Re: [Declude.JunkMail] OT: IMAIL -> AD

[Matt]

Andy (and Sandy), I'm not dumping on LDAP, I think it can be very useful, however in this case, is it really necessary?  Why not just support loading a text file into memory and using that?  It's the lowest common denominator and people without LDAP knowledge or software could make use of it.  The only reason not to use text files would be a technical limitation, but I'm not suggesting that it be accessed once per message, so that isn't at issue. I would certainly look to VAMsoft for this application if they supported text files, otherwise it looks easy enough to create.  I'm assuming that many around here that would consider such a tool would prefer that all spam processing be done within Declude...maybe not either or you, but most definitely some.  I would prefer this myself as long as capacity wasn't an issue.  The only stuff that I would block with VAMsoft is efficiently taken care of within Declude without touching a single custom filter (besides spamdomains, fromfile and ipfile types which currently can't be skipped, but no doubt will have that capability soon). Matt Andy Schmidt wrote: VAMsoft has indicated on their newsgroup that they consider supporting non-AD LDAP validation.  It has been requested several times after they introduced the AD synch and VAMsoft has been very responsive to customer requests in the past.   (If Sandy's idea was to EXPORT the user and alias and import it into LDAP (or Active Directory), then, yes, that could be workable way. However he was very specific in saying "if you use  IMail's NT integration" and that would be the feature where you make all your users NT users (or AD users).) Best Regards Andy Schmidt H&M Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone:  +1 201 934-3414 x20 (Business) Fax:    +1 201 934-9206 http://www.HM-Software.com/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt Sent: Monday, February 09, 2004 05:17 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] OT: IMAIL -> AD Andy, I think what he meant was that you would import the data from IMail into AD.  IMail would still use it's own methods for storing and accessing account information, but ORF would make use of the AD stuff that you exported to it. Personally, I don't use AD on my server because it doesn't seem to offer me anything of value and adds complexity.  The server is a stand-alone box, and from a security standpoint, I believe it is best for it to remain that way. I'm asking my buddy to look into this.  We certainly wouldn't come out with something that did RBL scanning (DNSBL if Scott's listening :) ), but I'm pretty sure we could get this to make use of a text file dump fairly easily.  ORF was written for an Exchange environment and it might be easier to write something more appropriate for ours.  If Vamsoft came out with a different tool, then I would be all for giving them money instead. Matt Andy Schmidt wrote: Hi Sandy: It's no-brainer if you use IMail's NT integration on an AD DC. << I don't want to reinvent the wheel, so I'm trying to research this by reading the Imail 8 manual. It doesn't reference AD directly (only the NT User setup and that you have to run on a DC). So before I invest time and play around with it, I have three "no-brainer" questions, which I could not answer myself: - It says that you can't use the Imail "Explorer" to manage accounts (users, aliases, etc.) - does that imply that my clients wouldn't be able to use WebMail to add/administer their own mailboxes either? - Does the AD only store "Users" (mailboxes) - or also "Alias" (e.g., simple alias, group alias, program alias, etc.)? If not, then how do you accomplish using the AD information to verify "valid" RCTP TO information? A good portion of the email we process is addressed to an alias!? - Does the Imail/NT/AD integration support (multiple) virtual domains (ip-less) - or will it only create users for the AD domain name? Accordingly, how will it know that two mailboxes and/or aliases by the same name, but on two different mail domains, should be kept as two different entities in AD? Best Regards Andy Schmidt H&M Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 http://www.HM-Software.com/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Sanford Whiteman Sent: Monday, February 09, 2004 03:47 PM To: Andy Schmidt Subject: Re[2]: [Declude.JunkMail] [Declude.Junkmail] MS SMTP LDAP Routing I would seriously consider funding some of the development for an IMAIL/LDAP lookup event sink as it would help my SMTP server to "disconnect" on dictionary attacks. I already use ORF to reject at the envelope using LDAP lookups and really have no need for any other intermediary. It's no-brainer if you use IMail's NT integration on an AD DC. All you need to do is add the Exchange schema extensions to the AD domain, since ORF is expecting the extended schema--you don't have to install or purchase Exchange itself. You can run the ORF queries against any server in the domain (which doesn't have to be the same as your primary domain), meaning that you can scale out from hitting the mailbox server directly to hitting dedicated AD DCs that only service such MX lookups. Building anything designed to interact with IMail's own ILDAP daemon is a very bad move, as the service is barely functional, compliant, or stable. AD's LDAP services, on the other hand, are mature and resilient. The other options that involve local text files would certainly work, but performance under load could not exceed that of indexed LDAP lookups. --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/ --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================