Re: mail system in debian-edu

["Andreas B. Mundt" <andi.mundt@web.de>]

Hi,

On Wed, May 19, 2010 at 09:49:26PM +0200, Petter Reinholdtsen wrote:
> [Andreas B. Mundt]
> > This would have one advantage: There is only on location where the
> > user's data is stored and if a user is removed, all his mails will
> > also be cleared. Are there any disadvantages?
> 
> It would make it very hard to move the mail server away from the
> machine with access to the home directories.  This was the reason such
> setup was choosen in the first place.  Access to emails should be
> limited to network protocols to avoid any hard dependencines between
> the mail and home directory services.

After investigating a bit more, I can offer the following with minimal
changes to our sources:

Mails in home directory: 
  When the home directory is created, create a maildir too:
     mkdir $HOMEDIR/Maildir
     chown mail:mail $HOMEDIR/Maildir
     chmod 2700 $HOMEDIR/Maildir

Alternatively, create a symlink like this:
 
     ln -s /var/mail/$USERID $HOMEDIR/Maildir

Would the latter allow to separate mail-server and home dirs?

The problem with the current setup is, that gosa does not use the
mailMessageStore attribute which is used by courier-imap. The only way
to get around that is to use the default which is ~/Maildir. I could
not find any other way to specify the mail directory. The changes to
svn are attached.

Is there a reason why we use courier? I ask because gosa contains
some administrative tools to maintain a cyrus IMAP server. For a
standard setup this is probably not needed, but imagine a larger setup
where several schools served by a central admin.  

Another related question: Any objections about removing the old
etc/exim configuration, I guess we only need exim4?

Regards,

	Andi

Index: etc/courier/authldaprc-debian-edu
===================================================================
--- etc/courier/authldaprc-debian-edu	(revision 64249)
+++ etc/courier/authldaprc-debian-edu	(working copy)
@@ -3,7 +3,7 @@
 LDAP_SERVER            ldap
 LDAP_URI ldap://ldap
 
-LDAP_BASEDN		ou=People,dc=skole,dc=skolelinux,dc=no
+LDAP_BASEDN		dc=skole,dc=skolelinux,dc=no
 
 LDAP_TIMEOUT		10
 LDAP_AUTHBIND		1
@@ -11,8 +11,8 @@
 LDAP_MAIL		uid
 # LDAP_DOMAIN		example.com
 
-LDAP_HOMEDIR		mailMessageStore
-LDAP_MAILDIR		mailMessageStore
+LDAP_HOMEDIR		homeDirectory
+#LDAP_MAILDIR		 mailMessageStore
 
 # LDAP_MAILDIRQUOTA	maildirQuota
 
Index: etc/exim4/exim-ldap-server-v4.conf
===================================================================
--- etc/exim4/exim-ldap-server-v4.conf	(revision 64249)
+++ etc/exim4/exim-ldap-server-v4.conf	(working copy)
@@ -277,7 +277,7 @@
 
 ldapuser:
   driver = accept
-  condition = ${if eq {}{${lookup ldap {ldap://LDAPSERVER/ou=People,LDAPBASE?uid?one?uid=${local_part}}}}{no}{yes}}
+  condition = ${if eq {}{${lookup ldap {ldap://LDAPSERVER/LDAPBASE?uid?sub?uid=${local_part}}}}{no}{yes}}
   retry_use_local_part
   transport = ldap_delivery
 
@@ -299,7 +299,7 @@
   check_string = ""
   create_directory
   delivery_date_add
-  directory = ${lookup ldap {ldap://LDAPSERVER/ou=People,LDAPBASE?mailMessageStore?one?uid=${local_part}} {$value} fail}
+  directory = ${lookup ldap {ldap://LDAPSERVER/LDAPBASE?homeDirectory?sub?(uid=$local_part)}}/Maildir
   directory_mode = 0700
   envelope_to_add
   group = mail