Re: Mail servers for large numbers of users

[William Burrow <aa126@fan.nb.ca>]

On Sat, Dec 11, 1999 at 07:21:49PM -0800, George Bonser wrote:
> On Sat, 11 Dec 1999, William Burrow wrote:
> > You design your server to separate the paths that users are permitted to
> > access in a consistent, logical manner.  The fact that a path exists to
> > the user does not mean it maps directly to any shared path on the server.
> > Think of virtual domains and web sites.  UIDs are irrelevant.
> > 
> > For reading email, I cannot see any reason to allow an external user to
> > peruse the entire system directory structure.  It doesn't make sense.
> > Excuse my ignorance on how this service is implemented, but I can't see
> > this being a problem in a properly designed system.
> 
> You can not equate http and imap in this manner. http serves files. You

Why not.  An email resides in a file.  In a Maildir setup, exactly one
message resides in one file.  With Unix mailbox format, several messages
exist in one file, big deal.

> can create a different path for each virtual domain. If I type in the full
> path for a different domain, I see a different site. Not a big deal.

You can't get from http://www.virtualOne.com to http://www.virtualTwo.com
from from http://www.virtualOne.com by typing paths (other than a link
directly to virtualTwo's site).  It is impossible.  Same deal with
IMAP servers.

> IMAP does not transfer mail to the user. It allows a remote user to access
> their mail on a local filesystem. That is the point of IMAP. You can check

I am aware of the purpose of IMAP, I have not seen the implementation.

> The point is that other users on the system MUST be prevented from reading
> my mail files. This is done with ownership permissions on the directory.

Do that with ONE UID.  Courier-IMAP does this.  All users must access
their mail through IMAP.  It makes sense.  It works.  It is the way it
is done.

You don't own that directory according to the database in the IMAP
server, you aren't allowed to enter it.  Your request is turned away
for entering a bad path.  Just like entering a path that doesn't exist
for a particular virtual domain on a web server.

> Otherwise, I could log in as me but tell IMAP to use someone elses
> directory and read their mail. This is why it breaks when you have more
> users than you have bits to assign unique user ID's.

You can't do this because the path you specify is not associated with
your IMAP login ID.  The database tells the server what is the
acceptable base path.  The path is logically constructed, so it is easy to
tell apart illegal paths from legal paths.  The scenario you present is
all in your head.

> POP3 is no big deal, SMTP is no big deal. IMAP is a big deal because it is
> a direct read/write file access to a file that remains persistant on the
> server.

Persistency is not a big deal, email can be made to persist on POP3
servers as well, it is just not often done (and seems to be often
discouraged with small quotas).

I am just a little bothered by statements that implementations of Internet
services are broken and useless by design.  Particularly when RTFM shows
otherwise.  I hope my outburst is not taken the wrong way.

-- 
William Burrow -- New Brunswick, Canada
A 'box' is something that accomplishes a task -- you feed in input and
out comes the output, just as God and Larry Wall intended.
                                         -- brian moore