Re: Mailserver with accounts seperated from unix-accounts

To: mdxi <mdxi@collapsar.net>
Cc: <debian-isp@lists.debian.org>
Subject: Re: Mailserver with accounts seperated from unix-accounts
From: Richard A Nelson <cowboy@debian.org>
Date: Mon, 24 Sep 2001 16:33:57 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.4.33.0109241626030.2188-100000@badlands.lexington.ibm.com>
In-reply-to: <[🔎] E15lbXQ-0001VV-00@kodai.collapsar.net>

On Mon, 24 Sep 2001, mdxi wrote:

> On Monday, September 24, 2001, at 03:06 , Erik Tews wrote:
>
> > I would like to have the mail-accounts seperated from
> > the normal unix-accounts.
>
> Me too.
>
> It seems that this:
>
> 	* Mailserver with non-system passwords
> 	* SMTP-AUTH to allow relaying by people anywhere
> 	* Sharing authentication between SMTP and IMAP server
>
> is the "HELP I CANT GET PPP WORKING" of the new millennium, which is to
> say that everyone wants it, but no distro seems to support it easily *and*
>   there are no decent docs.

What level of separation do you want?

My /etc/{passwd,shadow,group,gshadow} lists *ONLY* Debian supplied
users.  All other user information is stored in a LDAP database.
In the LDAP entries, some are marked for logon access, some for mail,
and I can restrict users to certain machines... All with standard
OpenLDAP, Pam, ssh, sendmail, etc.

When users authenticate using a plain password, /etc/sasldb is
automagically updated to have cram-md5, etc. passwords so subsequent
authentication can be more secure.

Local machines (localhost, localnets) need not authenticate, but remote
users must use SMTP AUTH and/or STARTTLS to send mail (pop-before-mail
is a gross hack imnsho).

> Mail servers in general seem to be the deepest magic on a Unix box, and
> they all seems to have configuration systems which were designed to be
> antagonistic even towards people who can handle any other administration
> task while driving, brushing their teeth, and having sex.

;-)

> So I second this emotion. Can someone please write a cookbook style
> document for how to achieve the above configuration? Perhaps one using
> userdb and one using an sql database. I would be happy to do it myself but
> I've been banging my head against my keyboard for the past 4 days trying
> to get this very thing working.

There are a few folk here who could help with LDAP...

> My apologies if I'm way off base; all suggestions gratefully accepted.

-- 
Rick Nelson
<Sanaya> you guys are all sick!  sick sick sick I tell ya ;)

Reply to:

References:
- Re: Mailserver with accounts seperated from unix-accounts
  - From: mdxi <mdxi@collapsar.net>

Prev by Date: RE: Mailserver with accounts seperated from unix-accounts
Next by Date: VERY URGENT
Previous by thread: RE: Mailserver with accounts seperated from unix-accounts
Next by thread: Re: Mailserver with accounts seperated from unix-accounts
Index(es):
- Date
- Thread