[Fedora-directory-users] mailing lists , FDS , WinSync

[John Dennis]

On Tue, 2005-09-20 at 21:58 +0530, Nabeel Moidu wrote:
> I would be satisfied if the mailing lists can be maintained seperately
> using its own list while the users are stored in the directory server,
> but the only issue is when the mail server receives a mail, an ldap
> lookup by the Spam Firewall (We use Barracuda here)  shouldn't result
> in it rejecting it as an invalid user since the lists are maintained
> seperately.
> Can this situation be overcome anyhow?
> 
> And as for the LDAP module you will be releasing , Will it be for
> storing the lists completely in the ldap server?Can the list entries
> map to the existing user account in the LDAP server?

FWIW, I also maintain cyrus and dovecot at Red Hat.

I think you may have some concepts confused, let me see if I can
explain.

The MTA and the IMAP server at your site manage what I'll term "local
users". In other words their accounts, mail storage, aliases, etc. are
under your control.

However a mailing list manager such as mailman does not necessarily
manage local users, in fact its often the case the members of a mailing
list hosted at your site are mostly foreign users. For instance if your
site hosts a mailing list called "announcements" you might have people
subscribed to that list from all over the world. It is true that some
sites hosting mailing lists only permit local users to join their lists
but that is somewhat orthogonal to the discussion of user and list
management at the LDAP level. In summary, the members of a mailing list
hosted at your site are arbitrary email addresses.

However, what is local to your site with respect to the mailing list is
the list email address (e.g. annoucements at mycompany.com). Mail arriving
at your site for the mailing list and mail departing your site for the
mailing list is only ever as a "list address", individual users who are
members of the mailing list are never seen by your MTA (I'm playing a
little fast and loose for simplicity here, but this is essentially a
true statement). Your MTA will need to know about the existence of the
list address so it can deliver and not reject the list as an unknown
user. This is done by adding the list as an alias. In fact mailman has
nice support for postfix, when mailman creates a new list it
automatically adds the list alias to postfix's aliases. Mailman is not
even aware that postfix is managing its aliases via LDAP, you configure
postfix to use LDAP for its aliases.

One minor caveat about mailing list aliases, there are several for each
mailing list which exist to handle bounces, requests, etc. but you're
pretty much shieled from having to know any of this.

When your mailing list wants to send messages out to the list it invokes
your MTA for every email address that is in the mailing list. Some of
those email addresses will be local, some will be foreign. But once
again you don't need to know or want to know that distinction, your MTA
handles it automatically. If some of the address happen to be local the
MTA will figure it out (postfix can be configured to do this via LDAP
lookup of your local users). If your MTA determines the user is local
then it makes a local delivery.

If you are using IMAP then your MTA will deliver the mail to the IMAP
server. Just like your MTA your IMAP may be configured to use LDAP to
look up information about your local users, in fact its probably a good
idea if you're usings LDAP for your MTA and other system based local
lookups (e.g. nss).

The key point here is only your MTA and your IMAP server care about
local users. A mailing list is a special case of a local user. Take care
to note here I said the mailing list, which as far as your MTA is
concerned is a black box. The members of that mailing list have no local
lookups unless a member happens to route locally and only then will it
become an MTA/IMAP issue (and at that point the mailing list is no
longer in the picture).

Thus when it comes to mailing lists you don't want to intermingle local
users and list members and by extension the mailing list itself is
independently maintained. Local users and mailing lists are really two
seperate things.

On the other hand, if you're setting up virtual users (people who don't
have system accounts only an email account) there are a few extra steps,
but essentially its the same thing. For simplicity I've omitted any
discussion of virtual domains as well, but fundamentally the concepts
are the same, just one extra level of indirection.

I hope this explains things. Make sense?

I expect to post the LDAP support for mailman in the source forge
mailman patches site within about a week. Please be aware you will find
an existing LDAP module there, but its quite incomplete and only usuable
in limited circumstances.

To further clarify, when mailman is configured to use LDAP its ldap
entries belong to mailman only. It will never lookup up anything outside
of its own ldap tree.
-- 
John Dennis <jdennis at redhat.com>