Mailing List Archive: Exim and user account...

Exim and user account...

ch045-2 at dial

Jul 21, 2002, 4:22 AM

Post #1 of 6 (903 views)

What is so simple for you, is a real problem for me...

I would like to run a mail-solution based on exim (for more than 300 users).
I installed exim, qpopper, cyrus-imad and squirrelmail (for webmail).
All seem to run correctly, but i have problem to creat users compatible with
the 3 servers...

I have some questions...

1. By default (if i have good understand) exim create one user account (smtp
account)
for each unix user who receive mail on the server?
2. So, is it secure to create a unix-account for each mail user?
3. Can i use the cmd "adduser -g mail -p password -s /bin/false -e 2002-12-01
-m user1" to do that?
In fact, is it a good decision to put this user in the mail group (the
exim's group),
and is it possible to protect against shell login (do exim run for this
user in this case)?
4. I have problems with users names format. Can i use a "smith_P" login? Is
this login format compatible
with exim? I prefere to use format like "smith.p", but it seem that
cyrus-impad don't accept
mailboxes with a point in the mailboxe name (the "cm user.smith.p" don't run
in the cyradm
program...)

Re: Exim and user account... [ In reply to ]

djc at microwave

Jul 21, 2002, 7:44 AM

Post #2 of 6 (891 views)

On Sun, 21 Jul 2002, ch045-2 wrote:

> What is so simple for you, is a real problem for me...
>
> I would like to run a mail-solution based on exim (for more than 300 users).
> I installed exim, qpopper, cyrus-imad and squirrelmail (for webmail).

qpopper expects use mail to be in system default location.

cyrus uses it own internal storage format.

Ergo, cyrus and qpopper can't share a mailstore. However, I beleive
cyrus now supports POP as well. I can however tell you that cyrus is a
boar to get working properly.

I assume squirrelmail is an IMAP webmail.

You can rig exim to deliver pretty much anywhere, so the best path is to
figure out where you want your mail stored, baseed on the pop/imap/etc
daemons you want to run, then hack on exim to deliver it there..

> All seem to run correctly, but i have problem to creat users compatible with
> the 3 servers...
>
> I have some questions...
>
> 1. By default (if i have good understand) exim create one user account (smtp
> account)
> for each unix user who receive mail on the server?

exim doesnt create any accounts.

> 2. So, is it secure to create a unix-account for each mail user?

It can be.

> 3. Can i use the cmd "adduser -g mail -p password -s /bin/false -e 2002-12-01
> -m user1" to do that?
> In fact, is it a good decision to put this user in the mail group (the
> exim's group),
> and is it possible to protect against shell login (do exim run for this
> user in this case)?

You dont want your usaer accounts in the mail group.
Users do not need to have shells for exim to deliver mail to them

> 4. I have problems with users names format. Can i use a "smith_P" login? Is
> this login format compatible
> with exim? I prefere to use format like "smith.p", but it seem that

It can be, but it is a bit unusual.

> cyrus-impad don't accept
> mailboxes with a point in the mailboxe name (the "cm user.smith.p" don't run
> in the cyradm
> program...)

Correct.

Really, you are better off using straight alphanumerics as usernames (no
punctuation at all) eg - "smithp"

>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>

Re: Exim and user account... [ In reply to ]

bullier at waipro

Jul 21, 2002, 8:00 AM

Post #3 of 6 (891 views)

> Ergo, cyrus and qpopper can't share a mailstore. However, I beleive
> cyrus now supports POP as well. I can however tell you that cyrus is a
> boar to get working properly.
That's not a problem.
Normaly, i use pop retrieve with qpopper.
I use only imap for the webmail and suirrelmail have a specifique plugin to
retrieve pop account and put the result in the associated users imap account.
This really a good job!

> exim doesnt create any accounts.
Really?
But exim creat the user file in the /var/mail directory. Isn't it?
So it recognize a unix account to do that..

> > 2. So, is it secure to create a unix-account for each mail user?
> It can be.
It's enough to use shell /bin/false?

> You dont want your usaer accounts in the mail group.
> Users do not need to have shells for exim to deliver mail to them
What is the best group for the mail users? (i suppose i must creat a
specific?)
Thank's a lot for your answer.

E.Bullier

Re: Exim and user account... [ In reply to ]

ch045-2 at dial

Jul 21, 2002, 8:04 AM

Post #4 of 6 (896 views)

> Ergo, cyrus and qpopper can't share a mailstore. However, I beleive
> cyrus now supports POP as well. I can however tell you that cyrus is a
> boar to get working properly.
That's not a problem.
Normaly, i use pop retrieve with qpopper.
I use only imap for the webmail and suirrelmail have a specifique plugin to
retrieve pop account and put the result in the associated users imap account.
This really a good job!

> exim doesnt create any accounts.
Really?
But exim creat the user file in the /var/mail directory. Isn't it?
So it recognize a unix account to do that..

> > 2. So, is it secure to create a unix-account for each mail user?
> It can be.
It's enough to use shell /bin/false?

> You dont want your usaer accounts in the mail group.
> Users do not need to have shells for exim to deliver mail to them
What is the best group for the mail users? (i suppose i must creat a
specific?)
Thank's a lot for your answer.

E.Bullier

Re: Exim and user account... [ In reply to ]

Jul 21, 2002, 10:47 AM

Post #5 of 6 (898 views)

On Sun, 21 Jul 2002, Dave C. wrote:

> > I would like to run a mail-solution based on exim (for more than 300 users).
> > I installed exim, qpopper, cyrus-imad and squirrelmail (for webmail).
>
> qpopper expects use mail to be in system default location.
>
> cyrus uses it own internal storage format.
>
> Ergo, cyrus and qpopper can't share a mailstore. However, I beleive
> cyrus now supports POP as well. I can however tell you that cyrus is a
> boar to get working properly.

Cyrus has supportted POP since its inception.

...
> > cyrus-impad don't accept
> > mailboxes with a point in the mailboxe name (the "cm user.smith.p" don't run
> > in the cyradm
> > program...)
>
> Correct.

Not really. By default Cyrus uses "." as a hierarchy separator, so you
can't use a "." as part of a mailbox name, but newer versions allow you to
configure this behaviour.

> Really, you are better off using straight alphanumerics as usernames (no
> punctuation at all) eg - "smithp"

Tom

Re: Exim and user account... [ In reply to ]

djc at microwave

Jul 21, 2002, 11:46 AM

Post #6 of 6 (893 views)

On Sun, 21 Jul 2002, ch045-2 wrote:

>
> > Ergo, cyrus and qpopper can't share a mailstore. However, I beleive
> > cyrus now supports POP as well. I can however tell you that cyrus is a
> > boar to get working properly.
> That's not a problem.
> Normaly, i use pop retrieve with qpopper.
> I use only imap for the webmail and suirrelmail have a specifique plugin to
> retrieve pop account and put the result in the associated users imap account.
> This really a good job!

Ugh. But if it works for you..

>
> > exim doesnt create any accounts.
> Really?
> But exim creat the user file in the /var/mail directory. Isn't it?
> So it recognize a unix account to do that..

Thats not the same thing as creating an account. It will receive and
deliver mail for an existing account. It does not _create_ accounts.

>
> > > 2. So, is it secure to create a unix-account for each mail user?
> > It can be.
> It's enough to use shell /bin/false?

It might be, if your system security model is otherwise good.

>
> > You dont want your usaer accounts in the mail group.
> > Users do not need to have shells for exim to deliver mail to them
> What is the best group for the mail users? (i suppose i must creat a
> specific?)

Thats entirely site-specific..

> Thank's a lot for your answer.
>
> E.Bullier
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>