+ Post New Thread
Results 1 to 14 of 14
How do you do....it? Thread, Setting up pupil email in Technical; Ok, here's my problem, as it stands the pupils have no email system here and the IT teachers want them ...
  1. #1
    dezt's Avatar
    Join Date
    Dec 2005
    Location
    Lancs
    Posts
    1,025
    Thank Post
    157
    Thanked 58 Times in 46 Posts
    Rep Power
    29

    Setting up pupil email

    Ok, here's my problem, as it stands the pupils have no email system here and the IT teachers want them to be able to email work in from home and also email it to the teachers. It should be easy enough to set up, until my current email setup comes into play for the staff.

    currently, all staff emails that are addressed to *@nordenhighschool.co.uk get forwarded to 1 mailbox at lancsngfl.ac.uk, then all the mail is pulled down from there using a pop3 collector and passed to our exchange server. Bit long winded but that was how it was set up when I started here and it worked so I left it.

    All staff have an email address = *@nordenhighschool.co.uk we have paid for the domain name.

    My main question is how do I setup the email accounts for the kids on a linux based email server, I don't want to buy cals for exchange if I can help it. Also, due to the redirection of the @nordenhighschool.co.uk addresses i'm guessing that the students will have to have a different address after the @ symbol, what should I use, will I have to buy a new domain name like "norden.edu" or something so the pupils can have "pupil@norden.edu" or whatever?

    Would I be able to add a way of connecting to the exchange box from the linux box if a pupil sends an email to a member of staff, or vice versa?

    As you can probably guess, this is my first setup of something like this so as much advice as possible will be helpful.

  2. #2

    Join Date
    Nov 2006
    Location
    Kendal
    Posts
    1,555
    Thank Post
    112
    Thanked 177 Times in 144 Posts
    Rep Power
    71
    If your using CLEO as your broadband provider they will offer you a web based email solution.

  3. #3
    linescanner's Avatar
    Join Date
    Oct 2006
    Location
    East Anglia
    Posts
    297
    Thank Post
    51
    Thanked 71 Times in 48 Posts
    Rep Power
    28
    It will take a bit of jigging around but the way I would do it is to:

    Put the Linux Mail server in front of your exchange server and use it for the kids and map the staff accounts to be handed off to the exchange.

    If you use something like MailScanner on the Linux box it can also act a protection unit for you exchange box:

    Typical set up we would build for this is

    OS - Ubuntu LTS 6.06
    Postfix - MailScanner-Spamassassin-CLAMAV as the MTA combo
    Cyrus IMAP as the storage medium for the kids email
    Squirrelmail as the web access for the kids

    You can either have OpenLDAP running on the box for kids user details or get the box to auth against AD

    As I say, it may take a little re modelling of the current setup but should be easy enough

    Andy

  4. #4

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,590
    Thank Post
    109
    Thanked 762 Times in 593 Posts
    Rep Power
    180
    @dezt: Keep things simple... speak to Westfield and get your schoolname.lancs.sch.uk domain sorted out first. Once that is done you have options, either bung a mailserver in onsite and Westfield will sort out mail forwarding for you or simply use the CLEO mail solution.

    If you are unsure, simply ring up Westfield and they will tell you your options.

  5. #5
    linescanner's Avatar
    Join Date
    Oct 2006
    Location
    East Anglia
    Posts
    297
    Thank Post
    51
    Thanked 71 Times in 48 Posts
    Rep Power
    28
    @Ric_

    My way is more fun

  6. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    What about using a subdomain, it might make mail routing easier? eg, name@pupils.school.lea.sch.uk ?

    Also have a look at Zimbra, we use it here for the kids.

  7. #7
    richard.thomas's Avatar
    Join Date
    Sep 2007
    Posts
    491
    Thank Post
    5
    Thanked 11 Times in 10 Posts
    Rep Power
    16
    For the domain you could get away with using @student.nordenhighschool.co.uk

  8. #8
    linescanner's Avatar
    Join Date
    Oct 2006
    Location
    East Anglia
    Posts
    297
    Thank Post
    51
    Thanked 71 Times in 48 Posts
    Rep Power
    28
    As another option I would agree with Geoff. Zimbra rocks

    We have just moved the company email to it. Very very nice
    Last edited by linescanner; 17th April 2008 at 10:31 AM. Reason: pants typing

  9. #9

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,401
    Thank Post
    637
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    319
    +1 for Zimbra - just completed migration to it here for both staff and students and feedback is very positive so far.

  10. #10

    Join Date
    Apr 2008
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    How about using Google Apps? Takes all the processing troubles out of your hands. Excellent spam filter, good control for the admin (not as much as a linux box obviously though). Works very nicely.

  11. #11

    localzuk's Avatar
    Join Date
    Dec 2006
    Location
    Minehead
    Posts
    17,617
    Thank Post
    514
    Thanked 2,442 Times in 1,890 Posts
    Blog Entries
    24
    Rep Power
    831
    Quote Originally Posted by asmith3006 View Post
    How about using Google Apps? Takes all the processing troubles out of your hands. Excellent spam filter, good control for the admin (not as much as a linux box obviously though). Works very nicely.
    I don't know if this would be compliant with our various child safety and data protection laws... As all the google mail servers are in the USA and aren't covered by our laws.

  12. #12


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    We use Zimbra for students. The accounts are created automatically from Active Directory. There are a couple of pre-requisites for the way we do it.
    1) the username must be 'sensible' - no apostrophes, dashes etc otherwise my scripts break
    2)The students employeeTypemust be set to STUDENT in active directory
    3) you have an ldap bind account
    4) the account is enabled
    5) there is a 'banned' group - and the student isn't in it
    6) you need to read the script really

    I run this from cron.daily
    Code:
    #!/bin/sh
    /usr/bin/python /usr/local/sbin/zimbra.py | mail -s "Zimbra account creation"  cyberners@cybernerds-school.sch.uk
    and I wrote this python script to create/ban the accounts

    Code:
    #!/usr/bin/python
    
    # This program is free software; you can redistribute it and/or modify
    # it under the terms of the GNU General Public License as published by
    # the Free Software Foundation; GPLv3
    #
    # This program is distributed in the hope that it will be useful,
    # but WITHOUT ANY WARRANTY; without even the implied warranty of
    # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    # GNU General Public License for more details.
    #
    # To obtain a copy of the GNU General Public License, write to the Free Software Foundation,
    # Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
    #
    #--------------------------------------------------------------------------------------------------
    # Notes:
    # This script automatically creates zimbra accounts from active directory, the actrive directory account must have
    # the employeeType=STUDENT attributed set. If accounts are in the 'banned' active directory group then the
    # account will automatically be locked when the script is run, and unlocked if they are no longer in the AD
    # banned group
    #--------------------------------------------------------------------------------------------------
    
    # Variables can be changed here:
    banned =  'CN=Banned,CN=yourschool,DC=sch,DC=uk'
    # an OU for banned users
    scope   = 'ou=users,dc=yourschool,dc=sch,dc=uk'
    #the search scope
    domain = "yourschool.sch.uk" # "example.com"
    ldapserver="server1"
    #ldap server
    port="389"
    #ldap port (389 default)
    emaildomain="yourschool.sch.uk"
    #the email domain
    ldapbinddomain="student-domain"
    #the domain of the ldap bind account
    ldapbind="ldap"
    #the account name of the account to bind to ldap
    ldappassword="password"
    #the ldap password
    pathtozmprov="/opt/zimbra/bin/zmprov"
    #--------------------------------------------------------------------------------------------------
    import ldap, string, os, time, sys
    
    #output the list of all accounts from zmprov gaa (get all accounts)
    f = os.popen(pathtozmprov +' gaa')
    zmprovgaa= []
    zmprovgaa = f.readlines()
    
    
    
    l=ldap.initialize("ldap://"+ldapserver+"."+domain+":"+port)
    l.simple_bind_s(ldapbinddomain+"\\"+ldapbind,ldappassword) #bind to the ldap server using name/password
    
    try:
        res = l.search_s(scope,
        ldap.SCOPE_SUBTREE, "(&(ObjectCategory=user) (userAccountControl=512)(employeeType=STUDENT))", ['sAMAccountName','givenName','sn','memberOf'])
    #userAccountControl  512 = normal , 514 = disabled account
        for (dn, vals) in res:
          accountname = vals['sAMAccountName'][0].lower()
          try:
            sirname = vals['sn'][0].lower()
          except:
            sirname = vals['sAMAccountName'][0].lower()
          try:
            givenname = vals['givenName'][0]
          except:
            givenname = vals['sAMAccountName'][0].lower()
          try:
            groups = vals['memberOf']
          except:
            groups = 'none'
          initial = givenname[:1].upper()
          sirname = sirname.replace(' ', '')
          sirname = sirname.replace('\'', '')
          sirname = sirname.replace('-', '')
          sirname = sirname.capitalize()
          name = initial + "." + sirname
          accountname = accountname + "@" + emaildomain
          password = "  \'\' "
          sys.stdout.flush()
    
          # if the account doesn't exist in the output of zmprov gaa create the account
          if accountname +"\n" not in zmprovgaa:
    
            print  accountname," exists in active directory but not in zimbra, the  account is being created\n"
            time.sleep(1)
            os.system(pathtozmprov +' ca %s %s displayName %s' % (accountname,password,name))
    
    
          # if the account is in the group 'banned' check to see if account already locked
          if banned in groups:
            zmprovga = os.popen(pathtozmprov + ' ga %s' % (accountname))
            ga= []
            ga = zmprovga.readlines()
            locked = "zimbraAccountStatus: locked\n"
            if locked not in ga: #if account not locked then lock it
              print accountname, " has been BANNED from the internet. The email account has been locked "
              os.system(pathtozmprov + ' ma %s zimbraAccountStatus locked' % (accountname))
              time.sleep(1)
            else:
              print accountname, " has a locked email account because they are in the 'banned' group"
    
           #set any accounts to 'active' if they are not in the banned group and the account is currently locked
          else:
            zmprovga = os.popen(pathtozmprov + ' ga %s' % (accountname))
            ga= []
            ga = zmprovga.readlines()
            locked = "zimbraAccountStatus: locked\n"
            if locked in ga:
              os.system(pathtozmprov + ' ma %s zimbraAccountStatus active' % (accountname))
              time.sleep(1)
              print accountname, " is no longer in the 'banned' group, therefore the account has been activated"                    
    
    
    except ldap.LDAPError, error_message:
      print error_message
    
    l.unbind_s()
    We use another random linux server as a relay to relay between the internal zimbra server and legacy exchange (for staff email). We don't need to do it that way because zimbra could take care of it - there are details on the zimbra website called a 'split domain' IIRC . The relay (sendmail - still) auto generates the aliases file from an AD LDAP query using a perl script.

    ps. - I don't consider myself a very good programmer - so everyone feel free to improve this and post back modifications.

  13. Thanks to CyberNerd from:

    webman (23rd April 2008)

  14. #13

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,401
    Thank Post
    637
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    319
    That script looks relatively straight-forward CyberNerd, thanks.

    As we have one Zimbra server for both staff and students; my method of mailbox creation is slightly different.

    It involves a VBScript on the server to pull the info from AD and put into a CSV file (display names, staff distribution list assignments, COS settings, enabled/disabled status etc).

    The Perl script on the Zimbra side retrieves the CSV file, parses it, and translates it into zmprov (Zimbra provisioning CLI tool) commands. It does some checking and a diff to process only changed accounts though. Admittedly it's a bit long-winded but it seems to work well and any changes in the AD for names etc are reflected in Zimbra.

    The VBScript
    The Perl script

    Looking at CyberNerd's Python script makes me think I could do it all in one go if I can manage to do LDAP in Perl.
    Last edited by webman; 28th April 2008 at 12:59 PM.

  15. Thanks to webman from:

    CyberNerd (24th April 2008)

  16. #14


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 16
    Last Post: 12th March 2008, 04:27 PM
  2. Replies: 3
    Last Post: 19th October 2006, 01:31 PM
  3. Pupil Email addresses
    By saundersmatt in forum General Chat
    Replies: 14
    Last Post: 19th September 2006, 11:05 AM
  4. Blocking external email sending/recieving for a pupil
    By flyinghaggis in forum How do you do....it?
    Replies: 10
    Last Post: 7th September 2006, 10:34 AM
  5. Replies: 5
    Last Post: 4th July 2006, 05:39 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •