tmail and account verification

[Frode Nordahl]

Hello,
I'd like tmail to check if a account is expired before attempting to 
deliver mail to it.

It's a shame that there has not been developed a standard way to check 
this on Unix.

But since the world is as it is, how about adding a checkacct() 
function to the osdep ckp_*.c files, which could do pam_acct_mgmt on 
PAM systems, check pw-pw_expire on systems with that, sp-sp_expire on 
systems with that etc.

I'm in no possition to make this work on all platforms supported by 
uw-imap, but I could contribute to a few.

Is this the way to go, or should this be solved a different way?
PS:
Is it really necessary for tmail to make such verbose logs under normal 
operation? :-)

Mvh,
Frode Nordahl
--
--
For information about this mailing list, and its archives, see: 
http://www.washington.edu/imap/c-client-list.html
--

Re: tmail and account verification

[Mark Crispin]

On Fri, 24 Sep 2004, Frode Nordahl wrote:
I'd like tmail to check if a account is expired before attempting to deliver 
mail to it.
tmail does not currently do this.  I feel that the harm to a site which 
does not want it done is too great, so I don't think that I will make this 
change.

Account expiration is generally a point at which user access to an account 
is shut off, and is not necessary the same as account termination.

Since you have tmail sources, you are welcome to make the change in your 
own copy of tmail.

Is it really necessary for tmail to make such verbose logs under normal 
operation? :-)
The level of tmail logging is controlled by the syslog configuration file 
for the LOG_MAIL facility.  Most of the tmail babble type messages are 
at LOG_INFO level (which is also the level at which sendmail babbles), 
with warnings and errors at LOG_WARNING or LOG_ERR.

-- Mark --
http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.

Re: tmail and account verification

[David B Funk]

On Fri, 24 Sep 2004, Mark Crispin wrote:

 On Fri, 24 Sep 2004, Frode Nordahl wrote:
  I'd like tmail to check if a account is expired before attempting to deliver
  mail to it.

 tmail does not currently do this.  I feel that the harm to a site which
 does not want it done is too great, so I don't think that I will make this
 change.

 Account expiration is generally a point at which user access to an account
 is shut off, and is not necessary the same as account termination.

Yes, that is exactly the point. If the user no longer has login rights
no sense in storing mail they cannot read but you want to keep the account
entry so any '.forward' file they may have will work.

We have a rather migratory user base and so have a two phase removal
policy (deactivate and then later delete).

I agree that you would not want to make this behaivor the default but why
not make it an additional command line option?

 Since you have tmail sources, you are welcome to make the change in your
 own copy of tmail.

At our site we've already done this. ;)

  Is it really necessary for tmail to make such verbose logs under normal
  operation? :-)

 The level of tmail logging is controlled by the syslog configuration file
 for the LOG_MAIL facility.  Most of the tmail babble type messages are
 at LOG_INFO level (which is also the level at which sendmail babbles),
 with warnings and errors at LOG_WARNING or LOG_ERR.

 -- Mark --

If it's just babble why not make it LOG_DEBUG? We keep LOG_INFO mail
entries for transaction records, use LOG_DEBUG for debugging/monitoring.

I have two sets of syslog entries, '*.info' for transaction logging,
'*.debug' for debugging/monitoring and have a cron job that trims
the 'debug' logs.

-- 
Dave Funk  University of Iowa
dbfunk (at) engineering.uiowa.eduCollege of Engineering
319/335-5751   FAX: 319/384-0549   1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include std_disclaimer.h
Better is not better, 'standard' is better. B{

Re: tmail and account verification

[Frode Nordahl]

On Sep 24, 2004, at 21:14, David B Funk wrote:
I agree that you would not want to make this behaivor the default but 
why
not make it an additional command line option?
Or even a compile time option, since this will most likelly not be 
supported on all platforms.

(I don't know which, but I'm sure there are platforms that does not 
have PAM nor concepts of account expiration)

I'll have a go on this and provide some patches.
For PAM users it will also have the nice effect of being able to put in 
added functionality through PAM (pam_mkhomedir springs to mind).

I'm sure others might find some use for this, but it should of course 
be a optional feature.

If it's just babble why not make it LOG_DEBUG? We keep LOG_INFO 
mail
entries for transaction records, use LOG_DEBUG for 
debugging/monitoring.
I'll second that. Most daemons on my system send such info to LOG_DEBUG.
A single line to LOG_INFO stating that the mail was delivered, or a 
single line to LOG_WARNING / LOG_ERR, stating that it wasn't would 
suffice.

Mvh,
Frode Nordahl
--
Dave Funk  University of Iowa
dbfunk (at) engineering.uiowa.eduCollege of Engineering
319/335-5751   FAX: 319/384-0549   1256 Seamans Center
Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527
#include std_disclaimer.h
Better is not better, 'standard' is better. B{