Re: [Exim] .forward permissions

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Nigel Wade
Date:  
À: Exim users list
Sujet: Re: [Exim] .forward permissions
Alan J. Flavell wrote:
> On Mon, 19 Jul 2004, Kjetil Torgrim Homme wrote:
>
>
>>yes. we need this in our environment, if a NFS server is down and the
>>automounter gives up, we get 'permission denied'. in that case, we want
>>to queue the message until the server is back up, since we can't know
>>whether the message should be forwarded or not
>
>
> Indeed. On our mailer we've approached the problem in a different
> way: we require the forward file to be local to the mail server. But
> because we don't let users log on to the mail server itself, we export
> the area r/w to local client nodes (e.g the login server) so that they
> can edit the file themselves.
>
> Unfortunately, because user home directories are somewhere else
> entirely, this means that the file can't simply be ~/.forward which is
> what any experienced user would expect.
>
> So it's not an ideal solution. I suppose we could forcibly create
> symlinks for ~/.forward in users' home directories, pointing at the
> real "forward" files, but I haven't thought that through. Or maybe we
> could synchronise the two via rsync. Instead, we rely on RTFM, and
> occasionally responding to user complaints "I created my .forward but
> nothing is happening". We're small enough that we can get away with
> that, but I won't pretend it'd be viable for a big operation.
>
> Still, although it wasn't me who actually took the decision, it seems
> a good one to me: I'm much happier with all mail-critical files being
> local to the mail server, than having to rely on NFS for successful
> mail function. I don't mind the *users* having to rely on NFS for
> their occasional configuration updates, if you see what I mean.
>
>


I took a similar decision when building our mail server. One reason for
going for a separate mail server was that mail would still be fully
functional even if the main file server isn't running. NFS mounting the
users' home directories would defeat this objective.

Authentication for the mail server is handled by LDAP. There is a local home
directory on the mail server for each user which is created automatically by
exim when it receives the first message for a user (a "welcome" message is
sent as part of the user creation process to do this). Users can change
passwords and edit their .forward files using usermin. Interactive access is
controlled by LDAP/PAM and the pam_check_host_attr setting, so I can give
login access on a per-user basis.

--
Nigel Wade, System Administrator, Space Plasma Physics Group,
             University of Leicester, Leicester, LE1 7RH, UK
E-mail :    nmw@???
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555