|
mgrpMsgRejectAction
|
(LDAP_REJECT_ACTION) Single valued attribute that controls what happens if any of the
subsequent access checks fail. Only one value is defined: TOMODERATOR,
which if set instructs the MTA to redirect any access failures to the moderator
specified by the mgrpModerator attribute. The default (and any other value of this
attribute) causes an error to be reported and the message rejected.
|
|
mailRejectText
|
(LDAP_REJECT_TEXT) The first line of text stored in the first value of this attribute
is saved. This text will be returned if any of the following authentication
attributes cause the message to be rejected. This means the text can appear
in SMTP responses so value has to be limited to US-ASCII to comply with current
messaging standards.
|
|
mgrpBroadcasterPolicy
|
(LDAP_AUTH_POLICY) Specifies level of authentication needed to send to the group.
Possible tokens are SMTP_AUTH_REQUIRED or AUTH_REQ,
both of which mean that the SMTP AUTH command must be used to identify the
sender in order to send to the group; SMTP_AUTH_USED and AUTH_USED which are similar in effect to SMTP_AUTH_REQUIRED and AUTH_REQ, but do not require posters to authenticate; PASSWORD_REQUIRED, PASSWD_REQUIRED, or PASSWD_REQ,
all of which mean the password to the list specified by the mgrpAuthPassword
attribute must appear in an Approved: header field in the message; OR, which
changes the OR_CLAUSES MTA option setting to 1 for this
list; AND, which changes the OR_CLAUSES MTA option setting
to 0 for this list; and NO_REQUIREMENTS, which is non-operational.
Multiple values are allowed and each value can consist of a comma-separated
list of tokens.
If SMTP AUTH is called for it also implies that any subsequent authorization
checks will be done against the email address provided by the SASL layer rather
than the MAIL FROM address.
|
|
mgrpAllowedDomain
|
(LDAP_AUTH_DOMAIN) Domains allowed to submit messages to this group. A match failure
with the OR_CLAUSES MTA
option set to 0 (the default) means access checking has failed and all subsequent
tests are bypassed. A match failure with the OR_CLAUSES MTA
option set to 1 sets a “failure pending” flag; some other access
check must succeed in order for access checking to succeed. This check is
bypassed if the submitter has already matched an LDAP_AUTH_URL.
Can be multivalued and glob-style wildcards are allowed.
|
|
mgrpDisallowedDomain
|
(LDAP_CANT_DOMAIN) Domains not allowed to submit messages to this group. A match
means access checking has failed and all subsequent checks are bypassed. This
check is bypassed if the submitter has already matched an LDAP_AUTH_URL.
Can be multivalued and glob-style wildcards are allowed.
|
|
mgrpAllowedBroadcaster
|
(LDAP_AUTH_URL) URL identifying mail addresses allowed to send mail to this group.
Can be multivalued. Each URL is expanded into a list of addresses and each
address is checked against the current envelope from: address. A match failure
with the OR_CLAUSES MTA option set to 0 (the default) means
access checking has failed and all subsequent tests are bypassed. A match
failure with the OR_CLAUSES MTA option set to 1 sets a “failure
pending” flag; some other allowed access check must succeed in order
for access checking to succeed. A match also disables subsequent domain access
checks. The expansion that is performed is similar to an SMTP EXPN with
all access control checks disabled.
List expansion in the context of the mgrpallowedbroadcaster LDAP
attribute now includes all the attributes used to store email addresses (normally mail, mailAlternateAddress, and mailEquivalentAddress). Previously only mail attributes were returned,
making it impossible to send to lists restricted to their own members using
alternate addresses.
|
|
mgrpDisallowedBroadcaster
|
(LDAP_CANT_URL) URL identifying mail addresses not allowed to send mail to this
group. Can be multivalued. Each URL is expanded into a list of addresses and
each address is checked against the current envelope from: address. A match
means access checking has failed and all subsequent checks are bypassed. The
expansion that is performed is similar to an SMTP EXPN with
all access control checks disabled.
|
|
mgrpMsgMaxSize
|
(LDAP_ATTR_MAXIMUM_MESSAGE_SIZE) Maximum message size in bytes that
can be sent to the group. This attribute is obsolete but still supported for
backwards compatibility; the new mailMsgMaxBlocks attribute
should be used instead.
|
|
mgrpAuthPassword
|
(LDAP_AUTH_PASSWORD) Specifies a password needed to post to the list. The presence
of a mgrpAuthPassword attribute forces a reprocessing pass.
As the message is enqueued to the reprocessing channel, the password is taken
from the header and placed in the envelope. Then, while reprocessing, the
password is taken from the envelope and checked against this attribute. Additionally,
only passwords that actually are used are removed from the header field.
The OR_CLAUSES MTA option acts on this attribute in the same way it
acts on the other access check attributes.
|
|
mgrpModerator
|
(LDAP_MODERATOR_URL) The list of URLs given by this attribute to be expanded into a
series of addresses. The interpretation of this address list depends on the
setting of the LDAP_REJECT_ACTION MTA option. If LDAP_REJECT_ACTION is set to TOMODERATOR, this attribute specifies
the moderator address(es) the message is to be sent to should any of the access
checks fail. If LDAP_REJECT_ACTION is missing or has any
other value, the address list is compared with the envelope from address.
Processing continues if there is a match. If there is no match, the message
is again sent to all of the addresses specified by this attribute. Expansion
of this attribute is implemented by making the value of this attribute the
list of URLs for the group. Any list of RFC822 addresses or DNs associated
with the group is cleared, and the delivery options for the group are set
to members. Finally, subsequent group attributes listed
in this table are ignored.
|
|
mgrpDeliverTo
|
(LDAP_GROUP_URL1) List of URLs which, when expanded, provides a list of mailing
list member addresses.
|
|
memberURL
|
(LDAP_GROUP_URL2) Another list of URLs which, when expanded, provides another list
of mailing list member addresses.
|
|
uniqueMember
|
(LDAP_GROUP_DN) List of DNs of group members. DNs may specify an entire subtree.
Unique member DNs are expanded by embedding them in an LDAP URL. The exact
URL to use is specified by the GROUP_DN_TEMPLATE MTA option.
The default value for this option is: ldap:///$A??sub?mail=*
$A specifies the point where the uniqueMember DN
is inserted.
|
|
mgrpRFC822MailMember
|
(LDAP_GROUP_RFC822) Mail addresses of members of this list.
|
|
rfc822MailMember
|
(LDAP_GROUP_RFC822) rfc822MailMember is supported
for backwards compatibility. Either rfc822MailMember or mgrpRFC822MailMember, but not both, can be used in any given group.
|
|
mgrpErrorsTo
|
(LDAP_ERRORS_TO) Sets the envelope originator (MAIL FROM) address to whatever the
attribute specifies.
|
|
mgrpAddHeader
|
(LDAP_ADD_HEADER) Turns the headers specified in the attribute into header trimming
ADD options.
|
|
mgrpRemoveHeader
|
(LDAP_REMOVE_HEADER) Turns the headers specified into header trimming MAXLINES=-1 options.
|
|
mgrpMsgPrefixText
|
(LDAP_PREFIX_TEXT) Adds the specified text to the beginning of the message text,
if any.
|
|
mgrpMsgSuffixText
|
(LDAP_SUFFIX_TEXT) Adds the specified text to the ending of the message text, if
any.
|
|
No Default
|
(LDAP_ADD_TAG)
Checks the subject for the specified text; if it isn’t present the text
is added at the beginning of the subject field.
|
