MAIL500(8C)                                                        MAIL500(8C)


       mail500 - X.500 capable mailer

       fax500 - X.500 capable fax delivery agent


       /usr/sbin/mail500  [-d level] [-f mailfrom] [-h hostname] [-l ldaphost]
       [-m address] [-v vacationhost]

       /usr/sbin/fax500 [-d level] [-f mailfrom] [-h hostname]  [-l  ldaphost]
       [-m address]


       mail500  is an LDAP/X.500-capable mailer, suitable to be invoked from a
       mail delivery agent such as sendmail(8).   It  supports  mail  to  both
       individuals  and  groups.   fax500  is  an LDAP/X.500-capable facsimile
       delivery agent.  It utilizes the  Internet  remote-printing  experiment
       (   For  more  information  on, look in /mrose/tpc on, or send mail to


       -dlevel Turn on debugging as defined by  level.   This  option  directs
       mail500/fax500  to  produce  various debugging output via the syslog(8)
       facility at the LOG_ALERT level.

       -f mailfrom
              This option tells mail500/fax500 what to set  the  envelop  from
              address to when (re)invoking sendmail to deliver mail.  mailfrom
              should be a valid  email  address.   Normally,  this  option  is
              passed  to  mail500/fax500 via the mailer defini-
              tion, and is set to something like the $f macro.

       -l ldaphost
              Specify an alternate host on which the LDAP server is running.

       -m address
              If mail500/fax500 produces a  rejection  message,  this  is  the
              address from which it will com.  Normally, this option is passed
              to mail500/fax500 via the mailer definition,  and
              is  set  to something like $n@$w (typically, mailer-daemon@host-

       -v vacationhost
              If the vacation facility is operative, this option specifies the
              host  to  which  the mail of users who are on vacation should be


       When mail500/fax500 gets invoked with one or more  names  to  which  to
       deliver  mail,  it searches for each name in X.500.  Where it searches,
       and what kind(s) of search(es) it does are compile-time configurable by
       changing  the  base array in main.c.  For example, the configuration we
       use at U-M is like this:

       Base    base[] =
            { "ou=People, o=University of Michigan, c=US", 0
                 "uid=%s", "cn=%s", NULL,
              "ou=System Groups, ou=Groups, o=University of Michigan, c=US", 1
                 "(&(cn=%s)(associatedDomain=%h))", NULL, NULL,
              "ou=User Groups, ou=Groups, o=University of Michigan, c=US", 1
                 "(&(cn=%s)(associatedDomain=%h))", NULL, NULL,

       which   means   that   in   delivering   mail    to    ""
       mail500/fax500would do the the following searches, stopping if it finds
       a match at any step:

       subtree search of "ou=People, o=University of Michigan, c=US"
            for (uid=name)
       subtree search of "ou=People, o=University of Michigan, c=US"
            for (cn=name)
       subtree search of "ou=System Groups, ou=Groups, o=University of Michigan, c=US"
            for (&(cn=name)(
       subtree search of "ou=User Groups, ou=Groups, o=University of Michigan, c=US"
            for (&(cn=name)(

       Notice that when specifying a filter %s is replaced  by  the  name,  or
       user  portion of the address while %h is replaced by whatever is passed
       in to mail500/fax500 via the -h option (typically the host  portion  of
       the address).

       You  can  also  specify  whether  you  want search results that matched
       because the entry's RDN matched the search to be  given  preference  or
       not.  At U-M, we only give such preference in the mail group portion of
       the searches.  Beware with this option:  the algorithm used  to  decide
       whether  an  entry's  RDN matched the search is very simple-minded, and
       may not always be correct.

       There is currently no limit on the number of areas searched  (the  base
       array can be as large as you want), and an arbitrary limit of 2 filters
       for each base.  If you want more than that, simply changing  the  3  in
       the typedef for Base should do the trick.


       In  X.500,  there  are  several  new attribute types and one new object
       class defined that mail500/fax500 uses.  At its most basic, for  normal
       entries  mail500  will  deliver  to  the  value(s)  listed  in the mail
       attribute of the entry, and fax500 will attempt to deliver a fax to the
       telephone number listed in the facsimileTelephoneNumber attribute.  For
       example, at U-M my entry has the attribute


       So mail sent to will be delivered  via  mail500  to  that
       address (assuming the file is set up to call mail500 for
       mail to - see below).  If there were multiple values
       for the mail attribute, multiple copies of the mail would be sent.

       In the case of fax500,ifmyentryhastheattribute

            facsimileTelephoneNumber= +1 313 764 5140

       A  message  sent to (assuming the file is
       set up to pass mail to fax500- see below) will  generate
       a              message              to             remote-printer.Timo-

       A new object class, rfc822MailGroup, and several  new  attributes  have
       been  defined  to  handle email groups/mailing lists.  To use this, you
       will need to add this to your local oidtable.oc:

            # object class for representing rfc 822 mailgroups
            rfc822MailGroup:        umichObjectClass.2 : \
                 top : \
                 cn : \
                 rfc822Mailbox, member, memberOfGroup, owner, \
                 errorsTo, rfc822ErrorsTo, requestsTo, rfc822RequestsTo, \
                 joinable, associatedDomain, \
                 description, multiLineDescription, \
                 userPassword, krbName, \
                 telecommunicationAttributeSet, postalAttributeSet

       And you will need to add these to your local

            # attrs for rfc822mailgroups
            multiLineDescription:   umichAttributeType.2    : CaseIgnoreList
            rfc822ErrorsTo:         umichAttributeType.26   : CaseIgnoreIA5String
            rfc822RequestsTo:       umichAttributeType.27   : CaseIgnoreIA5String
            joinable:               umichAttributeType.28   : Boolean
            memberOfGroup:          umichAttributeType.29   : DN
            errorsTo:               umichAttributeType.30   : DN
            requestsTo:             umichAttributeType.31   : DN

       The idea was to define a kind of hybrid mail group  that  could  handle
       people  who  were in X.500 or not.  So, for example, members of a group
       can be specified via the member attribute (for X.500  members)  or  the
       rfc822MailBox  attribute  (for  non-X.500  members).  Similarly for the
       errorsTo and rfc822ErrorsTo, and the  requestsTo  and  rfc822RequestsTo

       To  create a real mailing list, with a list maintainer, all you have to
       do  is  create  an  rfc822MailGroup  and  fill  in  the   errorsTo   or
       rfc822ErrorsTo  attributes  (or  both).   That  will  cause  any errors
       encountered when delivering mail to the group to go  to  the  addresses
       listed (or X.500 entry via it's mail attribute).

       If you fill in the requestsTo or rfc822RequestsTo (or both) attributes,
       mail sent to groupname-request will be sent  to  the  addresses  listed
       there.   If  you  fill  in the owner attribute, mail sent to groupname-
       owner will be sent to the addresses listed there.   mail500  does  this
       automatically,  so  you  don't  have  to  explicitly add the groupname-
       request or groupname-owner aliases to your group.

       To allow users to join a group, there is the joinable flag.   If  TRUE,
       mail500  will  search  for  entries that have a memberOfGroup attribute
       equal to the DN of the group, using the same algorithm it used to  find
       the  group  in  the first place (i.e. the DNs and filters listed in the
       base array).  This allows people to join  (or  subscribe  to)  a  group
       without  having  to  modify  the  group entry directly.  If joinable is
       FALSE, the search is not done.


       The idea is that you might have a rule like this  in  your
       file somewhere in rule set 0:

               R$*<>$*       $#mail500$$:<$1>
               R$*<>$* $#fax500$$:<$1>

       These rules say that any address that ends in will cause the
       mail500 mailer to be called to deliver the mail, and any  address  that
       ends  in will cause the fax500 mailer to be called.  You
       probably also want to do something to prevent addresses  like  termina-
       tor!   or  from
       being passed to mail500.  At U-M, we do this by adding rules like  this
       to rule set 9 where we strip off our local names:

            R<>$*:$*                 $>10<@>$1:$2
            R$+%$+<>                 $>10$1%$2<@>
            R$+!$+<>                 $>10$1!$2<@>

       Of  course,  you would substitute your domain name for in the
       above examples.  See the sample file  in  the  ldap  source
       directory clients/mail500/ for more details.

       The mail500 and fax500 mailers should be defined similar to this in the file:

       Mmail500, P=/usr/sbin/mail500, F=DFMSmnXuh, A=mail500 -f $f -h $h -m $n@$w $u
       Mfax500, P=/usr/sbin/fax500, F=DFMSmnXuh, A=fax500 -f $f -h $h -m $n@$w $u

       This defines how mail500/fax500 will be treated by  sendmail  and  what
       arguments  it  will have when it's called.  The various flags specified
       by the F=... parameter are explained in your local sendmail book  (with
       any  luck).   The  arguments  to  mail500/fax500  are  as defined under
       OPTIONS above.  The  final  argument  $u  is  used  to  stand  for  the
       addresses to which to deliver the mail.


       The  default  values  for several #defines that control how mail500 and
       fax500 works are configured at compile  time  in  the  include/ldapcon-
       fig.h.edit  include file.  You should edit this file to suit your site.


       mail500/fax500 should use the ldap_getfilter(3)  facility,  instead  of
       compiling in the search filters to use.  This is shameful.

       The support for joinable groups (searching to find members who have set
       something in their own entry) is really a hack because we did not  have
       good enough access control to allow people to add and delete themselves
       from the group itself.

       At one point, mail500 and fax500 were  exactly  the  same  binary,  and
       would  behave  appropriately  based on how they were invoked.  Unfortu-
       nately, several new features (e.g.  vacation  support)  were  added  to
       mail500 but not to fax500.


       ldap(3),, sendmail(8),


       OpenLDAP   is   developed   and  maintained  by  The  OpenLDAP  Project
       (  OpenLDAP is  derived  from  University  of
       Michigan LDAP 3.3 Release.

OpenLDAP 2.0.25-Release         20 August 2000                     MAIL500(8C)

Man(1) output converted with man2html