upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-20 22:59:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

rev 02

Browse source
This commit is contained in:
Kurt Zeilenga 2001-02-03 18:41:20 +00:00
parent 0fc62be316
commit 3f672172ad
1 changed files with 136 additions and 90 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

226
doc/drafts/draft-lachman-laser-ldap-mail-routing-xx.txt
View file

@ -1,8 +1,8 @@
INTERNET-DRAFT H. Lachman INTERNET-DRAFT H. Lachman
Intended Category: Standards Track Netscape Communications Corp. Intended Category: Informational Netscape Communications Corp.
Filename: draft-lachman-laser-ldap-mail-routing-01.txt G. Shapiro Filename: draft-lachman-laser-ldap-mail-routing-02.txt G. Shapiro
Sendmail, Inc. Sendmail, Inc.
Expires: April 2000 October 1999 Expires: July 2001 January 2001
LDAP Schema for Intranet Mail Routing LDAP Schema for Intranet Mail Routing
@ -39,7 +39,7 @@ Status of this Memo
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (1999). All Rights Reserved. Copyright (C) The Internet Society (1999-2001). All Rights Reserved.
Abstract Abstract
@ -55,13 +55,13 @@ Abstract
Lachman, et. al. [Page 1] Lachman, et. al. [Page 1]
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999 INTERNET-DRAFT LDAP Schema for Intranet Mail Routing January 2001
1. Conventions Used in this Document 1. Conventions Used in this Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this
document are to be interpreted as described in [10]. document are to be interpreted as described in [9].
2. Background and Motivation 2. Background and Motivation
@ -98,6 +98,26 @@ INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
3. Overview 3. Overview
Email systems deployed in large organizations must scale to support
large numbers of users and email servers. This means using email
addresses that are independent of particular mailbox server hosts;
thus an "email routing server" that receives mail sent to the
host-independent (or high-level or top-level or domain ...) address
and routes it to the appropriate mailbox server. For scalability
there should be many routing servers providing identical service.
A set of such servers and the mailbox servers they route to form an
"email domain".
Lachman, et. al. [Page 2]
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing January 2001
This specification describes the basic function of the routing
server, including data elements to support per-recipient routing
info, and use of LDAP-based directory service to support multiple
servers sharing the routing info data. The routing function is
distinguished from other MTA-transfer operations.
The 'inetLocalMailRecipient' object class and associated attributes The 'inetLocalMailRecipient' object class and associated attributes
identify an LDAP entry as representing an SMTP mail recipient (in the identify an LDAP entry as representing an SMTP mail recipient (in the
sense "recipient" is used in [2]). A recipient may be a mail user, a sense "recipient" is used in [2]). A recipient may be a mail user, a
@ -107,12 +127,8 @@ INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
attributes are provided to aid SMTP MTAs in routing mail within an attributes are provided to aid SMTP MTAs in routing mail within an
organization to the appropriate target MTA for each recipient. organization to the appropriate target MTA for each recipient.
Lachman, et. al. [Page 2] Once on the target MTA, a message is handled according to local
conventions (which may be specified using other auxiliary object
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
Once on the target MTA, a message is handled as per the recipient
type and options (which may be specified using other auxiliary object
classes and is outside the scope of this document). For example, the classes and is outside the scope of this document). For example, the
message may be delivered to a user mailbox, or to a program or message may be delivered to a user mailbox, or to a program or
network device, and/or forwarded to another recipient. Or, the network device, and/or forwarded to another recipient. Or, the
@ -122,13 +138,19 @@ INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
recipient in question, as we are considering routing of mail only recipient in question, as we are considering routing of mail only
among the SMTP MTAs within an organization. among the SMTP MTAs within an organization.
Any domain that uses LDAP-based routing MUST support LDAP-based
routing at all MTAs responsible for the domain. All other MTAs that
do not support LDAP-based routing MUST forward mail for that domain
to MTAs that do, using MX records or other local conventions.
The target MTA checks to see if the destination domain of the The target MTA checks to see if the destination domain of the
recipient address is one that it is responsible for LDAP-based recipient address is one that it is responsible for and that uses
routing. If so, checks for matching e-mail addresses in LDAP by LDAP-based routing. If so, the MTA checks for matching e-mail
looking up the envelope recipient address in LDAP using the object addresses in LDAP by looking up the envelope recipient address in
class described in section 4.1 and the attribute discussed in section LDAP using the object class described in section 4.1 and the
4.2. If it gets back an unambiguous match, it interprets the routing attribute discussed in section 4.2. If an unambiguous match is
attributes as described in section 4.3. returned, the MTA interprets the routing attributes as described in
section 4.3.
Routing of mail between different organizations across the public Routing of mail between different organizations across the public
Internet is outside the scope of this document, as the mechanism for Internet is outside the scope of this document, as the mechanism for
@ -137,10 +159,16 @@ INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
in question, not recipients in other organizations. This means that in question, not recipients in other organizations. This means that
the domain names that appear within the 'mailLocalAddress' and the domain names that appear within the 'mailLocalAddress' and
'mailHost' attribute values in an 'inetLocalMailRecipient' entry must 'mailHost' attribute values in an 'inetLocalMailRecipient' entry must
be DNS domain names that are within the administrative authority of be DNS domain names that are local to the organization. (e.g.,
the organization in question (i.e., the organization within which within the organization's Intranet or by deemed local by other local
MTAs are accessing such entries and using these attributes for mail conventions outside the scope of this standard). An MTA should not
routing). look for or use 'inetLocalMailRecipient' entries or attributes if
that MTA is not authoritative for the right-hand side of the
recipient address in question.
Lachman, et. al. [Page 3]
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing January 2001
LDAP entries that are not 'inetLocalMailRecipient' entries should be LDAP entries that are not 'inetLocalMailRecipient' entries should be
ignored by MTAs for the purpose of routing. An example is a ignored by MTAs for the purpose of routing. An example is a
@ -155,10 +183,6 @@ INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
The 'inetLocalMailRecipient' object class and associated attributes The 'inetLocalMailRecipient' object class and associated attributes
are defined (using syntaxes given in [7]) as follows. are defined (using syntaxes given in [7]) as follows.
Lachman, et. al. [Page 3]
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
4.1 The inetLocalMailRecipient Object Class 4.1 The inetLocalMailRecipient Object Class
( 2.16.840.1.113730.3.2.[[TBD]] ( 2.16.840.1.113730.3.2.[[TBD]]
@ -190,30 +214,26 @@ INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
for the recipient; for example, "nickname@example.com". The address for the recipient; for example, "nickname@example.com". The address
conforms to the syntax of an 'addr-spec' as defined in [3]. conforms to the syntax of an 'addr-spec' as defined in [3].
The 'mailLocalAddress' attribute MUST contain all addresses that The 'mailLocalAddress' attribute MUST contain all local addresses
represent each recipient of the target MTA. Commonly, the value of that represent each recipient of the target MTA. Commonly, the value
the 'mail' attribute should also be among the addresses listed in of the 'mail' attribute should also be among the addresses listed in
the 'mailLocalAddress' attribute if it is expected to be used for the 'mailLocalAddress' attribute if it is expected to be used for
LDAP mail routing. LDAP mail routing.
Lachman, et. al. [Page 4]
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing January 2001
When determining the disposition of a given message, MTAs using LDAP When determining the disposition of a given message, MTAs using LDAP
(directly or indirectly) to route mail MUST search for an entry (directly or indirectly) to route mail MUST search for an entry with
with object class 'inetLocalMailRecipient' and a 'mailLocalAddress' object class 'inetLocalMailRecipient' and a 'mailLocalAddress'
attribute matching the message's recipient address. If exactly one attribute matching the message's recipient address. If exactly one
matching entry is found, MTAs MUST regard the message as being matching entry is found, MTAs MUST regard the message as being
addressed to the entity that is represented by the directory entry. addressed to the entity that is represented by the directory entry.
If multiple entries are found, but all share an identical match for If multiple entries are found, the results of the lookup MUST be
both mailRoutingAddress and mailHost (e.g., their presence or absence treated as unsuccessful and should be handled by the MTA in some
is the same as well as their values if present), the MTA MAY treat locally-appropriate way, such as returning a DSN [10] to the sender.
this as a single match. Duplicate entries that return different
routing attributes or contradict each other are errors, however, and
should be handled by the MTA in some locally-appropriate way, such as
returning a DSN [11] to the sender.
Lachman, et. al. [Page 4]
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
If there is no match found by the above, MTAs SHOULD have the If there is no match found by the above, MTAs SHOULD have the
capability of searching for the recipient domain against the capability of searching for the recipient domain against the
@ -244,11 +264,12 @@ INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
recipient's mail to be locally handleable. This information can be recipient's mail to be locally handleable. This information can be
used for routing, in that an intermediary MTA may take it to be the used for routing, in that an intermediary MTA may take it to be the
destination for messages addressed to this recipient. Normal mail destination for messages addressed to this recipient. Normal mail
routing requirements (i.e., use of MX records) apply to the specified routing requirements (i.e., use of MX records [5]) apply to the
hostname unless overridden by local conventions. In other words, the specified hostname unless overridden by local conventions. In other
mail should be sent to the specified host without changing the words, the mail should be sent to the specified host without changing
recipient address. The hostname is specified as a fully-qualified the recipient address. The hostname is specified as a
DNS hostname with no trailing dot (e.g., "host42.example.com"). fully-qualified DNS hostname with no trailing dot (e.g.,
"host42.example.com").
If the 'inetLocalMailRecipient' object class is present, the If the 'inetLocalMailRecipient' object class is present, the
'mailHost' attribute for each entry MAY contain a value. If it does, 'mailHost' attribute for each entry MAY contain a value. If it does,
@ -257,6 +278,10 @@ INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
be taken as the host for this user, and all mail to this user MUST be be taken as the host for this user, and all mail to this user MUST be
routed to this machine. routed to this machine.
Lachman, et. al. [Page 5]
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing January 2001
( 2.16.840.1.113730.3.1.47 ( 2.16.840.1.113730.3.1.47
NAME 'mailRoutingAddress' NAME 'mailRoutingAddress'
DESC 'RFC 822 address to use when routing messages to DESC 'RFC 822 address to use when routing messages to
@ -266,10 +291,6 @@ INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
SINGLE-VALUE SINGLE-VALUE
) )
Lachman, et. al. [Page 5]
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
The 'mailRoutingAddress' attribute indicates a routing address for The 'mailRoutingAddress' attribute indicates a routing address for
the recipient. The address MUST conform to the syntax of an the recipient. The address MUST conform to the syntax of an
'addr-spec' in [3]. An intermediary MTA MUST use this information to 'addr-spec' in [3]. An intermediary MTA MUST use this information to
@ -284,19 +305,19 @@ INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
rewritten, or is rewritten according to implementation-specific rules rewritten, or is rewritten according to implementation-specific rules
and/or configuration. and/or configuration.
If both 'mailHost' and 'mailRoutingAddress' are present, MTAs MAY If both 'mailHost' and 'mailRoutingAddress' are present, MTAs MUST
interpret it to mean that messages are to be routed to the host interpret it to mean that messages are to be routed to the host
indicated by 'mailHost', while rewriting the envelope as per indicated by 'mailHost', while rewriting the envelope as per
'mailRoutingAddress'. In theory, there could be peculiar cases where 'mailRoutingAddress'. In theory, there could be peculiar cases where
this is necessary, but this is not normally expected. this is necessary, but this is not normally expected.
Absence of both 'mailHost' and 'mailRoutingAddress' MAY be considered an Absence of both 'mailHost' and 'mailRoutingAddress' MAY be considered
error, unless "location-independent" recipient types are supported by an error, unless "location-independent" recipient types are supported
the various MTAs within the organization. This would allow any MTA in by the various MTAs within the organization. This would allow any
the organization to handle the processing of mail for, say, a mailing MTA in the organization to handle the processing of mail for, say, a
list. This presumes that the various MTAs all recognize the recipient mailing list. This presumes that the various MTAs all recognize the
type in question, suggesting a need to standardize recipient types that recipient type in question, suggesting a need to standardize
could be "location-independent". recipient types that could be "location-independent".
In short, routing attributes may be used by an LDAP entry to answer In short, routing attributes may be used by an LDAP entry to answer
the question "how should MTAs route mail to this account?" the question "how should MTAs route mail to this account?"
@ -309,6 +330,10 @@ INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
sendmail ".forward" file). Such options are outside the scope of the sendmail ".forward" file). Such options are outside the scope of the
'inetLocalMailRecipient' schema definition. 'inetLocalMailRecipient' schema definition.
Lachman, et. al. [Page 6]
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing January 2001
The following possibilities exist as a result of an LDAP lookup on an The following possibilities exist as a result of an LDAP lookup on an
address: address:
@ -320,11 +345,7 @@ INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
set to a not set delivered to set to a not set delivered to
"local" host original address "local" host original address
Lachman, et. al. [Page 6] set to a set relay to mailHost
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
set to a set MAY relay to mailHost
remote host using mailRoutingAddress remote host using mailRoutingAddress
set to a not set original address set to a not set original address
@ -344,7 +365,11 @@ INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
5. Examples 5. Examples
The following examples illustrate possible uses of the The following examples illustrate possible uses of the
'inetLocalMailRecipient' object class. 'inetLocalMailRecipient' object class. Note that the examples
include attributes defined outside of this document to demonstrate a
complete record. The existence of these attributes in the example is
not an indication that these attributes are used for LDAP-based mail
routing (e.g., the 'mail' is not used for mail routing).
Here is an example of an LDAP entry representing a mail user: Here is an example of an LDAP entry representing a mail user:
@ -360,6 +385,11 @@ INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
uid: joe uid: joe
userPassword: {crypt}y2KxtbzMYnApU userPassword: {crypt}y2KxtbzMYnApU
mail: joe@example.com mail: joe@example.com
Lachman, et. al. [Page 7]
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing January 2001
mailLocalAddress: joe@example.com mailLocalAddress: joe@example.com
mailLocalAddress: joe@another.example.com mailLocalAddress: joe@another.example.com
mailHost: nsmail1.example.com mailHost: nsmail1.example.com
@ -375,10 +405,6 @@ INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
(&(objectClass=inetLocalMailRecipient) (&(objectClass=inetLocalMailRecipient)
(mailLocalAddress=joe@example.com)) (mailLocalAddress=joe@example.com))
Lachman, et. al. [Page 7]
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
It finds Joe's LDAP entry, and routes the message to the target MTA It finds Joe's LDAP entry, and routes the message to the target MTA
"nsmail1.example.com", while not rewriting the SMTP envelope "nsmail1.example.com", while not rewriting the SMTP envelope
recipient address. Then, "nsmail1.example.com" receives the message, recipient address. Then, "nsmail1.example.com" receives the message,
@ -414,6 +440,10 @@ INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
xyzClusterNumber: 3 xyzClusterNumber: 3
xyzMessageStoreId: 9 xyzMessageStoreId: 9
Lachman, et. al. [Page 8]
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing January 2001
John Doe is a user of a hypothetical mail system called XYZ Mail. John Doe is a user of a hypothetical mail system called XYZ Mail.
Let's say mail arrives on an MTA called "mx.example.com", addressed Let's say mail arrives on an MTA called "mx.example.com", addressed
to "john@example.com". That MTA searches the directory for a mail to "john@example.com". That MTA searches the directory for a mail
@ -423,10 +453,6 @@ INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
"xyz-gw.example.com", the message is gatewayed into the XYZ Mail "xyz-gw.example.com", the message is gatewayed into the XYZ Mail
system and then dealt with as per other attributes. system and then dealt with as per other attributes.
Lachman, et. al. [Page 8]
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
Here is an example of an LDAP entry representing a mailing list: Here is an example of an LDAP entry representing a mailing list:
dn: cn=Scuba Group,o=Example Corp,c=US dn: cn=Scuba Group,o=Example Corp,c=US
@ -444,7 +470,7 @@ INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
The Scuba Group is a mail group (mailing list) that includes two The Scuba Group is a mail group (mailing list) that includes two
members. A message addressed to "scuba@example.com" is routed to members. A message addressed to "scuba@example.com" is routed to
"host42.example.com" where it is then resent to the mailing list "host42.example.com" where it is then resent to the mailing list
members. The 'mailGroup' object class is specified elsewhere [9]. members.
Here is an example of an LDAP entry representing a forwarding alias: Here is an example of an LDAP entry representing a forwarding alias:
@ -466,6 +492,10 @@ INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
Example Organization, and they are forwarding her mail to her new Example Organization, and they are forwarding her mail to her new
address elsewhere. address elsewhere.
Lachman, et. al. [Page 9]
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing January 2001
6. Security Considerations 6. Security Considerations
As in all cases where account information is stored in an LDAP-based As in all cases where account information is stored in an LDAP-based
@ -476,10 +506,6 @@ INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
outside the organization, since it is intended for use only by MTAs outside the organization, since it is intended for use only by MTAs
within the organization. within the organization.
Lachman, et. al. [Page 9]
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
7. Acknowledgments 7. Acknowledgments
The 'inetLocalMailRecipient' object class is based on an earlier The 'inetLocalMailRecipient' object class is based on an earlier
@ -521,18 +547,15 @@ INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999
[8] T. Howes, "The String Representation of LDAP Search Filters", [8] T. Howes, "The String Representation of LDAP Search Filters",
RFC 2254, December 1997. RFC 2254, December 1997.
[9] B. Steinback, "Using LDAP for SMTP Mailing Lists and Aliases",
Internet-Draft (work in progress).
[10] S. Bradner, "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[11] K. Moore, "SMTP Service Extension for Delivery Status
Notifications", RCP 1891, January 1996.
Lachman, et. al. [Page 10] Lachman, et. al. [Page 10]
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999 INTERNET-DRAFT LDAP Schema for Intranet Mail Routing January 2001
[9] S. Bradner, "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, March 1997.
[10] K. Moore, "SMTP Service Extension for Delivery Status
Notifications", RCP 1891, January 1996.
9. Authors' Addresses 9. Authors' Addresses
@ -582,11 +605,34 @@ X.1.1 Substantive changes between
Lachman, et. al. [Page 11] Lachman, et. al. [Page 11]
INTERNET-DRAFT LDAP Schema for Intranet Mail Routing October 1999 INTERNET-DRAFT LDAP Schema for Intranet Mail Routing January 2001
X.1.2 Substantive changes between
draft-lachman-laser-ldap-mail-routing-01.txt and
draft-lachman-laser-ldap-mail-routing-02.txt
(i) Changed Intended Category from Standard Track to Informational.
(ii) Removed references to mailGroup document which has expired.
(iii) Add additional Overview text from RL 'Bob' Morgan.
(iv) If a domain uses LDAP-based routing, require all MTAs in that
domain to either use LDAP for routing or forward mail to an
MTA which uses LDAP for routing.
(v) Add more text regarding "local" domain.
(vi) Tighten rules for better interoperability. Multiple,
matching results is now treated as an unsuccessful lookup.
(vii) Tighten rules for better interoperability. Change the action
for a lookup which returns both a 'mailHost' and
'mailRoutingAddress' to a MUST (from a MAY).
(viii) Point out that examples contain attributes which are not part of
this spec and should not be used for mail routing
(specifically, 'mail').
(ix) Clean up text.
(x) NOTE: Still need vendor-neutral OIDs for the objectClass and
attributes.
10. Full Copyright Statement 10. Full Copyright Statement
Copyright (C) The Internet Society (1999). All Rights Reserved. Copyright (C) The Internet Society (1999-2001). All Rights Reserved.
This document and translations of it may be copied and furnished This document and translations of it may be copied and furnished
to others, and derivative works that comment on or otherwise to others, and derivative works that comment on or otherwise