Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Sendmail with LDAP

11 views
Skip to first unread message

Ivan Ivanov

unread,
Dec 1, 2004, 11:51:23 AM12/1/04
to
Hi everyone,

I am trying to set up Sendmail to validate for existing email address
of the users and aliases as well, before accept the message. I do not
want to modify existing DS schema, and to create custom ldap query for
Sendmail.

How I need to set up the query so that Sendmail will validate whether
there is such primary or alias email address in DS. We have more that
one mail domains.

I will appreciate any suggestions.

Thanks,

Ivan

Alton Yu

unread,
Dec 2, 2004, 7:08:10 PM12/2/04
to

In this case, this is for routing mail with sendmail and not accepting
mail and putting mail into /var/mail on this machine. If you want the
mail stored on this machine, you should be able to get on this machine
with an 'su - uid' command. Otherwise, you will probably get the
message, "User unknown".

You can use whatever directory server you want with whatever schema you
want as long as you know what you are looking for and how to use the data.

You will need a version of sendmail that has ldap capabilities
compiled into it. You can check this with:

/usr/lib/sendmail -d0.11 < /dev/null

Version 8.12.10+Sun
Compiled with: DNSMAP LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8

When you see LDAPMAP, you know that it will work. Solaris 7-9 should all
work. Patches are available for those that don't.

In this example, we will use the ldap data from a SunONE Messaging server.

We first do a search to find a user so that we know what we will need.

Here, I pull the user's ldif data with this command:
/usr/sbin/ldapsearch -b 'o=isp' -p 4389 -h flash.atac.ebay.sun.com
mail=al...@atac.ebay.sun.com

In this case, I'm looking for alton's user entry and using the mail
attribute.

Here are my results:
uid=alton, ou=people, o=atac.ebay.sun.com, o=isp
objectClass=top
objectClass=person
objectClass=organizationalPerson
objectClass=inetOrgPerson
objectClass=inetUser
objectClass=ipUser
objectClass=nsManagedPerson
objectClass=userPresenceProfile
objectClass=inetMailUser
objectClass=inetLocalMailRecipient
mail=al...@atac.ebay.sun.com
mailUserStatus=active
mailHost=flash.atac.ebay.sun.com
givenName=alton
cn=alton yu
uid=alton
nsdaCapability=mailListCreate
sn=yu
inetUserStatus=active
mailDeliveryOption=mailbox
preferredLanguage=en
nswmExtendedUserPrefs=meDraftFolder=Drafts
nswmExtendedUserPrefs=meSentFolder=Sent
nswmExtendedUserPrefs=meTrashFolder=Trash
nswmExtendedUserPrefs=meInitialized=true
pabURI=ldap://flash.atac.ebay.sun.com:4389/ou=alton, ou=people,
o=atac.ebay.sun.com, o=isp,o=pab

So now we know what kind of information to set up sendmail with, we will
start tinkering with it.

In the sendmail.mc file, I add:

First, I go to /usr/lib/mail/cf

I make a backup of my old main.mc to create sendmail.mc

cp main.mc sendmail.mc

and then I open the file and add:
define(`confLDAP_DEFAULT_SPEC',`-h flash.atac.ebay.sun.com -b o=isp -p
4389')
LDAPROUTE_DOMAIN(`atac.ebay.sun.com')
FEATURE(`ldap_routing')

I then build the cf file with:
make sendmail.cf
and now I do my test.

/usr/lib/sendmail -C/usr/lib/mail/cf/sendmail.cf -bv al...@atac.ebay.sun.com
al...@atac.ebay.sun.com... User unknown

Hmmm.... I wonder why ...

I go to the ldap server access logs and find:
[25/Mar/2004:17:14:38 -0800] conn=347 op=2 SRCH base="" scope=0
filter="(objectClass=*)" attrs=ALL
[25/Mar/2004:17:14:38 -0800] conn=347 op=2 RESULT err=0 tag=101
nentries=1 etime=0
[25/Mar/2004:17:14:47 -0800] conn=348 fd=44 slot=44 connection from
129.149.141.32 to 10.4.18.140
[25/Mar/2004:17:14:47 -0800] conn=348 op=0 BIND dn="" method=128 version=2
[25/Mar/2004:17:14:47 -0800] conn=348 op=0 RESULT err=0 tag=97
nentries=0 etime=0 dn=""
[25/Mar/2004:17:14:47 -0800] conn=348 op=1 SRCH base="o=isp" scope=2
filter="(&(objectClass=inetLocalMailRecipient)(maillocaladdress=al...@atac.ebay.sun.com))"
attrs="mailRoutingAddress"
[25/Mar/2004:17:14:47 -0800] conn=348 op=1 RESULT err=0 tag=101
nentries=0 etime=0
[25/Mar/2004:17:14:47 -0800] conn=348 op=2 SRCH base="o=isp" scope=2
filter="(&(objectClass=inetLocalMailRecipient)(maillocaladdress=al...@atac.ebay.sun.com))"
attrs="mailHost"
[25/Mar/2004:17:14:47 -0800] conn=348 op=2 RESULT err=0 tag=101
nentries=0 etime=0
[25/Mar/2004:17:14:47 -0800] conn=348 op=3 SRCH base="o=isp" scope=2
filter="(&(objectClass=inetLocalMailRecipient)(maillocaladdress=@atac.ebay.sun.com))"
attrs="mailRoutingAddress"
[25/Mar/2004:17:14:47 -0800] conn=348 op=3 RESULT err=0 tag=101
nentries=0 etime=0
[25/Mar/2004:17:14:47 -0800] conn=348 op=4 SRCH base="o=isp" scope=2
filter="(&(objectClass=inetLocalMailRecipient)(maillocaladdress=@atac.ebay.sun.com))"
attrs="mailHost"
[25/Mar/2004:17:14:47 -0800] conn=348 op=4 RESULT err=0 tag=101
nentries=0 etime=0
[25/Mar/2004:17:14:47 -0800] conn=348 op=5 UNBIND
[25/Mar/2004:17:14:47 -0800] conn=348 op=5 fd=44 closed - U1

Okay. It looks like it's looking for maillocaladdress and
mailRoutingAddress. I don't have either of those, so I think rather than
changing it in the ldap server, I will make some changes in the sendmail.mc.

I change just
FEATURE(`ldap_routing')
to:
FEATURE(`ldap_routing',`ldap -1 -v mailHost -k
(&(objectclass=inetorgperson)(mail=%0))')
So now instead of searching for maillocaladdress, I'm now searching for
mail.

By doing that and rebuilding my sendmail.cf file, I now get:
/usr/lib/sendmail -C/usr/lib/mail/cf/sendmail.cf -bv al...@atac.ebay.sun.com
al...@atac.ebay.sun.com... deliverable: mailer relay, host
flash.atac.ebay.sun.com, user al...@atac.ebay.sun.com

Now this looks better. How's the ldap access log look?
[25/Mar/2004:17:39:03 -0800] conn=383 fd=44 slot=44 connection from
129.149.141.32 to 10.4.18.140
[25/Mar/2004:17:39:03 -0800] conn=383 op=0 BIND dn="" method=128 version=2
[25/Mar/2004:17:39:03 -0800] conn=383 op=0 RESULT err=0 tag=97
nentries=0 etime=0 dn=""
[25/Mar/2004:17:39:03 -0800] conn=383 op=1 SRCH base="o=isp" scope=2
filter="(&(objectClass=inetLocalMailRecipient)(maillocaladdress=ma...@atac.ebay.sun.com))"
attrs="mailRoutingAddress"
[25/Mar/2004:17:39:03 -0800] conn=383 op=1 RESULT err=0 tag=101
nentries=0 etime=0
[25/Mar/2004:17:39:03 -0800] conn=383 op=2 SRCH base="o=isp" scope=2
filter="(&(objectClass=inetorgperson)(mail=ma...@atac.ebay.sun.com))"
attrs="mailHost"
[25/Mar/2004:17:39:03 -0800] conn=383 op=2 RESULT err=0 tag=101
nentries=1 etime=0
[25/Mar/2004:17:39:03 -0800] conn=383 op=3 UNBIND
[25/Mar/2004:17:39:03 -0800] conn=383 op=3 fd=44 closed - U1

Okay. Good enough.

Hopefully this is enough to get you started on your journey in setting
up your sendmail with ldap routing.

0 new messages