[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: sendmail+openldap+multihosting

To: Maximiliano Kolus <mkolus@tlh.com.ar>
Subject: Re: sendmail+openldap+multihosting
From: Turbo Fredriksson <turbo@nocrew.org>
Date: 27 Feb 2000 00:49:10 +0100
Cc: openldap-software@OpenLDAP.org, hlaverense@amtec.net
In-reply-to: Maximiliano Kolus's message of "Sat, 26 Feb 2000 14:58:18 -0300"
References: <4.3.0.20000226113306.00b07480@nemesis.tlh>
User-agent: Gnus/5.0803 (Gnus v5.8.3) Emacs/20.5

Quoting Maximiliano Kolus <mkolus@tlh.com.ar>:

> * Mail multi-hosting (several domains on the same phisycal machine)
> * Each domain will have it's own user space. Each IP alias will appear as a
>   different domain on the SMTP and POP-3 port. I mean: user jdoe on
>   mail.domain1.com will be completely different to jdoe on mail.domain2.com.

I don't know THAT much about sendmail, I find it anquard :)

What i use is qmail, it's quick and 'reasonable' scalable. I've seen tests that
indicate it's not as good for GIGANTIC mail hosts (> 500k users), but that could
be easily accomplished with a mail cluster.

Using the Qmail-LDAP patch (http://www.nrg4u.com/), you have all the users and
email addresses in an LDAP database.

Specifying that 'jdoe@domain.com' delivers to '/var/spool/mail/domain/jdoe' and
'jdoe@whatever.com' deliver to '/var/spool/mail/whatever/jdoe' is just a matter
of specifying the correct attributes in the LDAP db (mail and mailMessageStore).

Also, as the cluster grows (ie, more and more machines that handles mail), you 
can specify on WHAT machine it should be physically delivered to. Good for 
scalability.

>         The POP-3 server is not the problem (in fact, we're making one from
> scratch), but sendmail and mda configuration is.

I'm using cucipop, works great... For virtual hosting, I found that you have to
'login' to the pop server with you full email address (jdoe@whatever.com) instead
of just jdoe). There might be a way around that, but i was 'quite happy' with that
solution, and never investigated further.

> * The part left to the POP-3 server is simple: it will authenticate the
> user knowing wich server him/her is connected to. Each domain will have
> it's own user space. Much like cucipop does.

'knowing which server he/she is connected to'... Implies that there will be
different machines, dealing with different domains (?). If not, I don't know
HOW the pop server will know to which domain the user connected to, if all the
domains is the same machine...

> * Sendmail will lookup users in the LDAP servers, he will know -trough it-
> if a user exists or not.

The Qmail-LDAP patch searches for the email address, so it doesn't matter WHERE
the user is located in the db (as long as the base dn is set properly, ie to
'o=Amtec' in your example below)...

> * The POP-3 server will authenticate users using the LDAP server.
>         Where are we stuck?. The organization we find appropiate for this mail
> configuration was:
> o=Amtec
>         ou=MailHost
>         ou=Domain1
>                 cn=jdoe
>                         maildrop=jdoe@domain1.com
>                         userpassword=you_will_never_hack_this_pass
>                 cn=webmaster
>                         maildrop=webmaster@domain2.com
>                         userpassword=apache-rules!
>         ou=Domain2
>                 cn=jdoe
>                         maildrop=jdoe@domain1.com
>                         userpassword=secret

In  my  example  above,  the  cn 'have  to  be'  jdoe@domain1.com  and
jdoe@doman2.com, so that the user logs in with the full email address
instead of just the user name. I don't know how else to differentiate
between the two users/mail addresses.

'jdoe@doman1.com' is  always (!!) the same address.  _I_ wouldn't like
it if  there was ANOTHER 'turbo@nocrew.org' on  the same machine/other
machine!!! I think the 'maildrop' values above was just a typo, right? :)

BTW,  the attribute should  be just  'mail', not  'maildrop' (RFC1274,
http://www.hklc.com/ldapschema/attribute.phtml?attribute=mail).

>         As  you   can  see,  the  domains  are   on  different  tree
> branchs. We didnt figure -yet- the way of telling sendmail to search
> users  of domain1  in  branch  1 and  domain2.  The K  configuration
> command  of sendmail,  apparently, dont  allow us  to tell  where to
> start the  search for  each domain.          How  you can  help?. We
> need  guidelines  to accomplish  this  configuration (multiple  mail
> servers for  different domains on the  same machine). If  any of you
> did this or have some ideas to  share, it will help us a lot. Im not
> asking for a  solution to this (it will be  better, of course), just
> ideas on how to accomplish this.

As i said above, I'm not very good at Sendmail. I know that it can do
it, but not know how...

By also specifying the attribute 'mailHost', you tell qmail on which
computer to deliver the mail, ie 'mailHost=mail.domain1.com', and
'mailHost=mail.domain2.com'. That way you have a very good base for
growth...

--

Follow-Ups:
- Re: sendmail+openldap+multihosting
  - From: Dustin Sallings <dustin@spy.net>

References:
- sendmail+openldap+multihosting
  - From: Maximiliano Kolus <mkolus@tlh.com.ar>

Prev by Date: sendmail+openldap+multihosting
Next by Date: Re: sendmail+openldap+multihosting
Index(es):
- Chronological
- Thread