Complete Contents
About This Guide
Chapter 1 Getting Started with Netscape Messaging Server
Chapter 2 Configuring POP, IMAP, and HTTP Services
Chapter 3 Configuring SMTP Services
Chapter 4 Managing Mail Users and Mailing Lists
Chapter 5 Managing the Message Store
Chapter 6 Security and Access Control
Chapter 7 Working with SMTP Plugins
Chapter 8 Filtering Unsolicited Bulk Email
Chapter 9 Message Routing
Chapter 10 Monitoring and Maintaining Your Server
Chapter 11 Logging and Log Analysis
Chapter 12 Program Delivery
Chapter 13 Messaging Multiplexor
Appendix A Command Line Utilities
Appendix B sendmail Migration and Compatibility
Appendix C SNMP MIB
Glossary
Index
Messaging Server Administrator's Guide: Message Routing
Previous Next Contents Index


Chapter 9 Message Routing

This chapter describes how Netscape Messaging Server receives and delivers a message. This chapter contains the following sections:


Overview
When a client sends a message to a server, the server must determine whether it can deliver the message locally to its own message store or if it must route the message to another server. If the message is sent to another server, the other server must make the same decisions about the message: deliver locally or route to yet another server. In this way, messages are routed throughout the Internet until they reach the intended recipient. After a message is delivered successfully to a server, the recipient can then retrieve the message.

 Figure 9.1 shows the routes taken by two messages:

Figure 9.1 Message routing

 The clients and servers use the Domain Name System (DNS) to find the IP addresses of machines to which they are sending. The Messaging Server Message Transfer Agent (MTA) is responsible for accepting messages and determining how to route them. The MTA uses information stored in the LDAP Directory Server to make its decisions.

 The following sections briefly outline the steps taken to send, route, and retrieve a message. Details about how Netscape Messaging Server routes messages are described later in this chapter.

 Sending a Message

To send a message, the client must know the IP address of the messaging server to which it is sending; the client then establishes a connection to the server and sends the message using the SMTP protocol. The following summarizes the steps a client takes to send a message:

  1. Queries a DNS server to find the IP address of the server.

  2. Establishes a TCP/IP connection to the server.

  3. (Optional) Establishes an SSL connection to the server.

  4. Sends the envelope information and the message to the server
    (SMTP-Deliver).
Routing a Message

Messaging Server listens for incoming mail on port 25 (the standard SMTP port). After accepting a message (SMTP-Accept), Messaging Server must determine whether the message is destined for a local recipient or a remote recipient. To do this, Messaging Server must establish a connection with the Directory Server that contains this information. The following briefly summarizes the steps Messaging Server takes to route a message.

  1. Queries the Directory Server to determine whether the recipient is local or remote.

  2. If the recipient is local, delivers the message, typically placing it in the message store.

    3. Otherwise, proceeds to step 3.

  3. If the recipient is remote:

    4. a. Queries DNS to find the MX (mail exchange) servers for the domain.

    b. Queries DNS to find the IP address of the remote messaging server.

    c. Establishes a TCP/IP connection to the remote messaging server.

    d. (Optional) Establishes an SSL connection to the remote messaging server.

    e. Sends the message to the remote messaging server (SMTP-Deliver).

Retrieving a Message

To retrieve a message, the client must know the IP address of the messaging server, establish a connection to the server, then retrieve the message using one of the retrieval protocols: POP, IMAP, or HTTP. The following summarizes the steps the client takes to retrieve a message.

  1. Queries DNS to find the IP address of the server.

  2. Establishes a TCP/IP connection to the server.

  3. (Optional) Establishes an SSL connection to the server.

  4. Establishes a POP3, IMAP4, or HTTP connection to the server to retrieve the message.

How Messaging Server Routes Messages
This section describes, in detail, how Netscape Messaging Server routes messages. After the server accepts a message, it will handle the message by choosing one of the following options:

 It is possible for Messaging Server to refuse to accept a message. For example, PreSMTPAccept plug-ins act before SMTP has accepted the incoming message (for information, see Chapter 7, Working with SMTP Plug-Ins). For another example, you can configure the server to refuse messages that exceed a given size (for information, see Chapter 3, Configuring SMTP Services).

To map addresses and route messages, Messaging Server uses information stored as LDAP attributes in Netscape Directory Server. These attributes are described in Table 9.1 and in Table 9.2. In Table 9.1, the addressing attributes determine which LDAP entry handles the address; the routing attributes determine which server handles an LDAP entry. In Table 9.2, the server configuration options determine domain information.

You can set values for the following attributes by using Netscape Console or by using the command-line interface. For information about setting the user attributes, see Chapter 4, Managing Mail Users and Mailing Lists. For information about setting the server attributes, see Chapter 3, Configuring SMTP Services. An exception is the mailRoutingAddress attribute. You can set this attribute only by using Netscape Directory Server tools, such as ldapmodify. For more information about LDAP object classes and setting attributes using LDAP tools, see the Netscape Directory Server Administration Guide and the Netscape Directory Server Schema Reference Manual.

Table 9.1 User attributes

Addressing
 Description
mail
 Identifies the user's email address
mailAlternateAddress
 Identifies the user's alternate email address(es)
uid
 Identifies the user
Routing
 Description
mailHost
 Identifies the host on which the user's mailbox resides
mailRoutingAddress
 Identifies the address to place in the envelope when routing a message to this user

Table 9.2 Server options

Attribute
Description
service.smtp.defaultdomain
 Identifies the domain name used to complete addresses that do not contain a domain name
service.smtp.smtp-router.
localmaildomains
 Identifies domains local to Messaging Server
service.smtp.domainname
 Identifies the domain of this server machine
service.smtp.messagehostname
 Identifies the host name on which Messaging Server resides

To determine how to route a message, Messaging Server must decide the following:

To make these decisions, the server performs the following steps, which are illustrated in Figure 9.2, and described in detail throughout this chapter.

  1. Qualifies the SMTP Address.

  2. Searches for matching LDAP entries. If no match is found, proceeds to step 3; if exactly one match is found, proceeds to step 4.

  3. Checks to see if the domain is local or remote. If the domain is local, searches for the recipient using the specified search method. If the domain is remote, proceeds to step 5.

  4. Checks routing attributes in LDAP entry.

  5. Routes to remote server.

Figure 9.2 Routing diagram

 Step 1: Qualifying the Address

Messaging Server requires standard, fully-qualified SMTP addresses in the RCPT TO: field of the message envelope (for example, joe@airius.com). If an envelope does not have a fully-qualified SMTP address (for example, joe), Messaging Server attempts to make the address standard by adding the domain to the address as follows:

  1. If the service.smtp.defaultdomain attribute has been defined, Messaging Server appends the value defined for this attribute to the envelope address. (For information about specifying this attribute, see Specifying an Address Completion Domain.)

  2. If the service.smtp.defaultdomain attribute has not been defined, Messaging Server appends the value defined for the service.smtp.messagehostname attribute to the envelope address (for example, joe@airius.com).

  3. If the address is of the form joe@server, Messaging Server appends the value defined for its server domain extension (service.smtp.domainname) to the envelope address (for example, joe@server.airius.com).

  4. If the address includes an IP address, such as joe@[198.93.93.10], Messaging Server will perform IP address resolution and replace the IP address with the matching host name (for example, joe@gethost).
Step 2: Searching for matching LDAP Entries

Messaging Server searches for an LDAP entry with a mail or mailAlternateAddress attribute that matches the envelope recipient address. (For information about specifying these attributes, see Specifying User Email Addresses.)

The search includes only LDAP entries that 1) have object class mailRecipient or mailGroup and 2) are in the directory subtree specified by the configured Base DN.

Step 3: Checking if Domain is Local or Remote

If Messaging Server cannot find a matching LDAP entry for an address, it must decide whether the domain specified in the address is local or remote. It considers the address local if the domain part of the address matches:

If the domain is local, Messaging Server assumes the message is addressed to an unknown user and bounces the message.

Otherwise, Messaging Server considers the address to be remote and proceeds to Step 5.

Step 4: Checking Routing Attributes

If Messaging Server finds exactly one LDAP entry that matches the address, it checks the routing attributes for the address and takes the following actions:

For information about how to specify the mailHost attribute, see Specifying User Email Addresses. To set the mailRoutingAddress attribute, you must use Netscape Directory Server tools. For information, see the Netscape Directory Server Administrator's Guide.

Step 5: Routing to Remote Server

If Messaging Server assumes another messaging server is responsible for this recipient, it performs the following steps to route the message to a remote server:

  1. Checks the SMTP routing table

  2. Looks up address of the server in DNS
Checking the SMTP Routing Table

To see if mail for the recipient's domain should be routed to a specific messaging server host, Messaging Server checks its SMTP routing table.

To find an IP address, Messaging Server checks the DNS definition for the domain. See About the Domain Name System (DNS).

Example Routes

This section provides sample routing table entries. For information about how to specify routing table entries using Netscape Console, see Editing SMTP Routing Table Entries.

In the following example, all outgoing mail is routed to bigserver:

 
*:bigserver.airius.com
The next example routes all mail to subdomains of airius.com through a hub server:

 
*.airius.com:hub.airius.com
In the next example, messages for any subdomain inside the top-level domain airius.com are sent directly to the mail exchange server for the respective domain:

 
*.airius.com:*
The next example directs mail for the hub to the server with the specified IP address. Messaging Server need not perform a DNS lookup to find the IP address.

 
hub.airius.com:[123.345.456.7]
The next example directs all mail sent outside airius.com to a firewall server:

 
airius.com:*
*.airius.com:*
*:firewall.airius.com
Note: Keep in mind that the server processes entries in the SMTP routing table in order. If, for example, you have a routing entry that sends all non-local mail to a firewall messaging server, you want this entry to be the last entry in the routing table.

 Looking Up Address of the Server in DNS

If a routing table entry does not include an IP address in brackets, Messaging Server must know the IP address of the host machine to which it is sending. To find the IP address, Messaging Server uses the Domain Name System (DNS) as follows. For more information on DNS and DNS records, see About the Domain Name System (DNS).

  1. Asks for Mail Exchange Records (MX records) defined for the domain. If MX records are found, tries to route the message to each messaging server defined in the MX records until routing is successful. The MX record must have an associated Address record (A record) that includes the IP address. (Note that Messaging Server caches MX records to decrease the number of DNS lookups required.)

  2. If no MX record is found, asks for the A record for the domain. If the A record is found, routes the message to the host specified for the domain.
If Messaging Server cannot find an IP address for the machine to which it is routing a message, the message is considered undeliverable and Messaging Server bounces the message.


About Alternate Search Methods
If an exact match for an address is not found, but alternate search methods are enabled, the server tries each method in the order listed until a match is found:

 For information about how to enable alternate search methods using Netscape Console, see Specifying Alternate Search Methods.

Note: Specifying alternate search methods has a slight impact on performance.

 Search for custom domain. In a hosting environment, you might want the server to search for custom domain addresses.

To set up a custom domain for a user, add an alternate address for the user that includes the custom domain name. For example, assume Joe wants to receive mail addressed to joe@airius.com and a mail addressed to the custom domain, joecorp.com. To enable Joe to receive mail addressed to anything@joecorp.com, you must add a MailAlternateAddress value for Joe as follows: @joecorp.com. You must also add the MX records in DNS as necessary to route messages sent to the custom domain to the desired messaging server. For more information about DNS and MX records, see About the Domain Name System (DNS).

Search using truncated domain. In some environments, you might want the server to ignore the first component of a domain when searching for an address in LDAP. This allows the server to handle mail sent to recipient@server instead of recipient@domain.

 For example, assume mail arrives for joe@foo.airius.com. With the "search using truncated domain" feature enabled, if no LDAP entry for joe@foo.airius.com is found, the server will search for joe@airius.com. Consequently, Joe can receive messages addressed to joe@anything.airius.com as well as joe@airius.com.

 Search by user ID. With the "search by user ID" method enabled, if an address domain is local, Messaging Server searches for an LDAP entry with a uid attribute matching the address (with the @domain removed). For example, if airius.com is local, and the address is joe@airius.com, Messaging Server searches for a uid of "joe".
About Recipient Address Rewrites
If the recipient was found in LDAP, but the mailHost attribute in the LDAP entry is not this server, Messaging Server then tries to route the message to a remote server. You can specify whether and how the server rewrites the envelope recipient address before routing the message to the remote server.

Note: Messaging Server rewrites the envelope address only if the intended recipient is found in LDAP and is not local. (The server rewrites the envelope recipient address in the SMTP protocol dialog.)

 You can specify one or more of the following rewrite methods. By default, these methods are disabled. Messaging Server tries each enabled method in the order listed until it is able to compose a new address using the indicated attributes from the account's LDAP entry:

 If Messaging Server is unable to compose a new address (because the necessary attributes are not present in the user's LDAP entry or because no rewrite methods are selected), the server will not rewrite the envelope address. However, if the "search by truncated domain" method was attempted in Step 2, the server uses the truncated domain instead of the original domain.

mailRoutingAddress Attribute

This rewrite method uses the mailRoutingAddress attribute, which specifies a specific mail routing address. This method is most useful for LDAP entries that represent mail accounts on non-Netscape mail servers or gateway systems.

If you enable this rewrite method, you must modify the user's LDAP entry to include the mailRoutingAddress attribute. You can set this attribute only by using LDAP tools such as ldapmodify. For example:

 
mailRoutingAddress: joesmith@judge.airius.com
The mailRoutingAddress attribute differs from the mailForwardingAddress attribute as follows:

Combine uid and mailHost Attributes

This rewrite method combines the uid attribute and the mailHost attribute found in the LDAP directory.

For example, mail arrives on one server for Joe_Smith@airius.com. The server determines that this mail belongs to jsmith whose mail account is on judge.airius.com. The server rewrites the envelope address to jsmith@judge.airius.com then relays the message to judge.airius.com.

 This method works best if the "search by user ID" method is employed on the next server.

 Note: Some sites prefer that only explicit addresses (those specified by the mail and mailAlternateAddress attributes) are valid email addresses for users. You should not use this method if the local policy does not consider uid a valid email address.

Combine Local Part and mailHost Attribute

This rewrite method combines the local part of the original address with the mailHost attribute value to create the new address.

For example, Customer_Service@airius.com becomes Customer_Service@judge.airius.com. This method is useful to support entities, such as mail groups, that do not have a uid.

 Some SMTP installations prefer that addresses routed internally within the network be host-specific. This feature is most likely to work properly if the "truncated domain" search method is in use on the next server, or if all user accounts have a matching email address explicitly specified.

 Do not use this method unless, for each address of each user (as specified with the mail and mailAlternateAddress attributes), changing the domain part to a specific host does not create ambiguity about the message recipient. For example, suppose the messaging server mail5.airius.com has three different users: joe@division1.airius.com, joe@division2.airius.com, and joe@airius.com. In this scenario, joe@airius.com would receive mail addressed to the other users, if the "local part at mailHost" rewrite method is used on the sending server and the "truncated domain" search method is used on mail5.airius.com.

Note: This method is not used if the "custom domain" search method was used to resolve the address.
About Mailing List Expansion and Delivery
When a message is sent to a mailing list, Messaging Server determines whether this list is handled locally by checking the mailHost attribute defined for the list. If there is no mailHost attribute defined, or if the mailHost attribute indicates the local server, Message Server assumes the mailing list is local and performs the steps outlined in this section.

 Note that attributes for mailing lists, including the restrictions and actions described throughout this section, are defined using the Netscape Console Users and Groups interface. For more information about mailing list attributes, see Chapter 4, Managing Mail Users and Mailing Lists.

Step 1. Checking Restrictions. Messaging Server checks for the following restrictions before delivering the message to the list:

 If Messaging Server must reject a message, it goes to step 2; otherwise it proceeds to step 3.

 Step 2. Rejecting a Message. If Messaging Server must reject a message, it first checks to see if any of the following actions are specified for the list.

 Step 3. Delivering the Message. If the message passes all restrictions configured for the list, Messaging Server:

  1. Checks to see if the mail list is moderated. If yes, Messaging Server checks to see if the message is being forwarded by the moderator (that is, the sender is a moderator). If the message has been forwarded (there is an attached message), Messaging Server strips the moderator's header from the message before delivering the message to the list.

  2. Performs any header rewrites as necessary. For example, the Resent-From header is added.

    3. If error messages concerning delivery to the list should be sent to a particular email address (see the "Errors-To" field in the Groups Settings Tab), Messaging Server uses this address in the Return-Path: header. This ensures that bounced messages will return to the address configured in the "Errors-To" field and not to the original sender.

    At this stage, Messaging Server splits the envelope into individual recipients and list recipients. By splitting the envelope, Messaging Server ensures that modifications for mailing list delivery are not applied to other recipients of the message. Messaging Server might further split the envelope for list recipients--particularly if the list contains many members. Each envelope split is considered a separate "control" envelope.

  3. Messaging Server adds list members to the message recipient list. Members are added according to the type of membership:
More About Mailing Lists

This section provides further information about how Messaging Server delivers mail to mailing list members.

Duplicate checks. Messaging Server performs duplicate checks to see if any message recipients, including list members, are unique members.

 Duplicate checks can impact server performance--especially for large lists containing 1000 or more members. You can specify that Messaging Server not perform duplicate checks by modifying the list attribute mgrpNoDuplicateChecks. You can modify this attribute by using the ldapmodify utility. For more information on this utility, see the Netscape Directory Server Administrator's Guide.

Nested Groups. Lists can contain other lists as members.

Recipients per control envelope. If a message sent to a list is routed to another MTA, Messaging Server limits the number of recipients sent in each control envelope. The default number is 500 recipients per control envelope.

 Error notification. If error notification (Errors-To field) is configured for the group, to easily track members without mail accounts, delivery status notification (DSN) extensions are added to each member.
About the Domain Name System (DNS)
This section provides a brief overview of the Domain Name System (DNS). For complete details about DNS, see the book, DNS and Bind, 2nd Edition by Paul Albitz and Cricket Liu, published by O'Reilly. DNS is the naming system that allows computers to find each other on the Internet. Every computer needs a DNS name to communicate on the Internet.

The DNS is managed by DNS servers that store information about domains and individual host systems. Each unit of data in the DNS distributed database is indexed by a name. These names are essentially just paths in a large inverted tree, called the domain name space.

 A Fully Qualified Domain Name (FQDN) is the unique name that identifies a specific Internet location. FQDNs consist of two or more components, separated by dots. Each section is a string of letters or numbers without spaces, usually a recognizable word or abbreviation. The order of the sections in an FQDN is significant.

As you move from left to right, each section represents a more general level in the DNS hierarchy. As an example, server1.airius.com, would refer to a target system server1 at an organization called airius which is a subdomain of the top-level domain com, which designates it as a company.

 A DNS server helps a messaging server convert the Internet domain name in an email address into an IP (Internet Protocol) address. Once the messaging server knows the other computer's IP address, the messaging server is able to contact the other computer and forward messages to it. The DNS server provides information such as the following to the messaging server:

 The DNS server uses the records that have been set up within it to tell querying computers how to route mail to the local messaging server host.

 DNS Records

DNS servers contain several record types. This section focuses on three record types, described in Table 9.3. These record types should be entered in the primary DNS server for a domain. (For information about other record types, see the book, DNS and Bind.)

Table 9.3 DNS records

Record Type
Function
A record
 Map host name to IP address
MX record
 Map domain name to host name of server that handles incoming mail for the domain
PTR record
 Map IP address to host name

You can use A records or a combination of A records and MX records to resolve domain names to IP addresses. To reduce the load on the DNS system, domains that receive a significant amount of mail should have at least one MX record.

 Using A Records

You can use an A record at the local DNS server to resolve the local server's FQDN to its IP address. For example, the following record indicates that the IP address of server1.airius.com is 195.95.92.6:

server1.airius.com. IN A 195.95.92.6
Using MX Records

You can use an MX or mail exchange record to route messages for one domain to one or more hosts running a messaging server. For messaging services, it is recommended that you use MX records in addition to A records. All messaging servers look for MX records first in their search to identify an external mail host.

In addition, MX records establish priority. Priority rankings enable you to balance the load of incoming messages and to identify backup mail servers by inserting additional records in your DNS server.

Example 1. In the following example, inbound messages addressed to airius.com (for example joe@airius.com) are routed to the server1.airius.com host; which is assumed to be a messaging server. (Note that the example would not affect inbound messages addressed to host.airius.com.)

 
airius.com IN MX 10 server1.airius.com
The record contains two fields: a priority field (10) and a host field (server1.airius.com). The priority field specifies the priority of this mail exchange (lower numbers have a higher priority). The host field is the name of a mail exchange host.

Example 2. The next example provides a backup destination for times when the main destination is unavailable. The first line indicates that mail routed to airius.com should be routed to server1.airius.com. The second line indicates that if server1.airius.com is unavailable for any reason, messages are sent to an alternate server, named backupserver.airius.com:

 
airius.com IN MX 10 server1.airius.com
airius.com IN MX 20 backupserver.airius.com
Example 3. The next example balances the load between two servers, server1.airius.com and server2.airius.com. If both servers are unavailable, mail is routed to the alternate server, backupserver.airius.com:

 
airius.com IN MX 10 server1.airius.com
airius.com IN MX 10 server2.airius.com
airius.com IN MX 20 backupserver.airius.com
Note: The exchange host name in any MX record must have at least one A record that maps the host name to an IP address. Considering example 3, the exchange hosts server1.airius.com, server2.airius.com, and backupserver.airius.com must have A records, such as the following (note that the domain airius.com does not require an A record):

 
server1.airius.com. IN A 195.95.92.6
server2.airius.com. IN A 195.95.92.7
backupserver.airius.com IN A 195.95.92.8
Using PTR Records

PTR or pointer records map IP addresses to names for purposes of reverse address resolution. The following example creates a PTR record for the IP address 195.95.92.6:

6.92.95.195.in-addr.arpa. IN PTR server1.airius.com
7.92.95.195.in-addr.arpa. IN PTR server2.airius.com
8.92.95.195.in-addr.arpa. IN PTR backupserver.airius.com
 

© Copyright 1999 Netscape Communications Corp., a subsidiary of America Online, Inc. All rights reserved.