1.b) imap
If someone logs in via imap how does dbmail know where from to
authenticate that person and which config / sqlite db to use? Is there
already a setup for that in LDAP?
No, like I said before, geo uses his own special setup. DBmail is
created from the viewpoint of having 1 database.
2) chroot
I don't understand why we need chroot. All my users are virtual they
don't have ssh or ftp access. I don't even run postfix chroot. A
directory like /home/user/ can still be created for each of them. All
they get is imap and web access anyway. Via web they can change their
password use webmail etc. Why does Geo use chroot?
Even if they are not virtual users why would users have anything to do
with the dbmail daemon. They are never starting dbmail directly. It's
always done over imap.
Security, the main reason geo uses seperate db's is to be able to
chroot a user to
only his own database and filesystem. That way the user can't be of
any harm to the rest of the filesystem.
I think, you misinterpreteted geo's reason behind having multiple
databases, which is from a security viewpoint and not performance.
3) xinetd
I guess we can't run it as daemon because each users needs a config
file. What disadvantage will initd / xinid bring with it? Are we now
having to run more instances of dbmail one for each user? Isn't the
daemon starting up a child for each user anyway? Are we going to have
a time delay for dbmail-imap to start?
In inetd mode, the server is started once for each request, but after
the request has finished, the server also stops running. This doesn't
scale all that nice.
4) MTA
How does Postfix know where to feed the email. Right now all we do is
dbmail-lmtp:localhost:24
Dbmail gets the email but which config file will be used to deliver?
Can this info be retrieved from the common db or dbmail-ldap?
Dbmail does not understand multiple config files at the moment! It
would be yours to implement.
You probably should make a script to use dbmail-smtp and give it an
configfile flag.
5) common sqlite db
How is having a common db which only root, dbmail, postfix and
php-sqlite have access to a security problem? Each user has it's own
db with the dbmail-alias table,.in a non user accesable space. The
common sqlite db gets periodically updated via cron or something with
that data. No user has access to it. Why use ldap?
By the way, isn't cyrus like that? Each user has a folder in a non
user accessible area.
Because, users have access to it through php, coming back to the sql
insertion problem.
It would not be an security issue if controles are only you have
access to it.
Php-sqlite speaks against this.
Let me summarise it as clearly as possible:
At the moment, DBmail has *not* got the ability to use multiple
config files and has *not* got the abiity to use multiple databases
(each for every user). Although geo has his setup working this way,
it is only because he has written extensive program's and patched
dbmail (not sure here).
You *can* try to get this setup up and running at your site but it is
*not* support in dbmail
(as in programwise). However we at the mailinglist wil be happy to
advise you on your quest.
so don't expect this to work after plain installing dbmail!!!!
/Marc
