DK wrote: > Hello Paul, Marc and readers; > > 1.a) ldap > Don't really like that idea. I spend a few month once converting and > running my users from LDAP. LDAP is a pain in the you know what.
I agree it's not as simple as running useradd, or dbmail-users. But once you're setup on ldap, a lot of the problems you mention below will simply go away. It's complicated yes, but it's very standard, and the managementproblems can be alleviated with tools like 'cpu' (cpu.sf.net). > > 1.b) imap > If someone logs in via imap how does dbmail know where from to > authenticate that person and which config / sqlite db to use? Is there > already a setup for that in LDAP? Authentication with ldap is disconnected totally from the sqlite db. Dbmail will maintain shadow records in dbmail_users for the owners of the mailboxes and messages the said database will contain, but dbmail_users will not be used for authentication, and dbmail_aliases will not be used for delivery. > > 2) chroot > I don't understand why we need chroot. All my users are virtual they > don't have ssh or ftp access. I don't even run postfix chroot. A > directory like /home/user/ can still be created for each of them. All > they get is imap and web access anyway. Via web they can change their > password use webmail etc. Why does Geo use chroot? > Even if they are not virtual users why would users have anything to do > with the dbmail daemon. They are never starting dbmail directly. It's > always done over imap. Like Marc explained; it solves some security concerns for Geo, and it may simplify the configfile issue. You cannot simply run dbmail-imapd from xinetd, because you will have to run the authentication sequence to find out who you're dealing with /before/ starting dbmail-imapd. My guess is Geo has some kind of proxy sitting between xinetd and dbmail, that will allow users to login and connect them with dbmail afterwards. > > 3) xinetd > I guess we can't run it as daemon because each users needs a config > file. What disadvantage will initd / xinid bring with it? Are we now > having to run more instances of dbmail one for each user? Isn't the > daemon starting up a child for each user anyway? Are we going to have > a time delay for dbmail-imap to start? Running dbmail-imapd from xinetd means: running a single non-forking process per connected user. This means there will be a small startup penalty, but you will never have to worry about preforking issues again. > > 4) MTA > How does Postfix know where to feed the email. Right now all we do is > dbmail-lmtp:localhost:24 > Dbmail gets the email but which config file will be used to deliver? > Can this info be retrieved from the common db or dbmail-ldap? Using per user sqlite databases pretty much rules out lmtp. You can let postfix talk to ldap to validate and find the proper local recipient or forward the message directly. Once you found the local recipient you will need to feed the message to dbmail-smtp for delivery. -- ________________________________________________________________ Paul Stevens paul at nfg.nl NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31 The Netherlands________________________________http://www.nfg.nl
