will deliver to the value(s) listed in the
124 rfc822Mailbox attribute of the entry. For example, an entry has
127 mail: user@example.com
129 So mail sent to user@example.com will be delivered via mail500 to that
130 address. If there were multiple values for the mail attribute, multiple
131 copies of the mail would be sent.
133 A new object class, rfc822MailGroup, and several new attributes have
134 been defined to handle email groups/mailing lists. To use this, you
135 will need to add this to your local oidtable.oc:
137 # object class for representing RFC 822 mailgroups
138 rfc822MailGroup: umichObjectClass.2 : \
141 rfc822Mailbox, member, memberOfGroup, owner, \
142 errorsTo, rfc822ErrorsTo, requestsTo, rfc822RequestsTo,
143 joinable, associatedDomain, \
144 description, multiLineDescription, \
145 userPassword, krbName, \
146 telecommunicationAttributeSet, postalAttributeSet
148 And you will need to add these to your local oidtable.at:
150 # attrs for rfc822mailgroups
151 multiLineDescription: umichAttributeType.2 : CaseIgnoreList
152 rfc822ErrorsTo: umichAttributeType.26 : CaseIgnoreIA5String
153 rfc822RequestsTo: umichAttributeType.27 : CaseIgnoreIA5String
154 joinable: umichAttributeType.28 : Boolean
155 memberOfGroup: umichAttributeType.29 : DN
156 errorsTo: umichAttributeType.30 : DN
157 requestsTo: umichAttributeType.31 : DN
159 The idea was to define a kind of hybrid mail group that could handle
160 people who were in LDAP or not. So, for example, members of a group
161 can be specified via the member attribute (for LDAP members) or the
162 rfc822MailBox attribute (for non-LDAP members). Similarly for the
163 errorsTo and rfc822ErrorsTo, and the requestsTo and rfc822RequestsTo
166 To create a real mailing list, with a list maintainer, all you have to
167 do is create an rfc822MailGroup and fill in the errorsTo or
168 rfc822ErrorsTo attributes (or both). That will cause any errors
169 encountered when delivering mail to the group to go to the addresses
170 listed (or LDAP entry via it's mail attribute).
172 If you fill in the requestsTo or rfc822RequestsTo (or both) attributes,
173 mail sent to groupname-request will be sent to the addresses listed
174 there. mail500 does this automatically, so you don't have to explicitly
175 add the groupname-request alias to your group.
177 To allow users to join a group, there is the joinable flag. If TRUE,
178 mail500 will search for entries that have a memberOfGroup attribute
179 equal to the DN of the group, using the same algorithm it used to find
180 the group in the first place (i.e. the DNs and filters listed in the
181 base array). This allows people to join (or subscribe to) a group
182 without having to modify the group entry directly. If joinable is
183 FALSE, the search is not done.
185 Finally, keep in mind that this is somewhat experimental at the moment.
186 We are using it in production at U-M, but your mileage may vary...
projects / openldap / blob