Beyond rtcyrus2 (sendmail integration)

Andrzej Adam Filip anfi at xl.wp.pl
Mon Dec 4 09:49:26 EST 2006 

Jo Rhett <jrhett at netconsonance.com> writes:

> Gary Mills wrote:
>> On Sun, Dec 03, 2006 at 05:33:15PM -0800, Jo Rhett wrote:
>>> Gary Mills wrote:
>>>> We've had excellent sendmail/cyrus integration for years, with
>>>> 35,000 users.  It's done by having all users in the NIS map on
>>>> the mail server.  No modification to sendmail is necessary because
>>>> getpwnam() returns the passwd entry for the user.  Users can't log
>>>> in to the mail server, of course, because PAM rules prevent that.
>>>> The same thing could be done with other user databases, such as
>>>> LDAP.  Why would you ever need a different form of integration?
>>> We've done the same by putting all user accounts into virtusertable
>>> with the no-recursion option.
>>>
>>> That said, it does require something to take user accounts and
>>> export them into virtusertable/nis maps/etc.  So this approach is
>>> technically superior to what you and I are doing.
>>
>> Well, unless you are offering only e-mail service, you have to do that
>> anyway.  We offer many services to all, or subsets, of our users.
>> Having them all in one database is very convenient.  For example, we
>> have a web portal that authenticates users from the same database as
>> the e-mail server.
>
> Yes, but again you're not making a good argument for why they should
> be forced to create a centralized database if they don't have one
> already.
>
> Yes, if you already have all this information in another form you
> don't have this problem today.  So you don't need this project.
>
> This project would help people without that centralized database, or
> who want updates to the good user list to happen in realtime rather
> than after an export of data.

"LDAP master" configuration of cyrus IMAP and sendmail does make sense
especially with "mailbox auto create patch 
*BUT*
1) socket map daemon provides also "mailbox over quota" hint to MTA
   (sendmail) for use in "RCPT TO:" replies
2) cyrus virtual domains can be integrated in "nicer" with LDAP way even
   without quota check at MTA level
3) I insist on supporting *mixed* mailbox types e.g. with *most* mailboxes
   in cyrus but *some* mailboxes serviced by "classic local mailer".
   IMHO it makes sense to deliver messages to postmaster/abuse to cyrus
   and to local "mailbox agent" (procmail) and classic mailbox file.

-- 
[pl2en: Andrew] Andrzej Adam Filip : anfi at priv.onet.pl : anfi at xl.wp.pl
Home site: http://anfi.homesite.net/

More information about the Info-cyrus mailing list