Dear list-users, If I make a new e-mail account for my sendmail it's the same as if I made a new user account for the mail server. People could login e.g. through ssh. How can I restrict access to only just the corresponding e-mail account so users could not log on to the mail server by a terminal client? Thank you Philipp
Use Pam.
http://www.sysadminmag.com/articles/2000/0009/0009a/0009a.htm
Kurt Seifried, seifried@securityportal.com
Securityportal - your focal point for security on the 'net
----- Original Message -----
From: "Philipp Snizek"
Dear list-users,
If I make a new e-mail account for my sendmail it's the same as if I made a new user account for the mail server. People could login e.g. through ssh. How can I restrict access to only just the corresponding e-mail account so users could not log on to the mail server by a terminal client?
Thank you
Philipp
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
* Philipp Snizek wrote on Fri, Feb 23, 2001 at 08:02 +0100:
If I make a new e-mail account for my sendmail it's the same as if I made a new user account for the mail server. People could login e.g. through ssh. How can I restrict access to only just the corresponding e-mail account so users could not log on to the mail server by a terminal client?
Use "virtual Mailbox users". That are users for POP & Co. that are not know to the systems. An example is vmailmgr which works with "qmail". Other projects store users in a database, I've forgotten the projects name, sorry. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
Also if you want users for email only then I suggest talking a look at Cyrus. http://securityportal.com/lskb/10000100/kben10000148.html Kurt Seifried, seifried@securityportal.com Securityportal - your focal point for security on the 'net
Kurt,
Also if you want users for email only
That's exactly it.
then I suggest talking a look at Cyrus.
I've been there taking a look at it. I run pop3s which is tunneled by stunnel on port 995. Does this matter?
http://securityportal.com/lskb/10000100/kben10000148.html
Kurt Seifried, seifried@securityportal.com Securityportal - your focal point for security on the 'net
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
then I suggest talking a look at Cyrus.
or QMail POP and/or Courier IMAP
I've been there taking a look at it. I run pop3s which is tunneled by stunnel on port 995. Does this matter?
this should be transparent for the pop daamon. I played with virtual users and qmails-pop3d, this daemon uses a external program to validate accounts. This can be easily replaced with the one from vmailmgr. I made some notes dureing playing, www.qmail.org is a good starting point when you look for the sources/rpms. The notes can be found at: http://sws.dett.de/search --> "vmailmgr" or maybe http://sws.dett.de/search/search.cgi?words=vmailmgr&Find=Find&scope=Steffens+Knowledge+Base works, too :) Just try it out, it's nice. oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
On 23 Feb 2001, at 11:36, Steffen Dettmer wrote:
How can I restrict access to only just the corresponding e-mail account so users could not log on to the mail server by a terminal client?
You could give them no shell or write a script that says "only mail account", I think you will find references in the archive of this list.
Use "virtual Mailbox users". That are users for POP & Co. that are not know to the systems. An example is vmailmgr which works with "qmail". Other projects store users in a database, I've
You do not need vmailmgr to have "virtual" accounts. You can use a database for authentication to qmail. HTH mike
participants (4)
-
Kurt Seifried -
Philipp Snizek -
Steffen Dettmer -
Thomas Michael Wanka