Sandy Drobic wrote:
Jim Flanagan wrote:
I'm still not quite finished getting it right, and am not clear on a few points.
I have postfix authing against saslauthd, setting up local users (with login to null), and cyrus imap working, I still am not sure how to set up virtual domains and users. I could really use a step by step guide with this, as I'm stuck on this point.
Hm, you should probably start with Cyrus and configure Cyrus to use the full address as mailbox. Then configure saslauthd to use the full address and Postfix to use the full address (not just the localpart). It also means that you can't use local users anymore, you probably want either a sasldb (few users and easy to set up but a bother to maintenance) or mysql with webinterface (more users or frequent changes, but more difficult to set up).
Though if you want to go that way, there are plenty of how-tos that describe how to set up webcyradm. That would probably be the best way to you. It would give you virtual domains and a webinterface for maintenance.
Ok, now I'm really confused. I thought that by using local users I would be able to get the ability to have separate domains. To be clear, for now, I only need one domain, but I was looking down the road in the event that I would need to add one or more domains later. I guess I could re-work this to use sasldb. I tried it in the past and seem to remember it was a pain to work with. But I really need to move off my 10.0 install soon, its working great but I'm concerned about ongoing security issues. I had to shut down clam due to security issues already, with no suse updates coming. Webcyradm sounds interesting. Do you know if it sets up and configures the actual database? I have very little experience with sql databases.
Also, what happens with local messages to root under this setup? Where would warning messages to root go if I'm using virtual domains?
You would use virtual_alias_maps and rewrite the recipient to an existing user.
At this point, based on my using only one domain, would there be an advantage to set this one domain up as a virtual domain, or just leave it as the only domain? I guess the question should be would it be feasible to set the system up for now for one virtual domain for now, and then change my user auth system to webcyradm later if I needed to add a second domain?
Also, I have not done any certs yet, and am trying to minimize the number needed and keep them located in a central location. As I understand it I will need one cert for each incoming tls/ssl domain, meaning one for imapd. Another for smtpd. Another for squirrelmail on apache. Is this correct? And can they go in one directory, or should I use the default locations, for example /etc/ssl, and /var/lib/imap/ssl, etc.
All services have their own certificate. Though you could just reuse one certificate for all purposes, provided the users access the different services via the same hostname. If you have different hostnames (mail, imap, pop3, web...) then you need separate certs. Though you might get away with a wildcard cert or alternate names if you use a selfsigned certificate.
This part understood. Many thanks, Jim F -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org