3 # - [PP] Now version controlled in db.d.o git repository, also see debian/changelog - 2009
4 # - [PP] Now version controlled in db.d.o bzr repository - 2007-12-25
7 # - [HE] Add 'purpose', 'physicalHost' to debianServer - 2007-12-25
8 # - [zobel] Add 'VoIP' - 2008-05-10
9 # - [luk] Add 'subGroup' to group - 2008-11-22
12 # - Add 'gender' and 'birthDate' to debianDeveloper
13 # - Add 'mailDisableMessage' to debianAccount
14 # - Add 'mailDisableMessage', 'mailCallout', 'mailGreylisting', 'mailRBL',
15 # 'mailRHSBL', and 'mailWhitelist' to debianDeveloper and debianRoleAccount
18 # - Add 'access' as a MAY for debianServer objectclass.
19 # - Make activity-from a UTF-8 string rather than ASCII.
20 # - add new debianRoleAccount objectclass.
23 # - Add 'access' as a MAY for debianDeveloper objectclass.
24 # - Add 'gid' attribute.
25 # - Make homeDirectory a MAY not MUST for debianAccount.
26 # - drop userPassword and memberUID MAYs from debianGroup.
27 # - add SUP top STRUCTURAL to debianGroup.
30 # - add a UTF8-enabled 'gecos' attribute type, conflicts with RFC2307
31 # - add debianAccount, which is roughly equivalent to posixAccount but
32 # permits UTF8 gecos fields
33 # - add debianGroup, which is the same as above but for posixGroup
36 # - Remove labeledURI, jpegPhoto from the list of supported
37 # attributes; using inetOrgPerson instead of organizationalPerson as
38 # a structural objectclass gives us both of these, and several other
39 # attributes that may be useful.
40 # - Add echelon attributes for MIA work to the debiandeveloper
41 # objectclass. (accountcomment,accountstatus)
42 # - Add specification for debianServer objectclass, used for Debian
46 # - grammarfied 'allowedHosts' to 'allowedHost' as
47 # 1.3.6.1.4.1.9586.100.4.2.12.
48 # - add 'privateSub' as 1.3.6.1.4.1.9586.100.4.4.5.
49 # - add 'jabberJID' as 1.3.6.1.4.1.9586.100.4.2.13.
50 # - change 'icqUIN' to an integer type (see? I told you it wasn't
51 # approved for use yet! ;)
57 # Project: db.debian.org
58 # Contact: Debian directory administrators <admin@db.debian.org>
62 # enterprise.Debian.project.userdir / 1.3.6.1.4.1.9586.100.4
64 # .1 - public LDAP objectClasses
68 # .2 - public LDAP attributeTypes
77 # .9 - middlename (mn)
79 # .11 - supplementaryGid
100 # .32 - mailDisableMessage
106 # .38 - mailContentInspectionAction
107 # .39 - allowedGroups
108 # .40 - exportOptions
109 # .41 - sshdistAuthKeysHost
116 # .3 - experimental LDAP objectClasses
117 # .1 - debianDeveloper
119 # .3 - debianRoleAccount
121 # .4 - experimental LDAP attributeTypes
122 # .1 - allowedHosts - OBSOLETED
125 # .4 - keyFingerPrint
127 # .6 - accountComment
129 # .8 - perform callouts
130 # .9 - perform greylisting
135 # .15 - mailDefaultOptions
136 # .16 - mailPreserveSuffixSeparator
138 # Public attribute types
139 attributetype ( 1.3.6.1.4.1.9586.100.4.2.1
141 DESC 'textual form of an SSH public key compatible with authorized_keys'
142 EQUALITY caseIgnoreMatch
143 SUBSTR caseIgnoreSubstringsMatch
144 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
146 attributetype ( 1.3.6.1.4.1.9586.100.4.2.2
148 DESC 'last known activity from user email address'
149 EQUALITY caseExactMatch
150 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
152 attributetype ( 1.3.6.1.4.1.9586.100.4.2.3
154 DESC 'last known activity from user PGP key'
155 EQUALITY caseExactIA5Match
156 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
158 attributetype ( 1.3.6.1.4.1.9586.100.4.2.4
160 DESC 'user-editable comment'
161 EQUALITY caseExactIA5Match
162 SUBSTR caseIgnoreIA5SubstringsMatch
163 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
165 attributetype ( 1.3.6.1.4.1.9586.100.4.2.5
167 DESC 'UIN for ICQ instant messaging system'
168 EQUALITY integerMatch
169 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
171 attributetype ( 1.3.6.1.4.1.9586.100.4.2.6
173 DESC 'Internet Relay Chat nickname'
174 EQUALITY caseIgnoreIA5Match
175 SUBSTR caseIgnoreIA5SubstringsMatch
176 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
178 attributetype ( 1.3.6.1.4.1.9586.100.4.2.7
180 DESC 'latitude coordinate'
181 EQUALITY caseExactIA5Match
182 SUBSTR caseExactIA5SubstringsMatch
183 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
185 attributetype ( 1.3.6.1.4.1.9586.100.4.2.8
187 DESC 'longitude coordinate'
188 EQUALITY caseExactIA5Match
189 SUBSTR caseExactIA5SubstringsMatch
190 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
192 attributetype ( 1.3.6.1.4.1.9586.100.4.2.9
193 NAME ( 'mn' 'middlename' )
196 attributetype ( 1.3.6.1.4.1.9586.100.4.2.10
198 DESC 'vacation message'
199 EQUALITY caseIgnoreMatch
200 SUBSTR caseIgnoreSubstringsMatch
201 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
203 attributetype ( 1.3.6.1.4.1.9586.100.4.2.11
204 NAME 'supplementaryGid'
205 DESC 'additional Unix group id of user'
206 EQUALITY caseIgnoreMatch
207 SUBSTR caseIgnoreSubstringsMatch
208 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
210 attributetype ( 1.3.6.1.4.1.9586.100.4.2.12
212 DESC 'host name this account is allowed access to'
213 EQUALITY caseIgnoreIA5Match
214 SUBSTR caseIgnoreIA5SubstringsMatch
215 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
217 attributetype ( 1.3.6.1.4.1.9586.100.4.2.13
219 DESC 'JID for Jabber instant messaging protocol'
220 EQUALITY caseIgnoreIA5Match
221 SUBSTR caseIgnoreIA5SubstringsMatch
222 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
224 attributetype ( 1.3.6.1.4.1.9586.100.4.2.14
226 DESC 'nature of access allowed to server'
227 EQUALITY caseIgnoreMatch
228 SUBSTR caseIgnoreSubstringsMatch
229 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
231 attributetype ( 1.3.6.1.4.1.9586.100.4.2.15
233 DESC 'email address of server administrator'
234 EQUALITY caseIgnoreIA5Match
235 SUBSTR caseIgnoreIA5SubstringsMatch
236 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
238 attributetype ( 1.3.6.1.4.1.9586.100.4.2.16
240 DESC 'hardware architecture of server'
241 EQUALITY caseIgnoreIA5Match
242 SUBSTR caseIgnoreIA5SubstringsMatch
243 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
245 attributetype ( 1.3.6.1.4.1.9586.100.4.2.17
247 DESC 'type of network connection for server'
248 EQUALITY caseIgnoreMatch
249 SUBSTR caseIgnoreSubstringsMatch
250 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
252 attributetype ( 1.3.6.1.4.1.9586.100.4.2.18
254 DESC 'amount of disk space available to server'
255 EQUALITY caseIgnoreMatch
256 SUBSTR caseIgnoreSubstringsMatch
257 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
259 attributetype ( 1.3.6.1.4.1.9586.100.4.2.19
261 DESC 'host OS distribution'
262 EQUALITY caseIgnoreIA5Match
263 SUBSTR caseIgnoreIA5SubstringsMatch
264 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
266 #attributetype ( 1.3.6.1.4.1.9586.100.4.2.20
268 # DESC '(short) host name of server'
269 # EQUALITY caseIgnoreIA5Match
270 # SUBSTR caseIgnoreIA5SubstringsMatch
271 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
273 attributetype ( 1.3.6.1.4.1.9586.100.4.2.21
275 DESC 'FQDN of the server'
276 EQUALITY caseIgnoreIA5Match
277 SUBSTR caseIgnoreIA5SubstringsMatch
278 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
280 attributetype ( 1.3.6.1.4.1.9586.100.4.2.22
282 DESC 'description of physical hardware'
283 EQUALITY caseIgnoreMatch
284 SUBSTR caseIgnoreSubstringsMatch
285 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE )
287 attributetype ( 1.3.6.1.4.1.9586.100.4.2.23
289 DESC 'amount of RAM available to server'
290 EQUALITY caseIgnoreMatch
291 SUBSTR caseIgnoreSubstringsMatch
292 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
294 attributetype ( 1.3.6.1.4.1.9586.100.4.2.24
296 DESC 'name of the sponsor of this server'
297 EQUALITY caseIgnoreMatch
298 SUBSTR caseIgnoreSubstringsMatch
299 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
301 attributetype ( 1.3.6.1.4.1.9586.100.4.2.25
303 DESC 'email address of sponsoring server administrator'
304 EQUALITY caseIgnoreIA5Match
305 SUBSTR caseIgnoreIA5SubstringsMatch
306 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
308 attributetype ( 1.3.6.1.4.1.9586.100.4.2.26
310 DESC 'textual form of an SSH public host key compatible with known_hosts'
311 EQUALITY caseIgnoreMatch
312 SUBSTR caseIgnoreSubstringsMatch
313 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
315 attributetype ( 1.3.6.1.4.1.9586.100.4.2.27
317 DESC 'administrative status of server'
318 EQUALITY caseIgnoreMatch
319 SUBSTR caseIgnoreSubstringsMatch
320 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
322 attributetype ( 1.3.6.1.4.1.9586.100.4.2.28
324 DESC 'The GECOS field; the common name'
325 EQUALITY caseIgnoreMatch
326 SUBSTR caseIgnoreSubstringsMatch
327 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
329 attributetype ( 1.3.6.1.4.1.9586.100.4.2.29
332 EQUALITY caseExactIA5Match
333 SUBSTR caseExactIA5SubstringsMatch
334 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
336 attributetype ( 1.3.6.1.4.1.9586.100.4.2.30
338 DESC 'ISO 5218 representation of human gender'
339 EQUALITY integerMatch
341 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} )
343 attributetype ( 1.3.6.1.4.1.9586.100.4.2.31
345 DESC 'Date of birth in YYYYMMDD format'
346 EQUALITY numericStringMatch
348 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{8} )
350 attributetype ( 1.3.6.1.4.1.9586.100.4.2.32
351 NAME 'mailDisableMessage'
352 DESC 'Message returned when all mail is disabled'
353 EQUALITY caseIgnoreIA5Match
354 SUBSTR caseIgnoreIA5SubstringsMatch
355 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
357 attributetype ( 1.3.6.1.4.1.9586.100.4.2.33
359 DESC 'purposes of this server'
360 EQUALITY caseIgnoreMatch
361 SUBSTR caseIgnoreSubstringsMatch
362 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
364 attributetype ( 1.3.6.1.4.1.9586.100.4.2.34
366 DESC 'FQDN of the physical host of this virtual server'
367 EQUALITY caseIgnoreIA5Match
368 SUBSTR caseIgnoreIA5SubstringsMatch
370 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
372 attributetype ( 1.3.6.1.4.1.9586.100.4.2.35
374 DESC 'VoIP URL to communicate with that person'
375 EQUALITY caseIgnoreIA5Match
376 SUBSTR caseIgnoreIA5SubstringsMatch
377 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
379 attributetype ( 1.3.6.1.4.1.9586.100.4.2.36
382 EQUALITY octetStringMatch
383 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
385 attributetype ( 1.3.6.1.4.1.9586.100.4.2.37
387 DESC 'name of other group for which membership implied by memberschip to this group'
388 EQUALITY caseIgnoreIA5Match
389 SUBSTR caseIgnoreIA5SubstringsMatch
390 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
392 # more attributes below
393 attributetype ( 1.3.6.1.4.1.9586.100.4.2.39
395 DESC 'Groups that have access to a host'
396 EQUALITY caseExactIA5Match
397 SUBSTR caseExactIA5SubstringsMatch
398 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
400 attributetype ( 1.3.6.1.4.1.9586.100.4.2.40
402 DESC 'export options for servers'
403 EQUALITY caseIgnoreIA5Match
404 SUBSTR caseIgnoreIA5SubstringsMatch
405 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
407 attributetype ( 1.3.6.1.4.1.9586.100.4.2.43
409 DESC 'web password for SSO'
410 EQUALITY octetStringMatch
411 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
413 attributetype ( 1.3.6.1.4.1.9586.100.4.2.44
415 DESC 'rtc password for SIP/XMPP'
416 EQUALITY octetStringMatch
417 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
419 # Experimental attribute types
421 # There are existing schemas for doing DNS in LDAP; would one of
422 # these be better? c.f. draft-miller-dns-ldap-schema-00 (expired)
423 attributetype ( 1.3.6.1.4.1.9586.100.4.4.2
425 DESC 'DNS zone record for user'
426 EQUALITY octetStringMatch
427 SUBSTR caseIgnoreSubstringsMatch
428 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
430 # rfc822mailbox (RFC1274) is recommended as a replacement for this in
432 attributetype ( 1.3.6.1.4.1.9586.100.4.4.3
434 DESC 'forwarding address for email sent to this account'
435 EQUALITY caseIgnoreIA5Match
436 SUBSTR caseIgnoreIA5SubstringsMatch
437 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
439 # Network Associates also has a schema for PGP keys / key IDs which may
440 # or may not be applicable:
441 # http://www.openldap.org/lists/openldap-devel/200010/msg00071.html
442 attributetype ( 1.3.6.1.4.1.9586.100.4.4.4
443 NAME 'keyFingerPrint'
444 EQUALITY caseIgnoreMatch
445 SUBSTR caseIgnoreSubstringsMatch
446 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
448 # Rather Debian-specific, not useful to the public.
449 attributetype ( 1.3.6.1.4.1.9586.100.4.4.5
451 DESC 'email subscription address for debian-private mailing list'
452 EQUALITY caseIgnoreIA5Match
453 SUBSTR caseIgnoreIA5SubstringsMatch
454 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
456 # Echelon attributes; re-evaluate later
457 attributetype ( 1.3.6.1.4.1.9586.100.4.4.6
458 NAME 'accountComment'
459 DESC 'additional comments regarding the account status'
460 EQUALITY caseIgnoreIA5Match
461 SUBSTR caseIgnoreIA5SubstringsMatch
462 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
464 attributetype ( 1.3.6.1.4.1.9586.100.4.4.7
466 DESC 'Debian developer account status'
467 EQUALITY caseIgnoreIA5Match
468 SUBSTR caseIgnoreIA5SubstringsMatch
469 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
471 # mail attributes; not public information
472 attributetype ( 1.3.6.1.4.1.9586.100.4.4.8
474 DESC 'Whether or not to require a successful callout attempt on email delivery'
475 EQUALITY booleanMatch
476 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
478 attributetype ( 1.3.6.1.4.1.9586.100.4.4.9
479 NAME 'mailGreylisting'
480 DESC 'Whether or not to perform greylisting on email delivery'
481 EQUALITY booleanMatch
482 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
484 attributetype ( 1.3.6.1.4.1.9586.100.4.4.11
486 DESC 'RBL sites to check at SMTP accept time'
487 EQUALITY caseIgnoreIA5Match
488 SUBSTR caseIgnoreIA5SubstringsMatch
489 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
491 attributetype ( 1.3.6.1.4.1.9586.100.4.4.12
493 DESC 'RHSBL sites to check at SMTP accept time'
494 EQUALITY caseIgnoreIA5Match
495 SUBSTR caseIgnoreIA5SubstringsMatch
496 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
498 attributetype ( 1.3.6.1.4.1.9586.100.4.4.13
500 DESC 'sites to whitelist from additional SMTP accept time checks'
501 EQUALITY caseIgnoreIA5Match
502 SUBSTR caseIgnoreIA5SubstringsMatch
503 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
505 attributetype ( 1.3.6.1.4.1.9586.100.4.4.14
507 DESC 'Token for BATV'
508 EQUALITY caseExactMatch
509 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
511 attributetype ( 1.3.6.1.4.1.9586.100.4.4.15
512 NAME 'mailDefaultOptions'
513 DESC 'Whether or not to use a default set of anti-spam options'
514 EQUALITY booleanMatch
515 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
517 attributetype ( 1.3.6.1.4.1.9586.100.4.4.16
518 NAME 'mailPreserveSuffixSeparator'
519 DESC 'suffix serparator'
520 EQUALITY caseIgnoreIA5Match
521 SUBSTR caseIgnoreIA5SubstringsMatch
522 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1} )
524 attributetype ( 1.3.6.1.4.1.9586.100.4.2.38
525 NAME 'mailContentInspectionAction'
526 DESC 'what to do on content inspection hits'
527 EQUALITY caseIgnoreIA5Match
528 SUBSTR caseIgnoreIA5SubstringsMatch
529 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
531 attributetype ( 1.3.6.1.4.1.9586.100.4.2.41
532 NAME ( 'sshdistAuthKeysHost' )
533 DESC 'Additional hosts/addresess from which to accept ssh connections to the ud-ldap distribution host (db.DOMAIN)'
536 attributetype ( 1.3.6.1.4.1.9586.100.4.4.42
538 DESC 'DNS Time To Live value'
539 EQUALITY caseIgnoreIA5Match
540 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
542 attributetype ( 1.3.6.1.4.1.9586.100.4.4.45
544 DESC 'which procedure to use for rebooting this host'
545 EQUALITY caseIgnoreIA5Match
546 SUBSTR caseIgnoreIA5SubstringsMatch
547 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
549 attributetype ( 1.3.6.1.4.1.9586.100.4.4.46
551 DESC 'Seed for TOTP authentication'
552 EQUALITY octetStringMatch
553 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
555 # Public object classes
557 objectclass ( 1.3.6.1.4.1.9586.100.4.1.1
559 DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
561 MUST ( cn $ uid $ uidNumber $ gidNumber )
562 MAY ( userPassword $ loginShell $ gecos $ homeDirectory $ description $ mailDisableMessage $ sudoPassword $ webPassword $ rtcPassword $ totpSeed ) )
564 objectclass ( 1.3.6.1.4.1.9586.100.4.1.2
567 DESC 'attributes used for Debian groups'
568 MUST ( gid $ gidNumber )
569 MAY ( cn $ description $ subGroup $ accountStatus ) )
571 # Experimental objectclasses:
573 objectclass ( 1.3.6.1.4.1.9586.100.4.3.1
574 NAME 'debianDeveloper'
575 DESC 'additional account attributes used by Debian'
577 MUST ( uid $ cn $ sn )
578 MAY ( accountComment $ accountStatus $ activity-from $
579 activity-pgp $ allowedHost $ comment $ countryName $
580 dnsZoneEntry $ emailForward $ icqUin $ ircNick $
581 jabberJID $ keyFingerPrint $ latitude $ longitude $ mn $
582 onVacation $ privateSub $ sshRSAAuthKey $ supplementaryGid $
583 access $ gender $ birthDate $ mailCallout $ mailGreylisting $
584 mailRBL $ mailRHSBL $ mailWhitelist $ VoIP $ mailContentInspectionAction $
585 bATVToken $ mailDefaultOptions $ mailPreserveSuffixSeparator
588 objectclass ( 1.3.6.1.4.1.9586.100.4.3.2
590 DESC 'Internet-connected server associated with Debian'
592 MUST ( host $ hostname )
593 MAY ( c $ access $ admin $ architecture $ bandwidth $ description $ disk $
594 distribution $ l $ machine $ memory $ sponsor $
595 sponsor-admin $ status $ physicalHost $ ipHostNumber $ dnsTTL $
596 sshRSAHostKey $ purpose $ allowedGroups $ exportOptions $ MXRecord $
597 sshdistAuthKeysHost $ rebootPolicy
600 objectclass ( 1.3.6.1.4.1.9586.100.4.3.3
601 NAME 'debianRoleAccount'
602 DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
603 SUP account STRUCTURAL
604 MAY ( emailForward $ supplementaryGid $ allowedHost $ labeledURI $
605 mailCallout $ mailGreylisting $ mailRBL $ mailRHSBL $
606 mailWhitelist $ dnsZoneEntry $ mailContentInspectionAction $
607 bATVToken $ mailDefaultOptions $ sshRSAAuthKey $ mailPreserveSuffixSeparator