RE: [Exim] Cyrus integration?

Pàgina inicial
Delete this message
Reply to this message
Autor: Jeff AA
Data:  
A: 'Matt Bernstein'
CC: exim-users
Assumpte: RE: [Exim] Cyrus integration?
> -----Original Message-----
> From: Matt Bernstein [mailto:mb@dcs.qmul.ac.uk]
> Sent: 12 September 2002 10:56
> To: Jeff AA
> Cc: 'Ade Lovett'; 'Tony Finch'; jerry@???; exim-users@???
> Subject: Re: [Exim] Cyrus integration?
>


Hi Matt, appreciate the depth of your experience.

> You can set Cyrus to just do AUTH LOGIN and AUTH PLAIN over TLS, use
> pwcheck (or, of preference, saslauthd) and just not worry
> about all the
> sasldb / MD5 / Kerberos stuff.


Yep! but _virtual_ users in virtual domains, that must be able to do
things like change their own passwords etc - the best suggestion was to
cut some Perl to manage duplicated auth information in two places - once
for Exim and once for Cyrus [ugh].

Look at the SASL decision to use char(0), i.e. NULL as an internal
delimiter in the db:sasldb2 lookup field - otherwise twood have been
easy to configure Exim to lookup the same data [argh]. Things like these
don't fill me with the warm fuzzy feeling of well-thought software.


> Otoh I bet there are plenty of sick ways to get Exim to talk
> straight to
> SASL if you really want to. The embedded Perl interpreter
> springs to mind!


I am sure you are right - but we want to easily use and administer a
performant and reliable MTA/IMAP/SSL setup, rather than lovingly
handcraft and maintain an edifice of daring. 8-)


> ><IMHO> The difference between Cyrus and Courier is akin to
> the 'What's
> >Right!' vs. the 'What Works!' religious debates - Cyrus has lots of
> >acceptance in the OS community, but does not yet cut the mustard [aka
> >not yet ready for prime time], and suffers significantly from SASL
> >issues.
>
> This sounds like FUD. It's subtler than that. I've recently
> had to do my
> first Cyrus tape restore--it was really beautiful.


These are my opinions, but FUD? methinks not - we use Debian, mainly for
security updates. You can objectively compare the packaging status of
Courier and Cyrus packaging, and draw your own conclusions about how
quickly security updates will be packaged. Look at the current Cyrus
README on configuring Cyrus. Look at the Debian packaging notes. Count
the number of SASL issues in the Cyrus mailing lists. Look at the
current Cyrus-sasl-mysql auth HOWTO. Look at the current Exim-Cyrus
HOWTO. FWIW I don't think Courier is perfect, but Exim+Courier=>Easy

I actually like Cyrus, and it was our paper-choice over other IMAP
implementations [it has nice things like ACLS for the latest Outlook
calendaring extensions - yes please!] Unfortunately, higher on our
'Prime Time' definition is ease of admin and low technical maintenance
requirements, with zero custom patching. If enough users want to pay for
the ACL functionality we may eventually switch, and just deal with all
the pain.

> The Cyrus users list is just as friendly and helpful as the Exim
> one


Agreed! I found the Cyrus list responsive, and friendly! This is
actually a medium on our requirement list, and Cyrus out-performed
Courier for friendly help. Fortunately, we haven't actually needed ANY
help [friendly or otherwise] to get Courier up and rockin.

Of course you will no doubt now publish your Exim-Cyrus HOWTO and blow
us all away with how easy it is! Convince me and I will migrate.

8-)

Regards
Jeff