Sendmail.8.[89].x now has the ability to use the LDAP protocol to do address lookups. I wrote this in order to support campus-wide email addresses at Stanford University. (i.e. Booker.Bense@stanford.edu type addressing )
¼¾µå¸ÞÀÏ 8.9.2¹öÀüÀÇ ldap map¿¡´Â ¹ö±×°¡ ÀÖÀ¸¹Ç·Î 8.9.3À¸·Î ¾÷±×·¹À̵å ÇÏ´Â°Ô ÁÁ½À´Ï´Ù.
ÇöÀç´Â Áö¿øÇÏÁö ¾Ê°í ÀÖÁö¸¸ sendmail 8.10(?)¿¡¼´Â Áö¿øÇÒÁöµµ ¸ð¸¨´Ï´Ù
¸ÕÀú ¾î¶² Àü´Þ¹æ¹ý(kind of delivery)À» »ç¿ëÇÒ °ÍÀÎÁö¸¦ °áÁ¤ÇÕ´Ï´Ù. ¿¹¸¦µé¾î ipÁÖ¼Ò°¡ ¸ÅÀÏ ´Þ¶óÁö´Â ³×Æ®¿÷ÀÇ °æ¿ì maildrop(Mailacceptinggeneralid)À» ÀÌ¿ëÇÏ°Ô µË´Ï´Ù. ÀÌ¿Í °ü·ÃµÈ Á¤º¸´Â Jeff HodgesÀÇ rfcÀ» ¹æ¹®Çغ¸¼¼¿ä.
maildrop´Â id¿Í emailÀ» Àü´ÞÇϱ⠿øÇÏ´Â ¸ÞÀÏÁÖ¼Ò·Î ±¸¼ºµÈ´Ù. ¿¹¸¦ µé¸é
mailacceptinggeneralid=bbense
mailacceptinggeneralid=bookerbense
mailacceptinggeneralid=bookercbense
We use a special algorithm to convert arbitrary strings to generalid form. I recommend that you consider using one as well. (-DSUNET_ID will enable this algorithm in the ldap map. Look at the source code if you are interested.sunet_id_hash in map.c )
MaildropÀº rfc822¿¡¼ ±ÔÁ¤ÇÏ°í ÀÖ´Â ¼ö½ÅÀÚ ¸ÞÀÏÁÖ¼ÒÀÌ´Ù. ¿¹¸¦µé¸é ´ÙÀ½°ú °°´Ù.
maildrop=bbense@networking.stanford.edu
sendmail.cf¿¡¼´Â ´ÙÀ½°ú °°ÀÌ ÁöÁ¤ÇÑ´Ù.
Kluser ldapx -b"ou=People, o=Stanford University , c=US" -h"localhost directory-a.stanford.edu directory-b.stanford.edu directory-c.stanford.edu" -k"mailaccepinggeneralid=%s" -v maildrop
Quite a mouthful, heh? This map type supports all of the standard sendmail map arguements, plus most of the command line arguements of ldapsearch. If you are not familiar with ldapsearch, stop now and go read it's man page. If you still have questions, READ THE SOURCE. In general sendmail is one of the most readable and internally documented programs on the net.
This map is also slightly different from the other sendmail maps in that it supports quoted strings. The strings MUST BE DOUBLE-QUOTED. ldap options and sendmail map options have totally different parsing rules. Any "ldap-style" options must be double-quoted and must follow immediate after the option (i.e. no spaces between the option and the quote).
For most applications the four options above are all you should need. Here they are in closer detail.
Once you've defined the map, you now need to use it. At stanford we use the map in the S5 ruleset. All address that look like "local" email addresses are passed through the S5 ruleset before they are bounced. I choose to implement the addressing this way so that any local aliases or usernames will override the ldap entries. Here's what our S5 looks like :
S5 # deal with plussed users so aliases work nicely R$+ + * $#local $@ $&h $: $1 R$+ + $* $#local $@ $2 $: $1 + * # prepend an empty "forward host" on the front R$+ $: <> $1 # send unrecognized local users to a relay host R< > $+ + $* $: < $L . > $( user $1 $) + $2 R< > $+ $: < $L . > $( user $1 $) look up user R< $* > $+ <> $* $: < > $2 $3 found; strip $L R< $* . > $+ $: < $1 > $2 strip extra dot # Now attempt to lookup in luser (ldap map) R< $L > $+ $: < $L > $( luser $1 $) R< $* > $+ @ $+ $: < $3 > $2 Rewrite if forward
The important thing to note here is that this code assumes that the map is going to return an address that looks like someone@something. You need to be very careful in what you allow users to put in the directory as their email drop off.
This implementation requires two ldap lookups for every message processed. Your ldap server must be fast enough to avoid sendmail timeouts at a minimum. If you plan to use this on a busy mailhub, the response to your queries should perform on roughly the same speed as DNS queries. We've had pretty good luck using slapd from the Umich ldap3.2 release. It has some memory problems, but Jeff Hodges has fixed these in our version of the server. This and other ldap patches are available from the LDAP roadmap. The OpenLdap group is also working on improving the umich3.3 release.
First you should have more than one ldap server and you should include all your ldap servers in the host list for the -h option. Secondly the map attempts to be as robust as possible, if the ldap lookup fails to return an result due to network or server problems the message will be queued. This has both good and bad implications. Messages won't be lost, but queues will grow enormously at a reasonably busy site.
There are some hacks you can do with the currently distributed version. This was never my goal, so there is limited support for doing this. Here's an email message that outlines the issues involved.
The web page and the source code is free, my time is not. If you are absolutely convinced that my expertise is needed for your problem, I am available at ridculously expensive consulting rates.
bbense@stanford.eduI've made some further changes to the ldap_map source code. They have been submitted to sendmail.org, but did not make it into the 8.9.1 release. You can find them here
Last modified: Fri Oct 18 12:18:07 PDT 1996