Phil,
> 1. The RFC1413 ident check will not elicit any response from
> any remote based mail client that attempts to send email via
> SMTP, so it basically is just going to cause a response delay
> in this case? So maybe I need to reduce the timeout?
I used to use Ident, but after I found that it actually helped virtually
none of the time I abandoned it. In fact, so few internet hosts allow ident
information outside their networks, I believe that in most circumstances it
should be abandoned.
> 2. In order for such clients to send mail via SMTP, they must
> authenticate?
I am not quite sure which clients "such clients" are. If you mean MUAs like
Outlook, in general, then no, they do not require authentication. If you
mean any MUA connecting from outside your firewall then I would agree that
authentication is a requirement, and would even suggest you look at using
SSL or similar also.
For my own purposes I abandon Outlook etc and rely on a web MUA -
squirrelmail - which works fine and doesn't depend on me being able to
connect _my_ PC to the net or have, e.g. the IMAPS port, open on the remote
firewall.
Another way you could do things is by implementing an ssh-tunnel or a VPN to
bring your users virtually within your network.
> I have a large community of remote users with (for the most
> part) Windows mail clients and since I installed Exim I have
> "broken" their ability to send email outside the host domain.
Please clarify.
> Assuming I am correct about point 2, I have to say I have
> been unable to get PAM authentication to work (I posted about
> this a week or so ago).
PAM works for me... Although I let saslauthd do the actual verifications.
> 2. Given my abject failure to get PAM working (RH9, PAM
> 0.75), doing you think that going for a new IMAP server and
> replacing my physical users with virtual users as described
> (which is a non-trivial project) is the best solution *for my
> situation*, or am I overlooking something which would allow
> me to get this problem knocked on the head much more quickly?
You haven't described your situation very well, but on what you have said, I
would at this point answer No, unless you are convinced that the problems
you are seeing with Cyrus would not be present with Courier. Switching to
virtual users is an option you have with either product, so should not be
bundled with the Cyrus/Courier choice.