Hmmm,
Anybody can help me with these points? :) Sorry for TOP-posting, just to make easy possible new answers.
I get only one answer, :o) I'm still searching Google, but it is hard to find docs about this. If anybody could point me to more docs and references.
And I would like to ask about SMTP auth docs, any tutorial? I'm getting some problems with auth "schemas".
Hope anybody can help!
Best regards,
Felipe Augusto van de Wiel wrote:
Hi peoples, :)
I'm building a new mail server with "focus" on more security. For this "setup" I have enough time to read more carefully the guides, how-to's and manuals, and also, do some tests to check the security and implementations.
The new server is UP and "in quarentena", waiting to go "in production". Before I would like to try solve some doubts, and if it is possible, I would to contribute for LWQ-ldap to fullfill the missing points. :)) I don't know if Henning Brauer (LWQ-ldap author) is around, so if it not possible, I hope I can write a "complement" to life-with-qmail-ldap. :))
The system is a Debian Woody (stable) 3.0r2 i386 Compaq Proliant (ML370) Pentium III 1GHz / 512 MB (RAM)1 HD 36.4 GB SCSI (10K) (XFS filesystem) Normal LWQ and LWQ-ldap installation.
1) "Automagically" directory creation and permissions
I've turned on AUTOMAILDIRMAKE and AUTOHOMEDIRMAKE, in Makefile I set this:
MDIRMAKE=-DAUTOMAILDIRMAKE HDIRMAKE=-DAUTOHOMEDIRMAKE
Is there any configuration to AUTOMAILDIRMAKE? I believe that it is inside qmail-ldap patch, so it creates the maildir directory inside /var/qmail/maildirs, is this correct?
What is the correct permissions do qmail maildirs directory? I'm using 0775, with vmail:vmail, but it looks like that in this way it is not possible to create de dir. What am I missing here?
For AUTOHOMEDIRMAKE I create the ~scontrol/dirmaker and put a create-homedir script inside ~qmail/bin. But I got the same problem, permissions. My /home is 2775, with root:staff; I have to change the permissions and the owner:group? Is it really necessary to create the homedir? Or the delivery happens without the homedir?
My create-homedir script has: #!/bin/sh mkdir -m 700 -p $1 #EOF
2) SSL/TLS
The ldap packages for Debian came without TLS, so I download the sources (apt-get source) and rebuild it using TLS, so it is the same package just with TLS enabled. I need to rebuild the ldaputils, slapd and libldap2 and libldap2-dev.
I'm expecting to setup a TLS-only mail server, running ldaps://127.0.0.1/ and ldaps://PUBLIC-IP/, is it possible? Because I cannot find how to setup qmail-ldap to access the LDAP server using TLS. My other question is, am I being to much paranoid, in other words, don't need to use TLS in localhost??
3) LDAP access control
I was wondering if we can collect some good examples of "access control" for LDAP, probably Andre and Claudio can give good information about this.
I would like to give just the "needed" permission to qmail-ldap work, but I'm not completely sure about what it needs.
The main
Thanks for "patience"! :o) Best regards,
-- ////////// // Felipe Augusto van de Wiel // Admin. de Redes e Sistemas // [EMAIL PROTECTED] // http://www.paranacidade.org.br/ //////////
