[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Building an IMAP server

On Tue, 04 Feb 2003, nate wrote:
> to use, flexible etc. That said, I took a look at possibly replacing
> my cyrus 1.5 with a new cyrus 2.0 or 2.1?? from the unofficial debs

Use my *official* debs. Duh.  The ones for woody are official, they just are
not shipped with woody :-P   sid includes cyrus 1.5 (deprecated upstream)
and cyrus 2.1.  2.2 is comming in one month or so.  Woody (debian 3.0) has
official debs of 1.5 (shipped by Debian), and 2.1 (shipped by me, at
http://people.debian.org/~hmh).

> and it just looks horrible to me. All this sasl crap, incompadiblities

Cyrus 1.5 also has SASL problems.  Anyway, Cyrus 2.1 will do LDAP auth very
easily, as long as it is against an open-ldap server (there is no need to
muck around with PAM to do that, then).  I use it here, and it doesn't even
glitch.

SASL doesn't document it well enough, but saslauthd will talk to slapd (from
openldap) trivially if configured to do so.

> with LDAP authentication, and the complex install process/configure
> process gives it more then 3 strikes in my book. So if/when I decide
> to move on it will be to courier.

Have a look on the new docs in cyrus21-docs, they might change your mind. Or
not.  SASL is a bitch to configure if you need to do anything fancy with it.

> > + Given that there are no local users, how do they authenticate to
> >   access their email via IMAP?

SASL gives you a auth database that can be local (using the /etc/sasldb2
file, and maintained by the saslpasswd2 utility), or through PAM (so it can
be made to use the same user database as the system itself, if you want), or
directly to LDAP.

> I use LDAP authentication via PAM. I have extensive documentation on
> how to setup & deploy such authentication at my LDAP site:
> http://howto.aphroland.de/HOWTO/LDAP

That will work well for SASL1.5. For SASL2 it is a bit different, since it
is best NOT to use PAM then.

[ skip Cyrus 1.5 reconstruct process ]

Cyrus 2.1 does such stuff mostly the same way.

> I haven't tried courier myself yet so can't reccomend for or against
> it, I hear it's good, I plan to investigate it further, but for me
> at least cyrus 2.x is a real bad solution. It seems flaky & has stupid
> dependencies on sasl(I can understand offering support for sasl but
> don't force it).

Heh.  The people who write Cyrus write SASL. Why should they do their work
twice?

The main problem with SASL is that it requires a bit of experimentation to
get it right, and you NEED to read ALL the docs, since there are preciously
few of them :(

Cyrus 2 is anything but flaky...  I am not really sure it is as stable as
1.5, but it has fewer security issues, and a lot more features.

> if you use squirrelmail for webmail I reccomend installing php4-apc
> it improves SM performance by about 20x on my system.

Nice hint. I will try that one.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh
Reply to: