Torsten,
yes, it's true that this HOWTO doesn't mention the virtual domain settings
but i also read trough the HOWTO of Luc (even more than one time). I just
made the changes to be able to run virtual domain.
by default, the debian packages don't enable the virtdomain: yes. this i
had to do manually after installing the debian packages. but after the
changes in the according files everthying is working.
i don't know about the details in this "abused" virtual domain setup which
is described in the HOWTO compared to a "real" virtual domain setup but it
seems to work. currently there are 12 different domains with about 30
users on this system. it is running since some weeks without any problems.
starting up the systems executes a startup for sasls. here what it does
(i'm using the script provided by luc's HOWTO):
# Starting SASL saslauthdaemon
/usr/sbin/saslauthd -c -a pam&
# Starting Cyrus IMAP Server
/usr/cyrus/bin/master &
;;
Looking to my /etc/passwd i don't have any users there which are using the
mailsystem. since they are virtual i think they don't have to be users on
the real system. the configured users go to the database (virtual table).
hope that this makes it more clear how my setup is working.
regards,
patrick
> Just cross-read this HOWTO you mentioned to see if it might be worth to
> provide some feedback to the author.
>
> Interesting enough, the HOWTO does not mention anything explicit about
> virtual domains. I am not sure but I'd be surprised if the Debian package
> would enable virtdomain: yes by default. I am about sure I had to put this
> in manually. So following the HOWTO you probably setup a single domain
> Cyrus
> IMAPd from the Debian package that then subsequently get's "abused" in a
> "virtual domain by naming convention" way.
>
> In contrast to Cyrus IMAPd, web-cyradm presumes a virtual domain setup.
>
> Nothing wrong with that as long as it works for you. But what I wonder is:
>
> - do you do "saslauthd -a pam -c" as described in the HOWTO? If yes, do
> you
> have users like username.domain.tld in /etc/passwd?
> - how does your MTA handle that setup?
>
> Regards,
> Torsten
>
>
>> --- Urspr�ngliche Nachricht ---
>> Von: [EMAIL PROTECTED]
>> An: [email protected]
>> Betreff: RE: [Web-cyradm] DOMAIN_AS_PREFIX=1 and mailbox names
>> Datum: Wed, 18 May 2005 15:10:23 +0200 (CEST)
>>
>> Hi Torsten,
>>
>> I can see that you spent quite some time finding this detailed
>> information. I used courier-mta before but wanted to migrate to
>> something
>> which is more easy and logical to manage.
>>
>> Browsing trough the internet i saw on the web-cyradm website the
>> document
>> "debian_sarge-cyrus-howto.pdf" and i tought that would be the
>> installation
>> which fits all my needs. therefore my system is settet up like described
>> there.
>>
>> to answer your question:
>> > @Patrick: Are you running with "virtdomains: yes" in "imapd.conf"?
>>
>> yes, i setted "virtdomains: yes" in "imapd.conf".
>>
>> regards,
>> patrick
>>
>> > Hi all,
>> >
>> > [Patrick wrote:]
>> >>> I have the same setup like you have (unixhierarchysep: yes,
>> >>> DOMAIN_AS_PREFIX=1) and my user also looks like you described with
>> >>> the "." in pace of the "@" but the server is running well, without
>> >>> any problems.
>> >
>> >>> The users will then have to login with "user.domain.tld" as
>> username.
>> >>> Thats the only thing i had to make them clear.
>> >
>> >>> Therefore i don't knwo if it is a bug or if ist is impleneted that
>> way
>> >>> because authentivcation would make problems with with the @.
>> Probably
>> >>> the @ is a reserved character in sasl or mysql or whatever.
>> >
>> > Did some more research on this and have some more interesting findinds
>> to
>> > share.
>> >
>> > If you substitute the '@' (at-sign) with a '.' (dot) what you do IIUC
>> is
>> > you
>> > don't do any virtual domain hosting at all. This is not as clean an
>> > approach
>> > as proper virtual hosting will give you. For example, you will not be
>> able
>> > to have "per domain" admins on an IMAP level. But having this is
>> crucial
>> > in
>> > any serious shared services environment. If you are an ISP for
>> example,
>> > you
>> > don't want customer A to be able to login to the IMAP server and see
>> the
>> > names of all mailboxes of all customers that share the mail server, do
>> > you?
>> >
>> > Please have a look at the original documentation:
>> >
>> > http://asg.web.cmu.edu/cyrus/download/imapd/install-virtdomains.html
>> >
>> > @Patrick: Are you running with "virtdomains: yes" in "imapd.conf"?
>> >
>> > Even if you do, if you just don't use the '@' (at-sign) in any names,
>> all
>> > your mailboxes will end up in the default domain no matter in which
>> > "virtual" domain you intended to have them in.
>> >
>> > It migt be though that until some time ago you did not have a lot of
>> > choice
>> > actually. I remember I spent quite some time with this when I was
>> setting
>> > up
>> > our system. You need to make sure you keep two concepts in sync:
>> Virtual
>> > Domain hosting in Cyrus IMAPd and the concept of realms in SASL. And
>> SASL
>> > documentation is quite poor or at least it's hard to find the right
>> piece
>> > to
>> > read unless you followed the development of *IX operating systems
>> since
>> > the
>> > early 70ies. (My personal opinion, not worth discussing.)
>> >
>> > The "virtdomain: yes" stuff hasn't been there forever in Cyrus IMAPd
>> > though.
>> > I am not sure when it was implemented but I remember when I had set up
>> our
>> > system about 2 years ago I had to go to a at that time beta release to
>> get
>> > it. So prior to the virtual domain support that we have today in Cyrus
>> > IMAPd, the approach that Patrick described and that web-cyradm seems
>> to
>> > support was probably the only chance you had.
>> >
>> > Though this is sort of off topic, some words on SASL as well:
>> >
>> > As mentioned several times already: The '@' (at-sign) *is* a special
>> > character to SASL. It separates the user name from the so-called realm
>> in
>> > SASL. At least this is what you can find the in recent Cyrus SASL
>> > implementations. Interesting enough, the RFC 2222 which describes SASL
>> > does
>> > not explicitely talk about this.
>> >
>> > For many systems the rule is "realm == domain", so if you have a user
>> /
>> > mailbox name such as [EMAIL PROTECTED], then the realm will be
>> > somedomain.com. It is up to the SASL configuration what to do with
>> this,
>> > like use the realm portion to lookup users in different files by using
>> the
>> > realm name as a filename, look up users in different passwd files in
>> > different directories by using the realm name as a directory name.
>> >
>> > What's a bit more tricky is how to use a realm name which will have
>> the
>> > format of subdomain.domain.tld to do an LDAP lookup for some object in
>> > dc=subdomain,dc=domain,dc=tld. But this is a whole separate story and
>> > really
>> > way out of topic for this list.
>> >
>> > To take this all back to web-cyradm, I think what we can learn from
>> this
>> > discussions:
>> >
>> > - There are 1000 ways to skin a cat. Or to set up a Cyrus IMAPd based
>> > mailserver. It might be worth to explain these alternatives to allow
>> > anyone
>> > setting up a system to make an educated decision of what he or she is
>> > doing.
>> >
>> > - There is no right and wrong handling of this in web-cyradm but a
>> need
>> to
>> > configure web-cyradm according to the setup you've chosen. So this is
>> not
>> > a
>> > bug but a feature request.
>> >
>> > Having said all that:
>> >
>> > @Luc: Any progress in the setting up a Wiki or giving individual
>> people
>> a
>> > user ID that would allow them to wrap stuff like this here up in a
>> HOWTO
>> > and
>> > publish it on the site?
>> >
>> > Regards,
>> > Torsten
>> >
>> >> --- Urspr�ngliche Nachricht ---
>> >> Von: "paeddy" <[EMAIL PROTECTED]>
>> >> An: <[email protected]>
>> >> Betreff: RE: [Web-cyradm] DOMAIN_AS_PREFIX=1 and mailbox names
>> >> Datum: Wed, 18 May 2005 10:44:29 +0200
>> >>
>> >> Hi Torsten,
>> >>
>> >> I have the same setup like you have (unixhierarchysep: yes,
>> >> DOMAIN_AS_PREFIX=1) and my user also looks like you described with
>> the
>> >> "."
>> >> in pace of the "@" but the server is running well, without any
>> problems.
>> >>
>> >> The users will then have to login with "user.domain.tld" as username.
>> >> Thats
>> >> the only thing i had to make them clear.
>> >>
>> >> Therefore i don't knwo if it is a bug or if ist is impleneted that
>> way
>> >> because authentivcation would make problems with with the @. Probably
>> >> the
>> >> @
>> >> is a reserved character in sasl or mysql or whatever.
>> >>
>> >> Regards,
>> >> patrick
>> >>
>> >> -----Original Message-----
>> >> From: [EMAIL PROTECTED]
>> >> [mailto:[EMAIL PROTECTED] On Behalf Of Torsten
>> >> Schlabach
>> >> Sent: Wednesday, May 18, 2005 10:25 AM
>> >> To: [email protected]
>> >> Subject: Re: [Web-cyradm] DOMAIN_AS_PREFIX=1 and mailbox names
>> >>
>> >> >> Is this a bug or did I overlook something? Should I file a bug?
>> >>
>> >> As nobody replied and told me there is a good reason for this, I will
>> go
>> >> ahead and file a bug for this ...
>> >>
>> >> I wonder if nobody ever noticed this or is just nobody using the
>> >> "unixhierarchysep: yes" setting in imapd.conf?
>> >>
>> >> Regards,
>> >> Torsten
>> >>
>> >> > --- Urspr�ngliche Nachricht ---
>> >> > Von: "Torsten Schlabach" <[EMAIL PROTECTED]>
>> >> > An: [email protected]
>> >> > Betreff: [Web-cyradm] DOMAIN_AS_PREFIX=1 and mailbox names
>> >> > Datum: Mon, 16 May 2005 17:54:03 +0200 (MEST)
>> >> >
>> >> > Hi,
>> >> >
>> >> > if I want to
>> >> >
>> >> > - use virtual domains
>> >> > - use mailbox names with "." in it
>> >> >
>> >> > I understand I should use
>> >> >
>> >> > DOMAIN_AS_PREFIX=1 in conf.php and unixhierarchysep: yes in
>> >> imapd.conf.
>> >> >
>> >> > According to my understanding of cyrus IMAPd, this means that
>> mailbox
>> >> > names will take the format
>> >> >
>> >> > user/[EMAIL PROTECTED]
>> >> >
>> >> > But they actually show up in cyrus as
>> >> >
>> >> > user/some.user.domain.com
>> >> >
>> >> > Would the user/some.user.domain.com notation make any sense in any
>> >> > circumstances? If I think of a user such as
>> >> >
>> >> > [EMAIL PROTECTED] this would then translate to
>> >> >
>> >> > user/henry.w.ford.company.com.tw
>> >> >
>> >> > How would the system ever now which part of this will be the
>> mailbox
>> >> > name and which would be the domain name?
>> >> >
>> >> > Is this a bug or did I overlook something? Should I file a bug? For
>> >> > new accounts this can be patched in newaccount.php in line 240, but
>> I
>> >> > am not sure if there are more places where this would need fixing.
>> >> >
>> >> > Regards,
>> >> > Torsten
>> >> > _______________________________________________
>> >> > This mailing list is hosted and supported by bit-heads GmbH |
>> >> > http://www.bit-heads.ch
>> >> >
>> >> > _______________________________________________
>> >> > Web-cyradm mailing list
>> >> > [email protected]
>> >> > http://www.web-cyradm.org/mailman/listinfo/web-cyradm
>> >> >
>> >> _______________________________________________
>> >> This mailing list is hosted and supported by bit-heads GmbH |
>> >> http://www.bit-heads.ch
>> >>
>> >> _______________________________________________
>> >> Web-cyradm mailing list
>> >> [email protected]
>> >> http://www.web-cyradm.org/mailman/listinfo/web-cyradm
>> >>
>> >>
>> >> _______________________________________________
>> >> This mailing list is hosted and supported
>> >> by bit-heads GmbH | http://www.bit-heads.ch
>> >>
>> >> _______________________________________________
>> >> Web-cyradm mailing list
>> >> [email protected]
>> >> http://www.web-cyradm.org/mailman/listinfo/web-cyradm
>> >>
>> > _______________________________________________
>> > This mailing list is hosted and supported
>> > by bit-heads GmbH | http://www.bit-heads.ch
>> >
>> > _______________________________________________
>> > Web-cyradm mailing list
>> > [email protected]
>> > http://www.web-cyradm.org/mailman/listinfo/web-cyradm
>> >
>> >
>>
>>
>> _______________________________________________
>> This mailing list is hosted and supported
>> by bit-heads GmbH | http://www.bit-heads.ch
>>
>> _______________________________________________
>> Web-cyradm mailing list
>> [email protected]
>> http://www.web-cyradm.org/mailman/listinfo/web-cyradm
>>
> _______________________________________________
> This mailing list is hosted and supported
> by bit-heads GmbH | http://www.bit-heads.ch
>
> _______________________________________________
> Web-cyradm mailing list
> [email protected]
> http://www.web-cyradm.org/mailman/listinfo/web-cyradm
>
>
_______________________________________________
This mailing list is hosted and supported
by bit-heads GmbH | http://www.bit-heads.ch
_______________________________________________
Web-cyradm mailing list
[email protected]
http://www.web-cyradm.org/mailman/listinfo/web-cyradm
