On Tue, 2005-09-20 at 21:58 +0530, Nabeel Moidu wrote: > I would be satisfied if the mailing lists can be maintained seperately > using its own list while the users are stored in the directory server, > but the only issue is when the mail server receives a mail, an ldap > lookup by the Spam Firewall (We use Barracuda here) shouldn't result > in it rejecting it as an invalid user since the lists are maintained > seperately. > Can this situation be overcome anyhow? > > And as for the LDAP module you will be releasing , Will it be for > storing the lists completely in the ldap server?Can the list entries > map to the existing user account in the LDAP server? FWIW, I also maintain cyrus and dovecot at Red Hat. I think you may have some concepts confused, let me see if I can explain. The MTA and the IMAP server at your site manage what I'll term "local users". In other words their accounts, mail storage, aliases, etc. are under your control. However a mailing list manager such as mailman does not necessarily manage local users, in fact its often the case the members of a mailing list hosted at your site are mostly foreign users. For instance if your site hosts a mailing list called "announcements" you might have people subscribed to that list from all over the world. It is true that some sites hosting mailing lists only permit local users to join their lists but that is somewhat orthogonal to the discussion of user and list management at the LDAP level. In summary, the members of a mailing list hosted at your site are arbitrary email addresses. However, what is local to your site with respect to the mailing list is the list email address (e.g. annoucements at mycompany.com). Mail arriving at your site for the mailing list and mail departing your site for the mailing list is only ever as a "list address", individual users who are members of the mailing list are never seen by your MTA (I'm playing a little fast and loose for simplicity here, but this is essentially a true statement). Your MTA will need to know about the existence of the list address so it can deliver and not reject the list as an unknown user. This is done by adding the list as an alias. In fact mailman has nice support for postfix, when mailman creates a new list it automatically adds the list alias to postfix's aliases. Mailman is not even aware that postfix is managing its aliases via LDAP, you configure postfix to use LDAP for its aliases. One minor caveat about mailing list aliases, there are several for each mailing list which exist to handle bounces, requests, etc. but you're pretty much shieled from having to know any of this. When your mailing list wants to send messages out to the list it invokes your MTA for every email address that is in the mailing list. Some of those email addresses will be local, some will be foreign. But once again you don't need to know or want to know that distinction, your MTA handles it automatically. If some of the address happen to be local the MTA will figure it out (postfix can be configured to do this via LDAP lookup of your local users). If your MTA determines the user is local then it makes a local delivery. If you are using IMAP then your MTA will deliver the mail to the IMAP server. Just like your MTA your IMAP may be configured to use LDAP to look up information about your local users, in fact its probably a good idea if you're usings LDAP for your MTA and other system based local lookups (e.g. nss). The key point here is only your MTA and your IMAP server care about local users. A mailing list is a special case of a local user. Take care to note here I said the mailing list, which as far as your MTA is concerned is a black box. The members of that mailing list have no local lookups unless a member happens to route locally and only then will it become an MTA/IMAP issue (and at that point the mailing list is no longer in the picture). Thus when it comes to mailing lists you don't want to intermingle local users and list members and by extension the mailing list itself is independently maintained. Local users and mailing lists are really two seperate things. On the other hand, if you're setting up virtual users (people who don't have system accounts only an email account) there are a few extra steps, but essentially its the same thing. For simplicity I've omitted any discussion of virtual domains as well, but fundamentally the concepts are the same, just one extra level of indirection. I hope this explains things. Make sense? I expect to post the LDAP support for mailman in the source forge mailman patches site within about a week. Please be aware you will find an existing LDAP module there, but its quite incomplete and only usuable in limited circumstances. To further clarify, when mailman is configured to use LDAP its ldap entries belong to mailman only. It will never lookup up anything outside of its own ldap tree. -- John Dennis <jdennis at redhat.com>
