[Novalug] [Ma-linux] Virtual vs real users and domains when setting up an Email Server

James Ewing Cottrell 3rd JECottrell3@Comcast.NET
Tue Jul 27 14:25:26 EDT 2010


On 7/27/2010 1:38 AM, covici@ccs.covici.com wrote:
> The virtual system is nice for multiple domains or situations where you
> don't want the users to have an actual login -- I have used systems like
> that, but for your regular single domain normal system, real users are
> fine -- the mta uses the passwd file and group and shadow files to
> authenticate.
>    
I understand what you are saying. Traditionally, what MTAs and networked 
MUAs do is look up mailboxes thru the User Account mechanism. More 
specifically, they do a "getent passwd", which will refer to files, nis, 
ldap or anything else there is an nsswitch entry for.

However, many are looking up mailboxes directly, thru some other means. 
I am not sure if this is a Good Thing or a Bad Thing.

I was suggesting/advocating the idea of a mysql backend for nsswitch and 
associated pam libraries, which might be useful even in non-mail 
settings. However, while this approach reuses the existing mechanisms, a 
matched set of MTA to MySQL and MUA to MySQL might perform more efficiently.

However, unless the efficiency of the first case is simply terrible, I 
like the reuse and standard aspects of it better.

JIM
> James Ewing Cottrell 3rd<JECottrell3@Comcast.NET>  wrote:
>
>    
>> I once worked on a similar system except that used qmail. It did
>> indeed support over 100K users and over 300 domains.
>>
>> Offhand, I can't see why there couldn't be an account system based on
>> MySQL as a backend...after all, there is one based on Berkeley DB as
>> well as LDAP. Then you could simply use "real" users.
>>
>> AFAIK, there is nothing in the Linux system that forbids "users" from
>> having '@' or '.' in their name.
>>
>> JIM
>>
>> On 7/26/2010 8:17 PM, Jay Hart wrote:
>>      
>>> Many of the procedures I'm seeing on the web for setting up email servers seem
>>> to be to use virtual users and domains. See
>>>
>>> http://www.howtoforge.org/virtual-users-domains-postfix-courier-mysql-squirrelmail-fedora-13-x86_64
>>>
>>> for a reference.
>>>
>>> I'm trying to understand the benefits of going with that type of setup vice my
>>> standard setup of each user having an actual account on the box with web based
>>> email (squirrelmail) thrown in.
>>>
>>> I can understand that virtual users might reduce risk of security issues since
>>> the account does not exist on the box.  According to the procedure, the
>>> following benefits are realized:
>>> ---start ---
>>> The resulting Postfix server is capable of SMTP-AUTH and TLS and quota (quota
>>> is not built into Postfix by default, I'll show how to patch your Postfix
>>> appropriately). Passwords are stored in encrypted  form in the database (most
>>> documents I found were dealing with plain text passwords which is a security
>>> risk). In addition to that, this tutorial covers the installation of Amavisd,
>>> SpamAssassin and ClamAV so that emails will be scanned for spam and viruses. I
>>> will also show how to install SquirrelMail as a webmail interface so that
>>> users can read and send emails and change their passwords.
>>>
>>> The advantage of such a "virtual" setup (virtual users and domains in a MySQL
>>> database) is that it is far more performant than a setup that is based on
>>> "real" system users. With this virtual setup your mail server can handle
>>> thousands of domains and users. Besides, it is easier to administrate because
>>> you only have to deal with the MySQL database when you add new users/domains
>>> or edit existing ones. No more postmap commands to create db files, no more
>>> reloading of Postfix, etc. For the administration of the MySQL database you
>>> can use web based tools like phpMyAdmin which will also be installed in this
>>> howto. The third advantage is that users have an email address as user name
>>> (instead of a user name + an email address) which is easier to understand and
>>> keep in mind.
>>> ---end---
>>>
>>>
>>> What I need to know:
>>>
>>> 1. How is the mail stored on the box?
>>> 2. Is it viewable by editor?
>>> 3. Should I stick with my current model?  (It seems to work just fine)
>>> 4. Has is spam handled/removed?
>>>
>>>
>>> I only have three users on my system, its not like I need an industrial
>>> strength solution.
>>>
>>> Jay
>>>
>>> _______________________________________________
>>> Ma-linux mailing list
>>> Ma-linux@calypso.tux.org
>>> http://calypso.tux.org/mailman/listinfo/ma-linux
>>>
>>>
>>>
>>> No virus found in this incoming message.
>>> Checked by AVG - www.avg.com
>>> Version: 9.0.851 / Virus Database: 271.1.1/3030 - Release Date: 07/26/10 14:34:00
>>>
>>>
>>>        
>>
>> ----------------------------------------------------
>> Alternatives:
>>
>> ----------------------------------------------------
>> _______________________________________________
>> Novalug mailing list
>> Novalug@calypso.tux.org
>> http://calypso.tux.org/mailman/listinfo/novalug
>>      
>    
>
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.851 / Virus Database: 271.1.1/3030 - Release Date: 07/26/10 14:34:00
>
>    

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20100727/c569b370/attachment.htm>


More information about the Novalug mailing list