need organizational hint

Phil Howard phil-info-cyrus at
Thu Apr 10 09:33:49 EDT 2003

I am trying to decide which approach to set up a mail server with
to accomplish my specific goals.  Since these components tend to be
quite flexible, there are a number of ways to do this.

1.  Where an MTA is needed, I want to use Postfix.  But maybe I
    don't actually need one.

2.  Transparent style virtual domains (e.g. not translated).
    I believe this is what the 2.2 version of Cyrus will do.
    Any idea when it will be out of alpha?

3.  Each user can specify their own rules for blacklisting and/or
    whitelisting senders and sending server, either explicit, or
    by their own choice of DNS based blacklists / whitelists.

4.  Delivery attempts to a non-existant user must always give a
    550 error response.  No queueing of a any delivery failure
    messages whatsoever.

5.  No LDAP or other network based user directory.  The user
    directory should be something simple and basic, like a DB file.
    But it will need to include the data for the user's rules,
    even if in a separate DB.

6.  Authenticate the same set of users with the same password via
    a control panel web page.  But I do NOT want each web request
    to go trying to proxy the authentication via IMAP.  I want it
    to get it "direct" (whatever that might mean).  What tools are
    there for that?  This would be the control panel users use to
    do things like control their blacklist / whitelist rules.

7.  Tagged email addresses where user at might get mail
    addressed to user-foo at  If the user allows this,
    but does not set up the mailbox for that address, it falls
    back to the first box found by stripping off each tag part
    one at a time (until it gets to the user's root mailbox which
    has to always exist).

In order to do number 4 when Postfix is receiving the SMTP connections
then Postfix will somehow have to know what users exist within Cyrus.
Is that what SASL is supposed to be able to do (in addition to its
declared role of authentication)?

I'd really rather have the user database under my control, and simply
accessed (never updated) by Cyrus and Postfix as needed to authenticate
and verify users.  Again, this would be something like a Berkeley DB
but with my tools managing it's content (because there would be a lot
of other user data there, like rules and other things unrelated to

What I'd like to know is what organizational structure do you think
this would require?  Would it be better to have Cyrus receiving SMTP
directly and I added code to do all the blacklisting / whitelisting
stuff?  Or would it be better to have Postfix do that and just pass
things on to Cyrus (should I use LMTP for that or something else)?

I want to put together a plan on how this will be done before I
jump into any of it.

I would even consider writing a direct (non-queuing) SMTP front-end
to effect the blacklisting / whitelistying rules and the non-existant
user rejection, and then it makes a live connection to Cyrus to do
the actual delivery passed straight through (and responses at that
point passed back).  I know if I did it this would I would have very
clear control over the behaviour at this point.

Outbound mail would be entirely separate from this.

| Phil Howard - KA9WGN |   Dallas   | |
| phil-nospam at | Texas, USA |    |

More information about the Info-cyrus mailing list