[gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[Ow Mun Heng]

I'm just doing some testing for setting up a virtual mailhosting
I've read the Gentoo Virt Mail Howto and quite a few others but still
have some questions.

Choosen Mail Server : Postfix
IMAP Client under consideration : Cyrus IMAP/Courier IMAP/DoveCot

Requirements.
1. Ability to do Virtual Mail Hosting
2. Ability to support local Users (see note)
3. Scalable
4. Support for flat file Passwords(/etc/passwd) or LDAP/MySQL 

Note :
a. Some users will be local users. These users will have SSH/SFTP/FTP 
b. Some users will need to have FTP access (NO SSH) to webhosting 

The problem here is mainly due to note (a) and (b) where there is a need
for local users. What I want, what is written on postfix's site
(http://www.postfix.org/VIRTUAL_README.html) is a variation of

i) NON Postfix Store : Separate Domains, NON-Unix Accounts
	and
ii) Postfix store : Separate Domains, UNIX Accounts

Can all of these be done using NON-Postfix Store
(cyrus/courier/dovecot) : Separate Domains with Unix and Non Unix
Accounts? Depending on whether there is need for note (a) and (b)

or should I just put the local users on a separate box?

What are you using? I've seen quite a lot of Howto and docs but seems like
my choice isn't one of those widely used scenerios. In addition to that, 
it also doesn't seem cyrus-imapd is much used too.




-- 
Ow Mun Heng
Gentoo/Linux on DELL D600 1.4Ghz 1.5GB RAM
98% Microsoft(tm) Free!! 
Neuromancer 11:23:21 up 3:57, 6 users, load average: 1.00, 0.81, 0.71 


-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ow Mun Heng wrote:
> 1. Ability to do Virtual Mail Hosting

courier-mta

> 2. Ability to support local Users (see note)


Courier. I had both local (/etc/passwd) accounts, and virtual-domain+user accounts on the same
server (7000+ accounts total, SQL+/etc/passwd (via PAM))

> 3. Scalable

Courier-MTA (includes courier-imap)

DON'T THINK ABOUT DOVECOT for really scalable installations. after 5000+ it gets quite slow.

> 4. Support for flat file Passwords(/etc/passwd) or LDAP/MySQL 

Courier-MTA (includes courier-imap)

- --
Arturo "Buanzo" Busleiman - www.buanzo.com.ar
Consultor en Seguridad Informatica
President, Open Information System Security Group - Argentina
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC+tGAAlpOsGhXcE0RAuAcAJ91+ZvC9xSvgy0u8If8wElZ1sNU6wCfdM+q
nwhTs5r7w1l8SnAAH798ka4=
=6iKL
-----END PGP SIGNATURE-----
-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[Ow Mun Heng]

On Thu, 2005-08-11 at 01:18 -0300, Arturo 'Buanzo' Busleiman wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Ow Mun Heng wrote:
> > 1. Ability to do Virtual Mail Hosting
> 
> courier-mta
> 
> > 2. Ability to support local Users (see note)
> 
> 
> Courier. I had both local (/etc/passwd) accounts, and virtual-domain+user accounts on the same
> server (7000+ accounts total, SQL+/etc/passwd (via PAM))

Just wondering, can I say, have a virtual domain user user1@localdomain
(where localdomain is really local but just hosted as a virtual domain)
which can have SSH/FTP access using the same password to access their
email?

> 
> > 3. Scalable
> 
> Courier-MTA (includes courier-imap)
> 
> DON'T THINK ABOUT DOVECOT for really scalable installations. after 5000+ it gets quite slow.

Thanks for the heads up then. Is the slowness attibuted to lookups to
passwords or some other issues?

> > 4. Support for flat file Passwords(/etc/passwd) or LDAP/MySQL 
> 
> Courier-MTA (includes courier-imap)


Hmm... I see a general preference towards courier here. Just curious,
have you tried cyrus at all? If yes, what are it's shortcomings?

Thanks

-- 
Ow Mun Heng
Gentoo/Linux on DELL D600 1.4Ghz 1.5GB RAM
98% Microsoft(tm) Free!! 
Neuromancer 12:36:43 up 5:10, 6 users, load average: 1.76, 0.88, 0.66 


-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ow Mun Heng wrote:
> Just wondering, can I say, have a virtual domain user user1@localdomain
> (where localdomain is really local but just hosted as a virtual domain)
> which can have SSH/FTP access using the same password to access their
> email?

FTP to access the maildir, you mean? ssh for sftp? (same purpose)?

> Thanks for the heads up then. Is the slowness attibuted to lookups to
> passwords or some other issues?

storage format and concurrency. with the same hardware, courier-imap outperformed dovecot.
at least in most scenarios I've tested, or been told about.

> Hmm... I see a general preference towards courier here.

Been there, just that :) - I been sticking around with linux and free software since.... well, a lot
of time ago. the kernel was like 3 years old then :)

> Just curious,
> have you tried cyrus at all? If yes, what are it's shortcomings?

Yep. I worked for SuSE for along time, and it's an excellent product (cyrus+postfix being the
preference at that time, I can't tell now), but mail systems should be simple enough, and cyrus
tends to add a couple of steps that turn it into unusable for a beginner admin.


- --
Arturo "Buanzo" Busleiman - www.buanzo.com.ar
Consultor en Seguridad Informatica
President, Open Information System Security Group - Argentina
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC+uKcAlpOsGhXcE0RAh0XAJ9dEppFhHtOC7LLRhWb9SNfl9XybQCdFrU4
dBiA6Z8hLSiN/Zch+WLE01w=
=exc/
-----END PGP SIGNATURE-----
-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[Darko Luketic]

On Thu, 11 Aug 2005 11:46:13 +0800
Ow Mun Heng <Ow.Mun.Heng@wdc.com> wrote:

> I'm just doing some testing for setting up a virtual mailhosting
> I've read the Gentoo Virt Mail Howto and quite a few others but still
> have some questions.
> 
> Choosen Mail Server : Postfix
> IMAP Client under consideration : Cyrus IMAP/Courier IMAP/DoveCot
> 
> Requirements.
> 1. Ability to do Virtual Mail Hosting
> 2. Ability to support local Users (see note)
> 3. Scalable
> 4. Support for flat file Passwords(/etc/passwd) or LDAP/MySQL 
> 
> Note :
> a. Some users will be local users. These users will have SSH/SFTP/FTP 
> b. Some users will need to have FTP access (NO SSH) to webhosting 
> 
> The problem here is mainly due to note (a) and (b) where there is a need
> for local users. What I want, what is written on postfix's site
> (http://www.postfix.org/VIRTUAL_README.html) is a variation of
> 
> i) NON Postfix Store : Separate Domains, NON-Unix Accounts
> 	and
> ii) Postfix store : Separate Domains, UNIX Accounts
> 
> Can all of these be done using NON-Postfix Store
> (cyrus/courier/dovecot) : Separate Domains with Unix and Non Unix
> Accounts? Depending on whether there is need for note (a) and (b)
> 
> or should I just put the local users on a separate box?
> 
> What are you using? I've seen quite a lot of Howto and docs but seems like
> my choice isn't one of those widely used scenerios. In addition to that, 
> it also doesn't seem cyrus-imapd is much used too.
> 
> 
> 
> 
> -- 
> Ow Mun Heng
> Gentoo/Linux on DELL D600 1.4Ghz 1.5GB RAM
> 98% Microsoft(tm) Free!! 
> Neuromancer 11:23:21 up 3:57, 6 users, load average: 1.00, 0.81, 0.71 
> 
> 
> -- 
> gentoo-server@gentoo.org mailing list
> 

If you're using postfix check out postfixadmin
http://high5.net/postfixadmin/

you just have to make sure you configure the postfix database tables and postfix database config files the way it is shown in the postfix howto on postfixadmin's site.
because if you use the gentoo howto the tables will be different and you would get entries created that won't get queried.


-- 
Mit freundlichen Grüßen


Darko Luketic

-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[Ow Mun Heng]

On Thu, 2005-08-11 at 10:36 +0200, Darko Luketic wrote:
> On Thu, 11 Aug 2005 11:46:13 +0800
> Ow Mun Heng <Ow.Mun.Heng@wdc.com> wrote:
> 
> > I'm just doing some testing for setting up a virtual mailhosting
> > I've read the Gentoo Virt Mail Howto and quite a few others but still
> > have some questions.
> > 
> > Choosen Mail Server : Postfix
> > IMAP Client under consideration : Cyrus IMAP/Courier IMAP/DoveCot

> 
> If you're using postfix check out postfixadmin
> http://high5.net/postfixadmin/
> 
> you just have to make sure you configure the postfix database tables and postfix database config files the way it is shown in the postfix howto on postfixadmin's site.
> because if you use the gentoo howto the tables will be different and you would get entries created that won't get queried.

Thanks for the tip. I've heard of it already but not seen what it does. 


-- 
Ow Mun Heng
Gentoo/Linux on DELL D600 1.4Ghz 1.5GB RAM
98% Microsoft(tm) Free!! 
Neuromancer 18:05:13 up 10:39, 8 users, load average: 1.11, 1.22, 1.63 


-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[Benjamin Smee]

On Thu, 2005-08-11 at 11:46 +0800, Ow Mun Heng wrote:
> I'm just doing some testing for setting up a virtual mailhosting
> I've read the Gentoo Virt Mail Howto and quite a few others but still
> have some questions.
[snip]

Everything you listed is possible with postfix and cyrus. They are both
the premier solutions of their kind in their class.

Benjamin Smee (strerror)


-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[Ian P. Christian]

[-- Attachment #1: Type: text/plain, Size: 1082 bytes --]

On Thursday 11 August 2005 05:39, Ow Mun Heng wrote:
> Just curious,
> have you tried cyrus at all? If yes, what are it's shortcomings?

I used cyrus. I used to use courier but having looked at cyrus realized what I 
was missing. The Maildir format uses a transactional databates to keep it's 
indexes up to date, so it's faster then courier.  

It does support clustering too, although I've never done it.

I am not sure how you would get it to authenticate against multiple 
authentication backends - I've never neeeded to do so.  I use it in a virtual 
hosting environment, and whilst there are local users, they are not tied 
1-to-1 to a mailbox. This does mean that if people want to run pine (or 
similar) from the mail server they have to use IMAP, but in my case this 
isn't a problem at all.

Cyrus also supports shared folders and ACLs - not something Courier provides, 
so if you are ever likely to use this, Cyrus is also the one to choose.

I'm not sure Courier supports IDLE either.

Kind Regards,

-- 
Ian P. Christian ~ http://pookey.co.uk

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ian P. Christian wrote:
> Cyrus also supports shared folders and ACLs - not something Courier provides, 
> so if you are ever likely to use this, Cyrus is also the one to choose.

How long since the last time you checked out courier? :)

- --
Arturo "Buanzo" Busleiman - www.buanzo.com.ar
Consultor en Seguridad Informatica
President, Open Information System Security Group - Argentina
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC+0FsAlpOsGhXcE0RAt/LAJ4gU02QGPc77YSnVGnk2IiwlL8ZGACeKgmR
1D2Ofcsl1p2BJYxHdR0idJM=
=7Onx
-----END PGP SIGNATURE-----
-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[Ian P. Christian]

[-- Attachment #1: Type: text/plain, Size: 1668 bytes --]

On Thursday 11 August 2005 13:15, Arturo 'Buanzo' Busleiman wrote:
> How long since the last time you checked out courier?

I only moved away within the last 6 months I think.... still use it on one of 
my servers.  

I know it does keep a cache in the mailbox, but my understanding is it's not 
where near as sophisticated as Cyrus - but I'll accept I could well be wrong.

Also, does courier provide a sieve server? or even support server side 
filtering of mail?

My requirements in my more advanced mail setup wrote of nearly all but Cyrus 
IMAP server, so I know more about cyrus.

Looking at http://www.courier-mta.org/imap/features.html , there is no mention 
of ACLs, but there is now shared folders I see. Digging briefly into the docs 
it does support IDLE.

Here's a interesting quote though aobut courier and it's Maildir format.

"I have 500 MB of archived mail, with several folders with 15,000+ messages in 
them. Trying to get this to work on a dual-AthlonMP 2200+ system with 2 GB of 
RAM was not a lot of fun using Courier-IMAP and Maildir. It would take 
upwards of 30 seconds to load a message index, and it could take even longer 
to do operations on multiple messages."
 
"I installed Cyrus-IMAP on this same server, copied my messages over from one 
setup to the other (using Kontact no less), and haven't had any problems 
since. Folder indexing and access is in the sub 5 second range on my largest 
folders (just under 20,000 messages to date), and doing operations on 
multiple messages takes no time at all."

from http://dot.kde.org/1106909457/1106958472/


-- 
Ian P. Christian ~ http://pookey.co.uk

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[Yogesh Sharma]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Please check http://silverwraith.com/vexim/  I am using it for last 2
years.

The list of features in Virtual Exim 2 includes:

    * Software integration:
          o SpamAssassin
          o Any Exim-compatible virus scanners
          o Procmail or any other software which mail can be piped to
          o MySQL or PostgreSQL backend database support through PearDB
          o Translations into German, Romanian and Hungarian
    * Site management:
          o Add or remove local and relay domains in seconds
          o Create "aliased" domains whose accounts redirect to mirror
            accounts on a master domain
          o Enable and tune quotas for each domain
          o Choose to use one system UID/GID per site, or a different
            UID/GID for each domain
          o Apply limits to the number of accounts each domains can have
          o Alpha menus to alphabetically sort and list domains on
            different pages
    * Domain management:
          o Create new POP/IMAP accounts, or aliases with ease
          o Enable or disable any accounts or aliases on the fly
          o Choose to enable a "catchall" account to receive mail for
            unknown domain accounts
          o Create :fail: entries to forcable reject mail to
            individual addresses
          o Optionally set quotas on mailboxes
          o Add new admins to assist in domain management
          o Alpha menus to alphabetically sort and list accounts on
            different pages
          o Set quotas on user acocunt to any amount less than maximum
            given by the site admin
    * User management:
          o Users can change their own passwords
          o If enabled, users can tune their own SpamAssassin score
            thresholds to tag, and to delete mail
          o If enabled, users can choose to reject mail containing viruses
          o Users can check their own quota thresholds
    * E-mail filtering:
          o Siteadmin can define if Anti-Virus or Spamassassin options
            should be availible to each domain
          o If enabled for the domain, the domain admin can toggle
            Anti-Virus and Spamassassin options for each user
          o User can also change thresholds at which to block
            potential Spam to suit there needs, enable/disable virus
            checking, and also set maximum message size limits for
            their inbound mail.
          o Users can enter e-mail headers on which to block mail.
            This also allows the simple blacklisting of individual
            e-mail addresses
          o Virtual Exim also allows users to set vacation messages
            while they are away on vacation. The inbound messages get
            delivered as normal, and their sender gets a custom reply
            which the user can create
          o Users also have the option to forward all inbound e-mail
            to any other e-mail account




Ow Mun Heng wrote:

>I'm just doing some testing for setting up a virtual mailhosting
>I've read the Gentoo Virt Mail Howto and quite a few others but still
>have some questions.
>
>Choosen Mail Server : Postfix
>IMAP Client under consideration : Cyrus IMAP/Courier IMAP/DoveCot
>
>Requirements.
>1. Ability to do Virtual Mail Hosting
>2. Ability to support local Users (see note)
>3. Scalable
>4. Support for flat file Passwords(/etc/passwd) or LDAP/MySQL
>
>Note :
>a. Some users will be local users. These users will have SSH/SFTP/FTP
>b. Some users will need to have FTP access (NO SSH) to webhosting
>
>The problem here is mainly due to note (a) and (b) where there is a need
>for local users. What I want, what is written on postfix's site
>(http://www.postfix.org/VIRTUAL_README.html) is a variation of
>
>i) NON Postfix Store : Separate Domains, NON-Unix Accounts
> and
>ii) Postfix store : Separate Domains, UNIX Accounts
>
>Can all of these be done using NON-Postfix Store
>(cyrus/courier/dovecot) : Separate Domains with Unix and Non Unix
>Accounts? Depending on whether there is need for note (a) and (b)
>
>or should I just put the local users on a separate box?
>
>What are you using? I've seen quite a lot of Howto and docs but seems like
>my choice isn't one of those widely used scenerios. In addition to that,
>it also doesn't seem cyrus-imapd is much used too.
>
>
>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC+0kUqjyCvrpPZ1sRAiiNAJ46AQksez81Q3x9i6bW6P8KAh+oogCfRfan
v/on7F0G4eOnH4LWW7aE7hc=
=3G30
-----END PGP SIGNATURE-----

-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[A. Khattri]

On Thu, 11 Aug 2005, Ow Mun Heng wrote:

> i) NON Postfix Store : Separate Domains, NON-Unix Accounts
> 	and
> ii) Postfix store : Separate Domains, UNIX Accounts
>
> Can all of these be done using NON-Postfix Store
> (cyrus/courier/dovecot) : Separate Domains with Unix and Non Unix
> Accounts? Depending on whether there is need for note (a) and (b)
>
> or should I just put the local users on a separate box?
>
> What are you using? I've seen quite a lot of Howto and docs but seems like
> my choice isn't one of those widely used scenerios. In addition to that,
> it also doesn't seem cyrus-imapd is much used too.

Last time I looked, SASL was a real pain to work with, maybe that's why
people go to courier instead of cyrus? ;-)

As far as user accounts go: we are using qmail so mail accounts live in
vpopmail. Now vpopmail stores accounts data in MySQL so users dont need
local accounts. We have a shell server that people can use if they want to
- on there Pine is configured to connect via IMAP anyway.

As far as webhosting goes, we are using libnss-mysql to provide virtual
accounts (again, out of MySQL) so users dont need local accounts. Making
the default shell on our web server, rssh, means we let them have ftp /
scp / sftp access to their sites (noone has shell access). The great thing
about libnss-mysql is that it just works transparently with proftpd, and
even system quotas work!

All of these things avoid the need for local user accounts on our mail and
web servers and its easy to backup MySQL.

-- 

-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[A. Khattri]

On Thu, 11 Aug 2005, Ian P. Christian wrote:

> "I have 500 MB of archived mail, with several folders with 15,000+ messages in
> them. Trying to get this to work on a dual-AthlonMP 2200+ system with 2 GB of
> RAM was not a lot of fun using Courier-IMAP and Maildir. It would take
> upwards of 30 seconds to load a message index, and it could take even longer
> to do operations on multiple messages."

Could be a bad setup?

Our main mail server is a dual-Athlon (1.6GHz) SMP box, 1Gb RAM and we
serve somewhere between 3000 to 4000 accounts with Courier. Some of users
have hundreds of Mb (a few are > 1Gb of mail).


-- 

-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[Ian P. Christian]

[-- Attachment #1: Type: text/plain, Size: 1343 bytes --]

On Thursday 11 August 2005 14:50, A. Khattri wrote:
> Our main mail server is a dual-Athlon (1.6GHz) SMP box, 1Gb RAM and we
> serve somewhere between 3000 to 4000 accounts with Courier. Some of users
> have hundreds of Mb (a few are > 1Gb of mail).

It's not to do with mail size, it's to do with number of messages in any one 
mailbox.  The file system underlying it will also effect this. 
One of my mailboxes currently has 10,000 emails in, and it's still not showing 
any signs of becoming any slower.

I imagine people's milage might vary with this kinda thing, but that post 
suggested all he changed was the mail server, not the file system, or 
anything else. (I presume he didn't - he installed them side by side)

Also, if you're interested, this is quite interesting

http://asg.web.cmu.edu/cyrus/ag.html
"The Cyrus IMAP Aggregator transparently distributes IMAP and POP mailboxes 
across multiple servers. Unlike other systems for load balancing IMAP 
mailboxes, the aggregator allows users to access mailboxes on any of the IMAP 
servers in the system. "
"The software described below is now available as part of the Cyrus IMAP 
distribution, versions 2.1.3 and higher. Please refer to the documentation 
with the source for setup and install instructions."

-- 
Ian P. Christian ~ http://pookey.co.uk

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[xyon]

I'm terribly sorry if you've mentioned this before, but maybe you two are
using different clients for IMAP? I notice Courier is lightning fast with
Evolution, but with Squirrelmail it gets extremely slow to respond.

This discussion has, however, sparked my interest. I'm always up for
better performance. Would Cyrus be worth the trouble to switch?


> On Thu, 11 Aug 2005, Ian P. Christian wrote:
>
>> "I have 500 MB of archived mail, with several folders with 15,000+
>> messages in
>> them. Trying to get this to work on a dual-AthlonMP 2200+ system with 2
>> GB of
>> RAM was not a lot of fun using Courier-IMAP and Maildir. It would take
>> upwards of 30 seconds to load a message index, and it could take even
>> longer
>> to do operations on multiple messages."
>
> Could be a bad setup?
>
> Our main mail server is a dual-Athlon (1.6GHz) SMP box, 1Gb RAM and we
> serve somewhere between 3000 to 4000 accounts with Courier. Some of users
> have hundreds of Mb (a few are > 1Gb of mail).
>
>
> --
>
> --
> gentoo-server@gentoo.org mailing list
>
>


-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[kashani]

Ow Mun Heng wrote:
> Just wondering, can I say, have a virtual domain user user1@localdomain
> (where localdomain is really local but just hosted as a virtual domain)
> which can have SSH/FTP access using the same password to access their
> email?

My understanding is the are two major ways to solve this.

1. pam + db for all accounts including local accounts
	Some db magic with pam or whatever local auth you do. This way the user 
still has some sort of central auth and doesn't end up with 2 different 
passwords and so forth. All accounts are virtual, but users designated 
as local also get shell, ftp, etc.

2. One localdomain and all others are truly virtual.
	set localdomain.com as local in your virtual config and everything else 
to virtual. The pop/imap/smtp daemons should auth locally and it pretty 
much just works in my experience. The caveat is that it is only feasible 
to have one domain as local and it's generally an all local or all 
virtual sort of thing. Mixing and matching local and virtual users 
within the same domain can be painful and hard to manage.

	I did #2 since it's easy and I like sleep. I use Postfix, Courier, and 
frontend it with PostfixAdmin. PostfixAdmin is great as it allows you to 
create domain admins that can managed the domains you assign them. I 
also changed from Squirrel to Horde IMP on this latest iteration and the 
users seem to like that better especially the HTML mail support.

	I highly recommend greylisting. It stops so much spam on its own which 
means your content filtering doesn't have to be so gung-ho which has had 
the effect of decreasing overall false positives. And I'm using much 
less CPU.

	Depending on which MTA you pick and where your database is you'll want 
to look into mysql:proxy statements in your config. That'll enable your 
MTA to multiplex queries over the same TCP connection which will 
decrease load on your db. This isn't so much of an issue if your db is 
local.

kashani
-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[kashani]

xyon wrote:
> I'm terribly sorry if you've mentioned this before, but maybe you two are
> using different clients for IMAP? I notice Courier is lightning fast with
> Evolution, but with Squirrelmail it gets extremely slow to respond.
> 
> This discussion has, however, sparked my interest. I'm always up for
> better performance. Would Cyrus be worth the trouble to switch?

	I've heard a number of people recommend using Imap Proxy with various 
webmail systems to speed things up.
http://www.imapproxy.org/

kashani
-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[xyon]

Thanks for the link! I actually am already using imapproxy, which helped,
but Squirrelmail still tends to be so unbearably slow. If I get bored I
might switch to cyrus and post back my findings. :)

> xyon wrote:
>> I'm terribly sorry if you've mentioned this before, but maybe you two
>> are
>> using different clients for IMAP? I notice Courier is lightning fast
>> with
>> Evolution, but with Squirrelmail it gets extremely slow to respond.
>>
>> This discussion has, however, sparked my interest. I'm always up for
>> better performance. Would Cyrus be worth the trouble to switch?
>
> 	I've heard a number of people recommend using Imap Proxy with various
> webmail systems to speed things up.
> http://www.imapproxy.org/
>
> kashani
> --
> gentoo-server@gentoo.org mailing list
>
>


-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[A. Khattri]

On Thu, 11 Aug 2005, Ian P. Christian wrote:

> It's not to do with mail size, it's to do with number of messages in any one
> mailbox.  The file system underlying it will also effect this.
> One of my mailboxes currently has 10,000 emails in, and it's still not showing
> any signs of becoming any slower.

As I mentioned, some accounts have hundreds of Mb of messages and a few
have > 1Gb of email in them...

> I imagine people's milage might vary with this kinda thing, but that post
> suggested all he changed was the mail server, not the file system, or
> anything else. (I presume he didn't - he installed them side by side)

Exactly.

Of course, I know, good performance begins with good hardware. Our servers
all use SCSI disks (U160 or better), some are RAIDed, some not.

> http://asg.web.cmu.edu/cyrus/ag.html
> "The Cyrus IMAP Aggregator transparently distributes IMAP and POP mailboxes
> across multiple servers. Unlike other systems for load balancing IMAP
> mailboxes, the aggregator allows users to access mailboxes on any of the IMAP
> servers in the system. "

You could do something similar by NFS mounting maildirs across a cluster.


-- 

-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[Ian P. Christian]

[-- Attachment #1: Type: text/plain, Size: 1578 bytes --]

On Thursday 11 August 2005 16:09, A. Khattri wrote:
> As I mentioned, some accounts have hundreds of Mb of messages and a few
> have > 1Gb of email in them...

That actually doesn't say anything about the number of messages though ;)

> Of course, I know, good performance begins with good hardware. Our servers
> all use SCSI disks (U160 or better), some are RAIDed, some not.

Indeed - this is why you can't really compare your experience with the once I 
posted. He may well have been using rubbish hardware - but even if he wasn't, 
the case remains this shows a vast improvement from cyrus over courier using 
the same hardware.

> You could do something similar by NFS mounting maildirs across a cluster.

You can create multiple frontends with this - but you'll still have one NFS 
server, or perhaps multiple NFS servers. You would have to create the logic 
and system that allowed the frontend IMAP/POP3 server to select the correct 
backend.  Also, due to the fact that cyrus keeps advanced indexes, cyrus 
can't operate over an NFS share.  Courier doens't provide an 'out of the box' 
method for creating a two-tiered scalable IMAP cluster... as far as I know.

I've seen this argument many times, on a mailing list I'm on the argument... 
sorry, 'discussion' often occours, and it's nearly always courier vs cyrus, 
and in this list community cyrus usually comes up top.

One day I think I'll setup a test system, and actaully run some benchmarks to 
settle the dispute once and for all ;)

-- 
Ian P. Christian ~ http://pookey.co.uk

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[A. Khattri]

On Thu, 11 Aug 2005, Ian P. Christian wrote:

> That actually doesn't say anything about the number of messages though ;)

True but I happen to know some of those accounts have many many thousands
of messages.

> Indeed - this is why you can't really compare your experience with the once I
> posted. He may well have been using rubbish hardware - but even if he wasn't,
> the case remains this shows a vast improvement from cyrus over courier using
> the same hardware.

I didn't post to start some petty flame war about who's IMAP server is
better. The OP asked for experiences and so Im just giving *my*
experience. Its not the same as *your* experience and Im not saying
*your* server is better or mine either but for whatever reason you have
decided to take it that way.


-- 

-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[Jonathan Nichols]

> Indeed - this is why you can't really compare your experience with the once I 
> posted. He may well have been using rubbish hardware - but even if he wasn't, 
> the case remains this shows a vast improvement from cyrus over courier using 
> the same hardware.
> 

I can! My mail server is a piece of crap! :) (Athlon t-bird, 1ghz, 512mb 
RAM, 60gb 7200rpm IDE disk)

I'm using courier on it, and the box was seeing 3000-5000 messages a day 
(mostly spam, thanks to a user that insisted on using wildcard email 
addresses.. bleah) and was doing ok.
I have several folders that each have over 10,000 messages and the 
respond just fine with courier.

Squirrelmail can get through them ok too. the turck-mmcache 
(e-accelerator now) helped out quite a bit.

Overall, I'd say that it depends on your situation and mail volume. I 
have been very happy with courier. It's been stable and has never given 
me any trouble.
-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[Ian P. Christian]

On Thursday 11 August 2005 17:04, A. Khattri wrote:
> I didn't post to start some petty flame war about who's IMAP server is
> better.

You seem to be confusing a discussion with a 'flame war'.  I am genuinely 
interested as to which server preforms better - as I'm sure the poster is, 
and probably many other people reading this list.  I have no attacked you 
personally, or posted anything of a flaming manner, and nor am I trolling - 
so try not to get too upset about my posts.  Sorry if I have upset you 
somehow, it was not intentional. 

I am about to under go tests and benchmarks of the IMAP servers in an attempt 
to understand which servers perform better under what situations - I will 
post my results here as soon as I have anything substantial. 

-- 
Ian P. Christian ~ http://pookey.co.uk
-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[A. Khattri]

On Thu, 11 Aug 2005, Ian P. Christian wrote:

> You seem to be confusing a discussion with a 'flame war'.  I am genuinely
> interested as to which server preforms better - as I'm sure the poster is,
> and probably many other people reading this list.  I have no attacked you
> personally, or posted anything of a flaming manner, and nor am I trolling -
> so try not to get too upset about my posts.  Sorry if I have upset you
> somehow, it was not intentional.

Not upset - just tired with someone nitpicking my post. Obviously there
was not enough information to make a good comparison but again, I was
merely relating *my* experience.

Nuff said.

-- 

-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[A. Khattri]

On Thu, 11 Aug 2005, kashani wrote:

> 	I've heard a number of people recommend using Imap Proxy with various
> webmail systems to speed things up.
> http://www.imapproxy.org/

Yes we've playing with this too - its great for squirrelmail.


-- 

-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[kashani]

Ian P. Christian wrote:
>>You could do something similar by NFS mounting maildirs across a cluster.
> 
> You can create multiple frontends with this - but you'll still have one NFS 
> server, or perhaps multiple NFS servers. You would have to create the logic 
> and system that allowed the frontend IMAP/POP3 server to select the correct 
> backend.  Also, due to the fact that cyrus keeps advanced indexes, cyrus 
> can't operate over an NFS share.  Courier doens't provide an 'out of the box' 
> method for creating a two-tiered scalable IMAP cluster... as far as I know.
> 
> I've seen this argument many times, on a mailing list I'm on the argument... 
> sorry, 'discussion' often occours, and it's nearly always courier vs cyrus, 
> and in this list community cyrus usually comes up top.
> 
> One day I think I'll setup a test system, and actaully run some benchmarks to 
> settle the dispute once and for all ;)
> 

This Cyrus cluster stuff looks like a big pain in the ass for anything 
larger than a few servers if that. Reminds me of the bad old days when 
people wrote POP proxies to get around that fact that mbox was mostly 
unworkable over NFS. I suppose it's a matter of scale and going with 
Cyrus cluster might not be a bad idea if you need a decent sized system 
and don't plan to grow. I see it having issues if your mail grows into a 
truly large system, but that's probably not a problem most people really 
have to worry about.

	However your users are in a database or ldap because /etc/passwd just 
doesn't work over 3k users. If you're users are virtual than you can 
hash them a bit. Yeah you need some logic for account creation, but 
after that it's dead simple.

/var/vmail/$1st-letter/$2nd-letter/$username

1-9 and a-f are on NFS mount #1
g-n are on NFS #2
o-z are on NFS #3

Hell to be honest you don't even need to hash things, but it does help 
when you get to that million user range.

Have your servers mount up the space and you've completely avoided any 
nonsense about which server has the info you're looking for. That and I 
have more confidence in a dualheaded NFS box than J Random server being 
availible.

In effect we trade some complexity on the database side, and we'd have 
to have a db or lookup table anyway, for simplicity on the backend. That 
seems much less brittle than the Cyrus cluster.

kashani
-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[A. Khattri]

On Thu, 11 Aug 2005, kashani wrote:

> 	I did #2 since it's easy and I like sleep.

There is a third option too: make ALL domains virtual even the "local" one
(at least this is how vpopmail handles it).


-- 

-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[kashani]

A. Khattri wrote:
> On Thu, 11 Aug 2005, kashani wrote:
> 
>>	I did #2 since it's easy and I like sleep.
> 
> There is a third option too: make ALL domains virtual even the "local" one
> (at least this is how vpopmail handles it).
> 

I've never used vpopmail, so how do they login in locally? I'd assume 
you need to have /etc/pam.d/login or whatever talk to the db or 
whatever, which is pretty much #1 in my opinion. Or am I missing something?

kashani
-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A. Khattri wrote:
> Not upset - just tired with someone nitpicking my post. Obviously there
> was not enough information to make a good comparison but again, I was
> merely relating *my* experience.

On a personal note, this has been a really nice thread. I got to know about vexim on it, and had a
chance to think about why I personally dislike CURRENT Cyrus (Open Source is just like that... you
have to keep trying again and again, and catch up with the changelog!).

- --
Arturo "Buanzo" Busleiman - www.buanzo.com.ar
Consultor en Seguridad Informatica
President, Open Information System Security Group - Argentina
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC+5yyAlpOsGhXcE0RAho5AJ9kAOmv6pvTGsNPEy98N8tmqwRxvACeM8kF
YmKYmKUhNNunWIkImZu5mUo=
=SaiM
-----END PGP SIGNATURE-----
-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[A. Khattri]

On Thu, 11 Aug 2005, kashani wrote:

> I've never used vpopmail, so how do they login in locally? I'd assume
> you need to have /etc/pam.d/login or whatever talk to the db or
> whatever, which is pretty much #1 in my opinion. Or am I missing something?

In vpopmail, the FULL email address is the username (you can designate a
"default domain" so that people who just use their username get this
domain silently added to their username for authentication purposes).

So in effect all domains are virtual.

In our case, account info is stored in MySQL which vpopmail queries
(vpopmail does all auth and mail deliveries). In other words, PAM is not
involved in any of this!


-- 

-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[A. Khattri]

On Thu, 11 Aug 2005, Arturo 'Buanzo' Busleiman wrote:

> On a personal note, this has been a really nice thread. I got to know about vexim on it, and had a
> chance to think about why I personally dislike CURRENT Cyrus (Open Source is just like that... you
> have to keep trying again and again, and catch up with the changelog!).

That's true. Last time I played with Cyrus I seem to remember an issue
with the IMAP namespace and SASL.

In our current setup, you can have infinitely nested folders any way you
like in IMAP.


-- 

-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[kashani]

A. Khattri wrote:
> On Thu, 11 Aug 2005, kashani wrote:
> 
> 
>>I've never used vpopmail, so how do they login in locally? I'd assume
>>you need to have /etc/pam.d/login or whatever talk to the db or
>>whatever, which is pretty much #1 in my opinion. Or am I missing something?
> 
> 
> In vpopmail, the FULL email address is the username (you can designate a
> "default domain" so that people who just use their username get this
> domain silently added to their username for authentication purposes).
> 
> So in effect all domains are virtual.
> 
> In our case, account info is stored in MySQL which vpopmail queries
> (vpopmail does all auth and mail deliveries). In other words, PAM is not
> involved in any of this!
> 
> 

Well yeah, but what happens when they ssh or ftp to the server? That's 
the part I'm confused about. How does vpopmail auth them locally for 
things other than mail which goes back to the original question.

kashani
-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[A. Khattri]

On Thu, 11 Aug 2005, kashani wrote:

> Well yeah, but what happens when they ssh or ftp to the server? That's
> the part I'm confused about. How does vpopmail auth them locally for
> things other than mail which goes back to the original question.

Our shell server and web servers are separate from our mail server but
there's no reason you couldn't run this setup on the same server.

Using libnss-mysql, you can have ssh and ftp also authenticate out of a
MySQL database (the same database if you want). And since Pine and mutt on
the shell server are configured to use IMAP, shell users can login and
check email from there too.

Basically all of this has allowed us to move to an almost completely
virtual setup where ordinary users dont have any "real" system accounts at
all.


-- 

-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[kashani]

A. Khattri wrote:
> On Thu, 11 Aug 2005, kashani wrote:
> 
>>Well yeah, but what happens when they ssh or ftp to the server? That's
>>the part I'm confused about. How does vpopmail auth them locally for
>>things other than mail which goes back to the original question.
> 
> 
> Our shell server and web servers are separate from our mail server but
> there's no reason you couldn't run this setup on the same server.
> 
> Using libnss-mysql, you can have ssh and ftp also authenticate out of a
> MySQL database (the same database if you want). And since Pine and mutt on
> the shell server are configured to use IMAP, shell users can login and
> check email from there too.
> 
> Basically all of this has allowed us to move to an almost completely
> virtual setup where ordinary users dont have any "real" system accounts at
> all.

And that isn't option #1 aka, stuff everything in a db and do central 
auth from there" how? See I'm even loosing sleep just talking about 
option #1. The rest of you have been warned. :)

kashani
-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[Wendall Cada]

Nice thread. Several aspects of this have been discussed often over the
last few months. I'd like to add that the biggest performance saver for
me (using Courier) has been having a properly configured postfix with
spam and av filtering via amavisd-new. Without this, I'd be over-working
the IMAP server with crap. Even people who get alot of email every day,
only get at most a few hundred valid emails. So filtering the garbage
out before it ever gets to the delivery stage is one of the best
performance tunes you can do regardless of which imap server you use.

Wendall

-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[Ian P. Christian]

[-- Attachment #1: Type: text/plain, Size: 799 bytes --]

On Thursday 11 August 2005 04:46, Ow Mun Heng wrote:
> I'm just doing some testing for setting up a virtual mailhosting
> I've read the Gentoo Virt Mail Howto and quite a few others but still
> have some questions.

This is work in progress, I still need to do the more intensive tests on 
courier, I'll leave these over night (whilst it only takes a few minutes for 
tests 1-4 to run, the delivering of mail into the mailboxes though exim does 
take a long time - writing 10,000 files to disk on IDE isn't overly fast :) )

http://pookey.co.uk/wiki/imap_benchmark

Hope this is of some help - I might well add other servers to this page at 
some point - check back in about 24 hours for the full results on courier.

Feedback welcome.

-- 
Ian P. Christian ~ http://pookey.co.uk

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[Ow Mun Heng]

On Thu, 2005-08-11 at 11:25 +0100, Benjamin Smee wrote:
> On Thu, 2005-08-11 at 11:46 +0800, Ow Mun Heng wrote:
> > I'm just doing some testing for setting up a virtual mailhosting
> > I've read the Gentoo Virt Mail Howto and quite a few others but still
> > have some questions.
> [snip]
> 
> Everything you listed is possible with postfix and cyrus. They are both
> the premier solutions of their kind in their class.


But of course it's possible, the question is How (since I've not seen
much doc on these sort of setup)

I'll dig in further. Thanks

-- 
Ow Mun Heng
Gentoo/Linux on DELL D600 1.4Ghz 1.5GB RAM
98% Microsoft(tm) Free!! 
Neuromancer 09:37:08 up 10:52, 7 users, load average: 0.39, 0.44, 0.78 


-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[Dennis Allison]

On Fri, 12 Aug 2005, Ow Mun Heng wrote:

> On Thu, 2005-08-11 at 11:25 +0100, Benjamin Smee wrote:
> > On Thu, 2005-08-11 at 11:46 +0800, Ow Mun Heng wrote:
> > > I'm just doing some testing for setting up a virtual mailhosting
> > > I've read the Gentoo Virt Mail Howto and quite a few others but still
> > > have some questions.
> > [snip]
> > 
> > Everything you listed is possible with postfix and cyrus. They are both
> > the premier solutions of their kind in their class.
> 
> 
> But of course it's possible, the question is How (since I've not seen
> much doc on these sort of setup)
> 
> I'll dig in further. Thanks
> 
> 

-- 

-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[Ow Mun Heng]

On Thu, 2005-08-11 at 09:41 -0500, kashani wrote:
> Ow Mun Heng wrote:
> > Just wondering, can I say, have a virtual domain user user1@localdomain
> > (where localdomain is really local but just hosted as a virtual domain)
> > which can have SSH/FTP access using the same password to access their
> > email?
> 
> My understanding is the are two major ways to solve this.
> 
> 1. pam + db for all accounts including local accounts
> 	Some db magic with pam or whatever local auth you do. This way the user 
> still has some sort of central auth and doesn't end up with 2 different 
> passwords and so forth. All accounts are virtual, but users designated 
> as local also get shell, ftp, etc.
> 
> 2. One localdomain and all others are truly virtual.
> 	set localdomain.com as local in your virtual config and everything else 
> to virtual. The pop/imap/smtp daemons should auth locally and it pretty 
> much just works in my experience. The caveat is that it is only feasible 
> to have one domain as local and it's generally an all local or all 
> virtual sort of thing. Mixing and matching local and virtual users 
> within the same domain can be painful and hard to manage.
> 
> 	I did #2 since it's easy and I like sleep. I use Postfix, Courier, and 

#2 is really very straightforward and that's already accomplishable.
However, in the name of experimentation, I'm looking towards how to
implement #1. if you have any more leads, do tell.

-- 
Ow Mun Heng
Gentoo/Linux on DELL D600 1.4Ghz 1.5GB RAM
98% Microsoft(tm) Free!! 
Neuromancer 17:49:12 up 1:59, 7 users, load average: 0.79, 0.85, 0.87 


-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[Ow Mun Heng]

On Thu, 2005-08-11 at 15:00 -0500, kashani wrote:
> A. Khattri wrote:
> > On Thu, 11 Aug 2005, kashani wrote:
> > 
> >>Well yeah, but what happens when they ssh or ftp to the server? That's
> >>the part I'm confused about. How does vpopmail auth them locally for
> >>things other than mail which goes back to the original question.
> > 
> > 
> > Our shell server and web servers are separate from our mail server but
> > there's no reason you couldn't run this setup on the same server.
> > 
> > Using libnss-mysql, you can have ssh and ftp also authenticate out of a
> > MySQL database (the same database if you want). And since Pine and mutt on
> > the shell server are configured to use IMAP, shell users can login and
> > check email from there too.

Ah.. I see, since everything is stored in the db, you essentially are
using the db to get the passwords. (this is like LDAP and
posixAccounts). i would believe that this is also do-able via
pam /passwd files, the caveat is then that they have to be on the same
server else some rsync jobs to sync the passwords etc.

> > 
> > Basically all of this has allowed us to move to an almost completely
> > virtual setup where ordinary users dont have any "real" system accounts at
> > all.
> 
> And that isn't option #1 aka, stuff everything in a db and do central 
> auth from there" how? See I'm even loosing sleep just talking about 
> option #1. The rest of you have been warned. :)

Looking forward to loosing sleep and thinning hair :-)

-- 
Ow Mun Heng
Gentoo/Linux on DELL D600 1.4Ghz 1.5GB RAM
98% Microsoft(tm) Free!! 
Neuromancer 17:51:59 up 2:02, 7 users, load average: 0.58, 0.74, 0.82 


-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[A. Khattri]

On Thu, 11 Aug 2005, kashani wrote:

> And that isn't option #1 aka, stuff everything in a db and do central
> auth from there" how? See I'm even loosing sleep just talking about
> option #1. The rest of you have been warned. :)

Well, firstly, there are NO local accounts for users. And second, PAM
isn't involved in all of it. So yeah #3 is alive ;-)


-- 

-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[kashani]

A. Khattri wrote:
> On Thu, 11 Aug 2005, kashani wrote:
> 
>>And that isn't option #1 aka, stuff everything in a db and do central
>>auth from there" how? See I'm even loosing sleep just talking about
>>option #1. The rest of you have been warned. :)
>  
> Well, firstly, there are NO local accounts for users. And second, PAM
> isn't involved in all of it. So yeah #3 is alive ;-)
> 

That's it? That's the big explanation? Come on it's six of one and half 
a dozen of the other. You can use PAM, NIS+, libnss, Radius, etc and you 
can auth against a flat file, Mysql, Postgres, Oracle, LDAP, hell even 
Active Directory if you want as well as twenty other things I'm sure.

	To the original poster you can go fully virtual by combining X auth 
method with Y backend with no local accounts. I'd go this route if the 
users that need local access to machine aren't likely to reside in a 
single email domain. In my case users that need access to the box work 
here so I made our domain local, gave ourselves local accounts, and our 
customers get to be virtual. The pros here that it's easy and you can 
leave your sshd, ftpd, etc configs alone. Messing with a virtual mail 
system is sometimes hard enough the first time around for a lot of 
people and doing everything at once can be painful and most importantly 
cause sleep loss.
	Cons of course are that if you need to add local users from any other 
domain at some point in the future you're likely to need to re-engineer 
things a bit... or a lot. And also make the old local users start using 
their email as the login instead of their old username which is always a 
fun transition.

kashani

-- 
gentoo-server@gentoo.org mailing list

Re: [gentoo-server] Comments on IMAP Server (cyrus/courier/dovecot)

[A. Khattri]

On Fri, 12 Aug 2005, kashani wrote:

> 	To the original poster you can go fully virtual by combining X auth
> method with Y backend with no local accounts. I'd go this route if the
> users that need local access to machine aren't likely to reside in a
> single email domain. In my case users that need access to the box work
> here so I made our domain local, gave ourselves local accounts, and our
> customers get to be virtual. The pros here that it's easy and you can
> leave your sshd, ftpd, etc configs alone.

Sure, that's fine when you have ONE server I agree - its just not
scaleable.

> Messing with a virtual mail
> system is sometimes hard enough the first time around for a lot of
> people and doing everything at once can be painful and most importantly
> cause sleep loss.

A long time ago, we too, used to have a single server with everything on
it running sendmail, IMAP, etc, and we had all sort of performance
problems because of the lack of scalability. It took us several months to
setup the new system - I wrote a *lot* of perl scripts to do this
migration away from sendmail to our qmail+vpopmail+MySQL setup.

In the end though it was worth it. We now have a scaleable solution and it
also enabled us to offer new packages that we couldn't do before.

>	Cons of course are that if you need to add local users from any other
> domain at some point in the future you're likely to need to re-engineer
> things a bit... or a lot. And also make the old local users start using
> their email as the login instead of their old username which is always a
> fun transition.

Making the local domain, the "default" domain in our mail system helped a
lot here. Of course, we spent a lot of time in support answering calls and
emails but things died down after a few weeks. Id rather do that than deal
with the constant problems of the old system.


-- 

-- 
gentoo-server@gentoo.org mailing list