One other thing that I noticed (and reported to Sandy) was that in an Exchange environment:
1. All SMTP addresses for a given user don't have aliases created. For example, I use mark_smith, mesmith, and msmith. Only my primary SMTP address was output. 2. Distribution Lists aren't exported 3. Mail enabled public folders aren't exported. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of decjunkmail > Sent: Saturday, November 13, 2004 4:51 AM > To: [EMAIL PROTECTED] > Subject: [Declude.JunkMail] [OT] ldap2alias/alias2ldap - finer points > > A few things that I have discovered/stumbled upon. These may > be obvious to others, but it took me a while to realize these > and get past them: > > On the front-end/inbound mail server, you should create the > virtual domain normally and be sure to set the host alias. > For example, if the mailbox server domain is yourdomain.com, > then create a virtual domain on the front-end server called > storeforward.yourdomain.com but set the host alias for that > domain configuration to yourdomain.com. > > Otherwise, the front-end server will reject all incoming mail > for [EMAIL PROTECTED] as attempted relays. > > IMPORTANT: I found that if I didn't create the domain on the > front-end server first, when I ran the scripts they partially > created the domain in the registry but this was not correct > and caused corruption requiring me to restore the registry to > the snapshop I saved just before running the script. > > > Some of our existing domains on our mailbox server have a > "nobody" alias and since there is no way to stop domain > admins from creating "nobody" alias at any time in the > future; rather than trying to delete all the existing > "nobody" domains, I would like to alter the alias2ldap script > that runs on the mailbox server. > > Right now, the alias2ldap script running on the mailbox > server will process "nobody" alias by adding it to the ldap > directory. Then the ldap2alias script running on the > front-end server will process the "nobody" alias also with > the result that "nobody" can still be used and you aren't > protected against dictionary attacks. > > I think it would be trivial to modify the alias2ldap script > to simply skip over any alias that is "nobody" when it is running. > > Sandy - can you suggest where to change the code before I try > my limited scripting skills? > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be > found at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
