The OpenNET Project / Index page

[ новости /+++ | форум | wiki | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 [Cписок руководств | Печать]

mail500 (8)
  • >> mail500 (8) ( Linux man: Команды системного администрирования )


    mail500 - X.500 capable mailer

    fax500 - X.500 capable fax delivery agent  


    /usr/sbin/mail500 [-d level] [-f mailfrom] [-h hostname] [-l ldaphost] [-m address] [-v vacationhost]

    /usr/sbin/fax500 [-d level] [-f mailfrom] [-h hostname] [-l ldaphost] [-m address]  


    mail500 is an LDAP/X.500-capable mailer, suitable to be invoked from a mail delivery agent such as sendmail(8). It supports mail to both individuals and groups. fax500 is an LDAP/X.500-capable facsimile delivery agent. It utilizes the Internet remote-printing experiment ( For more information on, look in /mrose/tpc on, or send mail to  


    -dlevel Turn on debugging as defined by level. This option directs mail500/fax500 to produce various debugging output via the syslog(8) facility at the LOG_ALERT level.
    -f mailfrom
    This option tells mail500/fax500 what to set the envelop from address to when (re)invoking sendmail to deliver mail. mailfrom should be a valid email address. Normally, this option is passed to mail500/fax500 via the mailer definition, and is set to something like the $f macro.
    -l ldaphost
    Specify an alternate host on which the LDAP server is running.
    -m address
    If mail500/fax500 produces a rejection message, this is the address from which it will com. Normally, this option is passed to mail500/fax500 via the mailer definition, and is set to something like $n@$w (typically, mailer-daemon@hostname).
    -v vacationhost
    If the vacation facility is operative, this option specifies the host to which the mail of users who are on vacation should be sent.


    When mail500/fax500 gets invoked with one or more names to which to deliver mail, it searches for each name in X.500. Where it searches, and what kind(s) of search(es) it does are compile-time configurable by changing the base array in main.c. For example, the configuration we use at U-M is like this:

    Base    base[] =
            { "ou=People, o=University of Michigan, c=US", 0
                    "uid=%s", "cn=%s", NULL,
              "ou=System Groups, ou=Groups, o=University of Michigan, c=US", 1
                    "(&(cn=%s)(associatedDomain=%h))", NULL, NULL,
              "ou=User Groups, ou=Groups, o=University of Michigan, c=US", 1
                    "(&(cn=%s)(associatedDomain=%h))", NULL, NULL,

    which means that in delivering mail to "" mail500/fax500would do the the following searches, stopping if it finds a match at any step:

    subtree search of "ou=People, o=University of Michigan, c=US"
            for (uid=name)
    subtree search of "ou=People, o=University of Michigan, c=US"
            for (cn=name)
    subtree search of "ou=System Groups, ou=Groups, o=University of Michigan, c=US"
            for (&(cn=name)(
    subtree search of "ou=User Groups, ou=Groups, o=University of Michigan, c=US"
            for (&(cn=name)(

    Notice that when specifying a filter %s is replaced by the name, or user portion of the address while %h is replaced by whatever is passed in to mail500/fax500 via the -h option (typically the host portion of the address).

    You can also specify whether you want search results that matched because the entry's RDN matched the search to be given preference or not. At U-M, we only give such preference in the mail group portion of the searches. Beware with this option: the algorithm used to decide whether an entry's RDN matched the search is very simple-minded, and may not always be correct.

    There is currently no limit on the number of areas searched (the base array can be as large as you want), and an arbitrary limit of 2 filters for each base. If you want more than that, simply changing the 3 in the typedef for Base should do the trick.  

    X.500 SUPPORT

    In X.500, there are several new attribute types and one new object class defined that mail500/fax500 uses. At its most basic, for normal entries mail500 will deliver to the value(s) listed in the mail attribute of the entry, and fax500 will attempt to deliver a fax to the telephone number listed in the facsimileTelephoneNumber attribute. For example, at U-M my entry has the attribute


    So mail sent to will be delivered via mail500 to that address (assuming the file is set up to call mail500 for mail to - see below). If there were multiple values for the mail attribute, multiple copies of the mail would be sent.

    In the case of fax500,ifmyentryhastheattribute

            facsimileTelephoneNumber= +1 313 764 5140

    A message sent to (assuming the file is set up to pass mail to fax500- see below) will generate a message to

    A new object class, rfc822MailGroup, and several new attributes have been defined to handle email groups/mailing lists. To use this, you will need to add this to your local oidtable.oc:

            # object class for representing rfc 822 mailgroups
            rfc822MailGroup:        umichObjectClass.2 : \
                    top : \
                    cn : \
                    rfc822Mailbox, member, memberOfGroup, owner, \
                    errorsTo, rfc822ErrorsTo, requestsTo, rfc822RequestsTo, \
                    joinable, associatedDomain, \
                    description, multiLineDescription, \
                    userPassword, krbName, \
                    telecommunicationAttributeSet, postalAttributeSet

    And you will need to add these to your local

            # attrs for rfc822mailgroups
            multiLineDescription:   umichAttributeType.2    : CaseIgnoreList
            rfc822ErrorsTo:         umichAttributeType.26   : CaseIgnoreIA5String
            rfc822RequestsTo:       umichAttributeType.27   : CaseIgnoreIA5String
            joinable:               umichAttributeType.28   : Boolean
            memberOfGroup:          umichAttributeType.29   : DN
            errorsTo:               umichAttributeType.30   : DN
            requestsTo:             umichAttributeType.31   : DN

    The idea was to define a kind of hybrid mail group that could handle people who were in X.500 or not. So, for example, members of a group can be specified via the member attribute (for X.500 members) or the rfc822MailBox attribute (for non-X.500 members). Similarly for the errorsTo and rfc822ErrorsTo, and the requestsTo and rfc822RequestsTo attributes.

    To create a real mailing list, with a list maintainer, all you have to do is create an rfc822MailGroup and fill in the errorsTo or rfc822ErrorsTo attributes (or both). That will cause any errors encountered when delivering mail to the group to go to the addresses listed (or X.500 entry via it's mail attribute).

    If you fill in the requestsTo or rfc822RequestsTo (or both) attributes, mail sent to groupname-request will be sent to the addresses listed there. If you fill in the owner attribute, mail sent to groupname-owner will be sent to the addresses listed there. mail500 does this automatically, so you don't have to explicitly add the groupname-request or groupname-owner aliases to your group.

    To allow users to join a group, there is the joinable flag. If TRUE, mail500 will search for entries that have a memberOfGroup attribute equal to the DN of the group, using the same algorithm it used to find the group in the first place (i.e. the DNs and filters listed in the base array). This allows people to join (or subscribe to) a group without having to modify the group entry directly. If joinable is FALSE, the search is not done.  


    The idea is that you might have a rule like this in your file somewhere in rule set 0:

            R$*<>$*       $#mail500$$:<$1>
            R$*<>$*   $#fax500$$:<$1>

    These rules say that any address that ends in will cause the mail500 mailer to be called to deliver the mail, and any address that ends in will cause the fax500 mailer to be called. You probably also want to do something to prevent addresses like terminator! or from being passed to mail500. At U-M, we do this by adding rules like this to rule set 9 where we strip off our local names:

            R<>$*:$*                 $>10<@>$1:$2
            R$+%$+<>                 $>10$1%$2<@>
            R$+!$+<>                 $>10$1!$2<@>

    Of course, you would substitute your domain name for in the above examples. See the sample file in the ldap source directory clients/mail500/ for more details.

    The mail500 and fax500 mailers should be defined similar to this in the file:

    Mmail500, P=/usr/sbin/mail500, F=DFMSmnXuh, A=mail500 -f $f -h $h -m $n@$w $u
    Mfax500, P=/usr/sbin/fax500, F=DFMSmnXuh, A=fax500 -f $f -h $h -m $n@$w $u

    This defines how mail500/fax500 will be treated by sendmail and what arguments it will have when it's called. The various flags specified by the F=... parameter are explained in your local sendmail book (with any luck). The arguments to mail500/fax500 are as defined under OPTIONS above. The final argument $u is used to stand for the addresses to which to deliver the mail.  


    The default values for several #defines that control how mail500 and fax500 works are configured at compile time in the include/ldapconfig.h.edit include file. You should edit this file to suit your site.  


    mail500/fax500 should use the ldap_getfilter(3) facility, instead of compiling in the search filters to use. This is shameful.

    The support for joinable groups (searching to find members who have set something in their own entry) is really a hack because we did not have good enough access control to allow people to add and delete themselves from the group itself.

    At one point, mail500 and fax500 were exactly the same binary, and would behave appropriately based on how they were invoked. Unfortunately, several new features (e.g. vacation support) were added to mail500 but not to fax500.  


    ldap(3),, sendmail(8),  


    is developed and maintained by The OpenLDAP Project ( is derived from University of Michigan LDAP 3.3 Release.



    X.500 SUPPORT

    Поиск по тексту MAN-ов: 

    Inferno Solutions
    Hosting by

    Закладки на сайте
    Проследить за страницей
    Created 1996-2023 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру