Fedora directory users - Sep 2005 - mailing lists , FDS , WinSync

Hi
I am planning to put up postfix with authentication from Fedora Directory 
Server (Synched to a Windows AD so that user creation is 
completely done at the AD).I have sync''ed the AD and the FDS( thanks to
Rich
M for that).
My doubts are
When a user account is created in the AD will its user attributes be enough 
for authentication for a postfix user ? Does it require any schema updation 
on the FDS or the AD? 
When mailing lists are created on the mail server , does it have anything to 
do with the LDAP server or will it be directly stored on the mail server 
itself?
Thanks in Advance
Regards
Nabeel

On Tue, 2005-09-20 at 20:30 +0530, Nabeel Moidu wrote:
> When mailing lists are created on the mail server , does it have
> anything to do with the LDAP server or will it be directly stored on
> the mail server itself?
Could you please be specific when you use the term "mailing list"? Are
you referring to an alias that expands into list of email addresses or
are you referring to something like a mailman mailing list?
-- 
John Dennis <jdennis@redhat.com>

Hi 

On 9/20/05, John Dennis <jdennis@redhat.com>
wrote:
> 
> On Tue, 2005-09-20 at 20:30 +0530, Nabeel Moidu wrote:
> > When mailing lists are created on the mail server , does it have
> > anything to do with the LDAP server or will it be directly stored on
> > the mail server itself?
> 
> Could you please be specific when you use the term "mailing
list"? Are
> you referring to an alias that expands into list of email addresses or
> are you referring to something like a mailman mailing list?
> --
> John Dennis <jdennis@redhat.com>
> 
> I am ready to use any of the mailing lists available for postfix.
But i think mailman or ezmlm would be the preferable


Regards
Nabeel

On 9/20/05, John Dennis <jdennis@redhat.com>
wrote:
> 
> On Tue, 2005-09-20 at 20:30 +0530, Nabeel Moidu wrote:
> > When mailing lists are created on the mail server , does it have
> > anything to do with the LDAP server or will it be directly stored on
> > the mail server itself?
> 
> Could you please be specific when you use the term "mailing
list"? Are
> you referring to an alias that expands into list of email addresses or
> are you referring to something like a mailman mailing list?
> --
> John Dennis <jdennis@redhat.com>
> 
> Sorry had taken question in a different sense.
Actually i mean to have both aliases which expand into a list of email 
addresses and also a mailing list like those used by mailman etc.
My requirement includes both.
Regards
Nabeel

On Tue, 2005-09-20 at 21:12 +0530, Nabeel Moidu wrote:
> Hi 
> I am ready to use any of the mailing lists available for postfix.
> But i think mailman or ezmlm would be the preferable
postfix does not have mailing lists, it has aliases. If you want a full
featured mailing list (e.g. mailman) that is an entirely different piece
of software (which may elect to utilize postfix as its MTA if it so
desires).

I am the maintainer for the mailman package here at Red Hat and I''m
just
finishing an LDAP module for mailman. But you need to realize mailman
uses its own set of users based off of its own set of mailing lists,
there isn''t an automatic mapping of system users to mailing list
members, which is what you seem to be expecting.
-- 
John Dennis <jdennis@redhat.com>

On Tue, 2005-09-20 at 21:23 +0530, Nabeel Moidu wrote:
> Sorry had taken question in a different sense.
> Actually i mean to have both aliases which expand into a list of email
> addresses and also a mailing list like those used by mailman etc.
> My requirement includes both.
With respect to postfix aliases, have you read these documents?

http://www.postfix.org/LDAP_README.html
http://directory.fedora.redhat.com/wiki/Howto:Postfix

-- 
John Dennis <jdennis@redhat.com>

Hi 
I am aware of those two documents and do plan to proceed with my 
installation based on them.

On 9/20/05, John Dennis <jdennis@redhat.com>
wrote:
> 
> On Tue, 2005-09-20 at 21:12 +0530, Nabeel Moidu wrote:
> > Hi
> > I am ready to use any of the mailing lists available for postfix.
> > But i think mailman or ezmlm would be the preferable
> 
> postfix does not have mailing lists, it has aliases. If you want a full
> featured mailing list (e.g. mailman) that is an entirely different piece
> of software (which may elect to utilize postfix as its MTA if it so
> desires).
I do use a full featured mailing list presently but its a 
qmail/vpopmail/courier-imap/ezmlm on Solaris setup which i would like to 
migrate to a postfix/cyrus/mailman on RHEL4 setup.

I am the maintainer for the mailman package here at Red Hat and I''m
just
> finishing an LDAP module for mailman. But you need to realize mailman
> uses its own set of users based off of its own set of mailing lists,
> there isn''t an automatic mapping of system users to mailing list
> members, which is what you seem to be expecting.
> --
> John Dennis <jdennis@redhat.com>
> 
> I would be satisfied if the mailing lists can be maintained seperately 
using its own list while the users are stored in the directory server, but 
the only issue is when the mail server receives a mail, an ldap lookup by 
the Spam Firewall (We use Barracuda here) shouldn''t result in it
rejecting
it as an invalid user since the lists are maintained seperately.
Can this situation be overcome anyhow?

And as for the LDAP module you will be releasing , Will it be for storing 
the lists completely in the ldap server?Can the list entries map to the 
existing user account in the LDAP server?

Regards
Nabeel

On Tue, 2005-09-20 at 21:58 +0530, Nabeel Moidu wrote:
> I would be satisfied if the mailing lists can be maintained seperately
> using its own list while the users are stored in the directory server,
> but the only issue is when the mail server receives a mail, an ldap
> lookup by the Spam Firewall (We use Barracuda here)  shouldn''t
result
> in it rejecting it as an invalid user since the lists are maintained
> seperately.
> Can this situation be overcome anyhow?
> 
> And as for the LDAP module you will be releasing , Will it be for
> storing the lists completely in the ldap server?Can the list entries
> map to the existing user account in the LDAP server?
FWIW, I also maintain cyrus and dovecot at Red Hat.

I think you may have some concepts confused, let me see if I can
explain.

The MTA and the IMAP server at your site manage what I''ll term
"local
users". In other words their accounts, mail storage, aliases, etc. are
under your control.

However a mailing list manager such as mailman does not necessarily
manage local users, in fact its often the case the members of a mailing
list hosted at your site are mostly foreign users. For instance if your
site hosts a mailing list called "announcements" you might have people
subscribed to that list from all over the world. It is true that some
sites hosting mailing lists only permit local users to join their lists
but that is somewhat orthogonal to the discussion of user and list
management at the LDAP level. In summary, the members of a mailing list
hosted at your site are arbitrary email addresses.

However, what is local to your site with respect to the mailing list is
the list email address (e.g. annoucements@mycompany.com). Mail arriving
at your site for the mailing list and mail departing your site for the
mailing list is only ever as a "list address", individual users who
are
members of the mailing list are never seen by your MTA (I''m playing a
little fast and loose for simplicity here, but this is essentially a
true statement). Your MTA will need to know about the existence of the
list address so it can deliver and not reject the list as an unknown
user. This is done by adding the list as an alias. In fact mailman has
nice support for postfix, when mailman creates a new list it
automatically adds the list alias to postfix''s aliases. Mailman is not
even aware that postfix is managing its aliases via LDAP, you configure
postfix to use LDAP for its aliases.

One minor caveat about mailing list aliases, there are several for each
mailing list which exist to handle bounces, requests, etc. but you''re
pretty much shieled from having to know any of this.

When your mailing list wants to send messages out to the list it invokes
your MTA for every email address that is in the mailing list. Some of
those email addresses will be local, some will be foreign. But once
again you don''t need to know or want to know that distinction, your MTA
handles it automatically. If some of the address happen to be local the
MTA will figure it out (postfix can be configured to do this via LDAP
lookup of your local users). If your MTA determines the user is local
then it makes a local delivery.

If you are using IMAP then your MTA will deliver the mail to the IMAP
server. Just like your MTA your IMAP may be configured to use LDAP to
look up information about your local users, in fact its probably a good
idea if you''re usings LDAP for your MTA and other system based local
lookups (e.g. nss).

The key point here is only your MTA and your IMAP server care about
local users. A mailing list is a special case of a local user. Take care
to note here I said the mailing list, which as far as your MTA is
concerned is a black box. The members of that mailing list have no local
lookups unless a member happens to route locally and only then will it
become an MTA/IMAP issue (and at that point the mailing list is no
longer in the picture).

Thus when it comes to mailing lists you don''t want to intermingle local
users and list members and by extension the mailing list itself is
independently maintained. Local users and mailing lists are really two
seperate things.

On the other hand, if you''re setting up virtual users (people who
don''t
have system accounts only an email account) there are a few extra steps,
but essentially its the same thing. For simplicity I''ve omitted any
discussion of virtual domains as well, but fundamentally the concepts
are the same, just one extra level of indirection.

I hope this explains things. Make sense?

I expect to post the LDAP support for mailman in the source forge
mailman patches site within about a week. Please be aware you will find
an existing LDAP module there, but its quite incomplete and only usuable
in limited circumstances.

To further clarify, when mailman is configured to use LDAP its ldap
entries belong to mailman only. It will never lookup up anything outside
of its own ldap tree.
-- 
John Dennis <jdennis@redhat.com>

Hi John
That was the best reply i ever got for a post on a forum.
Thanks a million.
I''ll do a deeper study into all these before i proceed.
Regards
Nabeel
On 9/20/05, John Dennis <jdennis@redhat.com>
wrote:
> 
> On Tue, 2005-09-20 at 21:58 +0530, Nabeel Moidu wrote:
> > I would be satisfied if the mailing lists can be maintained seperately
> > using its own list while the users are stored in the directory server,
> > but the only issue is when the mail server receives a mail, an ldap
> > lookup by the Spam Firewall (We use Barracuda here) shouldn''t
result
> > in it rejecting it as an invalid user since the lists are maintained
> > seperately.
> > Can this situation be overcome anyhow?
> >
> > And as for the LDAP module you will be releasing , Will it be for
> > storing the lists completely in the ldap server?Can the list entries
> > map to the existing user account in the LDAP server?
> 
> FWIW, I also maintain cyrus and dovecot at Red Hat.
> 
> I think you may have some concepts confused, let me see if I can
> explain.
> 
> The MTA and the IMAP server at your site manage what I''ll term
"local
> users". In other words their accounts, mail storage, aliases, etc. are
> under your control.
> 
> However a mailing list manager such as mailman does not necessarily
> manage local users, in fact its often the case the members of a mailing
> list hosted at your site are mostly foreign users. For instance if your
> site hosts a mailing list called "announcements" you might have
people
> subscribed to that list from all over the world. It is true that some
> sites hosting mailing lists only permit local users to join their lists
> but that is somewhat orthogonal to the discussion of user and list
> management at the LDAP level. In summary, the members of a mailing list
> hosted at your site are arbitrary email addresses.
> 
> However, what is local to your site with respect to the mailing list is
> the list email address (e.g. annoucements@mycompany.com). Mail arriving
> at your site for the mailing list and mail departing your site for the
> mailing list is only ever as a "list address", individual users
who are
> members of the mailing list are never seen by your MTA (I''m
playing a
> little fast and loose for simplicity here, but this is essentially a
> true statement). Your MTA will need to know about the existence of the
> list address so it can deliver and not reject the list as an unknown
> user. This is done by adding the list as an alias. In fact mailman has
> nice support for postfix, when mailman creates a new list it
> automatically adds the list alias to postfix''s aliases. Mailman is
not
> even aware that postfix is managing its aliases via LDAP, you configure
> postfix to use LDAP for its aliases.
> 
> One minor caveat about mailing list aliases, there are several for each
> mailing list which exist to handle bounces, requests, etc. but
you''re
> pretty much shieled from having to know any of this.
> 
> When your mailing list wants to send messages out to the list it invokes
> your MTA for every email address that is in the mailing list. Some of
> those email addresses will be local, some will be foreign. But once
> again you don''t need to know or want to know that distinction,
your MTA
> handles it automatically. If some of the address happen to be local the
> MTA will figure it out (postfix can be configured to do this via LDAP
> lookup of your local users). If your MTA determines the user is local
> then it makes a local delivery.
> 
> If you are using IMAP then your MTA will deliver the mail to the IMAP
> server. Just like your MTA your IMAP may be configured to use LDAP to
> look up information about your local users, in fact its probably a good
> idea if you''re usings LDAP for your MTA and other system based
local
> lookups (e.g. nss).
> 
> The key point here is only your MTA and your IMAP server care about
> local users. A mailing list is a special case of a local user. Take care
> to note here I said the mailing list, which as far as your MTA is
> concerned is a black box. The members of that mailing list have no local
> lookups unless a member happens to route locally and only then will it
> become an MTA/IMAP issue (and at that point the mailing list is no
> longer in the picture).
> 
> Thus when it comes to mailing lists you don''t want to intermingle
local
> users and list members and by extension the mailing list itself is
> independently maintained. Local users and mailing lists are really two
> seperate things.
> 
> On the other hand, if you''re setting up virtual users (people who
don''t
> have system accounts only an email account) there are a few extra steps,
> but essentially its the same thing. For simplicity I''ve omitted
any
> discussion of virtual domains as well, but fundamentally the concepts
> are the same, just one extra level of indirection.
> 
> I hope this explains things. Make sense?
> 
> I expect to post the LDAP support for mailman in the source forge
> mailman patches site within about a week. Please be aware you will find
> an existing LDAP module there, but its quite incomplete and only usuable
> in limited circumstances.
> 
> To further clarify, when mailman is configured to use LDAP its ldap
> entries belong to mailman only. It will never lookup up anything outside
> of its own ldap tree.
> --
> John Dennis <jdennis@redhat.com>
> 
>