Re: [Exim] Exim + Virtual POP accounts

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Kevin Sindhu
Dátum:  
Címzett: Odhiambo Washington
CC: exim-users, Kevin Sindhu
Tárgy: Re: [Exim] Exim + Virtual POP accounts
Moin Odhiambo!
Odhiambo Washington schrieb am Monday, den 19. November 2001:

CC'g exim-users@ as well:

> Please allow me also chip in. It's been suggested to me that I
> search the archives. Well, I've tried that but it seems that the
> keyword has eluded me. So far no tangible success. However, I
> stumbled on Marc Perkel's mail and also some googling yielded
> vm-pop3d.


Actually, come to think of it, I should write up a HOW-TO re: this
subject and one of the many possible solutions. Give me a few days,
and I'll follow up this mail.

> I'd like my setup _not_ to give the virtual users accounts on my
> box! This means that I have to look for some authentication method
> other than the /etc/passwd. While MySQL approach seems appealing, I
> am not familiar with MySQL and that would mean I have to get our
> Webmaster into this stuff, which is not right. So I guess I have to
> go with some authfile...


Nah....I'd go for either:

1) A db back-end
2) A LDAP back-end.

There are many reasons for this:

i) Users can be added/dropped in real time without restarting exim
ii) You save on data redundancy in a database.
iii) Scalability

However, you have overheads such as actually running a db etc. Its not
that complicated,really! SQL is rather straight forward and easy to
learn. (SELECT $user FROM $db WHERE USERID=$user as an example).
Coding this in php is also rather trivial.


> Kevin, should I decide to go with the authfile, do you have an idea
> what I may use to add the user's..some script???


Actually, if you are looking for an automated script, I don't think
there is any out there(or that I've seen). Personally, I prefer to
manage the db back-end by hand/SQL tools, however if you want like an
automated tool which adds/drops users in lets say a MySQL database for
instance it can be done trivially in php. However, the latter is a
solution when you are looking or setting up a server where users come
via the web and setup their own username/passwd and get working in
real time.(Like a hotmail service)...


> > > 5) For security purposes, only localhost can connect
> > > to port 110 (POP3), thus giving me more control over who logs
> > > in and via only the web interface.


> That is now a scare to me. vm-pop3d docs say that it can allow
> retrieval even from the virtual mailboxes. I wanna go for it unless
> there is a better recommendation. What I am not yet sure about is
> the IMAP support for vm-pop3d.


No. vm-pop3d is exactly what its named, a pop3 daemon. IMAP is a nicer
solution, but you have overheads for IMAP such as a bigger memory
footprint than pop3, storage of mail spool for virtual users on the
disk(which may need disk arrays/special partitioning depending your
needs etc). But in the above scenario, the pop3d is only available via
the web interface (the public interface is firewall'd off).

In my case, let start with two of the domains I manage (I have about 60
others which use something similar) Lucifer.at and sindhu.ca
as a case-examples.

Lucifer.at - with Courier IMAP/Maildir delivery to user home dir:

The users on Lucifer.at are actually real users with real logins to
this machine. If the user wishes to retrieve their mail off-site where
they cannot login via ssh, they can use the web interface ( available
from https://www.lucifer.at/e-mail/src/login.php) which runs an IMAP
session to localhost to retrieve/send mail.

If these same users wish to use a client such as outlook/netscape they
"have" to use SSL with IMAP to receive mail.

Additional notes:

I have hacked procmail to deliver to Maildir (I'll send the diff's
        when I complete the how-to) which allows the mail to be
delivered to procmail, filtered (such as mailing list) and dropped
into a special Maildir folder. Works great with mutt, but you CANNOT
read this mail with courier IMAP, and hence this mail cannot be
filtered via IMAP [Unless you use your mail client to filter in
real-time when downloading IMAP mail]


This works flawlessly when we use wu-IMAP,procmail,/var/mail/$user
delivery. However, I wanted to use Maildir instead.

Sindhu.ca - Virtual domain - Virtual Users - MySQL backend - users
login via pop3 and twig interface - qpopper+MySQL patch

[www.sindhu.ca]

The users are virtual and mail delivery happens as below:

Incoming mail: User is looked up in a MySQL table and mail is
delivered to /var/virtual_mail/sindhu.ca/$user

POP3 - Mail is picked up via qpopper which authenticates the user to a
MySQL table with user information and then reads the mail from:
/var/virtual_mail/sindhu.ca/$user

Note: They have to login as username@???.

I can probably write a detailed how-to(including diffs/configs) during
this week.

cu,

    -Kevin


-- 
Swipple's Rule of Order:
    He who shouts the loudest has the floor.