What sort of problems did you have with whitelist management? I'd be interested to know because we have recently introduced this type of whitelisting here.
We have around 15,000 mail users and send any whitelist updates to the mail relays every 2 hours. So far we haven't come across any issues with this. Tony ---------- Original Message ---------------------------------- Wrom: MQZUIVOTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGDGV Reply-To: [EMAIL PROTECTED] Date: Mon, 12 Jan 2004 06:28:22 -0800 Not necessarily. If this is a big enough deal to warrant the work, you could do one way sync out to something like openldap (http://www.openldap.org) and use it - replicating only the desired data there. Trust me, when we had whitelists on our external relays, there was no end to the problems and issues we had with inbound mail, and we only had 3500 people at the time. I'd think something like this is worth the effort if you really want to reject prior to acceptance. Roger -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > Wrom: CJVTLBXFGGMEPYOQKEDOTWFAOBUZXUWLSZLKBRNVWWCUF > Sent: Monday, January 12, 2004 9:08 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] ldifde and/or csdve > > > The only downside with this option is that it usually means > you need to expose your production AD DCs to servers in the > DMZ. Even if you baton down the ports through your firewall, > use IPSec, etc. it still means there is a route through to your DCs. > > Tony > > ---------- Original Message ---------------------------------- > Wrom: OKSTTZRCLBDXRQBGJSNBOHMKHJYFMYXOEAIJJPHSCRTN > Reply-To: [EMAIL PROTECTED] > Date: Mon, 12 Jan 2004 05:19:17 -0800 > > You might want to look at another option. Depending on the > mail transfer > agent you're using at the relays, many can do LDAP > verification "live" off > AD. Sendmail can do it, and I believe postfix and others can as well. > > Having worked in an environment in which we had to keep white > and black > lists up to date - at its worst, it was 3500 users and more or less > constantly out of date. I'd strongly suggest you look at a > different way to > do it. > > Roger > -------------------------------------------------------------- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > -----Original Message----- > Wrom: HGSWZIDREXCAXZOWCONEUQZAAFXISHJEXXIMQZUI > Sent: Saturday, January 10, 2004 10:20 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] ldifde and/or csdve > > > I'm going to find out real soon if it meets requirements or not. :-) > Thanks for taking the time, Joe. Basically we're trying to create > blacklists and whitelists for email filters based on email > address to make > sure user of x company does not have email parsed through > various stages. > > One question... does adfind actually pull each value from the > proxyAddresses > field and match up to the parameter you've specified (e.g. > the SMTP:*)... ? > Thanks again! > > -m > > > _____ > > Wrom: VOTQNQEMSFDULHPQQWOYIYZUNNYCGPKYLE > [mailto:[EMAIL PROTECTED] On Behalf Of Joe > Sent: Saturday, January 10, 2004 7:31 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] ldifde and/or csdve > > I will probably get dunned for the use of perl (except by Robbie and > Richard) but.... > > If this is a one off thing, i.e. not a regular process and > you just want to > grab some data here is a quick and dirty solution. This is a > joeware whip it > up on the spot special for you.... no charge. :op > > > __START SCRIPT__ > `adfind -t 50000 -gc -b -f \"&(mail=*)(proxyaddresses=SMTP:*)\" mail > proxyaddresses >tempfile.txt`; > open fh,"<tempfile.txt"; > %uniqueemail=(); > %ciuniqueemail=(); > foreach $thisline (<fh>) > { > if ($thisline=~/.+: *([EMAIL PROTECTED] <mailto:[EMAIL PROTECTED])/> )/) > { > $uniqueemail{$1}=1; > $ciuniqueemail{lc($1)}=1; > } > } > > print "\n\nUnique Email Addresses\n" > map {print "$_\n"} sort keys %uniqueemail; > > print "\n\nCase Insensitive Unique Email Addresses\n" > map {print "$_\n"} sort keys %ciuniqueemail; > __END SCRIPT__ > > > It uses adfind (www.joeware.net <http://www.joeware.net> on > the free win32 > tools page) to query a global catalog to get all of the > objects with either > mail attribute populated OR SMTP starting one of the values in > proxyaddresses and also retrieves those attributes. It sends > this to a file > both because I don't know how big your forest is and your > memory in your pc > is. If you have something smaller for a forest or a big box > you can pull > straight into memory with > > @output=`adfind -t 50000 -gc -b -f > \"&(mail=*)(proxyaddresses=SMTP:*)\" mail > proxyaddresses`; > > > Also the base is nothing which means search the entire > directory, if you > wanted a single domain you could set -b parameter to some value like > dc=child1,dc=domain,dc=com. > > > It also will give you two hashes of unique IDs. One is case > sensitive, one > is case insensitive. Shouldn't matter and I personally would > do everything > case insensitive but not sure exactly what you are looking > for so did it > both ways. If you want case insensitive, kill any line with > uniqueemail in > it and leave the lines with ciuniqueemail in it. > > ex: > > __START SCRIPT__ > `adfind -t 50000 -gc -b -f \"&(mail=*)(proxyaddresses=SMTP:*)\" mail > proxyaddresses >tempfile.txt`; > open fh,"<tempfile.txt"; > %ciuniqueemail=(); > foreach $thisline (<fh>) { if ($thisline=~/.+: *([EMAIL PROTECTED])/ > <mailto:[EMAIL PROTECTED])/> ) > {$ciuniqueemail{lc($1)}=1}}; > print "\n\nCase Insensitive Unique Email Addresses\n" > map {print "$_\n"} sort keys %ciuniqueemail; > __END SCRIPT__ > > > Oh one quick thing, I hate it when I don't easily see what a regular > expression is doing so the regex above ($thisline=~/.+: *([EMAIL PROTECTED])/ > <mailto:[EMAIL PROTECTED])/> ) breaks down like this > > $thisline=~/.+: *(.+)/ > > $thisline=~ Take the $thisline variable and run a > match against > it.... > /.+: *([EMAIL PROTECTED] <mailto:[EMAIL PROTECTED])/> )/ This is the match. > Match any line > that has a : and an @ sign in it. On a match take the info > following the : > or a : with a trailing space and save it. > > This will match any of the following lines: > > >mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > >proxyaddresses: SMTP:[EMAIL PROTECTED] > >proxyaddresses: smtp:[EMAIL PROTECTED] > > and save the email address piece in the variable $1. > > > > If you need to match up the dn to the email addresses this gets more > involved but is still pretty easy. The following script will > create a semi > colon delimited list with the DN as the first field and all > other fields > email addresses for the specified dn. > > > __START SCRIPT__ > `adfind -t 50000 -gc -b -f \"&(mail=*)(proxyaddresses=SMTP:*)\" mail > proxyaddresses >tempfile.txt`; > open fh,"<tempfile.txt"; > %ciuniqueemail=(); > foreach $thisline (<fh>) > { > if ($thisline=~/dn:(.+)/) {$cdn=lc($1)}; > if ($thisline=~/.+: *([EMAIL PROTECTED])/ <mailto:[EMAIL PROTECTED])/> ) > {$ciuniqueemail{$cdn}{lc($1)}=1; > } > > print "\n\nCase Insensitive Unique Email Addresses\n" > foreach $dn (sort keys $ciuniqueemail) > { > print "$dn;"; > map {print "$_;"} sort keys %{$ciuniqueemail{$dn}}; > print "\n"; > } > __END SCRIPT__ > > > want to match to display names or whatever else instead? > Simply add the > field to the search and change the line picking out the > current "key". I > really like dn as that is guaranteed unique in a forest, > anything else and > you need to scope your search better to avoid non-unique hits > which would > skew the output incorrectly. > > > > Does that meet the requirements? > > > joe > > > > > > _____ > > Wrom: JGDGVCJVTLBXFGGMEPYOQKEDOTWFAOBUZX > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Friday, January 09, 2004 2:20 PM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] ldifde and/or csdve > Im hoping someone on here might be able to help me. I have a > request to > create a file that contains all my users smtp addresses. Im > running in an > AD windows 2000 environment. I need to ensure that the list > contains all > addresses for each person. I.e. in some cases the same > person might have > three different smtp addresses for whatever reason. Ive done > some csdve > commands such as: > > Csvde -f GAlSync.csv -d > "OU=Contacts,OU=whatever,DC=CORP,DC=companyname,DC=com > > Which generates me a csv with the data in it but the cleanup > to get to just > the smtp addy's will be almost unbearable. Does anyone > happen to know a > better way to get just those smtp addy's out of there? > > Thanks, > > Travis > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
