On Sun, May 19, 2002 at 03:56:43AM -0500, [EMAIL PROTECTED] wrote: > As for risky. Well the whole point of the script system is to add a pop mail > box for a user. But in order to do this i have to do the following: > > add user to the passwd/shadow file > add user to the virtusertable and genericstable > recompile the sendmail config files > > Then and only then is the new mailbox ready for use. This is the only way I > can think of to accomplish this via an automated web proccess. I dont even > know if you can do it any other way with out touching the passwd/shadow > files?
If all you want to do is give out POP3 mailboxes, you can accomplish this by doing something at the MTA (Mail Transport Agent, aka mail server) level. For example, installing qmail (http://www.lifewithqmail.org/lwq.html) with qmail-pop3d [note: qmail replaces sendmail] and VMailMgr (http://www.vmailmgr.org/). Under this configuration, adding a new POP3 mailbox would involve just changing files owned by a normal user of the system (instead of root). Advantages of my solution: - Increased security. Everything in your mailbox system would be owned by an unpriviledged user of the system rather than root. - qmail/Maildir is generally higher performance than sendmail/mbox. Disadvantages of my solution: - You have to replace sendmail with qmail and relearn some stuff. Be prepared to spend a few hours figuring stuff out. > You could migrate to a database based mail authentication solution. > Postfix+cyrus springs to mind. The above is also a valid way to do it, with similar advantages and disadvantages as my solution. (Postfix replaces sendmail.)
