postfix to cyrus-imap via lmtp?
adil at adis.on.ca
Thu Oct 21 16:46:54 EDT 2004
> Then the problem is really that debian's postfix packages don't include
> postfix's SMTP AUTH/sasl patch, right? I've done a lot of postfix builds
> in the past and they're really nothing to be afraid of. Even on the
> machines where I run debian, I still build postfix from source to gain
> access to things like LDAP and the latest versions.
No, Debian's cyrus-sasl doesn't include the patch to lookup encrypted
passwords in sql. This means I have to build cyrus-sasl from source and
everything that depends on it, cyrus-imapd, postfix, anything else?
It also mans I have to build a 'dummy' MTA package so I can remove
Debian's postfix package without wrecking my system.
I guess I could use pam. SMTP AUTH would look like:
postfix -> sasl -> saslauthd -> pam -> mysql
And cyrus-imap would do the same:
imap -> sasl -> saslauthd -> pam -> mysql
> What if a user gains access to your database? Furthermore, what would be
> the point of having them stored in plain text? Might as well encrypt them
Having encrypted passwords is part of the problem, in addition the fact
that there are many different encryption schemes. My users already have a
mix of crypt and md5crypt passwords. Still need a way to rectify this.
Stil might be handy to temorarily collect usernames and a clear text
passwords, then store them encrypted in mysql.
Oh man, I am almost ready to toss the idea of a 'sealed' mail server
alltogether. Instead keep unix accounts, shadow passwords and lock down
the box so mail users do not have shell access....
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus