Alias_urlN, allow_unquoted_addrs_violate_rfc2798, ldap_default_attr, ldap_mail_aliases, ldap_mail_reverses, reverse_url MTA Options

From MsgServerDocWiki

Alias and address reversal (alias_urlN, allow_unquoted_addrs_violate_rfc2798, ldap_default_attr, ldap_mail_aliases, ldap_mail_reverses, reverse_url)

There are a number of MTA options relating to direct LDAP alias lookups (including user lookups, group lookups, and mailing list lookups) and address reversal lookups.

alias_url0 (URL)

alias_url1 (URL)

alias_url2 (URL)

alias_url3 (URL)

The alias_urln MTA options each specify a URL to query for alias lookups. If more than one of these options is set, then the URLs lookups specified are performed in numeric order. So alias_url0, if specified, is the first URL queried.

Such alias lookups will be performed any time an envelope To: address matches the local ("l") channel, or any channel marked with the aliaslocal channel option.

The URL (that is, the alias_urln option value) must be specified using standard LDAP URL syntax as per RFC 2255, with the following exception and special interpretations:

• The LDAP server and port must be omitted, as they are instead specified via the the configutil parameters local.ugldaphost and local.ugldapport (or the host and port, respectively, can be overriden via the ldap_host and ldap_port MTA options).
• The MTA makes a distinction between a completely omitted attributes field, which as per RFC 2255 means to request the return of all attributes, and an attributes field consisting of the asterisk character, *, which the MTA instead interprets as meaning to request the return of all known-to-the-MTA attributes, that is, all the attributes listed in Table of LDAP attributes. This distinction is available since for some directory setups, there may be a noticeable performance difference in LDAP directory response to one type of query (all attributes requested) vs. the other type of query (specific, though large, list of attributes requested).
• Various substitution sequences of the form "$n" are available. A literal dollar sign must be represented by "$$".

The LDAP URL, before any substitutions, is limited to 256 characters in length (252 in iMS 5.2 and earlier); the substitutions may insert additional material and the length after such substitutions is limited to 1024 characters. Note that the substitution of known attributes when asterisk, *, is specified as the attribute to return, is not considered as part of the regular substitution; this substitution is performed at a later step and the length after this "known" attributes substitution is limited to 4096 characters.

alias_url0, if set, is looked up first, Next alias_url1, if set, etc. It is permissible to have "gaps" in the alias_urln list; for instance, it is permissible to set alias_url0 and alias_url2 without setting alias_url1.

Since alias_url0 is looked up first, in a typical direct LDAP configuration it is used to perform the "main" user/group lookup, with alias_url1 optionally being used by those sites that need to do an additional, secondary lookup. In particular, alias_url1 is typically used by those sites that need to support vanity domains, or it could be used by sites that do not support vanity domains but that need to support "old-style" catch-all addresses, (that is, sites that use the deprecated approach of defining a catch-all address by means of a user mailAlternateAddress attribute with a wildcard, rather than using the preferred approach of defining a domain level mailDomainCatchallAddress attribute).

allow_unquoted_adds_violate_rfc2798 (0 or 1)

The default for this option is 0. If set to 1, then when searching for an address match the MTA also includes in the search filter a version of the address with quotes stripped off the local part (portion to the left of the @ character) of the address.

ldap_default_attr (attribute name)

Some sites upgrading from previous software may be accustomed to using LDAP query URLs that do not specify an attribute to return (which for LDAP query URLs literally means to return all attributes) in places where all that they really wanted was the return of a single attribute. If the MTA sees an LDAP URL that does not specify which attribute(s) to return used in a place where the MTA knows that only a single attribute is desired, then the MTA will normally change the LDAP URL by forcibly inserting mail in the (omitted) attributes field of the LDAP URL. The ldap_default_attr MTA option may be used to tell the MTA some other attribute to forcibly insert into the LDAP query URLs (some other attribute to request) in such cases where the attributes field was incorrectly omitted from the original LDAP query URL.

ldap_mail_aliases (comma-separated list of attribute names)

This option specifies in what attributes aliases are stored. Hence in particular, this option controls what attributes are used to construct the filter that a $R LDAP substitution sequence inserts, (note that the $R substitution sequence is typically used in the settings of both the alias_url0 and reverse_url MTA options), as well as the attributes requested when doing an LDAP-based mailing list access check on an address. Up to ten, comma-separated attribute names may be specified. This option, if set, overrides the local.imta.mailaliases configutil parameter; if neither this option nor local.imta.mailaliases configutil parameter is explicitly set, then default values are used based upon the schema tag; (see the ldap_schematag option, discussed below). For a schema tag value of ims50, the default for the ldap_mail_aliases option is "mail,mailAlternateAddress,mailEquivalentAddress". For a schema tag value of nms41, the default for this option is "mail,mailAlternateAddress". For a schema tag value of sims40, the default for this option is "mail,rfc822mailalias".

ldap_mail_reverses (comma-separated list of attribute names)

This option specifies what attributes are used to build the filter referenced by the $Q LDAP substitution sequence. The reverse_url MTA option, used for address reversal, normally uses the $Q substitution sequence, hence normally performs address reversal using the attributes named by this ldap_mail_reverses option. That is, in normal direct LDAP mode use, this option specifies the attributes whose values, occurring in headers (and as the envelope From: address) will be replaced by the canonical address (the mail attribute in normal use). The default, if this option is not set, depends upon the schema tag. For a schema tag value of ims50 or nms41, the default for the ldap_mail_reverses option is "mail,mailAlternateAddress". For a schema tag value of sims40, the default for this option is "mail,rfc822MailAlias". See also the ldap_mail_aliases and ldap_equivalence_addresses MTA options.

Normally, ldap_mail_reverses should be set to include, in addition to the canonical mail attribute, all attributes set for ldap_mail_aliases, but should not include the attribute(s) set for ldap_equivalence_addresses. In particular, if ldap_mail_aliases is changed to a non-default value, one would normally want to change ldap_mail_reverses in a corresponding fashion. The reason that ldap_mail_reverses normally includes the canonical mail attribute, as well as the "subject to reversal" attributes such as mailAlternateAddress, is that reverse_url lookups actually do more than pure address reversal. reverse_url lookups also result in setting other possibly desired information for messages. (In particular, reverse_url lookups also return the attributes named by the ldap_personal_name, ldap_capture, and ldap_domain_attr_report_address MTA options.) Therefore, the canonical mail attribute is included in the search filter (included in ldap_mail_reverses which controls what is included in the filter referred to via the $Q substitution sequence) so that lookups will succeed, and find desired information, even for those users whose addresses are already in canonical form.

reverse_url (URL)

URL to query for address reversal and associated side-effects. Standard LDAP URL syntax as per RFC 2255 is used, except omitting the LDAP server and port which are instead specified via the configutil parameters local.ugldaphost and local.ugldapport; (or the host may be overriden using the ldap_host MTA option). Certain substitution sequences are available. The length, before substitution, is limited to 256 characters; (the limit was 252 characters in iMS 5.2 and earlier); the length resulting from the substitutions is limited to 1024 characters. For typical JES MS MTA configurations, the usual value to which to set this option is "ldap:///$V?$N?sub?$R".

Note that the $R substitution sequence, which is the filter for the LDAP query, uses the attributes named by the ldap_mail_aliases MTA option, discussed above, or if that option is not set, the attributes named by the local.imta.mailaliases configutil parameter.