On Sun, Jul 01, 2001 at 10:19:28PM +0200, Henning Brauer wrote:
> Well, this is much to complicated and error-prone IMHO. I don't like the
> idea of "virtual pop3 servers". Our mail machines have 2 to 5 IPs each while
> the webhosting ones have a few hundred.
Please elaborate. There are many ways to implement virtual servers,
including simply bounding your pop3 server to an IP alias (this again,
shouldn't be needed in a well-implemented server with support for
virtual domains, which qmail-ldap claims to be). What's needed
is a way to search for mail=user@domain, where domain is looked up from
somewhere. auth-pop3 could take a path as an argument to where to look for
@domain part for starters. This however requires you to run a separate
pop3d per every virtual server, which in itself is not an ideal way to
do it. An ideal way, IMO is to look at the client's IP address, match
it, and append appropriate @domain for LDAP search. Heck, this can even
be done in tcpserver by setting an environment variable $DOMAIN or
something like that. Just how error prone would this be?
> I thought about adding "(|(mail=[supplied
> uid])(mailalternateaddress=[supplied uid]))" to the search string. This way
> users could just login using their email address. We all know that there are
> lients out not allowing @ in the username - they are stupid, ignore them,
> kick them, burn them, whatever ;-)) they can still log in using their "real"
> uid. the modification should be fairly easy.
Different attributes for smtp and pop3 authentication are stupid. If the
attribute for SMTP authentication is "mail", then it should be the same
attribute for POP3 authentication. The problem of misdesign lies in the
protocol differences. In SMTP, mostly user@domain is used everywhere
between servers unless it's a local domain which assures there won't be
non-unique values in the database. Whereas in POP3, just userid
was traditionally needed for authentication.
