[OT for Cyrus] Re: Enterprise Server Solution
[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <3A9558FE.DEDAC78 [EMAIL PROTECTED]> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit "John C. Amodeo" wrote: > > David, > > You have mentioned a very important point - "Cyrus lacks is a 'pretty interfac e' for > administration, as Exchange has." > > This is one of its best features - why? Because it ensures only people with t he > skill and the know how are the system administrators. John, I agree with you wholeheartedly. Microsoft-style interfaces make it really easy to get something done, even if the operator doesn't know what they're doing. This 'argument' just happens to be the one I have with my boss most often - his feeling is that free software hasn't caught on quicker due to lack of 'packaging'. The average IT director, he argues, will be turned off by the lack of GUI interface. My argument is that free software is from a whole other universe, where _all_ the rules are different. Stuff that he thinks essential to the success of free software really has no meaning in our universe, and therefore no impact on whether free software succeeds or not. There can be no argument that free software is succeeding wildly; due in large part no doubt to the increasingly large population of skilled system administrators who started by running a mailserver in their dorm room. In any case, I'm glad I'm able to show the existence of at least _one_ enlightened IT director. regards, David > > To give you a little background about Rutgers, we have 48,000 registered stude nts, > about 6 campuses, 10,000 full-time employees and literally hundreds of servers - all > a mix of Unix, Linux, Novell, NT, and Mac. Currently there are no real standa rds > about what is allowed and what is not. Every department makes up the rules as they > go. It has been my experience that NT remains the server OS of choice for tho se who > do not know any better. The ones who do know better run the most stable syste ms at > the University (Unix, Linux, and Novell.) > > Exchange makes it too easy for any novice who knows Windows to "take a shot" a nd set > up a mail server. It also makes it very easy for anyone (even non-system admi ns) to > try and fix the system when its broken. And since there are no standards in p lace > about who is allowed to administer a server, and who is not, you have allot of > department heads, who even though they are not computer people (mostly academi c > administrators), have the power to make his / her computer people give up the admin > passwords on the systems. It makes them feel important when they also know wh at the > password is. The problem here is that in an emergency, they generally figure "Hey, > why don't I just log in and fix the server." You come back from a week's vaca tion > and find the server was hosed because someone thought they knew what they were > doing... > > Command line interfaces are the best. Its like an insurance policy that deter s > people who shouldn't be messing around with the system from doing just that. At > least in my opinion; it makes me feel more comfortable. > > As a wise man once said - "The most dangerous type of "computer" person is one who > "thinks" they know what they're doing." > > -John > > "David L. Parsley" wrote: > > > Thanks John; I just forwarded a copy of this to my boss, who was a > > little uncomfortable with my using Cyrus to replace Netscape last > > summer. Cyrus has done such a great job, his doubts have diminished > > greatly. Still, this kind of testimonial from IT Directors at other > > institutions is invaluable. > > > > In my bosses opinion, what Cyrus lacks is a 'pretty interface' for > > administration, as Exchange has. While I'm perfectly comfortable with > > current tools, most of my co-workers (boss included) would prefer a nice > > GUI like you find with Microsoft products. To me, this is judging a > > book by it's cover. > > > > Fortunately he _does_ understand the value of open standards, which is > > probably the main reason we're enjoying Cyrus today. > > > > regards, > > David > > > > "John C. Amodeo" wrote: > > > > > > Randall, > > > > > > Paying for software is really not an issue. The University has spent hund reds > > > of thousands of dollars for hundreds of copies of Novell, a site license f or > > > McAfee, Oracle, etc. > > > > > > The point here is Cyrus is such a powerful program, with an outstanding tr ack > > > record, that despite the few features it lacks at this point, you couldn't ask > > > for more, in my opinion. In addition, my goal is to see all of the Exchan ge > > > server go away, and the only way to do that is to prove there is a better > > > system out there and put it to work. Having one that's free makes it that > > > much easier to convince others to switch. > > > > > > Anyway, thanks for your suggestion, I will keep it in the back of my mind. > > > > > > -John > > > > > > "Randal
Re: Enterprise Server Solution
[EMAIL PROTECTED]> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Thanks John; I just forwarded a copy of this to my boss, who was a little uncomfortable with my using Cyrus to replace Netscape last summer. Cyrus has done such a great job, his doubts have diminished greatly. Still, this kind of testimonial from IT Directors at other institutions is invaluable. In my bosses opinion, what Cyrus lacks is a 'pretty interface' for administration, as Exchange has. While I'm perfectly comfortable with current tools, most of my co-workers (boss included) would prefer a nice GUI like you find with Microsoft products. To me, this is judging a book by it's cover. Fortunately he _does_ understand the value of open standards, which is probably the main reason we're enjoying Cyrus today. regards, David "John C. Amodeo" wrote: > > Randall, > > Paying for software is really not an issue. The University has spent hundreds > of thousands of dollars for hundreds of copies of Novell, a site license for > McAfee, Oracle, etc. > > The point here is Cyrus is such a powerful program, with an outstanding track > record, that despite the few features it lacks at this point, you couldn't ask > for more, in my opinion. In addition, my goal is to see all of the Exchange > server go away, and the only way to do that is to prove there is a better > system out there and put it to work. Having one that's free makes it that > much easier to convince others to switch. > > Anyway, thanks for your suggestion, I will keep it in the back of my mind. > > -John > > "Randall S. Winchester" wrote: > > > If you do not mind "paying" for a server, Sendmail has a POP/IMAP message > > store that is quite similar to the cyrus message store format. It does > > support multiple domains, and has a GUI to allow delegated per domain > > administration as well. > > > > Randall > > > > On Wed, 21 Feb 2001, John C. Amodeo wrote: > > > > : Greetings, > > : > > : Let me first start by extending my warmest thanks to everyone who has > > : replied to my original message regarding Cyrus capabilities to partition > > : into multiple independent mail servers. After reading your suggestions, > > : and giving some considerable thought to what would be in our best > > : interest, we have decided to run Cyrus on multiple IP aliases. This > > : seems to be the most common work around for the the multiple domain > > : problem. The one major draw back to using this method is every time > > : Cyrus is updated to a new version, multiple copies of the binary will > > : need to be compiled all with different parameters (i.e. conf files > > : directory, etc.) If you have, lets say, 4 Cyrus servers per physical > > : box, and 6 or so imap server, you can see what a nightmare this would be > > : every time a new version comes out. > > : > > : One of my colleagues came up with a suggestion that consists of > > : modifying the Cyrus code so we can pass variables to the binary when it > > : is invoked. For instance, instead of compiling Cyrus with > > : /etc/imap.conf and /etc/cyus.conf hard coded in, we could modify the > > : code to accept a variable or two when the master is invoked. This way, > > : we can have 1 binary on the server, but invoke 4 masters with different > > : parameters (like location of imap.conf and cyrus.conf). I guess this is > > : the same concept as the "-s" switch to run imaps, and so on. > > : > > : Is this possible or am I totally getting out of control? Has anyone > > : done this or attempted to do this yet? > > : > > : When our system is up and functioning well, we plan to write some good > > : documentation about ways to integrate Cyrus / Linux into a "business" > > : environment that uses Novell and Windows for file sharing and > > : application distribution. > > : > > : -John > > : __ > > : John C. Amodeo, Associate Director > > : Information Technology and Computer Operations > > : Faculty of Arts & Sciences, Rutgers University > > : 732.932.9455-voice 732.932.0013-fax > > :
Re: Enterprise Server Solution
On Thu, 22 Feb 2001, John C. Amodeo wrote: : Randall, : : Paying for software is really not an issue. The University has spent hundreds : of thousands of dollars for hundreds of copies of Novell, a site license for : McAfee, Oracle, etc. Sorry if my comment sounded off handed. I worked at umd.edu for 14 years, and also had those similar licenses. We never really considered paying for the backend mail system though... Various reasons including strong technical expertise in the area |-). : The point here is Cyrus is such a powerful program, with an outstanding track : record, that despite the few features it lacks at this point, you couldn't ask : for more, in my opinion. Yes it is quite powerful and a leader in many standards based messaging services. : In addition, my goal is to see all of the Exchange server go away, : and the only way to do that is to prove there is a better system : out there and put it to work. There are still a couple features in Exchange that make it more competitive in certain markets. They can often be worked around though. : Having one that's free makes it that much easier to convince : others to switch. At the price for Exchange servers there is lots of room, even for those with support or licensing fees. : Anyway, thanks for your suggestion, I will keep it in the back of my mind. Glad to dialog with you. Randall
Re: Enterprise Server Solution
David, You have mentioned a very important point - "Cyrus lacks is a 'pretty interface' for administration, as Exchange has." This is one of its best features - why? Because it ensures only people with the skill and the know how are the system administrators. To give you a little background about Rutgers, we have 48,000 registered students, about 6 campuses, 10,000 full-time employees and literally hundreds of servers - all a mix of Unix, Linux, Novell, NT, and Mac. Currently there are no real standards about what is allowed and what is not. Every department makes up the rules as they go. It has been my experience that NT remains the server OS of choice for those who do not know any better. The ones who do know better run the most stable systems at the University (Unix, Linux, and Novell.) Exchange makes it too easy for any novice who knows Windows to "take a shot" and set up a mail server. It also makes it very easy for anyone (even non-system admins) to try and fix the system when its broken. And since there are no standards in place about who is allowed to administer a server, and who is not, you have allot of department heads, who even though they are not computer people (mostly academic administrators), have the power to make his / her computer people give up the admin passwords on the systems. It makes them feel important when they also know what the password is. The problem here is that in an emergency, they generally figure "Hey, why don't I just log in and fix the server." You come back from a week's vacation and find the server was hosed because someone thought they knew what they were doing... Command line interfaces are the best. Its like an insurance policy that deters people who shouldn't be messing around with the system from doing just that. At least in my opinion; it makes me feel more comfortable. As a wise man once said - "The most dangerous type of "computer" person is one who "thinks" they know what they're doing." -John "David L. Parsley" wrote: > Thanks John; I just forwarded a copy of this to my boss, who was a > little uncomfortable with my using Cyrus to replace Netscape last > summer. Cyrus has done such a great job, his doubts have diminished > greatly. Still, this kind of testimonial from IT Directors at other > institutions is invaluable. > > In my bosses opinion, what Cyrus lacks is a 'pretty interface' for > administration, as Exchange has. While I'm perfectly comfortable with > current tools, most of my co-workers (boss included) would prefer a nice > GUI like you find with Microsoft products. To me, this is judging a > book by it's cover. > > Fortunately he _does_ understand the value of open standards, which is > probably the main reason we're enjoying Cyrus today. > > regards, > David > > "John C. Amodeo" wrote: > > > > Randall, > > > > Paying for software is really not an issue. The University has spent hundreds > > of thousands of dollars for hundreds of copies of Novell, a site license for > > McAfee, Oracle, etc. > > > > The point here is Cyrus is such a powerful program, with an outstanding track > > record, that despite the few features it lacks at this point, you couldn't ask > > for more, in my opinion. In addition, my goal is to see all of the Exchange > > server go away, and the only way to do that is to prove there is a better > > system out there and put it to work. Having one that's free makes it that > > much easier to convince others to switch. > > > > Anyway, thanks for your suggestion, I will keep it in the back of my mind. > > > > -John > > > > "Randall S. Winchester" wrote: > > > > > If you do not mind "paying" for a server, Sendmail has a POP/IMAP message > > > store that is quite similar to the cyrus message store format. It does > > > support multiple domains, and has a GUI to allow delegated per domain > > > administration as well. > > > > > > Randall > > > > > > On Wed, 21 Feb 2001, John C. Amodeo wrote: > > > > > > : Greetings, > > > : > > > : Let me first start by extending my warmest thanks to everyone who has > > > : replied to my original message regarding Cyrus capabilities to partition > > > : into multiple independent mail servers. After reading your suggestions, > > > : and giving some considerable thought to what would be in our best > > > : interest, we have decided to run Cyrus on multiple IP aliases. This > > > : seems to be the most common work around for the the multiple domain > > > : problem. The one major draw back to using this method is every time > > > : Cyrus is updated to a new version, multiple copies of the binary will > > > : need to be compiled all with different parameters (i.e. conf files > > > : directory, etc.) If you have, lets say, 4 Cyrus servers per physical > > > : box, and 6 or so imap server, you can see what a nightmare this would be > > > : every time a new version comes out. > > > : > > > : One of my colleagues came up with a suggestion that consists of > > > : modif
Re: Enterprise Server Solution
Randall, Paying for software is really not an issue. The University has spent hundreds of thousands of dollars for hundreds of copies of Novell, a site license for McAfee, Oracle, etc. The point here is Cyrus is such a powerful program, with an outstanding track record, that despite the few features it lacks at this point, you couldn't ask for more, in my opinion. In addition, my goal is to see all of the Exchange server go away, and the only way to do that is to prove there is a better system out there and put it to work. Having one that's free makes it that much easier to convince others to switch. Anyway, thanks for your suggestion, I will keep it in the back of my mind. -John "Randall S. Winchester" wrote: > If you do not mind "paying" for a server, Sendmail has a POP/IMAP message > store that is quite similar to the cyrus message store format. It does > support multiple domains, and has a GUI to allow delegated per domain > administration as well. > > Randall > > On Wed, 21 Feb 2001, John C. Amodeo wrote: > > : Greetings, > : > : Let me first start by extending my warmest thanks to everyone who has > : replied to my original message regarding Cyrus capabilities to partition > : into multiple independent mail servers. After reading your suggestions, > : and giving some considerable thought to what would be in our best > : interest, we have decided to run Cyrus on multiple IP aliases. This > : seems to be the most common work around for the the multiple domain > : problem. The one major draw back to using this method is every time > : Cyrus is updated to a new version, multiple copies of the binary will > : need to be compiled all with different parameters (i.e. conf files > : directory, etc.) If you have, lets say, 4 Cyrus servers per physical > : box, and 6 or so imap server, you can see what a nightmare this would be > : every time a new version comes out. > : > : One of my colleagues came up with a suggestion that consists of > : modifying the Cyrus code so we can pass variables to the binary when it > : is invoked. For instance, instead of compiling Cyrus with > : /etc/imap.conf and /etc/cyus.conf hard coded in, we could modify the > : code to accept a variable or two when the master is invoked. This way, > : we can have 1 binary on the server, but invoke 4 masters with different > : parameters (like location of imap.conf and cyrus.conf). I guess this is > : the same concept as the "-s" switch to run imaps, and so on. > : > : Is this possible or am I totally getting out of control? Has anyone > : done this or attempted to do this yet? > : > : When our system is up and functioning well, we plan to write some good > : documentation about ways to integrate Cyrus / Linux into a "business" > : environment that uses Novell and Windows for file sharing and > : application distribution. > : > : -John > : __ > : John C. Amodeo, Associate Director > : Information Technology and Computer Operations > : Faculty of Arts & Sciences, Rutgers University > : 732.932.9455-voice 732.932.0013-fax > :
Re: Enterprise Server Solution
Greetings, Let me first start by extending my warmest thanks to everyone who has replied to my original message regarding Cyrus capabilities to partition into multiple independent mail servers. After reading your suggestions, and giving some considerable thought to what would be in our best interest, we have decided to run Cyrus on multiple IP aliases. This seems to be the most common work around for the the multiple domain problem. The one major draw back to using this method is every time Cyrus is updated to a new version, multiple copies of the binary will need to be compiled all with different parameters (i.e. conf files directory, etc.) If you have, lets say, 4 Cyrus servers per physical box, and 6 or so imap server, you can see what a nightmare this would be every time a new version comes out. One of my colleagues came up with a suggestion that consists of modifying the Cyrus code so we can pass variables to the binary when it is invoked. For instance, instead of compiling Cyrus with /etc/imap.conf and /etc/cyus.conf hard coded in, we could modify the code to accept a variable or two when the master is invoked. This way, we can have 1 binary on the server, but invoke 4 masters with different parameters (like location of imap.conf and cyrus.conf). I guess this is the same concept as the "-s" switch to run imaps, and so on. Is this possible or am I totally getting out of control? Has anyone done this or attempted to do this yet? When our system is up and functioning well, we plan to write some good documentation about ways to integrate Cyrus / Linux into a "business" environment that uses Novell and Windows for file sharing and application distribution. -John __ John C. Amodeo, Associate Director Information Technology and Computer Operations Faculty of Arts & Sciences, Rutgers University 732.932.9455-voice 732.932.0013-fax
Re: Enterprise Server Solution
John, I have been discussing this with Amos Gouaux and Larry Greenfield, and I'm currently working on changes to CVS which will allow you to specify an alternate config file (-C > Greetings, > > Let me first start by extending my warmest thanks to everyone who has > replied to my original message regarding Cyrus capabilities to partition > into multiple independent mail servers. After reading your suggestions, > and giving some considerable thought to what would be in our best > interest, we have decided to run Cyrus on multiple IP aliases. This > seems to be the most common work around for the the multiple domain > problem. The one major draw back to using this method is every time > Cyrus is updated to a new version, multiple copies of the binary will > need to be compiled all with different parameters (i.e. conf files > directory, etc.) If you have, lets say, 4 Cyrus servers per physical > box, and 6 or so imap server, you can see what a nightmare this would be > every time a new version comes out. > > One of my colleagues came up with a suggestion that consists of > modifying the Cyrus code so we can pass variables to the binary when it > is invoked. For instance, instead of compiling Cyrus with > /etc/imap.conf and /etc/cyus.conf hard coded in, we could modify the > code to accept a variable or two when the master is invoked. This way, > we can have 1 binary on the server, but invoke 4 masters with different > parameters (like location of imap.conf and cyrus.conf). I guess this is > the same concept as the "-s" switch to run imaps, and so on. > > Is this possible or am I totally getting out of control? Has anyone > done this or attempted to do this yet? > > When our system is up and functioning well, we plan to write some good > documentation about ways to integrate Cyrus / Linux into a "business" > environment that uses Novell and Windows for file sharing and > application distribution. > > -John > __ > John C. Amodeo, Associate Director > Information Technology and Computer Operations > Faculty of Arts & Sciences, Rutgers University > 732.932.9455-voice 732.932.0013-fax -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Enterprise Server Solution
> Two Questions: > > 1) What recommendations does anyone have to appropriately partition the Cyrus Server to handle this > architecture and what configuration is necessary to ensure that when LinuxServer1 receives a message for > [EMAIL PROTECTED], the mail is delivered to user.smith on the partition reserved for Depatment1, > and when a message is delivered for [EMAIL PROTECTED], the correct delivery is also made? > > 2) Assuming 1 is possible, how will 2 users with the same username, but different contexts, login to the > same Cyrus Imap server and enter the appropriate mailbox... > username = (NDS Context Model) > or > username = (Domain Model) > > Any comments/suggestions/help would be greatly appreciated. I'm not an expert at enterprise class solutions, and don't know many of t he details or benefits that NDS can offer, but I can try and help somewhat by sheddi ng light on a few details. Essentially what you are asking is for virtual domain support which cyrus does not have at the moment. That said, there are ways around the lack of such support but they all have significant drawbacks. The main problem is that unlike http 1.1, there is no easy way to discern where the end user was trying to go within the IMAP protocol. At best you can create a unique IP address per department and then modify the server code to implement separate mail stores based on the unique IP information. When a user tri es to log in you only two useful pieces of information to try and determine wha t department they are trying to reach: the username, the destination IP Address. If you are not willing to create unique usernames across your entire installation then you must somehow create different cyrus servers for people to log in to. There is no way to have the same server, on the same machine, running the same configuration file to have more than one user.smith. Each cyrus installation is one bi g mailstore. Each person with the name smith will have to have their own unique mailbo x identifier if you want them to exist within the same mailstore. When I had my 1.6.24 installation I hacked up a version of cyrus that supported virtual domains. It allowed the user to log in as [EMAIL PROTECTED] and th en calculated the appropriate locally unique mailbox name to go with it. I never released the code because 2.X came out within 2 weeks after I finis hed and it wasn't all the clean of a job either. While I am guilty of using partitions as a neat way to implement separate domains (or in your case departments), this is not what they were designed for. They were designed purely as a way to spread the same mail store across separate physical devices to aid in storage and backup purposes. As a result, they only physically separate the different mailboxes on the file system. They do not create a ny logical separation that the server can use. It's still just one big mailstore. There have been many discussions about this in the past and the mailing l ist archives will go into a lot of the details about it, but you do have a fe w options I can immediately think of (and I'm sure you have others as well) . This assumes you are running 2.X code: 1) Redesign your NDS, or implement an administrative policy that mandates the creation of unique user identifiers for each person regardless of department. If you really want to save yourself a lot of trouble, this is probably your best bet given the current state of cyrus. 2) Use physically separate machines for each department. Do not have them share any data, each one authenticates out of its own subtree of NDS. 3) Alias many IP Addresses onto one interface and then launch several instances of the cyrus server (one per department) each using a seperate configuration file (possibly even chroot'd into a seperate file space) bound to a unique IP. Add DNS entries imap.department1.edu, imap.department2.edu which map to the corresponding IPs on the server. This one is currently the most popular approach and in many people's opinion is the lesser of all the evils. 4) It might be possible to modify the master process to examine the source address and then launch imapd using the separate config model. This of course blows away any hopes of doing remote logins from home or the road. (I don't recommend this one) 5) Configure all the IMAP programs in your entire site to use username-departmentname as the login ID for IMAP. Create all mailboxes on the Cyrus server as username-departmentname. Modify the server authentication mechanims to separate everything before authenticating against the NDS tree. 6) Abstract the unique name away from the IMAP clients by creating a new IMAP server for them to connect to. Essentially this new server does two things. First, it is able to authenticate against the NDS because somehow it knows about the context it exists in. Second, it then logs into the cyrus server using a unique ID which it either looked up
Re: Enterprise Server Solution
> On Fri, 16 Feb 2001 11:51:50 -0500, > John C Amodeo <[EMAIL PROTECTED]> (jca) writes: jca> It would make sense to be able to use 1 Cyrus server (properly partitioned) to serve jca> multiple Departments, where user 'Smith' may be 2 distinct users from 2 contexts; jca> i.e. Linux Server1 will serve users email for ou=Department1 and ou=Department2. With Cyrus 2.0.11 you can bind each of the services in cyrus.conf to a specific address:port: ... listen="serv1.dept1.dom:lmtp" ... I was eager for this so that the lmtpd could be bound to an address on a private network. However, it also seemed to me this would be necessary for multi-domain support as well. While perhaps not very elegant, seems to me the simplest way to finish up *some* kind of multi-domain support would be the ability to supply master with a '-C config_file_dir' option. This would not only specify a specific directory for the cyrus.conf, but also the imapd.conf. In these domain-specific configuration files you'd specify which addresses that set of services should bind to, as well as the authentication service to use. (Perhaps a 'servicename' setting would be needed in imapd.conf that would be used for PAM lookups) One thing I really dislike is the business of users having to login with their fully-qualified address. This does not give the impression that the folks of a particular domain have their own little private server. The fact that more than one domain may physically reside on the same machine is not something the users need to be aware of or worry about. It seems like the simplest way to achieve this would be to have multiple masters, each with a different configuration. While having multiple masters would be somewhat wasteful process-wise, it would at least make it trivial to lift out an entire domain if at some point it became necessary to scale out horizontally. Besides, being able to specify a config_file_dir wouldn't necessarily preclude later evolving master to have builtin support for multiple domains, if so desired. The trickiest thing would be that master would have to relay this config_file_dir to all the services, likely thru an environment variable. -- Amos
Re: Enterprise Server Solution
We are running a similar system with a few hundred users. We are using OpenLDAP instead of NDS (All Linux), The system is managing multiple domains. > Two Questions: > > 1) What recommendations does anyone have to appropriately partition > the Cyrus Server to handle this architecture and what configuration is > necessary to ensure that when LinuxServer1 receives a message for > [EMAIL PROTECTED], the mail is delivered to user.smith on the > partition reserved for Depatment1, and when a message is delivered for > [EMAIL PROTECTED], the correct delivery is also made? You may run one Cyrus server per department if you want the resources to be really separate. Otherwise there is no big need to create multiple partitions. > 2) Assuming 1 is possible, how will 2 users with the same username, > but different contexts, login to the same Cyrus Imap server and enter > the appropriate mailbox... > username = (NDS Context The solution I have is to use username_domain_tld where TLD=Top Level Domain. Example [EMAIL PROTECTED]'s uid is user1_department1_org and [EMAIL PROTECTED] is user1_department1_net > Model) > or > username = (Domain Model) Cyrus will not allow you to have "." in Mailbox name , and its not its <[EMAIL PROTECTED]> Not all domains are .com you may want to look at an opensource product called ISPMan. www.ispman.org. That will give you a pretty good idea on how you can setup a system with Linux, and it will manage the multiple departments with an LDAP server. > Any comments/suggestions/help would be greatly appreciated. > > -John > __ > John C. Amodeo, Associate Director > Information Technology and Computer Operations > Faculty of Arts & Sciences, Rutgers University > 732.932.9455-voice 732.932.0013-fax > -- Atif Ghaffar Internet Development Manager 4unet AG/SA -. +41 78 787 51 45 ¦ voice +41 24 441 09 03 ¦ fax http://www.4unet.net ¦ www http://atif.developer.ch ¦ homepage [EMAIL PROTECTED] ¦ email Do you speak Unix?
Enterprise Server Solution
Greetings, My Division at Rutgers University has recently re-engineered our email infrastructure using the Cyrus Imap "black-box" model with Novell NDS for Account Management. After considerable research and consideration of several commercial solutions, we have determined that NDS User Management, Netware file sharing, Cyrus Imap services, and the Horde/IMP Webmail package together will create an integrated system that will offer our users all the network services they need while maintaining a single point of administration across all platforms. To date, we have been extremely impressed with the scalabilty and flexibility of the Cyrus Imap server, and are moving forward with an expansion of our Cyrus/Novell/NDS/IMP combination running on a distributed server model (approx. 15 servers located on 3 separate campuses.) When finished, the system will be deployed to roughly 2000 users campus wide. At the early stages of the system development, our original design was based on documentation that many of you are familiar with; documents describing how to implement enterprise email systems using combinations of different software packages. Minor changes had to be made to accommodate user authentication to our Novell NDS database through PAM. Currently, we use Novell exclusively for our departmental file sharing and such. Our user database is a little larger than 2000 users. When we designed the NDS database, we took special care to partition everything properly, to ensure the user management would be simple - we are not just providing access to email, but to distributed network applications, printers, shared directories and files, etc. Here is a general idea of what our NDS database looks like: NDS Tree--- Organization(o)--- Department1(ou)--- Users(ou) --Smith --Jones NetwareServer1 Department2(ou)--- Users(ou) --Smith --Butler NetwareServer12 Department3(ou)--- Users(ou) --Simpson --Todd NetwareServer13 Linux Server1(Cyrus) Linux Server2(Cyrus) You probably get the idea. One great feature of Novell is that you can partition 1 physical server to actually appear to be 2 separate servers. For instance, in the model above, Department1-Server1 and Department2-Server2 are physically located on the same machine, but appear as 2 servers in the NDS directory. In addition, you will notice that user 'Smith' exists twice, as two distinct users - Smith.Users.Department1 and Smith.Users.Department2. For our current model, we have 1 physical Linux Server for each Department that uses Cyrus Imap for email; Users.Department1 is on Linux Server1 and Users.Department2 is on Linux Server2. If you take Linux Server1, change PAM to use Ldap/NDS authentication, and modify the /etc/ldap.conf to point to ou=Users,ou=Department1,o=Organization, Users from Department1 have their Cyrus Mailboxes on Linux Server 1 and are able to get email simply by authenticating in an Imap Client as . Furthermore, mail delivery to Linux Server1 is simple because there are no duplicate usernames in the same context of the NDS tree. It would make sense to be able to use 1 Cyrus server (properly partitioned) to serve multiple Departments, where user 'Smith' may be 2 distinct users from 2 contexts; i.e. Linux Server1 will serve users email for ou=Department1 and ou=Department2. Two Questions: 1) What recommendations does anyone have to appropriately partition the Cyrus Server to handle this architecture and what configuration is necessary to ensure that when LinuxServer1 receives a message for [EMAIL PROTECTED], the mail is delivered to user.smith on the partition reserved for Depatment1, and when a message is delivered for [EMAIL PROTECTED], the correct delivery is also made? 2) Assuming 1 is possible, how will 2 users with the same username, but different contexts, login to the same Cyrus Imap server and enter the appropriate mailbox... username = (NDS Context Model) or username = (Domain Model) Any comments/suggestions/help would be greatly appreciated. -John _