need organizational hint

Adam Tauno Williams adam at morrison-ind.com
Thu Apr 10 10:53:21 EDT 2003 

>I am trying to decide which approach to set up a mail server with
>to accomplish my specific goals.  Since these components tend to be
>quite flexible, there are a number of ways to do this.
>1.  Where an MTA is needed, I want to use Postfix.  But maybe I
>    don't actually need one.

Any of the major MTAs seem to work fine.

> 3.  Each user can specify their own rules for blacklisting and/or
>     whitelisting senders and sending server, either explicit, or
>     by their own choice of DNS based blacklists / whitelists.

In Cyrus this is accomplished via Sieve.  If your not going to use Sieve then it
is purely an MTA/MUA issue, and not a Cyrus one.  But if I were you I'd use
Sieve it is very nice and seem very efficient.

> 4.  Delivery attempts to a non-existant user must always give a
>     550 error response.  No queueing of a any delivery failure
>     messages whatsoever.

This is the default behaviour of MTA->Cyrus (via LMTP) delivery.

>5.  No LDAP or other network based user directory.  The user
>    directory should be something simple and basic, like a DB file.
>    But it will need to include the data for the user's rules,
>    even if in a separate DB.

So your going to basically recreate a broken version of LDAP?

>6.  Authenticate the same set of users with the same password via
>    a control panel web page.  But I do NOT want each web request
>    to go trying to proxy the authentication via IMAP.  I want it
>    to get it "direct" (whatever that might mean).  What tools are
>    there for that?  This would be the control panel users use to
>    do things like control their blacklist / whitelist rules.

SmartSieve provides a nice UI for users to use, but only if your using Sieve.

> 7.  Tagged email addresses where user at example.com might get mail
>     addressed to user-foo at example.com.  If the user allows this,
>     but does not set up the mailbox for that address, it falls
>     back to the first box found by stripping off each tag part
>     one at a time (until it gets to the user's root mailbox which
>     has to always exist).

This is default behaviour, AFAIK.  At least that has always forked for us
without doing anything.  Except the notation is "user+folder.folder...@" but I
suppose you might be able to adjust the "+"


>In order to do number 4 when Postfix is receiving the SMTP connections
>then Postfix will somehow have to know what users exist within Cyrus.
>Is that what SASL is supposed to be able to do (in addition to its
>declared role of authentication)?

No I don't think so.  SASL just does authentication, it does not provide a
namespace.  That is what LDAP is for.

> I would even consider writing a direct (non-queuing) SMTP front-end
> to effect the blacklisting / whitelistying rules and the non-existant
> user rejection, and then it makes a live connection to Cyrus to do
> the actual delivery passed straight through (and responses at that
> point passed back).  I know if I did it this would I would have very
> clear control over the behaviour at this point.

This is an awful lot of work (and harder than you might think) when very good
pre-existing, proven, and debugged solutions exist.

ftp://ftp.kalamazoolinux.org/pub/pdf/Cyrus.pdf

Adam Tauno Williams
Network & Systems Administrator
Morrison Industries
Grand Rapids, Mi. USA

More information about the Info-cyrus mailing list