I would be really interested in seeing your hack to imapd. I have been
thinking about doing one for sometime ;) I was curious how you ensure
correct access control? Obviously all the files are owned by exim or
some other arbitrary user id (the users don't have local accounts). Do
you chroot the forked imapd? Or do you control it in the code of imapd
(by string paranoia)?
Again, what you did sounds really cool, I would like to take a look and
perhaps use your changes. I am leaning toward that setup here.
Thanks!
>
> Subject: [Exim] Virtual Domains - Possible Solution
> Date: Thu, 11 Nov 1999 17:44:34 -0600
> From: Bill Thousand <listuser@???>
> Reply-To: billyt@???
> To: exim-users@???
>
> As I am a relative 'newbie' to the UNIX world, I apologize if this topic has
> already been covered and/or solved, but since I had a good deal of frustration
> solving it myself, I wanted to share my solution in case anyone else has the
> same situation.
>
> I wanted a MTA/MDA solution that did not require system users for each mail
> user, required that usernames be unique only within a given domain, kept all
> the files related to a given domain in one place, supported IMAP and POP3 and
> didn't cost any money.
>
> After weeks of frustration, I ended using the config example from the exim
> samples site and hacking the UW-IMAPD/IPOPD to authenticate against virtual
> passwd files and user virtual domain directories.
>
> I've got it setup so that you can have tom@??? and tom@??? be
> different users. Also, all the passwords/aliases for domain1.com are in one
> set of files and all the passwords/aliases for domain2.com are in another.
>
> All the mailbox file INBOXs and/or IMAP folders for any given domain are
> located in user directories under domain directories.
>
> The ONLY down sides are that users that are not in the 'default' domain need
> to login as username@??? or username%domainname.com and I haven't
> figured out how to get procmail to support this configuration correctly.
>
> I've also got a PERL script that can run from a shell or from a web page to
> allow domain mail administrators access to adding/removing mail users without
> sysadmin intervention.
>
> Sample configuration:
>
> Domain : acme.com
>
> Password File : /etc/vmail/passwd.acme.com
> Alias File : /etc/vmail/aliases.acme.com
>
> User1 Inbox : /var/vmail/acme.com/user1/INBOX
> User1 IMAP Folders : /var/vmail/acme.com/user1/folder...
> User1 IMAP .folderlist : /var/vmail/acme.com/user1/.folderlist
>
> User2 Inbox : /var/vmail/acme.com/user2/INBOX
> User2 IMAP Folders : /var/vmail/acme.com/user2/folder...
> User2 IMAP .folderlist : /var/vmail/acme.com/user2/.folderlist
>
> etc
>
> This configuration works for both POP and IMAP users since UW-IMAP provides
> both.
>
> If anyone is interested in getting this hack and admin scripts, please e-mail
> me at : billyt@???. I would be happy to setup a quick web page to
> show how I did it if it would help anyone out.
>
> I am working on changing the routine to authenticate against an LDAP server,
> but I have no idea when I'll get that done.
>
> - Bill Thousand
> Clarity Technology Group
--
Theo Schlossnagle
Senior Systems Engineer
33131B65/2047/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7