need organizational hint
Adam Tauno Williams
adam at morrison-ind.com
Thu Apr 10 10:53:21 EDT 2003
>I am trying to decide which approach to set up a mail server with
>to accomplish my specific goals. Since these components tend to be
>quite flexible, there are a number of ways to do this.
>1. Where an MTA is needed, I want to use Postfix. But maybe I
> don't actually need one.
Any of the major MTAs seem to work fine.
> 3. Each user can specify their own rules for blacklisting and/or
> whitelisting senders and sending server, either explicit, or
> by their own choice of DNS based blacklists / whitelists.
In Cyrus this is accomplished via Sieve. If your not going to use Sieve then it
is purely an MTA/MUA issue, and not a Cyrus one. But if I were you I'd use
Sieve it is very nice and seem very efficient.
> 4. Delivery attempts to a non-existant user must always give a
> 550 error response. No queueing of a any delivery failure
> messages whatsoever.
This is the default behaviour of MTA->Cyrus (via LMTP) delivery.
>5. No LDAP or other network based user directory. The user
> directory should be something simple and basic, like a DB file.
> But it will need to include the data for the user's rules,
> even if in a separate DB.
So your going to basically recreate a broken version of LDAP?
>6. Authenticate the same set of users with the same password via
> a control panel web page. But I do NOT want each web request
> to go trying to proxy the authentication via IMAP. I want it
> to get it "direct" (whatever that might mean). What tools are
> there for that? This would be the control panel users use to
> do things like control their blacklist / whitelist rules.
SmartSieve provides a nice UI for users to use, but only if your using Sieve.
> 7. Tagged email addresses where user at example.com might get mail
> addressed to user-foo at example.com. If the user allows this,
> but does not set up the mailbox for that address, it falls
> back to the first box found by stripping off each tag part
> one at a time (until it gets to the user's root mailbox which
> has to always exist).
This is default behaviour, AFAIK. At least that has always forked for us
without doing anything. Except the notation is "user+folder.folder...@" but I
suppose you might be able to adjust the "+"
>In order to do number 4 when Postfix is receiving the SMTP connections
>then Postfix will somehow have to know what users exist within Cyrus.
>Is that what SASL is supposed to be able to do (in addition to its
>declared role of authentication)?
No I don't think so. SASL just does authentication, it does not provide a
namespace. That is what LDAP is for.
> I would even consider writing a direct (non-queuing) SMTP front-end
> to effect the blacklisting / whitelistying rules and the non-existant
> user rejection, and then it makes a live connection to Cyrus to do
> the actual delivery passed straight through (and responses at that
> point passed back). I know if I did it this would I would have very
> clear control over the behaviour at this point.
This is an awful lot of work (and harder than you might think) when very good
pre-existing, proven, and debugged solutions exist.
Adam Tauno Williams
Network & Systems Administrator
Grand Rapids, Mi. USA
More information about the Info-cyrus