Rick Widmer wrote:
That is what i meant, not everyone is able to have a special server just for mail, and thus running Apache as vpopmail:vchkpw is not an option. If you created some sort of deamon that allows you with public and privatekey's to communicate. Then you can run apache as www:www and not have to worry about users being able to alter vpopmail stuff cause of the mail server running under vpopmail:vchkpw.
It is very easy to start a second instance of Apache. Just create a second httpd.conf file with different users, different DocumentRoot and add Listen directives to both httpd.conf files specifying which ports and IP addresses each server handles.
The more I think about it the more it looks like the most secure solution. (Other than a separate mail server.)
Well, what i meant is that having one binary that can do everything in one, is easier than having to run several different commands each time to add or remove domains, and having to parse different output each time.A binary that handled a few information retrieval functions is probably all that would be needed. I think there would be about 4-6 functions it should be able to return data from. I actually considered writing it before I decided to attack the PHP extension.
For the rest we may as well exec the existing progtrams and not re-invent existing functionality. I've already got a PHP program that manages mail domains that way, but it reads the ~vpopmail/domains/ directory to get all its information.
I personally might start on this, if i get the chance, as it would be a lot better than running apache as the mail user, when other there are other websites on it.
If you do, please be sure to implement security within your program. Each page hit the php program needs to pass user supplied credentials so you can verify the user. The vpopmail library does not do this security checking, so you have to. If the vpopmail library becomes directly available to anyone running as www:www, they can do ANYTHING to your mail accounts.