Docstoc

LDAP Mail Routing

Document Sample
LDAP Mail Routing Powered By Docstoc
					LDAP-Based Mail Routing
           Using Linux
                David Boyes
             Sine Nomine Associates
                       Session L53
Presentation File Location

 This presentation is not available on the
 IBM WWW site. It can be downloaded
 from:

 http://www.sinenomine.net/downloads/
Agenda
   Why Do LDAP-based Mail Routing?
   What Software is Needed
   What do the LDAP schemas look like?
   Example Implementation with sendmail
Why Do LDAP-Based Mail
Routing
   As organizations grow and change, user
    information and mailbox location often
    migrates between systems
       Chaotic behaviour
       Lost mail
       Lost productivity
   Multiple mailbox systems
   Merger of authentication sources
Why?
   LDAP becoming the basis for majority of
    enterprise directory servers
       Flexible implementation
       User-defined attributes
       Ubiquitous application client support
   Trend toward “self-service” personal
    information management
Why?
   LDAP based mail routing allows a central
    directory service to control the flow of mail
    delivery within an organization w/o hard-
    coded tables.
       Simple to implement
       Easy to change (if thought out)
                                  Internal Mail
Concept                               Host




                                  Internal Mail
                                      Host
 Outside           Mail
           SMTP            SMTP
  World           Router
                                  Internal Mail


                   Query
                   LDAP
                                      Host




                  LDAP            I   nternal Mail
                  Server                 Host
Concept
   Mail is delivered to user‟s preferred location via
    SMTP
   Preferred location is determined by LDAP
    lookup
   Mail to non-existent users is rejected at mail
    router; aliases processed as special cases
   Mail router also effective point to implement
    virus scans or spam detection w/o impacting
    individual mail host performance
What Software is Needed?
   A LDAP-enabled mail transfer agent
       Sendmail 8.12.x or higher
       Postfix
       Exim
       Qmail (capable, but more difficult)
   Berkeley NEWDB code
       db-3.2 or higher
What Software is Needed?
   A LDAP server
       OpenLDAP
       Netscape Directory Server
       IBM Directory Server
       RACF LDAP Support


    Note that user-defined fields are required to
    implement mail routing; some of the products
    listed above make this more difficult than others.
What Software is Needed?
   A Linux or Unix system
       Debian
       SuSE
       Red Hat
       Other Generic Unix (Solaris, AIX, etc)
       USS (possible, but *very* difficult) – last resort
Versions
   Most Linux distributions are now shipping
    sendmail 8.12 as the default sendmail
       SuSE 8.x
       Red Hat
       Debian
    Even if your distribution ships a LDAP-enabled
    sendmail RPM, you may need to compile from
    source to get all the options you want.
Places to Download
   www.debian.org
   ftp.sendmail.org/pub/sendmail/sendmail8.
    12.xx.tar.gz
   www.sleepycat.com/db/db-3.2.tar.gz
Building sendmail
   Too complex to cover here; read
    README in the code package.
   Configuration should include:

      APPENDDEF(„confMAPDEF‟,‟-DLDAPMAP‟)
      APPENDDEF(„confLIBS‟,‟-lldap‟)
50,000 ft /etc/sendmail.cf Tutorial
   Use the .mc macro files
       Create a local.mc file that includes the
        architecture-specific and vendor specific .mc
        file (eg, SuSE-generic.mc)
       Process local.mc with m4

        m4   < local.mc > local.cf
       Move local.cf into place as /etc/sendmail.cf
Specific Config Options
FEATURE(„ldap_routing‟, <mailhost>,
  <mailRoutingAddress>,<bounce>,<detail>)

     Enables LDAP routing code and defines a set
      of maps to be used for lookups
     Looks for “mailRecipient” object class in
      LDAP entry to identify end user (if not
      present, entry is an alias)
Example
FEATURE(„ldap_routing‟)
FEATURE(„ldap_routing‟, \
  „ldap –l –v mailHost –k \
  (&(objectClass=MailRecipient)(mail=&0))‟, \
  „ldap –l –v mailRoutingAddress –k \
  (&(objectClass=MailRecipient)(mail=&0))‟, \
  „‟, „‟)dnl
Mailhost/mailRoutingAddress
   Mailhost is          mailRouting   Result
                        Address is
   Set to “local”       Set           Mail delivered
   host                               to MRA
   Set to “local”       Not Set       Delivered to
   host                               original address
   Set to remote host   Set           MRA relayed to
                                      mailhost
   Set to remote host   Not set       Original address
                                      relayed to mailhost
   Not set              Set           Mail delivered to
                                      MRA
   Not set              Not set       Bounced
ALIAS_FILE
   Defines location of alias file and lookups
       LDAP with traditional alias file as backup
    Example:

    define(„ALIAS_FILE‟, „ldap:-k \
    (&(objectClass=mailGroup)(!(objectClass=nisMap))\
    (mail=&0)) –v
    mgrpRFC822MailMember,/etc/mail/aliases‟)dnl
Aliases
   LDAP entries w/o mailRecipient class in
    LDAP are considered aliases
   Fallback to /etc/mail/aliases in case LDAP
    not available.
LDAPROUTE_DOMAIN
   Primary o= value for domain to be handled
    by LDAP

    LDAPROUTE_DOMAIN(„foobar.com‟)dnl
    dnl LDAPROUTE_DOMAIN(„/etc/mail/ldap-route‟) dnl
Specifying LDAP Servers
define („confLDAP_DEFAULT_SPEC‟, \
  „-p 389 –h „ldap1 ldap2 ldap3‟ \
  -b o=foobar.com‟)dnl

   Specify ldap search options
       note multiple server hosts in –h list
       -b indicates point in LDAP schema to begin search for
        attributes
Example LDAP Entry
 dn: uid=dboyes, ou=People, o=foobar.com
 objectclass:top
 objectclass:person
 objectclass:organizationalPerson
 objectclass:inetOrgPerson
 objectclass:mailRecipient
 uid:dboyes
 sn:Boyes
 cn:David Boyes
 mail:dboyes@foobar.com
 mailroutingaddress:dboyes@mail.va.foobar.com
 mailhost:mail.va.foobar.com
Example Alias Entry
 dn: cn=alias, ou=aliases, ou=sendmail,
 ou=services, o=foobar.com
 objectclass:top
 objectclass:mailGroup
 cn:alias
 mail:alias
 mailhost:mail.va.foobar.com
 mgrprfc822mailmember:alias@mail.va.foobar.com
An Example Implementation
 dnl # example # dnl
 divert(0)dnl
 VERSIONID(„$id, mailbox.mc, v 8.12.1 $‟)
 OSTYPE(„debian-linux‟)dnl
 EXPOSED_USER(„root‟)dnl
 DOMAIN(„generic‟)dnl
 FEATURE(„ldap_routing‟, \
 „ldap –l –v mailHost –k \
 (&(objectClass=MailRecipient)(mail=&0))‟, \
 „ldap –l –v mailRoutingAddress –k \
 (&(objectClass=MailRecipient)(mail=&0))‟, \
 „‟, „‟)dnl
 define(„ALIAS_FILE‟, „ldap:-k \
 (&(objectClass=mailGroup)(!(objectClass=nisMap))\ (mail=&0)) –
 v mgrpRFC822MailMember,/etc/mail/aliases‟)dnl
 define(„confLDAP_DEFAULT_SPEC‟,‟-p 389 –h “ldap1 ldap2 ldap3”
 –b o=foobar.com‟)dnl
 LDAPROUTE_DOMAIN(„foobar.com‟)dnl
Questions
Contact Info

            David Boyes
         Sine Nomine Associates
         dboyes@sinenomine.net
           www.sinenomine.net

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:33
posted:1/9/2011
language:English
pages:28