Thank you Ruth.
1. Ident check - comment noted. Thank you.
2. All of the mail clients are "internet based" as someone else put it, and
run a selection of software outside my control. SMTP auth is required, as I
supposed and as you and others have confirmed.
3. I guess I could get PAM working using SASL - but as things stand, I do not
have saslauthd configured. The machine I am using is not mine - it is a
dedicated server provided by a hosting company, and pre-loaded with a default
configuration which I am progressively altering to suit my needs.
4. I do not have Cyrus - I have the Universtity of Washington IMAP server,
and I understood that this did not support virtual users. Am I then incorrect
in this assertion regarding the availability of virtual users? The migration
to Courier is being considered as a way of acquiring the ability to use
virtual users, and for no other reason at the moment.
5. Yes I like Squrrelmail too, and use it to provide a web based service.
Works fine. Unfortunately most of my clients choose to use Outlook etc. from
their personal PCs.
6. Re "breaking" the ability for the clients to route outside our network,
this is because the ACL is only allowing "local" deliveries in the absence of
successful SMTP auth.
7. The problems that I am seeing are related solely to the absence of a
working SMTP auth scheme at the moment. The idea of using virtual users
arises from the desire to construct a working SMTP auth scheme, and also from
the fact that the email users *already* have suitable authentication data
stored within the database of the web portal software on my server, as they
are already registered users of that system anyway. Long term I think going
this way would reduce my administration overhead, at the cost of the effort
required to install and configure the new software.
As usual I think this is turning into an "Ask Maude" thread!
So, does anyone have any experience of using "whoson" with Courier 3?
Ruth - thank you very much for your kind response.
Regards
Phil
On Mon, 9 Aug 2004 13:13:30 +0100, Ruth Ivimey-Cook wrote
> Phil,
>
> > 1. The RFC1413 ident check will not elicit any response from
> > any remote based mail client that attempts to send email via
> > SMTP, so it basically is just going to cause a response delay
> > in this case? So maybe I need to reduce the timeout?
>
> I used to use Ident, but after I found that it actually helped virtually
> none of the time I abandoned it. In fact, so few internet hosts
> allow ident information outside their networks, I believe that in
> most circumstances it should be abandoned.
>
> > 2. In order for such clients to send mail via SMTP, they must
> > authenticate?
>
> I am not quite sure which clients "such clients" are. If you mean
> MUAs like Outlook, in general, then no, they do not require
> authentication. If you mean any MUA connecting from outside your
> firewall then I would agree that authentication is a requirement,
> and would even suggest you look at using SSL or similar also.
>
> For my own purposes I abandon Outlook etc and rely on a web MUA -
> squirrelmail - which works fine and doesn't depend on me being able
> to connect _my_ PC to the net or have, e.g. the IMAPS port, open on
> the remote firewall.
>
> Another way you could do things is by implementing an ssh-tunnel or
> a VPN to bring your users virtually within your network.
>
> > I have a large community of remote users with (for the most
> > part) Windows mail clients and since I installed Exim I have
> > "broken" their ability to send email outside the host domain.
>
> Please clarify.
>
> > Assuming I am correct about point 2, I have to say I have
> > been unable to get PAM authentication to work (I posted about
> > this a week or so ago).
>
> PAM works for me... Although I let saslauthd do the actual verifications.
>
> > 2. Given my abject failure to get PAM working (RH9, PAM
> > 0.75), doing you think that going for a new IMAP server and
> > replacing my physical users with virtual users as described
> > (which is a non-trivial project) is the best solution *for my
> > situation*, or am I overlooking something which would allow
> > me to get this problem knocked on the head much more quickly?
>
> You haven't described your situation very well, but on what you have
> said, I would at this point answer No, unless you are convinced that
> the problems you are seeing with Cyrus would not be present with
> Courier. Switching to virtual users is an option you have with
> either product, so should not be bundled with the Cyrus/Courier choice.
>
> Regards,
>
> Ruth