Re: [Exim] Exim + Virtual POP accounts

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Kevin Sindhu
Date:  
À: Raghavendra Bhat, exim-users
Sujet: Re: [Exim] Exim + Virtual POP accounts
On Mon, Nov 19, 2001 at 11:39:04AM +0530, Raghavendra Bhat penned:
> [Sun, Nov 18, 2001 at 09:28:20AM -0800] Kevin Sindhu :


> > 1) Exim queries a MySQL DB for virtual Host/user (where their
> > passwd is also stored)


> Why do you require a MySQL DB for virtual hosts who have accounts in
> the local server ?


Please read the line,"MySQL DB for virtual Host/user (where their
passwd is also stored)". This implies that all users and domains are
virtual. No virtual domain user has a local account on the machine.

> The /etc/passwd is good enough for this. Small tools should
> achieve large tasks ! This perl script 'shared-mailbox.pl' by
> Richard Kay, <rich AT copsewood DOT net> does things elegantly. This
> can be got from http://www.linuxlinks.com/, you may have to dig
> there.


No. Not elegant enough for my purposes, thank you. I do not want these
users to be in /etc/passwd anyway.

> > 5) For security purposes, only localhost can connect to
> > port 110(POP3), thus giving me more control over who logs in and
> > via only the web interface.


> Not secure enough....run ssl-wrappers around your POP3 and SMTP
> ports and use re-direction via NAT.


Umm...what are you talking about? Let me be more descriptive here: Joe
Schmoe logins via a https page to web-mail which connects to
"localhost" on port 110 to receive e-mail. The only way someone can
really sniff the POP3 data is if he/she is actually snooping on the
localhost interface, and is hence is local user(which still needs
root to actually put the NIC under promisc mode).

Other than you actually throwing a few words out such as NAT (where
does NAT come in here?) and ssl-wrappers, I really fail to see
your point.

However, if you mean use NAT to send all data from port 110 -> 995 for
POP3 -> pop3s, why would you do that here? Its unnecessary and
un-scaleable in the long run, IMHO (Think time when you have over
10,000 simultaneous connections to the pop3s as compared to pop3 all
being done on localhost).

> > At present, I am looking at another solution where I want to
> > change from MySQL to a LDAP database but I have been just "so"
> > busy.


> Is it an elegant solution ? Please do pardon me if I am totally
> wrong...


Again, I interpreting your e-mail completely wrong. The reason I am
looking at LDAP is for total user unification which will eventually
replace NIS+ in my environment, where:

1) All real users are also a part of LDAP
    |----> Authenticate against Unix boxes for common passwd all over
    the network.
    |----> Windows users authenticate against samba which talk to LDAP
    |----> Incoming mail is addressed via LDAP queries.


2) Virtual users are separate but in the same ldap db.

What are you talking about when you say an elegant solution? And, yes
unless you are more descriptive on what you meat, I do feel you are
completely wrong.

cu,
    -Kevin