Sandy,
This looks very interesting, but I'm not quite clear on the mechanisms at work here and I would appreciate it if you would help to clarify. It all sounds like it would work for my needs, but maybe not 'out of the box'. I have 4 questions that would help to clear some of the fog:
1) I have a mix of gatewayed domains and locally hosted domains. It seems that this script is really built for locally hosted domains and would need to be extended to say take in addresses stored in a flat file or database. Is that correct?
2) I'm unfamiliar with IMail's ability to do envelope rejection based on LDAP data. Could you explain how this works, or possibly point me to a relevant article from Ipswitch on how this works? I'm also curious as to how Declude would see these addresses, i.e. is everything set up as an alias on the scanning server where say [EMAIL PROTECTED] would be aliased to [EMAIL PROTECTED]
3) Some domains of course use nobody aliases, and some gatewayed domains don't have complete lists of users available. I'm wondering if and how this is handled on the gateway server?
4) I'm wondering about how the lookups happen. Is the information pulled completely to the MX server when the script is run, or is it queried off of the mail server every time a message comes in?
This could be very useful for many of us, but I fear that a general lack of experience with LDAP with IMail makes the instructions somewhat cryptic, or at least that is the case from where I sit. I certainly understand what LDAP is, and envelope rejection, but I understand nothing about how IMail makes this work, and how you coaxed IMail to do this.
Thanks,
Matt
Sanford Whiteman wrote:
All,
I've posted ldap2aliases, a VBScript that automatically creates aliases on an IMail MX corresponding to users on a remote IMail mailbox server. It's similar in function to scripts that convert IMail userbases into alias maps for other MTAs, but designed for those using IMail as a backup or scanning MX, with or without Declude.
The script allows you to reject unknown users _on the MX during the SMTP envelope_, which is a near-necessity these days. Bounce floods during dictionary attacks are a real resource burden and exacerbate the effects of Joe Jobs, as has been well documented.
Thanks to IMail 8.12's use of OpenLDAP, this script will work reliably over the wide area, making it equally suited to (a) MXs and mailbox servers on the same subnet and (b) scanning/backup MXs and mailbox servers operated at different sites, perhaps by different entities.
The script may be easily scheduled using Windows Task Scheduler.
Notes:
- We have found that the use of a true virtual host for store-and-forward routing, rather than HOSTS file routing, is preferable (now that this script is available!). Advantages: multiple DNS MX records are honored for redundancy, multiple IP-bound hosts may be used with different IMail anti-spam settings, and more.
- IMail does not usually expose aliases via LDAP, only users. However, I have provided a companion script, aliases2ldap, which you run periodically on the mailbox server to ensure that all valid addresses are available.
System requirements:
- IMail 8.12 w/LDAP
- Incoming and outgoing TCP 389 open as needed
- aliases2ldap.vbs running on mailbox server to ensure alias propagation.
Support:
- Please post support questions as [OT] to the IMail or Declude forums to create a public archive.
Download:
http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/
http://www.mailmage.com/products/software/freeutils/aliases2ldap/download/release/
--Sandy
------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED]
SpamAssassin plugs into Declude! http://www.mailmage.com/products/software/freeutils/SPAMC32/download/release/
Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.mailmage.com/products/software/freeutils/exchange2aliases/download/release/ http://www.mailmage.com/products/software/freeutils/ldap2aliases/download/release/
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
