We did modify; but only to make links to existing pages.

Date: Thu, 22 Oct 1998 17:48:13 -0700
From: bruces@netscape.com (Bruce Steinback)
To: ilm@carumba.com
Subject: Netscape mailGroup definition


I'm a developer in the Netscape Messaging Server group. We've thoroughly tied our Mail Server to LDAP, and one of the thigs we came up with was an LDAP objectClass for mailing lists. I had put an RFC draft up about it a while back, but it didn't get much attention and died. Jauder noticed when I had put this spec up on another mailing list and told me about this one (Jauder: sorry to take so long to send this here). He mentioned that you all might be interested, so here goes.

Attached below is a brief description of the mailGroup objectclass we have defined here at Netscape. It's meant to usually mix-in with a groupOfUniqueNames (Netscape 'version' of the groupOfNames class), and would normally get it's members (in part - see below) from there, but is capable of standing on it's own. As you can see, I've included a great deal more attributes, but ones that are commonly useful in mailing lists. Let me know what you think, or if you're interested in more information...

NOTE: One large legal caveat. Netscape is in the process of attempting to patent the 'Dynamic Group' concept embodied by the mgrpDeliverTo attribute (a patent application has already been filed).

Mailing Lists & mailGroup LDAP Class#

This document describes our proposed schema for handling Mailing Lists (Groups). We started with the UMich rfc822MailGroup as a basis, but decided to split it up into two classes. The main one I will discuss in this proposal is the mailGroup class. (see below for a note on mailGroupManagement)

The MailGroup is meant to either stand alone or be mixed into another objectClass. Mixing it in would enable the object as a mailing group. The only objects that we would expect to mix into would be a groupOfUniqueNames (or some similar LDAP group class).

The following is the schema entry for the LDAP mailGroup:

objectClass  mailGroup




Definition of mailGroup Attributes#

mail (cis, 1)#

This is the name of the group for incoming email, i.e. mail to 'mail' will be handled by this group. It's required as the Mail Server needs an rfc822 address for this group in order to find it. This is considered the 'canonical' address of the group (see mailAlternateAddress below).

mailAlternateAddress (cis, 0-many)#

Alternates to the address above in the 'mail' attribute - e.g. if mail=jblow@this.com, then mailAlternateAddress might contain such as Joe_Blow@this.com and/or jblow@server.this.com. This can be used for things like handling common misspellings of an address, or host hiding (allowing mail to an address at a particular host, but not commonly exposing the host name).

mailHost (cis, 0-1)#

If this is present then this list is required to be exploded by the particular Mail Server given - e.g. to 'shunt' processing of mailGroups to a particular Server to allow the others to (more quickly) just process 'regular' recipients. If empty, then any MTA having access to the LDAP server containing the Group entry can handle this Group.

mailRoutingAddress (cis, 0-1)#

This is used if it is wished to re-route mail to this address. It would go instead to the address provided in this attribute. Note: this attribute is 'historical' in that it has now moved to the mailRecipient class, but is left here to avoid messing up old versions of mailGroup.

mgrpErrorsTo (cis, 0-1)#

Address to send error messages to (i.e. for mail to a member bouncing). The format of this is either mailto:(rfc822 mail address) or ldap://(dn entry - which must be a mailable entity). Only one entry allowed, but it can refer to a mailGroup rather than a person.

mgrpNoDuplicateChecks (cis, 0-1)#

Normally, the Mail Server will check all recipients of a message for duplication (including all members of a group). This keeps multiple copies of the same message from being delivered to a person. However, this takes up system resources, so if an admin is more concerned with quick processing of a group, they may set this to "true", and duplicate checking will not be performed for members of the group.

owner (cis, 0-many)#

A DN that specifies the owner(s) of this group. Used for Access Control, to determine who has write access to this class. 'owner' isn't really used in the base mailGroup implementation, but is used for ACL in mailGroupManagement (see note at end). NOTE: this attrib also exists in groupOfUniqueNames and is 'shared' if mixed-in with that class.


Just the CN reference for this group. Not used by mail server.

Membership Attributes#


This contains the DN specified members of this group. It is not included in the schema above, and is only mentioned parenthetically here to remind people that this attribute would come from a mixed-in groupOfUniqueNames.

mgrpRFC822MailMember (cis, 0-many)#

This contains the members of this group that cannot be expressed as dn's (usually people not in the directory). They are expressed as rfc822 mail addresses (e.g. joe@blow.com). This might also be used to specify people who are to receive mail to this group but not have the group priviliges of unique members - from a mixed-in groupOfUniqueNames). The Mail Server would use this attribute as addresses to send to when 'exploding' a message to the list.

It is expected that members of the group internal to the company would usually be expressed as DN's in a groupOfUniqueNames mixed in with this object class (as mentioned above).

This attribute would optionally include other parameters as:

rfc822MailAddress [ % 'full' name] [ %1 (group parameter #1)] [ %2 (group parameter #2)]...

where the 'full' name is the name the user would be listed by in group listings, and the other parameters are per-user groups settings. Note: these are left intentionally undefined to allow expansion as desired.

mgrpDeliverTo (ces, 0-many)#

This attribute provides an alternate method of membership in a mailGroup. It contains data of the form of an LDAP search criteria URL - e.g.:

The entries found by the search are members of the group. This is a very useful attribute for example, to mail to an entire company or division. Note that this does not use the attribs-to-get field of the LDAP URL as the Mail Server will get the necessary attributes for it's operation.

mgrpDeliverException (DN, 0-many)#

This attribute provides a mechanism for handling exceptions to mgrpDeliverTo (above). i.e. Say you have a group "marketing" with membership defined by an mgrpDeliverTo attribute. One person who falls under the search criteria in mgrpDeliverTo should not (or doesn't wish to) receive mail to that group. Instead of having to modify the mgrpDeliverTo for every exception, this provides a means to except people that would otherwise be delivered to.

Msg Restriction Attributes#

mgrpMsgMaxSize (cis, 1; ascii integer)#

This defines the maximum message size (in bytes) that is allowed to be sent to this group.

mgrpAllowedDomain (cis, 0-many)#

Domains allowed in mailing to this group - that is, accepted domains of the 'sender' of msgs to this group. If empty then there are no domain restrictions. If an authenticated sender address is available then it is used as the sender, else a combination of the From: and Reply-To: fields is used. This field is by default 'wild-carded' - e.g. an entry of "netscape.com" will match a Sender domain of *.netscape.com

mgrpAllowedBroadcaster (cis, 0-many)#

This defines user(s) that are allowed to send messages to the group. Each entry can either be a DN or rfc822address. The format allowing this is either mailto:(rfc822 mail address) or ldap://(dn entry - which must be a mailable entity or a groupOfUniqueNames). Groups (mailGroup or groupOfUniqueNames) are allowed in this field. The sender address to be matched against is gotten from the message as in mgrpAllowedDomain above.

mgrpBroadcasterPolicy (cis, 0-1)#

This attribute provides more rigid controls on who is allowed is an allowed broadcaster. The options are:
  • SMTP_AUTH_REQUIRED - Requires msgs to the Group to be from an SMTP Authenticated sender (using whichever AUTH type(s) are allowed by the server).
PASSWD_REQUIRED - Requires msgs to the Group to have a "Approved: (password)" line, where the password is a password assigned to the group (see mgrpApprovePassword below). The "Approved:" line can either be a header or the first (non-blank) line of the message (of the first MIME part for MIME msgs). The Approved line is (of course!) stripped out before forwarding the message to the group.
  • CERT_REQUIRED - Requires msgs to the Group to be signed, with the Cert matching that of an allowedBroadcaster.
  • NO_REQUIREMENTS - this is equivalent to no setting - that is - none of the above special requirements are made of broadcasters, and is the default.

mgrpApprovePassword (ces, 0-1)#

This would be used in conjunction with the PASSWD_REQUIRED selection of mgrpBroadcasterPolicy.

mgrpMsgRejectAction (cis, 0-many)#

This specifies the action to be taken when a message to the group is rejected (see allowedBroadcaster and allowedDomain above). Actions currently available are: "toModerator" (send msg to moderator(s) - see below), "reply" (send a failure notice to sender), and "bounce" (return msg to sender with reply). This is left open for more options to be added later.

Actions can be specified for particular rejection types. Just add the rejection type in front of the reject action you wish associated, e.g. SIZE: toModerator. Rejection types are: SIZE: DOMAIN: SENDER: and PASSWD:

Note: If no mgrpMsgRejectAction's are specified then the default is "reply".

mgrpMsgRejectText (ces, 0-1; may contain multiple lines of text with $-encoding)#

This contains the text of the reply that is sent if msgRejectAction includes "reply" or "bounce"(see above). Also similar to the above, different text can be specified for different rejection types.

mgrpModerator (cis, 0-many)#

DN or rfc822address (handled as in mgrpAllowedBroadcaster above). If this a msg is forced "toModerator" by mgrpMsgRejectAction (see above) then this contains the people (or mailGroups) that the message is to be sent to.

Message 'Munging' Attributes#

mgrpAddHeader (ces, 0-many)#

This defines headers to be added to all msgs sent to the group, e.g. "Reply-To: (group-address)" if you wish all replies to be sent to the group.

mgrpRemoveHeader (cis, 0-many)#

This defines headers you wish to delete from all msgs sent to the group, e.g. "Reply-To:" if you don't want replies to group msgs to go back to the sender.

Note that I don't have 'management' attributes here (e.g. things handled by such as Majordomo or Listserv having to do with subscribing to a mailing list). We have them packaged into another class, mailGroupManagement, that's separately documented. Jauder has mentioned interest, so I'll try to post that to this group 'rsn' (real soon now :-).

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-6) was last changed on 19-Jun-2013 17:30 by jim