Re: Pop mail virtual user security [LONG]
In message <20021208151044.GA1133@mould.vormig.net>, Tim van Erven writes:
>On Sun, Dec 08, 2002 at 12:29:09PM -0200, Henrique de Moraes Holschuh <hmh@deb
>ian.org> wrote:
>> On Sat, 07 Dec 2002, Tim van Erven wrote:
>>> Inspired by a recent thread on this list I decided to set up a
>>> mailserver with pop3 access over ssl. It's working now, but I'd
>>> appreciate some comments on its security. My setup is as follows:
>>
>> I'd suggest trying a closed spool system like Cyrus 2.1.* for that... It
>> supports IMAP _and_ POP, in SSL and TLS versions...
>
>AFAIK Cyrus only stores mail in a custom format. I'd prefer using either
>mbox or maildir so I can use standard utils to manipulate them if I ever
>feel the need.
The cyrus mail format is essentially the same as Maildir or MH, without the
funky names and the 3 directories of Maildir. This means that it's not NFS
safe, but the files are modifiable by standard tools. As long as you don't
change any of the header meta-data (Subject, Date, etc.) you can modify
them freely, and if you do change that header data, you just need to
rebuild the cache file that cyrus maintains for each Mailbox. Converting
from Mailbox <-> Cyrus <-> Maildir is essentially the same as doing
Mailbox <-> Maildir conversions.
As you said, Cyrus is largely designed for larger installations, but it
does perform better than the competition due to the caching, especially
when searching mailboxes. I've been very happy with it.
--Ted
Reply to: