swapped rejects in acls for the correct deny
[exim-website.git] / config.samples / C036
1 Date: 25 Jul 2000 13:30:24 +0200
2 From: Oliver Seidel <seidel@in-medias-res.com>
3
4 Hello Everybody,
5
6 my aim was to have an LDAP-driven system for mail delivery.  My
7 configuration uses an LDAP directory structure that operates as
8 follows (sensitive parts replaced by "xxx"):
9
10 dn: dc=in medias res,dc=com
11 dc: in medias res
12 objectclass: top
13 objectclass: domain
14
15 dn: ou=People,dc=in medias res,dc=com
16 ou: People
17 objectclass: top
18 objectclass: organizationalUnit
19
20 dn: uid=seidel,ou=People,dc=in medias res,dc=com
21 telephonenumber: 02166 9999 xxx
22 mobile: (none)
23 mailalias: Oliver.Seidel
24 mailalias: os10000
25 mailalias: oslist
26 objectclass: addressbook
27 objectclass: account
28 objectclass: shadowaccount
29 objectclass: posixAccount
30 objectclass: top
31 mailbox: /var/spool/mail/seidel
32 mail: os10000@in-medias-res.com
33 uid: seidel
34 cn: Oliver Seidel
35 sn: Seidel
36 givenname: Oliver
37 loginshell: /bin/bash
38 uidnumber: xxx
39 gidnumber: xxx
40 homedirectory: /home/seidel
41 gecos: Oliver Seidel
42 userpassword: {crypt}xxx
43
44 This allows the use of the "MS Outlook" address book feature and
45 allows the delivery of email to local mailboxes, with ".forward"
46 processing.
47
48 My Exim Makefile in "$(EXIM)/Local/Makefile" differs from the original
49 in "$(EXIM)/src/EDITME" as follows:
50
51 ---------------------------------------------------------------------------
52 < # AUTH_CRAM_MD5=yes
53 ---
54 > AUTH_CRAM_MD5=yes
55 339c339
56 < # LOOKUP_LDAP=yes
57 ---
58 > LOOKUP_LDAP=yes
59 352a353,355
60 > LOOKUP_INCLUDE= -I/tmp/openldap/include
61 > LOOKUP_LIBS= -L/tmp/openldap/lib -lldap -llber
62
63 360c363
64 < # LDAP_LIB_TYPE=UMICHIGAN
65 ---
66 > LDAP_LIB_TYPE=UMICHIGAN
67 458c461
68 < # SPOOL_DIRECTORY=/var/spool/exim
69 ---
70 > SPOOL_DIRECTORY=/var/spool/exim
71 ---------------------------------------------------------------------------
72
73 Finally, after building and installing exim, I use a "directors
74 section" in the file "/usr/exim/configure" that contains the following
75 entries:
76
77 ---------------------------------------------------------------------------
78 ldap_aliases:
79   driver = aliasfile
80   search_type = ldap
81   query = "ldap://192.168.2.89:389/ou=People,dc=in%20medias%20res,dc=com?uid?one?(mailAlias=${local_part})"
82   new_director = ldap_forward
83
84 ldap_forward:
85   driver = forwardfile
86   file = .forward
87   no_verify
88   no_expn
89   check_ancestor
90   filter = true
91   user = ${lookup ldap{ldap://192.168.2.89:389/uid=${local_part},ou=People,dc=in%20medias%20res,dc=com?uidnumber?base?}{$value}fail}
92   group = users
93   file_transport = address_file
94   pipe_transport = address_pipe
95   reply_transport = address_reply
96
97 ldap_uids:
98   driver = aliasfile
99   search_type = ldap
100   query = "ldap://192.168.2.89:389/uid=${local_part},ou=People,dc=in%20medias%20res,dc=com?mailbox?base?"
101   user = ${lookup ldap{ldap://192.168.2.89:389/uid=${local_part},ou=People,dc=in%20medias%20res,dc=com?uidnumber?base?}{$value}fail}
102   group = users
103   file_transport = address_file
104   pipe_transport = address_pipe
105
106 just_eat_it:
107   driver = smartuser
108   new_address = maildump@in-medias-res.com
109 ---------------------------------------------------------------------------
110
111 The "ldap_aliases" director checks for entries of the form
112 "mailalias".  This ensures that the names "os10000", "oslist" and
113 "Oliver.Seidel" from the above example are recognised.  The difference
114 between this director and the others lies in the fact that it looks up
115 the entry "uid" (as can be seen between the "com?" and "?one".
116
117 The director "ldap_forward" performs the processing of "~/.forward"
118 files.  It needs to look up the UNIX uid number.
119
120 The next entry handles direct delivery to the mailbox, and
121
122 the last director handles unknown addresses.
123
124 I hope I was of assistance and thanks to Philip for his software!
125
126 Oliver Seidel