Hi John That was the best reply i ever got for a post on a forum. Thanks a million. I'll do a deeper study into all these before i proceed. Regards Nabeel On 9/20/05, John Dennis <jdennis at redhat.com> wrote: > > On Tue, 2005-09-20 at 21:58 +0530, Nabeel Moidu wrote: > > I would be satisfied if the mailing lists can be maintained seperately > > using its own list while the users are stored in the directory server, > > but the only issue is when the mail server receives a mail, an ldap > > lookup by the Spam Firewall (We use Barracuda here) shouldn't result > > in it rejecting it as an invalid user since the lists are maintained > > seperately. > > Can this situation be overcome anyhow? > > > > And as for the LDAP module you will be releasing , Will it be for > > storing the lists completely in the ldap server?Can the list entries > > map to the existing user account in the LDAP server? > > FWIW, I also maintain cyrus and dovecot at Red Hat. > > I think you may have some concepts confused, let me see if I can > explain. > > The MTA and the IMAP server at your site manage what I'll term "local > users". In other words their accounts, mail storage, aliases, etc. are > under your control. > > However a mailing list manager such as mailman does not necessarily > manage local users, in fact its often the case the members of a mailing > list hosted at your site are mostly foreign users. For instance if your > site hosts a mailing list called "announcements" you might have people > subscribed to that list from all over the world. It is true that some > sites hosting mailing lists only permit local users to join their lists > but that is somewhat orthogonal to the discussion of user and list > management at the LDAP level. In summary, the members of a mailing list > hosted at your site are arbitrary email addresses. > > However, what is local to your site with respect to the mailing list is > the list email address (e.g. annoucements at mycompany.com). Mail arriving > at your site for the mailing list and mail departing your site for the > mailing list is only ever as a "list address", individual users who are > members of the mailing list are never seen by your MTA (I'm playing a > little fast and loose for simplicity here, but this is essentially a > true statement). Your MTA will need to know about the existence of the > list address so it can deliver and not reject the list as an unknown > user. This is done by adding the list as an alias. In fact mailman has > nice support for postfix, when mailman creates a new list it > automatically adds the list alias to postfix's aliases. Mailman is not > even aware that postfix is managing its aliases via LDAP, you configure > postfix to use LDAP for its aliases. > > One minor caveat about mailing list aliases, there are several for each > mailing list which exist to handle bounces, requests, etc. but you're > pretty much shieled from having to know any of this. > > When your mailing list wants to send messages out to the list it invokes > your MTA for every email address that is in the mailing list. Some of > those email addresses will be local, some will be foreign. But once > again you don't need to know or want to know that distinction, your MTA > handles it automatically. If some of the address happen to be local the > MTA will figure it out (postfix can be configured to do this via LDAP > lookup of your local users). If your MTA determines the user is local > then it makes a local delivery. > > If you are using IMAP then your MTA will deliver the mail to the IMAP > server. Just like your MTA your IMAP may be configured to use LDAP to > look up information about your local users, in fact its probably a good > idea if you're usings LDAP for your MTA and other system based local > lookups (e.g. nss). > > The key point here is only your MTA and your IMAP server care about > local users. A mailing list is a special case of a local user. Take care > to note here I said the mailing list, which as far as your MTA is > concerned is a black box. The members of that mailing list have no local > lookups unless a member happens to route locally and only then will it > become an MTA/IMAP issue (and at that point the mailing list is no > longer in the picture). > > Thus when it comes to mailing lists you don't want to intermingle local > users and list members and by extension the mailing list itself is > independently maintained. Local users and mailing lists are really two > seperate things. > > On the other hand, if you're setting up virtual users (people who don't > have system accounts only an email account) there are a few extra steps, > but essentially its the same thing. For simplicity I've omitted any > discussion of virtual domains as well, but fundamentally the concepts > are the same, just one extra level of indirection. > > I hope this explains things. Make sense? > > I expect to post the LDAP support for mailman in the source forge > mailman patches site within about a week. Please be aware you will find > an existing LDAP module there, but its quite incomplete and only usuable > in limited circumstances. > > To further clarify, when mailman is configured to use LDAP its ldap > entries belong to mailman only. It will never lookup up anything outside > of its own ldap tree. > -- > John Dennis <jdennis at redhat.com> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20050921/9235d85d/attachment.html
