Re: Mail servers for large numbers of users

To: William Burrow <aa126@fan.nb.ca>
Cc: Debian-User <debian-user@lists.debian.org>
Subject: Re: Mail servers for large numbers of users
From: George Bonser <grep@shorelink.com>
Date: Sat, 11 Dec 1999 19:21:49 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.96.991211191207.628Y-100000@calvin.shorelink.com>
In-reply-to: <[🔎] 19991211233928.F10575@fan.nb.ca>

On Sat, 11 Dec 1999, William Burrow wrote:

> 
> You design your server to separate the paths that users are permitted to
> access in a consistent, logical manner.  The fact that a path exists to
> the user does not mean it maps directly to any shared path on the server.
> Think of virtual domains and web sites.  UIDs are irrelevant.
> 
> For reading email, I cannot see any reason to allow an external user to
> peruse the entire system directory structure.  It doesn't make sense.
> Excuse my ignorance on how this service is implemented, but I can't see
> this being a problem in a properly designed system.

You can not equate http and imap in this manner. http serves files. You
can create a different path for each virtual domain. If I type in the full
path for a different domain, I see a different site. Not a big deal.

IMAP does not transfer mail to the user. It allows a remote user to access
their mail on a local filesystem. That is the point of IMAP. You can check
your email from 10 different computers and not leave email on any of them,
it always stays in your mail directory on the central server. Now, I do
NOT want to be able to type the path to another user's directory and see
their mail (or they, mine). My mail folders need to be unreadable by any
other user except me and the mail delivery program.

When I check mail via IMAP, I do not transfer any mail to the remote
system, I am simply given read/write access into a private area on the
server where I might read, send, or delete email. (IMAP can transfer mail
to the local system if that is what you want but it is designed really to
keep all email in a central location).

The point is that other users on the system MUST be prevented from reading
my mail files. This is done with ownership permissions on the directory.
Otherwise, I could log in as me but tell IMAP to use someone elses
directory and read their mail. This is why it breaks when you have more
users than you have bits to assign unique user ID's.

POP3 is no big deal, SMTP is no big deal. IMAP is a big deal because it is
a direct read/write file access to a file that remains persistant on the
server.

Reply to:

Follow-Ups:
- Re: Mail servers for large numbers of users
  - From: Jason Gunthorpe <jgg@ualberta.ca>

References:
- Re: Mail servers for large numbers of users
  - From: William Burrow <aa126@fan.nb.ca>

Prev by Date: Re: Debian 2.2
Next by Date: current status of potato?
Previous by thread: Re: Mail servers for large numbers of users
Next by thread: Re: Mail servers for large numbers of users
Index(es):
- Date
- Thread