This chapter describes how to setup LASER routing to correctly route email for M-Switch users.
5.1
Overview
LASER was specified in a draft Internet Standard, and specifies a way of configuring local delivery of internet email.
The basic idea is very simple: the MTA gets routing information from the LDAP Directory by searching using the email address (RFC 822 only).
Although LASER configuration is held in the directory, the way in which this LASER configuration is accessed and used is held in a Directory Profile table. See Section 5.2, “Directory Profiles”.
When the MTA creation wizard creates an MTA this table is by default created to be held in the Directory. Like other tables, this can also be held as a text file. If using the latter, you should read the chapters on table based routing in M-Switch Advanced Administration Guide.
5.1.1
Routing
When routing an Internet email address, the first stage determines • if the domain is valid
• if the domain is local
• if it is local, if there is a table prefix to be used later.
Processing the address if the domain is not local is done either as for the dns policy (using smtp channels), or as for the table lookup policy (using the channel table).
If the domain is local, then the address is looked up, using LDAP in a directory server. If no matching entry is found, or if multiple entries are found, then the routing fails. In the latter case a non-delivery is forced with a diagnostic of "ambiguous".
If one matching entry is found, then certain attributes are read from that entry and used for both routing, and for channel-specific purposes. Which attribute type is used for each purpose can be configured, as outlined below.
5.2
Directory Profiles
Configuration information is held in Directory Profiles as presented by MConsole. A Directory Profile is actually a configuration table. When a configuration is created by MConsole it sets up a table called default. Other laser tables have an associated prefix, i.e.<prefix>-laser. The prefix can be associated with the lookup policy (e.g.
dns-laser=foobar) or can be associated with a specific domain in the domain table (value such as local=foobar). This enables the MTA to search different parts of the DIT, or even different servers, for different domains in the address.
If values are not found in the appropriate table, then suitable defaults are used, as indicated below. For the actual routing, the defaults use the LASER attributes as defined in the IETF draft.
5.3
Directory Profile Content
There are three tabs in a Directory Profile which can be defined. All configuration values can be left blank and sensible defaults are used.
This means that for many straightforward configurations, no values need to be configured. See Section 5.4, “Simple Configuration” to understand when the simple defaults are likely to be sufficient.
5.3.1
Directory Connection
The first tab controls which LDAP server is used and how to bind (if at all)
If the LDAP bind information is not explicitly set, then the same information is used as is used for the x500_access=ldap case. To configure them explicitly, use the values below.
LDAP Server Host (ldap-host)
The name of the ldap host. This can be a space separated list of hosts. The names can be optionally followed by : (a colon) and a port number.
Port (ldap-port)
If ldap-host does not contain a port number, then this is used. The port number defaults to the LDAP standard port: 389.
Server Authentication
Authentication Mechanism (sasl-mechanism)
The SASL mechanism to use. This can be omitted, in which case one of the shared available mechanisms will be used. If set to "simple", it forces a simple bind (DN and password). If set to "none" if forces no binding.
Authentication Data User (ldap-name)
The DN to use if a simple bind is to be used.
Password (ldap-password)
The password to use in a simple bind.
5.3.2
Lookup
The second tab configures how lookups are performed.
When to dereference aliases (ldap-aliases)
Controls the dereferencing of aliases. The default is 3: always. This is set to one of the following numeric values:
• 1 (searching) • 2 (finding) • 3 (always)
Search Base (search-base)
The base entry for the search (default is the root of the DIT).
Routing Search Filter Attributes (filter-atts)
A space separated list of attribute types which are used to construct the search filter. If more than one is specified, then the filter is an 'OR' of the filters for each attribute type. Each attribute filter performs an exact match for the address. Note that if the first search is unsuccessful, then a second search is performed with the local-part of the address removed (but including the '@'). This allows 'wildcard' entries to be configured in the DIT for a whole domain.
Extra Routing Search Filter (extra-filter)
An LDAP search filter, which is combined using ’AND’ with the filter constructed using filter-atts. This is used to constrain the entries being matched for routing lookups.
Mixer Internet Attributes (mixer-internet-atts)
A space separated list of attributes to be used to construct the search filter for MIXER address conversion from Internet to X.400. If more than one is specified, then the filter is an 'OR' of the filters for each attribute type. Each attribute filter performs an exact match for the address.
MIXER X.400 Attributes (mixer-x400-atts)
A space separated list of attributes to be used to construct the search filter for MIXER address conversion from X.400 to Internet. If more than one is specified, then the filter is an 'OR' of the filters for each attribute type. Each attribute filter performs an exact match for the address.
Extra Internet Search Filter (mixer-filter-internet)
An LDAP search filter, which is combined using ’AND’ with the filter constructed using mixer-internet-atts. This is used to constrain the entries being matched for MIXER mapping lookups.
Extra X.400 Search Filter (mixer-filter-x400)
An LDAP search filter, which is combined using ’AND’ with the filter constructed using mixer-internet-atts. This is used to constrain the entries being matched for MIXER mapping lookups.
Default Delivery Host (default-host)
Sets the default host to which the mail should be transferred, if non-local.
Default Delivery Channel (default-channel)
Sets the default channel to be used for local delivery. Defaults to "lmtp".
Search scope (search-scope)
If set to the string "single-level" then a single-level search is performed. Otherwise a subtree search is performed.
Search timeout (search-timeout)
A numeric value for a timeout, in seconds.
5.3.3
Mapping
The second group of table entries controls the routing or mapping (as appropriate for LASER or MIXER mapping).
laser-atts
This is a list of attributes to retrieve from the server for the entry. Each attribute in the list MUST have a corresponding type, so the routing lookup knows how to treat the attribute if found.
Additionally, there should be an entry in the table for each attribute type listing in the
which describes how the value is to be interpreted. Note that the concepts are closely related to table-based routing.
Routing values:
Alias
The value is an alias address (default mailRoutingAddress)
Synonym
The value is a synonym address
External Synonym
The value is an external synonym address
Host
The host for transfer (default is mailHost)
Channel
The channel for local delivery (default is channel)
Group
The list of groups to which a user belongs (default is mhsUserGroup)
Closed User Group
The list of groups to which a user belongs (default is mhsClosedUserGroup)
Note: If the address being used matches the value in an alias or synonym, then the alias or synonym is ignored.
If the value for the host matches the local MTA's name, then that value is also ignored. After removal of attributes which match the address used for lookup, there should be at most one external-synonym value, and at most one alias or synonym. If there is both an external-synonym and an alias or synonym, then the external-synonym is used.
5.3.4
Local delivery channel values
These replace the values in the channel configuration.
numeric-uid
Numeric UID used for the delivering process (Unix)
numeric-gid
Numeric GID used for the delivering process (Unix)
username
Username used to get UID, GID, home directory
mailbox
Name of mailbox file to use
directory
Directory in which mailbox file will be found
mailformat
Format of mailbox file
mailfilter
Name of mailfilter file
sysmailfilter
Name of system mail filter
path
Search path
restricted
Boolean indicating if user is restricted Default values:
• filter-atts is "mailLocalAddress"
• laser-atts is mailHost mailRoutingAddress" • mailHost is host"
• mailRoutingAddress is "alias".
This matches the LASER routing draft, with local delivery by LMTP.
5.4
Simple Configuration
When creating an Internet or MIXER configuration, a Directory Profile is created. For simple configurations this will be sufficient to allow LASER routing to work if • the users are held in the same Directory as the configuration
• the standard attributes are used
You need to ensure that one of the mailLocalAddress, mailRoutingAddress,
mailHost attributes has been added to the user by IMA, for example:
objectClass= inetLocalMailRecipient
mailRoutingAddress= [email protected]
See Chapter 6, Managing Internet Messaging Users for information on configuring Internet users.
You can make the search more efficient by configuring a suitable search base.
5.4.1
Lookup Policy
Make sure the lookup policy of the MTA uses a LASER lookup policy, for example "dns-laser". See Table 4.1, “LASER lookup policies for message routing” or the M-Switch Advanced Administration Guide for a full description of laser lookup policies.
Below is the Directory Profile as created by MConsole with minimal configured values.
Figure 5.1. Directory Profile in MConsole
You should now find that the address [email protected] is routed to the local MTA by LMTP (use ckadr to check this):
/opt/isode/sbin/ckadr [email protected]
[email protected] -> (rfc822) \ [email protected]