This section discusses creating distribution lists (also called groups). A distribution list is a collection of users to which mail can be sent with a single email address. Also discussed will be various tasks for creating group entries. For each task, the attribute will be shown, and an LDIF record example will be shown to illustrate the syntax.
Note - Some of the example code samples contain attribute-value pairs that span more than one line. If this is the case, every line after the first must begin with a blank space. This blank space is shown in the hard copy or PostScript files, but it may not show on the html browser.
FIGURE 4-1 Creating a Group.
An e-mail distribution list is represented in the directory in the ou=groups container. Information about that group is defined in an entry within that container. An example is shown below.
|
CODE EXAMPLE 4-1 LDIF Record for Creating a Group.
|
|
|
|
dn: cn=basketball,ou=groups,dc=stream,dc=com,o=internet
|
|
objectClass: groupOfUniqueNames
|
|
objectClass: inetMailRouting
|
|
objectClass: inetMailGroup
|
|
cn: basketball
|
|
uniqueMember: cn=Kevin Cox (Lighting),ou=people,dc=stream,dc=com,o=internet
|
|
|
rfc822MailMember: camden.miyoko@abalone.com
|
|
rfc822MailMember: bryn.yasuko@noodle.net
|
|
inetMailGroupVersion: 1.0
|
|
inetMailGroupStatus: active
|
|
dataSource: Mail Server 4.0
|
|
expandable: false
|
|
mail: basketball@stream.com
|
|
mailHost: buffalo.stream.com
|
|
rfc822MailAlias: b-ball_players@stream.com
|
Distribution List Attributes
|
|
dn: cn=basketball,ou=groups,dc=stream,dc=com,o=internet |
| |
The distinguished name of the group, basketball@stream.com. |
|
|
objectClass: groupOfUniqueNames
objectClass: inetMailRouting
objectClass: inetMailGroup |
| |
These are the object classes required for all distribution lists. |
| |
groupOfUniqueNames object class contains attributes useful for describing a collection of user objects. This object class inherits from top and is the structural object class. |
| |
inetMailRouting object class contains attributes required for the routing common to all internet email recipients. This class is for entries describing either email users (inetMailUser) or groups (inetMailGroup). |
| |
inetMailGroup object class contains attributes useful for an e-mail distribution list. |
groupOfUniqueNames Attributes
|
|
cn: basketball |
| |
cn (commonname) is the distribution list's common name. There can be more than one cn attribute for a distribution list, however each cn must be unique within the domain. |
|
|
uniqueMember: cn=Kevin Cox (Lighting),ou=people,dc=stream,dc=com,o=internet |
| |
(Required.) This attribute specifies the distinguished names of members of this distribution list. |
Note - All distribution lists are required to have at least one unique member.
inetMailGroup Attributes
|
|
rfc822MailMember: camden.kimura@abalone.com
rfc822MailMember: bryn.yasuko@noodle.net |
| |
rfc822mailmember stores the e-mail addresses (RFC-822 format) defined for the external members of this list (members without resolvable DNs). |
|
|
inetMailGroupVersion: 1.0 |
| |
inetmailgroupversion is a version tag of this object class. This attribute must be set when an entry is created using this object class. The starting version tag is 1.0. |
|
|
inetMailGroupStatus: active |
| |
inetmailgroupstatus specifies the status of a distribution list. The intent of this attribute is to allow the ISP to suspend and reactivate the distribution list. This attribute takes one of three values active, inactive, deleted (marked for deletion). If this attribute is missing, the semantics are the same as if it is active. |
|
|
dataSource: Mail Server 4.0 |
| |
datasource is free form text entry of the original data source or migration tool for data in the group entry. |
|
|
expandable: false |
| |
expandable specifies whether if the distribution list is expandable or not. If set to true, then someone can read the addresses of the members of the distribution list by using the SMTP command expn <dl_name>. If not specified, default is true. |
inetMailRouting Attributes
|
|
mail: basketball@stream.com |
| |
The group's advertised e-mail address. |
|
|
mailHost: buffalo.stream.com |
| |
This is the fully qualified hostname of the IMTA where the distribution list is expanded. |
|
|
rfc822MailAlias: b-ball_players@stream.com |
| |
Stores alternate e-mail aliases (RFC-822 format), if any, defined for the distribution list. Mail to this address will be delivered to the group associated with this entry. The value must be unique for all mail and rfc822MailAlias attributes in a domain. |
This section describes how to implement common tasks on distribution list entries. The entire LDIF record is shown for most tasks. Usually, however, these tasks require only adding or modifying one or more attributes to an existing distribution list. Instead of using the entire record, use only the lines in italics. For example, to do the task described in the following section using ldapmodify, you would do:
# ./ldapmodify -D "<SIMS Admin DN>" -w <passwd> -f change.ldif
where the contents of change.ldif is:
|
dn: cn=basketball,ou=groups,dc=stream,dc=com,o=internet
|
|
changetype: modify
|
|
add: owner
|
|
uniqueMember: cn=Kevin Cox (Lighting),ou=people,dc=stream,dc=com,o=internet
|
Assigning Owners to Groups
Group owners can add or delete members to the distribution list. To change an owner to a group, assign a distinguished name to the owner attribute from objectClass groupOfUniqueNames. There can be more than one owner for the group, but owners must have valid DNs in the directory where the distribution list is defined. Example code is shown below.
|
CODE EXAMPLE 4-2 LDIF Record for Creating a Group with an Owner.
|
|
|
|
dn: cn=basketball,ou=groups,dc=stream,dc=com,o=internet
|
|
objectClass: groupOfUniqueNames
|
|
objectClass: inetMailRouting
|
|
objectClass: inetMailGroup
|
|
cn: basketball
|
|
owner: cn=Kevin Cox (Lighting),ou=people,dc=stream,dc=com,o=internet
|
|
|
uniqueMember: cn=Kevin Cox (Lighting),ou=people,dc=stream,dc=com,o=internet
|
|
|
rfc822MailMember: camden.miyoko@abalone.com
|
|
rfc822MailMember: bryn.yasuko@noodle.net
|
|
inetMailGroupVersion: 1.0
|
|
inetMailGroupStatus: active
|
|
dataSource: Mail Server 4.0
|
|
expandable: false
|
|
mail: basketball@stream.com
|
|
mailHost: buffalo.stream.com
|
|
rfc822MailAlias: b-ball_players@stream.com
|
Adding Members to a Distribution List
Add internal members (members with resolvable DNs) by assigning their DN to the attribute uniqueMember. Add external members by assigning their email address to the attribute rfc822MailMember.
|
CODE EXAMPLE 4-3 LDIF Record for Adding Members to a Group.
|
|
|
|
dn: cn=basketball,ou=groups,dc=stream,dc=com,o=internet
|
|
changetype: modify
|
|
add: uniqueMember
|
|
uniqueMember: cn=Wally Boi,ou=people,dc=stream,dc=com,o=internet
|
|
|
-
add: rfc822MailMember
rfc822MailMember: wilt@abalone.com
|
Making Distribution Lists User Joinable
You can allow members within the directory domain to add or remove themselves from a distribution list by setting the attribute joinable to true. The values for this task are TRUE and FALSE.
|
CODE EXAMPLE 4-4 LDIF Record for a Group Joinable.
|
|
|
|
dn: cn=basketball,ou=groups,dc=stream,dc=com,o=internet
|
|
objectClass: groupOfUniqueNames
|
|
objectClass: inetMailRouting
|
|
objectClass: inetMailGroup
|
|
cn: basketball
|
|
uniqueMember: cn=Kevin Cox (Lighting),ou=people,dc=stream,dc=com,o=internet
|
|
|
rfc822MailMember: camden.miyoko@abalone.com
|
|
rfc822MailMember: bryn.yasuko@noodle.net
|
|
inetMailGroupVersion: 1.0
|
|
inetMailGroupStatus: active
|
|
dataSource: Mail Server 4.0
|
|
expandable: false
|
|
joinable: true
|
|
mail: basketball@stream.com
|
|
mailHost: buffalo.stream.com
|
|
rfc822MailAlias: b-ball_players@stream.com
|
Designating Moderators
A group moderator(s) is someone who first receives a message to the distribution list, reads it, then forwards it to the rest of the members if desired. Any message submitted to the group will go to the moderator instead of the distribution list members. The moderator will then send the message to the distribution list as desired, where it will be delivered to the individual members. Set a valid DN or email address to the attribute moderator. Multiple moderators are allowed.
Format of inetMailGroup Attribute Values
There are several inetMailGroup attributes--errorsTo, requestsTo, moderator, authorizedSubmitter, unauthorizedSubmitter--that can contain both RFC-822 mail addresses and DNs of LDAP entries. This is permitted since inetMailGroup is both an LDAP and email entity. When preceded by ldap:/// the entry is taken as an LDAP entry with the remaining value treated as the distinguished name of the entry. For example:
moderator: ldap:///cn=Kevin Cox (White Lightening)
,ou=people,dc=stream,dc=com,o=internet
When preceded by mailto: the entry is interpreted as an RFC-822 address. A missing prefix of ldap:/// or mailto: for the entry is assumed to be an RFC-822 address.
Note that the moderator attribute-value pair spans two lines and that the second line must start with a blank space. (If you are reading this on-line, this space may not be displayed in your browser.)
|
CODE EXAMPLE 4-5 LDIF Record for Creating Group Moderators.
|
|
|
|
dn: cn=basketball,ou=groups,dc=stream,dc=com,o=internet
|
|
objectClass: groupOfUniqueNames
|
|
objectClass: inetMailRouting
|
|
objectClass: inetMailGroup
|
|
cn: basketball
|
|
moderator: ldap:///cn=Kevin Cox (Lightening)
,ou=people,dc=stream,dc=com,o=internet
|
|
|
moderator: camden.miyoko@abalone.com
|
|
uniqueMember: cn=Kevin Cox (Lightening),ou=people,dc=stream,dc=com,o=internet
|
|
|
rfc822MailMember: camden.miyoko@abalone.com
|
|
rfc822MailMember: bryn.yasuko@noodle.net
|
|
inetMailGroupVersion: 1.0
|
|
inetMailGroupStatus: active
|
|
dataSource: Mail Server 4.0
|
|
expandable: false
|
|
mail: basketball@stream.com
|
|
mailHost: buffalo.stream.com
|
|
rfc822MailAlias: b-ball_players@stream.com
|
Creating Posting Restrictions on Distribution Lists
Restrictions can be placed on what submitters or domains can or cannot send mail to the group. The restriction attributes are as follows:
|
|
authorizedSubmitter defines the list of addresses that are authorized to send messages to the distribution list. If this attribute is not included in the LDIF record, the list is unrestricted, meaning it will not contain the authorized/unauthorized submitters, or the authorized/unauthorized domains. The From: header address must match one of the addresses in the permitted list before the IMTA will route the message to a list of members. |
|
|
unauthorizedSubmitter specifies addresses not permitted to post messages to the list. The sender's address is compared against those in this attribute. If there is a match then the message is rejected. |
|
|
authorizedDomain specifies the domain names from which users are authorized to post messages to the distribution list. The wildcard character is "*". Using the wildcard character one may optionally replace a sub-domain to authorize the entire DNS hierarchy below a given top or sub-domain. |
|
|
unauthorizedDomain defines the domain names from which users cannot post messages to the distribution list. |
Note - Note that DNs values for authorizedSubmitter, unauthorizedSubmitter must have the prefix ldap:///. Refer to Section , "Format of inetMailGroup Attribute Values," on page 51.
Precedence Rules
The following precedence rules are followed by the IMTA when deciding whether it should accept the message for further processing or not ("From:" address is used in all the rules when looking for match):
| |
1. |
If unauthorizedSubmitter attribute exists in the LDAP entry, the sender's address must not match either the mail attribute or rfc822MailAlias attribute of any DN listed in the form of a ldap:///<DN> address and must not match the RFC-822 address listed in the form of a mailto:<RFC-822> address. |
| |
2. |
if authorizedSubmitter attribute exists in the LDAP entry, the sender's address must match either the mail attribute or rfc822MailAlias attribute of any DN listed in the form of a ldap:///<DN> address and must not match the RFC-822 address listed in the form of a mailto:<RFC-822> address. |
| |
3. |
if unauthorizedDomain exists in the LDAP entry, then sender's domain must not match the domain(s) listed in the unauthorizedDomain attribute. |
| |
4. |
If authorizedDomain attribute exists in the LDAP entry, then the sender's domain must match the domain(s) listed in the authorizedDomain attribute.
|
CODE EXAMPLE 4-6 LDIF Record for Creating Group Posting Restrictions.
|
|
|
|
dn: cn=basketball,ou=groups,dc=stream,dc=com,o=internet
|
|
objectClass: groupOfUniqueNames
|
|
objectClass: inetMailRouting
|
|
objectClass: inetMailGroup
|
|
cn: basketball
|
|
uniqueMember: cn=Kevin Cox (Lightening),ou=people,dc=stream,dc=com,o=internet
|
|
|
rfc822MailMember: camden.miyoko@abalone.com
|
|
rfc822MailMember: bryn.yasuko@noodle.net
|
|
inetMailGroupVersion: 1.0
|
|
unauthorizedSubmitter: xxx@porno.com
|
|
unauthorizedDomain: spam.net
|
|
inetMailGroupStatus: active
|
|
dataSource: Mail Server 4.0
|
|
expandable: false
|
|
mail: basketball@stream.com
|
|
mailHost: buffalo.stream.com
|
|
rfc822MailAlias: b-ball_players@stream.com
|
|
Designating Addresses for Requests
You can set the requestTo attribute to forward the distribution list subscription requests to a particular address. Note that the requestsTo attribute-value pair spans two lines and that the second line must start with a blank space. (If you are reading this on-line, this space may not be displayed in your browser.)
|
CODE EXAMPLE 4-7 LDIF Record for Creating a requestTo Attribute.
|
|
|
|
dn: cn=basketball,ou=groups,dc=stream,dc=com,o=internet
|
|
objectClass: groupOfUniqueNames
|
|
objectClass: inetMailRouting
|
|
objectClass: inetMailGroup
|
|
cn: basketball
|
|
requestsTo: ldap:///cn=Kevin Cox (Lightening)
,ou=people,dc=stream,dc=com,o=internet
|
|
|
rfc822MailMember: camden.miyoko@abalone.com
|
|
uniqueMember: cn=Kevin Cox (White Lightening)
,ou=people,dc=stream,dc=com,o=internet
|
|
|
rfc822MailMember: camden.miyoko@abalone.com
|
|
rfc822MailMember: bryn.yasuko@noodle.net
|
|
inetMailGroupVersion: 1.0
|
|
inetMailGroupStatus: active
|
|
dataSource: Mail Server 4.0
|
|
expandable: false
|
|
mail: basketball@stream.com
|
|
mailHost: buffalo.stream.com
|
|
rfc822MailAlias: b-ball_players@stream.com
|
Setting Error Handling Parameters
Mail delivery error handling is set in one of two ways:
|
|
Delivery errors are reported to the original sender. |
|
|
Delivery errors go back to the address specified in the errorsTo attribute. |
Set the errorsTo attribute to the address to which distribution list errors are sent. When a list is expanded, the original return address in the envelope is replaced by this address. The intent is for errors to be sent to the owner of the list, rather than the message originator who generally has no control over the contents of the list. If the errorsTo attribute is not specified, errors are sent to the originator.
The Requirements for Internet Hosts [RFC1123] specify that all IMTAs should support a mechanism where a list is expanded, but with the original return address preserved. This is referred to by the RFC as aliasing. This can be achieved by omitting the errorsTo attribute.
Note that the errorTo attribute-value pair spans two lines and that the second line must start with a blank space. (If you are reading this on-line, this space may not be displayed in your browser.)
|
CODE EXAMPLE 4-8 LDIF Record for Setting errorTo Attribute.
|
|
|
|
dn: cn=basketball,ou=groups,dc=stream,dc=com,o=internet
|
|
objectClass: groupOfUniqueNames
|
|
objectClass: inetMailRouting
|
|
objectClass: inetMailGroup
|
|
cn: basketball
|
|
errorsTo: ldap:///cn=Kevin Cox (White Lightening)
,ou=people,dc=stream,dc=com,o=internet
|
|
|
uniqueMember: cn=Kevin Cox (White Lightening)
,ou=people,dc=stream,dc=com,o=internet
|
|
|
rfc822MailMember: camden.miyoko@abalone.com
|
|
rfc822MailMember: bryn.yasuko@noodle.net
|
|
inetMailGroupVersion: 1.0
|
|
inetMailGroupStatus: active
|
|
dataSource: Mail Server 4.0
|
|
expandable: false
|
|
mail: basketball@stream.com
|
|
mailHost: buffalo.stream.com
|
|
rfc822MailAlias: b-ball_players@stream.com
|
Copyright © 1999 Sun Microsystems, Inc. All Rights Reserved.