Re: Pop mail virtual user security [LONG]

[Christopher W. Curtis]

On 12/07/02 12:54, Tim van Erven wrote:

[much stuff I didn't read]

  /etc/virtualusers just contains the names of the virtual users I want
  to allow.

- The current permissions for the mailboxes
  /home/virtual/popa3d/127.0.0.1/mail/${local_part} are like:

  -rw-rw----    1 mail     mail            0 Dec  7 17:33 test
  -rw-rw----    1 tve      mail            0 Dec  7 17:30 tve

I did something similar using solid-pop3d and virtual hosts. I created a "master" account, akin to root, but not, that owns everything, and each vhost has its own list of users as a standard Exim alias. Ie:

domain: fooboy.com
username: fooboy
aliases: /etc/mail/fooboy.com
spool: /var/mail/fooboy.com/*

Each file in /var/mail is owned by 'fooboy.mail' and then each 'administrator' for fooboy.com can log in as fooboy and maintain their own email aliases, forwarders, responders, mailing lists, etc.

2) How are the passwordhashes in /etc/shadow generated from the
   salt+password? I can't use 'passwd' to update popa3d's auth files, so
   I need to generate them some other way.

Solid-pop3d (CVS only for VHosting) comes with spadm for this, but if you're using standard /etc/shadow type crypt() entries, use htpasswd.

Chris


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]