Jim Flanagan wrote:
John Andersen wrote:
On Tue, Apr 8, 2008 at 7:07 PM, Jim Flanagan
wrote: Hi all,
I'm getting around to setting up my email server on opensuse 10.3 to migrate from an older setup. Its a clean 10.3 install. I've used postfix-cyrus imap-amavis-spamassassin-sieve in the past and like that setup.
I'd like to have email users separate from local users. At present I only have one local user, but may have a few family members use this machine with their own logins at some point. I plan to have approx 10 to 20 email users, so this is no big install, just my home email server.
Looking at yast to set up the MTA, it offers to set postfix up to auth against an LDAP server and offers to set up that as a local LDAP. That sounds interesting, but I don't need anything else to use LDAP except posftix and imap. Is this the best way to accomplish what I want, or is using another method of authing my email users better, and what would that be?
I don't think you need ldap for Imap accounts with Cyrus. Just add the users via cyrus admin and let cyrus take care of it.
OK, as root I set a password for user cyrus, and now can log into cyradm. There was my one user mailbox there already. I created another user (mailbox), but don't see where to set a password for that user in cyradm.
I "think" I need to change the way cyrus authenticates, in etc/sysconfig, but am unsure exactly how to do this and which auth scheme to use. Can anyone give me some guidance with this?
The usual way is to use an authentication daemon that is queried by all mailservices: SMTP/Imap/POP3/Webmail The default for Cyrus is saslauthd, which again will query pam as default. On the positive side for saslauthd you can set it up pretty easy, and everything will work. The negative side is that saslauthd will only use cleartext mechanisms, so you should set up TLS/SSL encryption to prevent password snooping. You can also use a sasldb to auth against, that would give you encrypted challenge/response mechanisms like CRAM-MD5. It is a bit more complicated to setup since you need to take care of access rights to the sasldb yourself. Though for 15-20 users I would just use saslauthd and deny them a login shell. Another question is how many domains you expect to administer on your server and what other services you might want to offer. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org