Re: [suse-security] qmail.rpm ... -> courier imap -> virus scanners
Hi! I've followed the discussion about qmail ... We are running qmail now for a couple of years without any problems (about 250 Mailclients in 50 different virtual domains) But let me get the discussion into a little bit other direction ...
There is no problem. I ran qmail-pop3d off Maildirs for several months, until I dropped it and switched to courier-imap. On 6.3, procmail is probably not yet aware of Maildir.
1.) I think of switching some of my users from pop3 to imap ... Matthias you wrote about courier-imap ... My questions: - any experience with imap on qmail? - do I have to switch the whole thing to imap, or can I run pop3 and imap parallel? - what's about security with imap? (ok ... I know pop3 does not have any either) - are there different distributions of imap servers? (which one fits into qmail with vchkpw) 2.) Another theme is about virus scanners in mailer daemons. I've read an article about virus scanners which can be implemented directly into the postfix system ... Any experience with virus scanners for qmail? OK, I think this is enough for today ... Martin ----------------------------------------------------------------- Dipl.-Ing. Martin Schichl SC&C Software, Communication & Consulting GmbH & Co KEG Grottenhofstr. 3, A-8053 Graz Tel. +43/(0)316/265-205, Fax +43/(0)316/265-234 mschichl@scc.co.at, http://scc.co.at
Hi, On 17 Sep 2001, at 10:36, Martin Schichl wrote:
My questions: - any experience with imap on qmail? - do I have to switch the whole thing to imap, or can I run pop3 and imap parallel? - what's about security with imap? (ok ... I know pop3 does not have any either) - are there different distributions of imap servers? (which one fits into qmail with vchkpw)
Courier should suffice at least for your small setup. You must understand, that courier-imap (at least as far as I know) accesses the Maildirs an filesystem level, and therefore does not need to interact with qmail or whatever system you use. So it is possible to run pop and imap side by side, but depending on what you want it to do, remember to make shure the clients accessing an email account with pop have to leave the messages on the server to keep them available for them, when they access the account through imap. Like allways with security, check the Imap ressources for security issues. Be aware, that when reading mails with Imap, you may be much longer connected to the server thus the risks for the connections are higher than with pop. Imap can run over encrypted mechanisms as well as pop can. There are several Imap servers, I used courier without problems, I cannot remember if it was on the SuSE CDs or from the web, it was a straightforward process for me.
Any experience with virus scanners for qmail?
Basically you can intercept the operation of qmail anywhere. A little script in the right place will do spam defence as well as virus scanning, all you need is a scanner you can pass commandlines to. HTH mike
Hi Martin! On Mon, 17 Sep 2001, Martin Schichl wrote:
until I dropped it and switched to courier-imap. On 6.3, procmail is probably not yet aware of Maildir.
1.) I think of switching some of my users from pop3 to imap ... Matthias you wrote about courier-imap ...
My questions: - any experience with imap on qmail? - do I have to switch the whole thing to imap, or can I run pop3 and imap parallel?
you can run them both; imap hasn't much to do with qmail. for it you need a different app, for example courier-imap.
- what's about security with imap? (ok ... I know pop3 does not have any either)
same, the password goes clear text, but you can use imap over ssl. courier-imap knows them all (iirc), i.e. imap, imaps, pop3, pop3s.
- are there different distributions of imap servers? (which one fits into qmail with vchkpw)
uh, on a Linux boxen setup I'm made I put courier-imap with plain qmail.
2.) Another theme is about virus scanners in mailer daemons. I've read an article about virus scanners which can be implemented directly into the postfix system ...
Any experience with virus scanners for qmail?
<shameless plug> we have one, actually several for different unices and MTAs (including postfix and qmail). it's called RAV, and you can get it from http://www.ravantivirus.com/ </shameless plug> I've heard good things about sophos (spl?) and I know AVP has a version too. -- teodor
* Martin Schichl wrote on Mon, Sep 17, 2001 at 10:36 +0200:
until I dropped it and switched to courier-imap. On 6.3, procmail is probably not yet aware of Maildir.
But you'll find [s]RPMs with Maildir functions.
1.) I think of switching some of my users from pop3 to imap ... - any experience with imap on qmail? - do I have to switch the whole thing to imap, or can I run pop3 and imap parallel?
yep.
- what's about security with imap? (ok ... I know pop3 does not have any either)
Can courier configured to allow only a few IMAP functions? IIRC IMAP is able to process any files and folders, but I would like the users to "see" only ~/mailboxes/* or similar, is this possible?
- are there different distributions of imap servers? (which one fits into qmail with vchkpw)
I use vmailmgr with success, nice tool that. I think it improves the security of the mailservers a lot. Well, does anybody have expiriences with imap+vmailmrg?
Any experience with virus scanners for qmail?
Well, I run a very old version of amavais which had experimental support for qmail only. I hacked it a little to make it work. Now I would suggest to take a look at the perl version of amavis. IIRC qmail is now full supportet. Well, I don't know if this may interfere with vmailmgr and things, I had some trouble to use it in conjunction with procmail... Does anybody has expiriences? oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
Hi, On 17 Sep 2001, at 12:29, Steffen Dettmer wrote:
Can courier configured to allow only a few IMAP functions? IIRC IMAP is able to process any files and folders, but I would like the users to "see" only ~/mailboxes/* or similar, is this possible?
like with apache you can specify the "root" dir. I cannot tell, if it is possible to "hide" directories, you might need to move the mailfolders to a place where nothing else is. HTH mike
On Mon, 17 Sep 2001, Steffen Dettmer wrote: [ digging into somewhat older mails ... ]
Any experience with virus scanners for qmail?
Well, I run a very old version of amavais which had experimental support for qmail only. I hacked it a little to make it work. Now I would suggest to take a look at the perl version of amavis. IIRC qmail is now full supportet. Well, I don't know if this may
amavis-perl fully supports qmail, yes. In general I'd advise to use the qmail-wrapper, too, see http://www.amavis.org/amavis-faq.php3 (most likely the wrapper will be included into the mainstream code, probably _not_ yet for amavis 0.3.12, the official successor of amavis-perl-11) amavisd (still) lacks qmail-support as nobody had the time to write an client (in C). Another solution would be qmail-scanner (qmail-scanner.sourceforge.net) from Jason. Choose the one which fits your needs best. best regards, Rainer Link -- Rainer Link | SuSE - The Linux Experts link@suse.de | Developer of A Mail Virus Scanner (amavis.org) www.suse.de | Founder OpenAntiVirus Project (www.openantivirus.org)
On Mon, 17 Sep 2001, Martin Schichl wrote:
1.) I think of switching some of my users from pop3 to imap ... Matthias you wrote about courier-imap ...
My questions: - any experience with imap on qmail?
No. Supposedly works, and I don't see reasons why it would break. However, I use those on Postfix which is a lot faster, and I switched to courier-imap's pop3d to have it use exactly the same authentication schemes.
- do I have to switch the whole thing to imap, or can I run pop3 and imap parallel?
You can have both of them.
- what's about security with imap? (ok ... I know pop3 does not have any either)
Courier-IMAP offers STARTTLS and SSL-wrapped service, just configure it and you're set (you may need to install OpenSSL 0.9.6b before installing Courier-IMAP).
- are there different distributions of imap servers? (which one fits into qmail with vchkpw)
Yes, try Google to fing about courier-imap + vchkpw.
2.) Another theme is about virus scanners in mailer daemons. I've read an article about virus scanners which can be implemented directly into the postfix system ...
Any experience with virus scanners for qmail?
Some are just filtering SMTP proxies that work everywhere, some are file filters, search the MTA's mailing list archives.
On Mon, 17 Sep 2001 10:36:57 +0200 Martin Schichl <mschichl@scc.co.at> wrote: --snip--
1.) I think of switching some of my users from pop3 to imap ... Matthias you wrote about courier-imap ...
My questions: - any experience with imap on qmail? - do I have to switch the whole thing to imap, or can I run pop3 and imap parallel? - what's about security with imap? (ok ... I know pop3 does not have any either)
I would definately use sslwrap or stunnel to encrypt connections to both imap and pop. Both of these packages are shipped with SuSE 7.2. You should have no problem using pop and imap together... -- Viel Spaß Nix - nix@susesecurity.com http://www.susesecurity.com
- any experience with imap on qmail?
Been using courier-imap + qmail for several years now. Courier cause of the maildir.
- do I have to switch the whole thing to imap, or can I run pop3 and imap parallel?
I have both active, though I use mostly imap.
- what's about security with imap? (ok ... I know pop3 does not have any either)
Indeed, I use simap as well.
Any experience with virus scanners for qmail?
Been using qmail-scanner-0.96 since a couple of months. Pretty smooth...
participants (8)
-
Martin Schichl -
Matthias Andree -
Peter Nixon -
Peter van den Heuvel -
Rainer Link -
Steffen Dettmer -
teo@gecadsoftware.com -
Thomas Michael Wanka