Re: Building an IMAP server

To: debian-user@lists.debian.org
Subject: Re: Building an IMAP server
From: Hans Wilmer <lee@yun.yagibdah.de>
Date: Sun, 2 Feb 2003 17:44:59 +0100
Message-id: <[🔎] 20030202164459.GC6970@yun.yagibdah.de>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] LCEAKHPECJBPDEPHLMFGMEBJCEAA.colin@solution-city.com>
References: <[🔎] 20030201130818.GB26043@yun.yagibdah.de> <[🔎] LCEAKHPECJBPDEPHLMFGMEBJCEAA.colin@solution-city.com>

On Sat, Feb 01, 2003 at 02:07:41PM -0000, Colin Ellis wrote:

> I'm not sure about exim with maildir.  I'm not a great fan of exim
> for anything more than simple configurations, but that is only
> personal preference and a bit of hacking of qmail code.

Well, exim natively supports maildir; you just need to tell it to use
it. As for using exim, it's personal preference with me, too: Years
ago I migrated from the sendmail Suse distributions default to, to
qmail because sendmail is so terribly difficult to configure. Qmail
seems to be very nice for setups that must handle a great load of
messages, but it is by far not so easy to understand and to configure
as exim is. Anything I did with qmail was more trial and error than
anything else, mostly due to the lack of decent documentation.

When I upgraded from Suse to Debian some years ago, Debian defaulted
to exim as an MTA, and I decided to give it a try. Exim worked
perfectly almost automagically, and later on I discovered that it
comes with outstanding documentation so that it is relatively easy to
understand and configure. Moreover, it has very nice features, and I
like its concepts in general.

In the actual case for building the IMAP server, Exim can do all the
things required (and more), and it's better to use an MTA I've some
experience with than some unknown software.

> I'm not sure why you feel the need to create user accounts on the
> machine itself.  It seems a bit of a security nightmare to me.

Well, it makes things much easier. It allows for using maildir, which
is a simple and safe way to store the mails, likewise allowing for
much better performance than keeping all mails in huge, single
files. I can set up the users by 'default means' like adduser, and
filesystem quotas can be used. Backing up and restoring the data is
easier than it seems to be with cyrus.

Security issues don't seem to be a real problem to me, but I may be
terribly wrong with that. All users, except a very few which will
solely use a webmail client to access their mails, are employees at
Windoze clients in the LAN. No user will have a shell login to the
server; the only means to access it (besides SMTP to send mails) is
IMAP and eventually POP3.

Under these circumstances, are there security issues I should take
care of?

> I'm not sure how you enforce on your users saving mail on the
> server.  I think the MUA normally only does what the user requests
> it do -

Yes, it does. The thing behind saving all mails on a central server
is, amongst practical considerations, an ongoing, stupid change in
German law. That law says something like that any document that has
been created electronically and may be of importance for business
and/or financially, *must* be stored electronically, and access to it
*must* be granted to certified public accountants on demand. Afaik,
they may demand access even up to 10 years after the document was
created.

It hasn't turned out yet how that law is to be handled actually in
practice. But network administrators cannot check any incoming and
outgoing mail and decide wheather some accountant may eventually want
to see it 10 years later or not. Thus, it might become neccessary to
save a copy of each mail that comes through the server aside from
users access for a decade :(

Well, I already imagined such an accountant being given some hundreds
of gigabytes to look through it for some particular mail. It would
easily take him several years to find the mail. Such law is one of
those special approaches Germans love to come up with ...

> if you have a client set up wrongly, it could probably still delete
> mail from the server.

Actually such a thing happened to me on Friday afernoon :( Currently,
a black-box router is in use that acts as a mail server, too. I've
already done some testing with squirrelmail, imp and the mozilla mail
client on it, as it provides IMAP access besides POP3. I experienced
some minor bugs while testing, and the mozilla client showed some
peculiar files that I thought were left from failed attempts to access
the mail storage. I deleted those files with the mozilla client, and
to my surprise, my mails were suddenly gone. Fortunately, I didn't
loose something important, but it was an, eh, interesting and somewhat
defeating experience.

Therefore, it's all the more neccessary to have a decent server and to
make backups to recover from ...

GH

Reply to:

References:
- Building an IMAP server
  - From: Hans Wilmer <lee@yun.yagibdah.de>
- RE: Building an IMAP server
  - From: "Colin Ellis" <colin@solution-city.com>

Prev by Date: Re: Building an IMAP server
Next by Date: ACPI & USB (not) working simultaneously
Previous by thread: Re: Building an IMAP server
Next by thread: Re: Building an IMAP server
Index(es):
- Date
- Thread