[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Virtual users or system users for a mail server

Thanks for your comments !

We're currently avoiding name collisions with virtual domains solely, we only have one local domain which all the others virtual, users to domains are mapped by virtual_maps.

One thing that I'm not quite sure about is how to deal with user provided procmails, since the process which executes them has privileges for all vmailboxes, this sounds like a security problem. Perhaps I'm mistaken or missing something here. Do you guys need to provide this kind of service on your mail servers (user provider procmail or sieve) ?

On Fri, Sep 26, 2014 at 8:31 PM, Sven Hartge <sven@svenhartge.de> wrote:
Marc Aymerich <glicerinu@gmail.com> wrote:

> Everybody seems to be configuring their mail server using virtual
> users instead of the traditional system user approach.

> I find system users easy to configure and even more secure, since IMAP
> and POP3 processes can run under the system user account (of course
> disabling shell access).

> I keep wondering if perhaps I'm missing some interesting advantage of
> using virtual user accounts?

> Anyone like to comment on this?

Supporting IMAP shared folders with seperate users is a major pain in
the lower back. This only really works painless if you only use one user
for the mails on the mail-server and and IMAP ACLs on top of that.

Also it allows you to support multiple domains without having to worry
about username collisions.

Third point: I don't have to add any NSS providers like libnss-ldapd or
libnss-mysql to my mail-servers, only the mail handling daemons (exim4,
postfix, dovecot) need to know the users. This reduces the complexity in
a bigger system quite a bit.


Sigmentation fault. Core dumped.

To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: [🔎] 0b17010nofv8@mids.svenhartge.de" target="_blank">https://lists.debian.org/[🔎] 0b17010nofv8@mids.svenhartge.de


Reply to: