Re: Email accounts on FreeBSD 5.1-RELEASE
On Fri, Jun 20, 2003 at 05:16:11PM -0400, Alex Ayala wrote: Ok, maybe...yes I read what I wrote and didn't quite explain what I really wanted to say. I want to setup accounts on my box so users can retrieve emails by accessing my pop server. Do I need to setup user accounts on my box with the adduser command? I don't want them to be able to have access to the shell by any means. Is like when I wanted to give someone access to my ftp server I just created an account and took out the shell part in the passwd file. Sorry my english is not the greatest. Trying to explain something and can't find the right words. Is that a bit better to understand? The answer depends a bit on which pop server you're using. If you don't want to create user accounts on the box for mail users then use something like Cyrus, which manages it's own authentication and so doesn't require any system accounts to be created for mail users. -- Tis a wise thing to know what is wanted, wiser still to know when it has been achieved and wisest of all to know when it is unachievable for then striving is folly. [Magician] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Email accounts on FreeBSD 5.1-RELEASE
Hi, Your language is not the problem, I think everyone here understands what you're saying, just not what you mean. I assume you want to give people e-mail accounts and nothing more. No SSH, no FTP, nothing. In that case, creating a full-blown system account is not only a waste of resources, it's also potentially insecure and adds a lot of administrative concerns. I'd suggest you go with a virtual-domain type of mail hosting. Personally I've used qmail (the mail server - you should replace sendmail with this one on your system anyway) with both vmailmgr and vpopmail, which go about slightly differently trying to solve roughly the same problem. Basically they implement their own authentication scheme, not requiring any system accounts (well .. one is needed for administration and storage of the virtual domains, but that can be either your own account or a special account you set up for that purpose). I'd say vpopmail is closest to what you want, atleast among the solutions I've tested personally. I suggest you do a bit of googling, there are several good HOWTOs out there describing in detail how to set up qmail and these tools. Sometimes you'll have to adopt it a bit for FreeBSD, but in general that's not a problem. Good luck! /Eirik On Fri, 2003-06-20 at 23:16, Alex Ayala wrote: Ok, maybe...yes I read what I wrote and didn't quite explain what I really wanted to say. I want to setup accounts on my box so users can retrieve emails by accessing my pop server. Do I need to setup user accounts on my box with the adduser command? I don't want them to be able to have access to the shell by any means. Is like when I wanted to give someone access to my ftp server I just created an account and took out the shell part in the passwd file. Sorry my english is not the greatest. Trying to explain something and can't find the right words. Is that a bit better to understand? A -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mark Murray Sent: Friday, June 20, 2003 4:51 PM To: Alex Ayala Cc: [EMAIL PROTECTED] Subject: Re: Email accounts on FreeBSD 5.1-RELEASE Alex Ayala writes: I got a question, if I want to create an email account on my Freebsd 5.1 box, but not let them have shell access do I just do a adduser and specify /sbin/nologin? If I want an off-road vehicle, do I just buy a Land Rover? It usually comes to quite a lot more than that, depending on what it is you want to do _exactly_. The above will work in certain circumstances, but simple testing will tell you that. What we can't tell is whether you need a Land Rover or a Bulldozer. :-) M -- Mark Murray iumop ap!sdn w,I idlaH ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part
Email accounts on FreeBSD 5.1-RELEASE
I got a question, if I want to create an email account on my Freebsd 5.1 box, but not let them have shell access do I just do a adduser and specify /sbin/nologin? Alex ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Email accounts on FreeBSD 5.1-RELEASE
Alex Ayala writes: I got a question, if I want to create an email account on my Freebsd 5.1 box, but not let them have shell access do I just do a adduser and specify /sbin/nologin? If I want an off-road vehicle, do I just buy a Land Rover? It usually comes to quite a lot more than that, depending on what it is you want to do _exactly_. The above will work in certain circumstances, but simple testing will tell you that. What we can't tell is whether you need a Land Rover or a Bulldozer. :-) M -- Mark Murray iumop ap!sdn w,I idlaH ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Email accounts on FreeBSD 5.1-RELEASE
Ok, maybe...yes I read what I wrote and didn't quite explain what I really wanted to say. I want to setup accounts on my box so users can retrieve emails by accessing my pop server. Do I need to setup user accounts on my box with the adduser command? I don't want them to be able to have access to the shell by any means. Is like when I wanted to give someone access to my ftp server I just created an account and took out the shell part in the passwd file. Sorry my english is not the greatest. Trying to explain something and can't find the right words. Is that a bit better to understand? A -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mark Murray Sent: Friday, June 20, 2003 4:51 PM To: Alex Ayala Cc: [EMAIL PROTECTED] Subject: Re: Email accounts on FreeBSD 5.1-RELEASE Alex Ayala writes: I got a question, if I want to create an email account on my Freebsd 5.1 box, but not let them have shell access do I just do a adduser and specify /sbin/nologin? If I want an off-road vehicle, do I just buy a Land Rover? It usually comes to quite a lot more than that, depending on what it is you want to do _exactly_. The above will work in certain circumstances, but simple testing will tell you that. What we can't tell is whether you need a Land Rover or a Bulldozer. :-) M -- Mark Murray iumop ap!sdn w,I idlaH ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Email accounts on FreeBSD 5.1-RELEASE
Alex Ayala writes: Ok, maybe...yes I read what I wrote and didn't quite explain what I really wanted to say. I want to setup accounts on my box so users can retrieve emails by accessing my pop server. Do I need to setup user accounts on my box with the adduser command? I don't want them to be able to have access to the shell by any means. Is like when I wanted to give someone access to my ftp server I just created an account and took out the shell part in the passwd file. Sorry my english is not the greatest. Trying to explain something and can't find the right words. Is that a bit better to understand? Sort of. But you need to understand how to specify and set up a secure system. What is your threat model? What resources are your (ab)users most likely to throw at you, and what are the consequences if they succeed? How much can you afford to spend to prevent this compared with what you guess they are prepared to spend to attack you? Only you can answer these questions. Once you know the comprehensive answer to these questions, you know what to ask of the software and hardware you investigate to perform the task. While you are asking the questions, _experiment_ with what you have, and look for real-life holes in your setup. Try to think like the attacker you are trying to thwart. Attack yourself. Get paranoid. M -- Mark Murray iumop ap!sdn w,I idlaH ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
