Skip to topic | Skip to bottom
Home
Socialtools
login

edit

Socialtools.ExperimentalMailr1.1 - 09 Jun 2004 - 16:23 - TWikiGuesttopic end
Start of topic | Skip to actions

Experimental Mail Services

Requirements:

  • IMAP mailboxes
  • Virtual users (who just have mail on the system but no Unix account)
  • All information about users is in LDAP
  • Webmail system

Documents about setting up something like this:

I've done some experimentation with Courier IMAP on rabelais; see RabelaisCourierImap. This work should be continued on valter.

We'll need a tool for editing user accounts in LDAP; there should be a STAC plugin for this. We might get some ideas from postPHPix. We also need a way for users to change their own password, and (eventually) real name, forwarding address, etc.

For webmail, we should look at:

To run webmail on a secure connection, we'll need an SSL certificate. The least expensive ones seem to be from instantssl.com. Each certificate is only good for one domain name, so we have two options:

  • Have each project pay for its own certificate.
  • Projects that don't want to pay for a certificate can use http://mail.socialtools.net as their webmail interface. (Their email addresses will stil be whatever@someproject.org.)

Here's another page with links to possibly useful software:

Issues

Q: How should we secure the LDAP directory?

First let's ask, what needs to access it? Only Courier IMAP, Postfix and Stac, which run locally. So all we need to do is block remote access, and restrict local access to those programs. Therefore I think we should use simple password-based authentication, and use file permissions to protect the passwords. This makes LDAP no less secure than MySQL. If someone cracks into the machine and gets root access, no amount of Kerberos or SSL will help, anyway.

Q: How should we secure IMAP?

SSL seems to be the best way to do this. People's mail clients can then send plaintext passwords over the SSL connection.

Q: Do we need to support SMTP AUTH?

I don't think so, because I don't think we need to support SMTP relaying. People who use their own mail client can use their ISP's SMTP service. Ours will just be for local clients, such as the webmail program.

Q: How do we store users' IMAP passwords?

Let's use MD5; it allows for longer passwords than crypt, which is limited to 8 characters.

Priorities

  • Get an SSL certificate.
  • Install and configure OpenLDAP.
  • Get Postfix and Courier IMAP to use LDAP.

Non-Priorities

  • Get Courier to use SSL.
  • Consider switching from Procmail to Courier Maildrop, following Riseup's example.
  • Install Apache prerequisites (e.g. PHP) for Squirrelmail and IMP.
  • Install Squirrelmail and IMP.
  • Compare Squirrelmail to IMP and see which we like better.
  • Write a STAC plugin to handle LDAP administration.

-- BenjaminGeer - 14 Jun 2003
to top

End of topic
Skip to action links | Back to top

Edit | Attach image or document | Printable version | Raw text | More topic actions
Revisions: | r1.7 | > | r1.6 | > | r1.5 | Total page history | Backlinks
You are here: Socialtools > ServerConfigExperimental > ExperimentalMail

to top

Copyright © 1999-2012 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Open-org? Send feedback