Re: [Exim] LDAP Aliases for system-wide, and virtual-domains…

Página superior
Eliminar este mensaje
Responder a este mensaje
Autor: Philipp Gaschuetz
Fecha:  
A: Eric Renfro, exim-users@exim.org
Asunto: Re: [Exim] LDAP Aliases for system-wide, and virtual-domains.
--
Am Samstag, 4. Januar 2003 21:20 schrieb Eric Renfro:

> Yeah, The biggest problem, really, is the schema, objectclasses, and etc,
> to use. There's no standardized schema's out there.. Only drafts, and
> expired drafts for ideas of how to, of which some are very hard to get a
> hold of since they are expired. Part of the lachman-laser-mail-routing
> drafted ideas are in the openldap misc.schema, but that's only one small
> part.


ahh... that's what you were looking for ;)
see the attached files. after hours and hours of digging through email
archives and google, I eventually made up our own stuff.
Actually, this is really somewhat strange. LDAP seems to be the way for larger
email user bases, however, there's hardly no info on ldap on the web...

Anyway, the attached files really need cleaning up, and there's a lot of
stuff, which is apparently not being used, but it might help...

let me know, if you need more info.

Regards,

Philipp


--
--
Philipp Gaschuetz - pg@???
--
######################################################################
#                  Runtime configuration file for Exim               #
######################################################################



######################################################################
#                    MAIN CONFIGURATION SETTINGS                     #
######################################################################



ldap_default_servers = localhost::389
LDAP_READ_CRED = user="xxxxxxx" pass="xxxxxxx"

# majordomo stuff
MD_DIR = /usr/local/majordomo/
MD_WRAPPER = MD_DIR/wrapper
MD_LISTS = MD_DIR/lists/

print_topbitchars = true
drop_cr = true
trusted_users = exim

#daemon_smtp_port = 26


# primary_hostname =
# qualify_domain =
# qualify_recipient =

# These lists are referred to later in this configuration using the syntax
# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
# are all colon-separated lists:


domainlist local_domains = fbox.ganz-geil.de : ldapm;LDAP_READ_CRED ldap::///ou=mail,c=de,o=corpex?dc?sub?(dc=$domain)
domainlist relay_to_domains =
hostlist relay_from_hosts = 127.0.0.1

percent_hack_domains = +local_domains


acl_smtp_rcpt = acl_check_rcpt


# allow_domain_literals
never_users = root
host_lookup = *
helo_accept_junk_hosts = *
helo_try_verify_hosts = *


# The settings below, which are actually the same as the defaults in the
# code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP
# calls. You can limit the hosts to which these calls are made, and/or change
# the timeout that is used. If you set the timeout to zero, all RFC 1413 calls
# are disabled. RFC 1413 calls are cheap and can provide useful information
# for tracing problem messages, but some hosts and firewalls have problems
# with them. This can result in a timeout instead of an immediate refused
# connection, leading to delays on starting up an SMTP session.

rfc1413_hosts = *
rfc1413_query_timeout = 0s


# By default, Exim expects all envelope addresses to be fully qualified, that
# is, they must contain both a local part and a domain. If you want to accept
# unqualified addresses (just a local part) from certain hosts, you can specify
# these hosts by setting one or both of
#
# sender_unqualified_hosts =
# recipient_unqualified_hosts =
#
# to control sender and recipient addresses, respectively. When this is done,
# unqualified addresses are qualified using the settings of qualify_domain
# and/or qualify_recipient (see above).


# This option unfreezes frozen bounce messages after two days, tries
# once more to deliver them, and ignores any delivery failures.
ignore_bounce_errors_after = 2d

# This option cancels (removes) frozen messages that are older than a week.
timeout_frozen_after = 7d



######################################################################
#                       ACL CONFIGURATION                            #
#         Specifies access control lists for incoming SMTP mail      #
######################################################################


begin acl

# This access control list is used for every RCPT command in an incoming
# SMTP message. The tests are run in order until the address is either
# accepted or denied.

acl_check_rcpt:

# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
# testing for an empty sending host field.

accept hosts = :

# Deny if the local part contains @ or % or / or | or !. These are rarely
# found in genuine local parts, but are often tried by people looking to
# circumvent relaying restrictions.

# Also deny if the local part starts with a dot. Empty components aren't
# strictly legal in RFC 2822, but Exim allows them because this is common.
# However, actually starting with a dot may cause trouble if the local part
# is used as a file name (e.g. for a mailing list).

  deny    local_parts   = ^.*[@%!/|] : ^\\.


# Accept mail to postmaster in any local domain, regardless of the source,
# and without verifying the sender.

  accept  local_parts   = postmaster
          domains       = +local_domains


# Deny unless the sender address can be verified.

  require verify        = sender


  #############################################################################
  # There are no checks on DNS "black" lists because the domains that contain
  # these lists are changing all the time. However, here are two examples of
  # how you could get Exim to perform a DNS black list lookup at this point.
  # The first one denies, while the second just warns.
  #
  # deny    message       = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
  #         dnslists      = black.list.example
  #
  # warn    message       = X-Warning: $sender_host_address is in a black list at $dnslist_domain
  #         log_message   = found in $dnslist_domain
  #         dnslists      = black.list.example
  #############################################################################


# Accept if the address is in a local domain, but only if the recipient can
# be verified. Otherwise deny. The "endpass" line is the border between
# passing on to the next ACL statement (if tests above it fail) or denying
# access (if tests below it fail).

  accept  domains       = +local_domains
          endpass
          message       = unknown user
          verify        = recipient


# Accept if the address is in a domain for which we are relaying, but again,
# only if the recipient can be verified.

  accept  domains       = +relay_to_domains
          endpass
          message       = unrouteable address
          verify        = recipient


# If control reaches this point, the domain is neither in +local_domains
# nor in +relay_to_domains.

# Accept if the message comes from one of the hosts for which we are an
# outgoing relay. Recipient verification is omitted here, because in many
# cases the clients are dumb MUAs that don't cope well with SMTP error
# responses. If you are actually relaying out from MTAs, you should probably
# add recipient verification here.

  accept  hosts         = +relay_from_hosts


# Accept if the message arrived over an authenticated connection, from
# any host. Again, these messages are usually from MUAs, so recipient
# verification is omitted.

accept authenticated = *

# Reaching the end of the ACL causes a "deny", but we might as well give
# an explicit message.

  deny    message       = relay not permitted




######################################################################
#                      ROUTERS CONFIGURATION                         #
#               Specifies how addresses are handled                  #
######################################################################
#     THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT!       #
# An address is passed to each router in turn until it is accepted.  #
######################################################################


begin routers

# This router routes addresses that are not in local domains by doing a DNS
# lookup on the domain name. Any domain that resolves to 0.0.0.0 or to a
# loopback interface address (127.0.0.0/8) is treated as if it had no DNS
# entry. Note that 0.0.0.0 is the same as 0.0.0.0/32, which is commonly treated
# as the local host inside the network stack. It is not 0.0.0.0/0, the default
# route. If the DNS lookup fails, no further routers are tried because of
# the no_more setting, and consequently the address is unrouteable.

dnslookup:
driver = dnslookup
domains = ! +local_domains
transport = remote_smtp
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
no_more


# local deliveries start here

ldap_autoreply:
  driver = accept
  no_verify
  senders = !^.*-request@.* : !^owner-.*@.* : !^postmaster@.* : \
            ! ^listmaster@.* : !^mailer-daemon@.*
  transport = ldap_send_autoreply
  unseen
  condition = ${lookup ldap \
        {LDAP_READ_CRED ldap:///o=corpex?deliveryMode?sub?(&(uid=$local_part@$domain)(deliveryMode=reply)) \
        }{yes}fail}


system_aliases:
domains = @
driver = redirect
allow_fail
allow_defer
data = ${lookup{$local_part}lsearch{/etc/aliases}}
# user = exim
file_transport = address_file
pipe_transport = address_pipe


ldap_aliases:
  driver = redirect
  allow_fail
  data = ${lookup ldapm \
    {LDAP_READ_CRED ldap:///o=corpex?mailForwardingAddress?sub?(uid=$local_part@$domain) \
    }}


ldap_localuser:
  driver = manualroute
  address_data = ${lookup ldap \
    {LDAP_READ_CRED \
    ldap:///o=corpex?mailMessageStore?sub?(&(uid=$local_part@$domain)(mailMessageStore=*)) \
    }{$value}fail}
  transport = ldap_local_delivery
  route_list = *



########################################################
################ MAJORDOMO STUFF #######################
########################################################

ldap_majordomo_persons:
  driver = redirect
  condition = ${if \
        or { \
            {match{${lc:$local_part}}{^owner-}} \
            {match{${lc:$local_part}}{-owner\$}} \
            {match{${lc:$local_part}}{-approval\$}} \
        } \
        {true}fail}
  data = ${lookup ldapm \
    {LDAP_READ_CRED ldap:///o=corpex?mailinglistOwner?sub?(&(deliveryMode=majordomo)(uid=$local_part@$domain)) \
    }}


ldap_majordomo:
  # this will match <list>-request@domain and majordomo@domain
  driver = accept
  transport = majordomo_direct_pipe
  condition = ${if \
        and { \
            { or { \
                {match {${lc:$local_part}}{-request\$}}\
                {eq{${lc:$local_part}}{majordomo}} \
              } \
            } \
            { eq{${lookup ldapm \
              {LDAP_READ_CRED ldap:///o=corpex?deliveryMode?sub?(&(uid=$local_part@$domain)(deliveryMode=majordomo))} \
              }}{majordomo} \
            } \
        } \
        {true}fail}



ldap_majordomo_list:
  # this will match <list>-outgoing@domain (only allowed if sent locally)
  driver = redirect
  condition = ${if \
        and { \
            {match{${lc:$local_part}}{-outgoing\$}} \
          {eq{$received_protocol}{local}} \
          {eq{${lookup ldapm \
            {LDAP_READ_CRED ldap:///o=corpex?deliveryMode?sub?(&(uid=$local_part@$domain)(deliveryMode=majordomo))} \
            }}{majordomo} \
          } \
          {exists{MD_LISTS/${lc:$domain}/${sg {${lc:$local_part}} {-outgoing\$} {} }} } \
        } \
        {yes}{no} }
  data = :include:MD_LISTS/${lc:$domain}/${sg {${lc:$local_part}} {-outgoing\$} {} }
  retry_use_local_part
  allow_defer
  allow_fail
#  user = majordomo
#  group = exim



ldap_majordomo_resend_list:
  # nothing left... this will match <list>@domain
  driver = accept
  transport = majordomo_resend_pipe
  condition = ${lookup ldap \
                {LDAP_READ_CRED ldap:///o=corpex?deliveryMode?sub?(&(uid=$local_part@$domain)(deliveryMode=majordomo)) \
                }{yes}fail}



### these need to be at the end...
##################################
ldap_catchall:
  driver = redirect
  data = ${lookup ldapm \
    {LDAP_READ_CRED ldap:///o=corpex?mailForwardingAddress?sub?(uid=__ANYTHING_AT__@$domain) \
    }}


ldap_domain_alias:
  driver = redirect
  data = ${lookup ldap \
    {LDAP_READ_CRED ldap:///o=corpex?aliasDomain?sub?(dc=$domain) \
    } {$local_part@$value}fail}



# This router matches local user mailboxes.

localuser:
driver = accept
check_local_user
transport = local_delivery
group = mail



######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################


# A transport is used only when referenced from a router that successfully
# handles an address.

begin transports


# This transport is used for delivering messages over SMTP connections.

remote_smtp:
driver = smtp


# This transport is used for local delivery to user mailboxes in traditional
# BSD mailbox format. By default it will be run under the uid and gid of the
# local user, and requires the sticky bit to be set on the /var/mail directory.
# Some systems use the alternative approach of running mail deliveries under a
# particular group instead of using the sticky bit. The commented options below
# show how this can be done.

local_delivery:
driver = appendfile
file = /var/mail/$local_part
delivery_date_add
envelope_to_add
return_path_add
group = mail

ldap_local_delivery:
driver = appendfile
maildir_format = true
#directory = $address_data/Maildir
directory = /var/spool/armourplate/
delivery_date_add
envelope_to_add
return_path_add
group = mail
create_directory = true
use_bsmtp





# This transport is used for handling pipe deliveries generated by alias or
# .forward files. If the pipe generates any standard output, it is returned
# to the sender of the message as a delivery error. Set return_fail_output
# instead of return_output if you want this to happen only when the pipe fails
# to complete normally. You can set different transports for aliases and
# forwards if you want to - see the references to address_pipe in the routers
# section above.

address_pipe:
driver = pipe
return_output


# This transport is used for handling deliveries directly to files that are
# generated by aliasing or forwarding.

address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add


# This transport is used for handling autoreplies generated by the filtering
# option of the userforward router.

address_reply:
driver = autoreply

ldap_send_autoreply_old:
  driver = autoreply
  file_expand
  from = $local_part@$domain
  to = $sender_address
  subject = "Re: ${escape:${length_50:$h_subject:}}"
  text = ${escape:${lookup ldap \
    {LDAP_READ_CRED ldap:///o=corpex?mailReplyText?sub?(uid=$local_part@$domain) \
    } {$value}{" "}}}


ldap_send_autoreply:
driver = pipe
command = /usr/local/exim/autoresponder.pl
user = exim
environment = "subject=$h_subject"
ignore_status


majordomo_resend_pipe:
driver = pipe
#THESE ARE NOT PRESENT ON THIS SYSTEM, but need to go in here, if md is used!
# user = majordomo
# group = majordomo
path = /usr/local/majordomo
home_directory = /usr/local/majordomo
current_directory = /usr/local/majordomo
return_fail_output
command = wrapper "resend" "-l" "${lc:$local_part}" "-C" "lists/${lc:$domain}/majordomo.cf" "${lc:$local_part}-outgoing@$domain"

majordomo_direct_pipe:
  driver = pipe
#THESE ARE NOT PRESENT ON THIS SYSTEM, but need to go in here, if md is used!
#  user = majordomo
#  group = majordomo
  path = /usr/local/majordomo
  home_directory = /usr/local/majordomo
  current_directory = /usr/local/majordomo
  return_fail_output
  command = wrapper "majordomo" "-l" "${if match {${lc:$local_part}}{-request\\$} {${sg{${lc:$local_part}}{-request\\$}{}}} {''}}" \
            "-C" "lists/${lc:$domain}/majordomo.cf"


#               match {${lc:$local_part}}{-request\\$}\
#                {-l ${sg{${lc:$local_part}}{-request\\$}{}} }\
#                {\
#                  ${if \
#                    eq{${lc:$local_part}}{majordomo} \
#                    {majordomo}\
#                    {resend -l ${lc:$local_part}}\
#                  }\
#                } \
#                }" "-C" "lists/${lc:$domain}/majordomo.cf"




######################################################################
#                      RETRY CONFIGURATION                           #
######################################################################


begin retry

# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 6 hours until 4 days have passed since the first
# failed delivery.

# Domain               Error       Retries
# ------               -----       -------


*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h




######################################################################
#                      REWRITE CONFIGURATION                         #
######################################################################


# There are no rewriting specifications in this default configuration file.

begin rewrite



######################################################################
#                   AUTHENTICATION CONFIGURATION                     #
######################################################################


# There are no authenticator specifications in this default configuration file.

begin authenticators

# outlook
login:
  driver = plaintext
  public_name = LOGIN
  server_prompts = Username:: : Password::
  server_condition = \
    ${lookup ldapdn \
        {\
            LDAP_READ_CRED ldap:///o=corpex??sub?(uid=${quote_ldap:$1}) \
        }\
        {\
            ${if ldapauth \
                { \
                user="$value" pass="$2" ldap:/// \
                } \
                {yes}{no}\
            }\
        }\
        {no}\
    }
  server_set_id = $1



# netscape
plain:
  driver = plaintext
  public_name = PLAIN
  server_condition = \
        ${lookup ldapdn \
                {\
                        LDAP_READ_CRED ldap:///o=corpex??sub?(uid=${quote_ldap:$2}) \
                }\
                {\
                        ${if ldapauth \
                                { \
                                user="$value" pass="$3" ldap:/// \
                                } \
                                {yes}{no}\
                        }\
                }\
                {no}\
        }
  server_set_id = $2


# End of Exim configuration file
--
# CORPEX' Top OID: 1.3.6.1.4.1.12069.
# see http://www.iana.org/assignments/enterprise-numbers
# 020508 - philipp@???


attributetype ( 1.3.6.1.4.1.12069.1.1 NAME 'admin'
    DESC 'describes the admin of an object (multiple allowed)'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )


attributetype ( 1.3.6.1.4.1.12069.1.2 NAME 'TextFooter'
    DESC 'contains the default text footer which is to be appended'
    SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
    SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.1.3 NAME 'HtmlFooter'
    DESC 'contains the default HTML footer which is to be appended'
    SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
    SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.1.4 NAME 'TextFooterIn'
        DESC 'contains the default text footer which is to be appended to incoming mails'
        SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
        SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.1.5 NAME 'HtmlFooterIn'
        DESC 'contains the default HTML footer which is to be appended to incoming mails'
        SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
        SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.1.8 NAME 'mailHost'
    DESC 'On which mailserver the messagestore of this user is located.'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
    SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.1.9 NAME 'Status'
    DESC 'The status of a user account: active, nopop, disabled, deleted'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
    SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.1.10 NAME 'AppendFooter'
        DESC 'either TRUE or FALSE. states whether shall append a footer or not'
        SYNTAX '1.3.6.1.4.1.1466.115.121.1.7'
        SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.1.11 NAME 'AppendFooterIn'
        DESC 'either TRUE or FALSE. states whether shall append a footer or not'
        SYNTAX '1.3.6.1.4.1.1466.115.121.1.7'
        SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.1.12 NAME 'isSMTPDomain'
    EQUALITY booleanMatch
    DESC 'either TRUE or FALSE. states whether this is an SMTP domain'
    SYNTAX '1.3.6.1.4.1.1466.115.121.1.7'
    SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.1.13 NAME 'maxAccounts'
    DESC 'maxAccounts'
    EQUALITY integerMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
    SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.1.14 NAME 'aliasDomain'
    DESC 'if the domain is an alias to another domain, enther its name here'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
    SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.1.15 NAME 'maxPopAccounts'
        DESC 'maxPopAccounts'
        EQUALITY integerMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
        SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.1.16 NAME 'maxAliasAccounts'
        DESC 'maxAliasAccounts'
        EQUALITY integerMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
        SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.1.17 NAME 'allowAnythingAt'
    EQUALITY booleanMatch
        DESC '...'
        SYNTAX '1.3.6.1.4.1.1466.115.121.1.7'
        SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.1.18 NAME 'ArmourPlateAntiVirus'
        EQUALITY booleanMatch
        DESC '...'
        SYNTAX '1.3.6.1.4.1.1466.115.121.1.7'
        SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.1.19 NAME 'ArmourPlateAntiSpam'
        EQUALITY booleanMatch
        DESC '...'
        SYNTAX '1.3.6.1.4.1.1466.115.121.1.7'
        SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.1.20 NAME 'mailForwardingHost'
        DESC '...'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
        SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.1.21 NAME 'maxAutoResponder'
        DESC '...'
        EQUALITY integerMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
        SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.1.22 NAME 'resellerUid'
    DESC '...'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
    SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.1.23 NAME 'domainAdminUid'
    DESC '...'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )


objectclass ( 1.3.6.1.4.1.12069.1
    NAME 'CorpexMailComponent'
    DESC 'a container that holds mail accounts and owner info'
    SUP top AUXILIARY
    MUST ( dc )
    MAY ( admin $ seeAlso $ TextFooter $ HtmlFooter $
        AppendFooter $ HtmlFooterIn $ TextFooterIn $
        AppendFooterIn $ description $ isSMTPDomain $ maxAccounts $
        aliasDomain $ maxPopAccounts $ maxAliasAccounts $ allowAnythingAt $
        armourplateAntiVirus $ armourplateAntiSpam $ mailForwardingHost $
        resellerUid $ domainAdminUid $ maxAutoResponder )
    )



attributetype ( 1.3.6.1.4.1.12069.2.1 NAME 'mailForwardingAddress'
    DESC 'Address(es) to forward all incoming messages to.'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )


attributetype ( 1.3.6.1.4.1.12069.2.2 NAME 'mailMessageStore'
    DESC 'Path to the maildir/mbox on the mail system'
    EQUALITY caseExactIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
    SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.2.3 NAME 'IsDomainAdmin'
    DESC 'TRUE or FALSE. States whether a user is a domain admin. If set to true, he will be able to administer all domains or useraccounts where admin="his_uid"'
    SYNTAX '1.3.6.1.4.1.1466.115.121.1.7'
    SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.2.4 NAME 'deliveryMode'
    DESC 'multi field entries of: normal, forwardonly, nombox, localdelivery, reply, echo'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )



attributetype ( 1.3.6.1.4.1.12069.2.6 NAME 'deliveryProgramPath'
    DESC 'Program to execute for all incoming mails.'
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
    SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.2.7 NAME 'deliverUID'
        DESC 'UID of the user on the mailsystem'
        EQUALITY integerMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
        SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.2.8 NAME 'deliverGID'
        DESC 'GID of the user on the mailsystem'
        EQUALITY integerMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
        SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.2.9 NAME 'mailReplyText'
    DESC 'A reply text for every incoming message'
    SUBSTR caseIgnoreSubstringsMatch
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{4096}
    SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.2.10 NAME 'pop3Server'
    DESC 'low user pop3 Server'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
        SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.2.11 NAME 'cleartextPass'
        DESC 'low user pop3 pass'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
        SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.2.12 NAME 'pop3User'
        DESC 'low user pop3 username'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
        SINGLE-VALUE )


attributetype ( 1.3.6.1.4.1.12069.2.13 NAME 'adminOfUser'
    DESC 'admin of...'
    EQUALITY caseIgnoreIA5Match
    SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
    )


attributetype ( 1.3.6.1.4.1.12069.2.14 NAME 'adminOfDomain'
        DESC 'admin of...'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
        )


attributetype ( 1.3.6.1.4.1.12069.2.15 NAME 'isAllowedToOrder'
    EQUALITY booleanMatch
        DESC '...'
        SYNTAX '1.3.6.1.4.1.1466.115.121.1.7'
    SINGLE-VALUE
    )


attributetype ( 1.3.6.1.4.1.12069.2.16 NAME 'mailinglistOwner'
        DESC 'mailinglistOwner'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
    )


attributetype ( 1.3.6.1.4.1.12069.2.17 NAME 'isSuperAdmin'
        EQUALITY booleanMatch
        DESC '...'
        SYNTAX '1.3.6.1.4.1.1466.115.121.1.7'
        SINGLE-VALUE
        )


attributetype ( 1.3.6.1.4.1.12069.2.18 NAME 'isReseller'
        EQUALITY booleanMatch
        DESC '...'
        SYNTAX '1.3.6.1.4.1.1466.115.121.1.7'
        SINGLE-VALUE
        )



objectclass ( 1.3.6.1.4.1.12069.2
    NAME 'CorpexMailPerson'
    DESC 'a object that contains everything necessary for email users'
    SUP top AUXILIARY
    MUST ( uid )
    MAY ( admin $ TextFooter $ HtmlFooter $ mailHost $ Status $
        mailMessageStore $ mailForwardingAddress $
        IsDomainAdmin $ deliveryMode $
        deliveryProgramPath $ deliverUID $ deliverGID $
        mailReplyText $ userPassword $ AppendFooter $ HtmlFooterIn $
        TextFooterIn $ AppendFooterIn $ description $ pop3Server $
        cleartextPass $ pop3User $ adminOfUser $ adminOfDomain $
        isAllowedToOrder $ mailinglistOwner $ isSuperAdmin $ isReseller $
        ArmourPlateAntiSpam $ ArmourPlateAntiVirus)
    )


objectclass ( 1.3.6.1.4.1.12069.2.1
    NAME 'CorpexMailinglist'
    DESC 'a object that contains Mailinglists'
    SUP CorpexMailPerson AUXILIARY
    MUST (mailinglistOwner)
    )
--