On Tuesday 21 January 2003 22:30, Tim Legant wrote: > Jesse Guardiani <[EMAIL PROTECTED]> writes:
<snip> > The vchkpw program, if compiled to do so, will look at $TCPLOCALIP > (the IP address on the server that the client connected to) and will > attempt to deduce the domain based on that IP. This means that the > users can use a simple username -- the left side of their email > address, like 'joe' -- and doesn't have to use the whole address, like > '[EMAIL PROTECTED]'. Well, I think you'd only need to worry about $TCPLOCALIP in the tmda code. And even then just to figure out which IP tmda-ofmipd (or whatever app we apply the code to) is being called from. If you're using the flat file to reference calling IPs and IMAP/POP3 IPs then you don't really care about whether or not $TCPLOCALIP is consulted in the VPopMail authentication modules. As long as the IMAP/POP3 server is Vpopmail IP domain compatible, you're good to go. > > A single instance of tmda-ofmipd can also bind to all IP aliases on a > machine. The problem arises when we use the -R flag (remote > authentication) to connect to a POP3 or IMAP server. We can, right > now, connect only to the one host specified in the -R parameter. This > means that, in our example setup, only about 1/5th of the > authentications will work. > > Here is a proposed solution. > > 1) Allow the -R flag to accept a host of 0.0.0.0. That will be a flag > to tell tmda-ofmipd to lookup the IP to authenticate through. Works for me. > > 2) Create an IP -> IP mapping file in ~vpopmail/.tmda/ipauthmap. It > would look something like this: > > xxx.xxx.xxx.1:nnn.nnn.nnn.21 > xxx.xxx.xxx.2:nnn.nnn.nnn.22 > ... I like that idea, but we could possibly take this a step further. Does VMailMgr have IP domain support too? Do any IMAP/POP3 servers support VMailMgr's version of IP domains? If not, then we need only be concerned with VPopMail for now. VPopMail defines IP domains using the 'vipmap' command. If VPopMail is defined with SQL support, then these IP maps are written to the vpopmail database. We could include a hook to read this table directly, thus eliminating another maintenance item and further tightening integration with VPopMail. This would facilitate your ideal of having the tmda-ofmipd proxy on one machine, and the IMAP server on another, but it may create tmda-ofmipd maintenance issues if VPopMail ever decides to change their IP table structure. A partial solution would be to parse the output of the 'vipmap' command to retrieve our IP table. But maybe we should again include a hook to an external script that returns the proper info? That way quirky situations could be handled by Perl or SH literate administrators on a case-by-case basis, and we wouldn't have to deal with it as frequently. Or, maybe we should just use the flat file and forget SQL and external script hooks, requiring the user to write a wrapper to 'vipmap' that would sync the VPopMail IP table with the tmda-ofmipd IP flat file? Or even possibly include a such wrapper in the distribution? What do you guys think? > > The first IP is an address that tmda-ofmipd is bound to. The > second IP is the address of the authentication server that <snip> > This scheme allows authentication to take place on the same machine or > on a remote machine, just as we do today. Well, VPopMail's filesystem would still have to be loaded via NFS to retrieve user home directories in the first place, but I get what you're saying. Jesse > > If any other hostname or IP address is given as an argument to the -R > flag, processing takes place exactly as today. > > So... does this make sense to those of you who understand the whole > authentication proxy, tcpserver environment variables, IP-based > virtual domain pile of worms? Any objections or improvements? I > think I can get this done pretty quickly if I get the approval. > > > Tim > _________________________________________________ > tmda-workers mailing list ([EMAIL PROTECTED]) > http://tmda.net/lists/listinfo/tmda-workers -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net We are actively looking for companies that do a lot of long distance faxing and want to cut their long distance bill by up to 50%. Contact [EMAIL PROTECTED] for more info. _________________________________________________ tmda-workers mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-workers
