Previous Contents Index Next |
iPlanet Messaging Server 5.2 Provisioning Guide |
Chapter 5 Provisioning Mailing Lists
This section describes how to create mailing list entries in the iPlanet Messaging Server. As installed, mailing list entries are created in the Organization Tree. If you system is still using a SIMS DC Tree, then mailing list entries will be in the DC Tree. Note that attribute descriptions in this guide are overviews. Full attribute descriptions are available in the iPlanet Schema Reference Manual.
"Creating Mailing List Entries"
"Format of Attribute Values"
"Assigning Mailing List Owners"
"Creating Posting Restrictions on Mailing Lists"
"Enable/Disable/Delete Mailing Lists"
"Archiving Messages to a File"
"Visibility of Mailing List Members"
"Making Mailing Lists Joinable"
"Creating Dynamic Mailing Lists"
"Limiting Received Message Size"
Creating Mailing List Entries
Mailing list entries are created in the ou=group containers of the organization tree. An example LDIF record for a mailing list is shown below.
dn: cn=Dreamteam,ou=groups,o=sesta.com,o=isp
objectClass: groupOfUniqueNames
- The distinguished name of the mailing list.
objectClass: inetMailGroup
objectClass: inetLocalMailRecipient
objectClass: inetMailGroupManagement
objectClass: nsManagedMailList
- groupOfUniqueNames is the core object class for all mailing list entries. Overlaying with the mail service object classes inetMailGroup,inetLocalMailRecipient, and the Delegated Administrator service object classes inetMailGroupManagement makes the entry a mailing list for use by the messaging server.
- inetMailGroup specifies attributes for mailing lists.
- inetLocalMailRecipient provides internal routing attributes. This object class is intended to support SMTP message transfer agents in routing RFC 822-based email within a private enterprise only and is not to be used in the process of routing email across the public Internet.
- inetMailGroupManagement specifies attributes for managing a mailing list.
- nsManagedMailList provides iPlanet Delegated Administrator for Messaging support attributes for mailing lists.
cn: Dreamteam
uniqueMember: uid=baylor,ou=People,o=sesta.com,o=isp
- cn (commonname) is the mailing list's name.
uniqueMember: uid=bird,ou=People,o=sesta.com,o=isp
uniqueMember: uid=jordan,ou=People,o=sesta.com,o=isp
uniqueMember: uid=jabbar,ou=People,o=sesta.com,o=isp
uniqueMember: uid=magic,ou=People,o=sesta.com,o=isp
- These are the members of the mailing list that can be resolved to a user in this directory.
inetMailGroupStatus: active
dataSource: @(#)ims50users.sh 1.5a 02/3/00
- Current status of the mailing list: active, inactive or deleted. Missing value implies status is active. An illegal value is treated as inactive.
mgrpRFC822MailMember: west@florizel.com
- Text field to store a tag or identifier.
mgrpRFC822MailMember: robertson@florizel.com
- External members of the mailing list.
mail: dreamteam@sesta.com
mailAlternateAddress: thegreatest@sesta.com
- The mailing list's advertised email address (RFC 822 format).
mailHost: manatee.siroe.com
- Alternate RFC822 email address of this mailing list.
- Fully-qualified hostname of the MTA server that is the final SMTP destination of messages to this mailing list.
nsNumUsers: 7
nsMaxUsers: 1000
- Current number of user entries.
- Maximum user entries.
Format of Attribute Values
There are several attributes such as moderator and mailDeliveryURL that require user addresses or filenames specified as URLs. When preceded by ldap:/// the entry is taken as an LDAP entry with the remaining value treated as the distinguished name of the entry. For example:moderator: ldap:///uid=cox,ou=people,o=sesta,o=isp
Note that if attribute-value pairs span two lines, the second line must start with a blank space.
When preceded by a mailto: ofanning@sesta.com the entry is interpreted as a mail address.
When preceded by file:/// the entry is interpreted as a file. Example:
mailDeliveryURL: file:///home/dogboy/dr_j/mail_archive.htm
"Format of Attribute Values"
"Assigning Mailing List Owners"
"Creating Posting Restrictions on Mailing Lists"
"Enable/Disable/Delete Mailing Lists"
"Archiving Messages to a File"
"Visibility of Mailing List Members"
"Making Mailing Lists Joinable"
Assigning Mailing List Owners
Mailing list owners can add or delete members to the list. To change an owner of a mailing list, assign a DN to the owner attribute. There can be more than one owner for the mailing list, but owners must have DNs in the same directory as the mailing list. An example modification statement and LDIF record is shown below.dn: cn=Dreamteam,ou=groups,o=sesta.com,o=isp
changetype: modify
add: owner
owner: uid=baylor,ou=People,o=sesta.com,o=isp
Adding Members
Add internal members (members with resolvable DNs) by assigning their DN to the attribute uniqueMember. Add external members by assigning their email address to the attribute mgrpRFC822MailMember. The example LDIF code below shows how to add an internal and external user.dn: cn=Dreamteam,ou=groups,o=sesta.com,o=isp
changetype: modify
add: uniqueMember
uniqueMember: uid=russell,ou=People,o=sesta.com,o=isp
-add: mgrpRFC822MailMember
mgrpRFC822MailMember: chamberlain@varrius.com
Creating Posting Restrictions on Mailing Lists
Incoming mail to a mailing list can be restricted by domain or user. The restriction attributes are as follows:
mgrpAllowedBroadcaster specifies addresses authorized to send messages to the mailing list. If not included in the LDAP entry, the list is unrestricted and anyone can submit. The envelope From: address must match one of the addresses in the permitted list before the MTA will route the message to a list of members.
mgrpDisallowedBroadcaster specifies addresses restricted from posting messages to the list. The sender's address is compared against those in this attribute. If there is a match then the message is rejected.
- You can set mgrpAllowedBroadcaster or mgrpDisallowedBroadcaster to the address of a static group, however, nested groupsgroups within groupsare not supported. For specific posters, set these attributes to the address of a specific allowed poster or specify as a dynamic group (LDAP search using URL criteria).
mgrpAllowedDomain specifies the domain names from which users are authorized to post messages to the mailing list. The wildcard character is "*". Using the wildcard character you may optionally replace a sub-domain to authorize the entire DNS hierarchy below a given top or sub-domain.mgrpDisallowedDomain defines the domain names from which users cannot post messages to the mailing list.
Note DN values for mgrpAllowedBroadcaster, mgrpDisallowedBroadcaster must have the prefix ldap:/// or mailto: Refer to "Format of Attribute Values".
Precedence Rules
The following precedence rules are followed by the MTA when deciding whether it should accept the message for further processing or not (envelope "From:" address is used in all the rules when looking for match):
If mgrpDisallowedBroadcaster is set, there must not be a match between this value and the sender's mail attribute or mailAlternateAddress attribute of any DN listed in the form of a ldap:///<DN> address, or there must not be a match with the RFC-822 address listed in the form of a mailto:<RFC-822> address.
The diagram below shows the access control process.If mgrpAllowedBroadcaster attribute exists in the LDAP entry, the sender's address must match either the mail attribute or mailAlternateAddress attribute of any DN listed in the form of a ldap:///<DN> address or must match the RFC-822 address listed in the form of a mailto:<RFC-822> address.
If mgrpDisallowedDomain exists in the LDAP entry, then sender's domain must not match the domain(s) listed in the mgrpDisallowedDomain attribute.
If mgrpAllowedDomain attribute exists in the LDAP entry, then the sender's domain must match the domain(s) listed in the mgrpAllowedDomain attribute.
Figure 5-1    Access Control Process
The following LDIF code allows users on the domain sesta.com to send messages to the mail list, but blocks users on all other domains to send messages. It also blocks internal mail from barry@sesta.com but allows mail from barkley@florizel.com.
dn: cn=Dreamteam,ou=groups,o=sesta.com,o=isp
changetype: modify
add: mgrpAllowedDomain
mgrpAllowedDomain: sesta.com
-
dn: cn=Dreamteam,ou=groups,o=sesta.com,o=isp
changetype: modify
add: mgrpAllowedBroadcaster
mgrpAllowedBroadcaster: mailto: barkley@florizel.com
-
dn: cn=Dreamteam,ou=groups,o=sesta.com,o=isp
changetype: modify
add: mgrpDisallowedBroadcaster
mgrpDisallowedBroadcaster:
ldap:///cn=barry,ou=people,o=sesta.com,o=isp
Mailing List Moderators
A mailing list moderator is a user who receives a mailing list message before all other members, then forwards it to the rest of the members if desired. Any message submitted to the mailing list will go to the moderator instead of the mailing list members. Set a valid DN or email address to the attribute moderator. Multiple moderators are allowed.Moderators are created by setting mgrpModerator to an RFC 822 email address or a DN in URL format.
dn: cn=Dreamteam,ou=groups,o=sesta.com,o=isp
changetype: modify
add: mgrpModerator
mgrpModerator: ldap:///uid=baylor,ou=People,o=sesta.com,o=isp
Enable/Disable/Delete Mailing Lists
Mailing lists can be enabled, temporarily disabled, or deleted by setting inetMailGroupStatus to active, inactive, or deleted. A disabled mailing list can be activated by resetting inetMailGroupStatus to active. Missing value implies status is active. An illegal value is treated as inactive.The following LDIF code disables the mailing list.
dn: cn=Dreamteam,ou=groups,o=sesta.com,o=isp
changetype: modify
add: inetMailGroupStatus
inetMailGroupStatus: inactive
Archiving Messages to a File
Archive mailing list messages by setting mailDeliveryFileURL to a URL file. The example below saves messages to dreamteam@sesta.com to /home/dreamteam/mail_archive.logdn: cn=Dreamteam,ou=groups,o=sesta.com,o=isp
changetype: modify
add: mailDeliveryFileURL
mailDeliveryFileURL: file:///home/dreamteam/mail_archive.log
Request Addresses
Specify the mailing list subscription request address with the mgrpRequestsTo attribute. An example of a subscription request is dreamteam-request@sesta.com Only internal addresses are allowed, and these must be in URL format.dn: cn=Dreamteam,ou=groups,o=sesta.com,o=isp
changetype: modify
add: mgrpRequestsTo
mgrpRequestsTo: uid=baylor,ou=People,o=sesta.com,o=isp
Visibility of Mailing List Members
Mailing list members are typically visible through the iPlanet Console, iPlanet Delegated Administrator for Messaging, or the SMTP EXPN command. Visibility can be limited by setting mgmanMemberVisibility to ANYONE (anyone in the world can view), ALL (anyone in the directory can view), NONE (only owner can view).dn: cn=Dreamteam,ou=groups,o=sesta.com,o=isp
changetype: modify
add: mgmanMemberVisibility
mgmanMemberVisibility: ALL
Making Mailing Lists Joinable
You can specify who may join a mailing list by setting the attribute mgmanJoinability. The possible values for this task are ANYONE (anyone in the world can join), ALL (anyone in the directory can join), NONE (no additional members can join).dn: cn=dreamteam,ou=groups,o=sesta.com,o=isp
changetype: modify
add: mgmanJoinability
mgmanJoinability: ALL
Creating Dynamic Mailing Lists
The iPlanet Message Server supports both static and dynamic mailing lists. Unlike static mailing lists, where members of the list are specified by using uniquemember and mgrprfc822mailmember attributes, dynamic mailing list members are specified using an LDAP search filter (RFC-2254). The LDAP filter is set in the mgrpDeliverTo attribute in the inetMailGroup objectclass.The example below shows a mailing list consisting of static members and members determined with an LDAP search filter. The filter below includes as members in o=sesta.com,o=isp who also have the attribute value-pair city=tokyo. You should make sure that the attributes used in the LDAP search filter are indexed; otherwise, the evaluating membership of dynamic lists will be both time consuming and stress the directory server.
Limiting Received Message Size
To limit the size of a message that a user or group can receive, use the attribute mailMsgMaxBlocks. Message size is set in MTA block size (default is 1024 bytes). Note that this attribute overrides mailDomainMsgMaxBlocks.The example below sets a limit of one megabyte.
dn: cn=dreamteam,ou=groups,o=sesta.com,o=isp
changetype: modify
add: mailMsgMaxBlocks
mailMsgMaxBlocks: 1000
Previous Contents Index Next
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.
Last Updated February 13, 2002