Re: very long passwd
On Fri, Aug 04, 2000 at 11:39:51AM +0200, Joaquin Ferrero wrote: I have 200.000 users. The most part only have email service. The file /etc/passwd es very, very long... but es necessary for IMAP server to check the home directory for every user. i'm surprised you get that many users in a passwd file. the passwd uid field is a 16 bit integer, which only allows for 65536 users total. i guess you must be sharing uidsprobably a bad idea. debian, btw, allows you to convert your passwd and group files into a hashed db files (stored in /var/lib/misc). to enable it, edit /etc/nsswitch.conf and change the lines: passwd:compat group: compat shadow:compat to passwd:db files group: db files shadow:db files then remember to run the Makefile in /var/lib/misc every time you add/change/delete a user. or set up a cron job to do it every 5 or 10 minutes: */10 * * * * cd /var/lib/misc ; make /dev/null 21 i'd say that this would scale up to 2^16 users. any more than that and you want to look for a better tool. this will probably work for you - looking up an entry in a db file is a LOT faster than sequentially searching a flat text file - but you have more users than can really be supported by 16bit uids so you should look into something designed to do the job like cyrus (see below). nss_mysql is the only solution? Now, I have mysql to auth users for proftpd apache via PAM (pam_mysql) Sendmail can't delivery emails to not existents users (it check /etc/passwd). IMAP server need /etc/passwd for check user home dir. With pam_mysql check the user but not the home dir. Any solution for only-email users without /etc/passwd file??? How can to have many users easy? you probably want to look at the cyrus mail system (which is packaged for debian). don't be put off by the "non-free" status, the license is free enough for most practical purposes, but doesn't quite meet the debian free software guidelines. you will need at least the cyrus-common, cyrus-admin, and cyrus-imapd packages. Package: cyrus-admin Priority: extra Section: non-free/mail Installed-Size: 76 Maintainer: Michael-John Turner [EMAIL PROTECTED] Architecture: i386 Source: cyrus-imapd Version: 1.5.19-3 Depends: libc6 (= 2.1.2), libdb2 (= 1:2.4.14-7), tcl8.0 (= 8.0.4) Filename: dists/unstable/non-free/binary-i386/mail/cyrus-admin_1.5.19-3.deb Size: 38252 MD5sum: b5fa894cf5b47389abb873d1c4d10bc2 Description: CMU Cyrus mail system (administration tool) Cyrus is a fully-featured IMAP daemon, with a number of features not found in other IMAP implementations, including: o Designed to handle massive quantities of mail o No need for users to have login accounts o Support for POP3 in addition to IMAP o Servers don't run as root o Easy support for mail quotas . Note: Cyrus doesn't support reading from and storing mail in your standard mail spool - it stores mail in a separate directory in its own MH-like format. . This package contains the cyradm tool which can be used to administer both local and remote Cyrus mail systems. cyrus' mailbox format is similar to the Maildir format so should be NFS safe (or at least as safe as anything is likely to be under NFS). i haven't used cyrus myself yet in any serious way, just played with it a bit. it looks good, i'm impressed. cyrus will work with sendmail or exim or most other mailers (dunno if it works with qmail). i'd recommend using it with postfix, because postfix is about the best mailer available - it's fast, secure, and backwards compatible with sendmail. from what i've read on the postfix-users list, cyrus + postfix makes an excellent combination. postfix scales extremely well. i would guess that your mail server is straining under an extremely high load average with 200,000 users on sendmail. under postfix it would just chug along barely breaking a sweat. craig -- craig sanders -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: very long passwd
On Fri, Aug 04, 2000 at 11:39:51AM +0200, Joaquin Ferrero wrote: I have 200.000 users. The most part only have email service. The file /etc/passwd es very, very long... but es necessary for IMAP server to check the home directory for every user. i'm surprised you get that many users in a passwd file. the passwd uid field is a 16 bit integer, which only allows for 65536 users total. i guess you must be sharing uidsprobably a bad idea. debian, btw, allows you to convert your passwd and group files into a hashed db files (stored in /var/lib/misc). to enable it, edit /etc/nsswitch.conf and change the lines: passwd:compat group: compat shadow:compat to passwd:db files group: db files shadow:db files then remember to run the Makefile in /var/lib/misc every time you add/change/delete a user. or set up a cron job to do it every 5 or 10 minutes: */10 * * * * cd /var/lib/misc ; make /dev/null 21 i'd say that this would scale up to 2^16 users. any more than that and you want to look for a better tool. this will probably work for you - looking up an entry in a db file is a LOT faster than sequentially searching a flat text file - but you have more users than can really be supported by 16bit uids so you should look into something designed to do the job like cyrus (see below). nss_mysql is the only solution? Now, I have mysql to auth users for proftpd apache via PAM (pam_mysql) Sendmail can't delivery emails to not existents users (it check /etc/passwd). IMAP server need /etc/passwd for check user home dir. With pam_mysql check the user but not the home dir. Any solution for only-email users without /etc/passwd file??? How can to have many users easy? you probably want to look at the cyrus mail system (which is packaged for debian). don't be put off by the non-free status, the license is free enough for most practical purposes, but doesn't quite meet the debian free software guidelines. you will need at least the cyrus-common, cyrus-admin, and cyrus-imapd packages. Package: cyrus-admin Priority: extra Section: non-free/mail Installed-Size: 76 Maintainer: Michael-John Turner [EMAIL PROTECTED] Architecture: i386 Source: cyrus-imapd Version: 1.5.19-3 Depends: libc6 (= 2.1.2), libdb2 (= 1:2.4.14-7), tcl8.0 (= 8.0.4) Filename: dists/unstable/non-free/binary-i386/mail/cyrus-admin_1.5.19-3.deb Size: 38252 MD5sum: b5fa894cf5b47389abb873d1c4d10bc2 Description: CMU Cyrus mail system (administration tool) Cyrus is a fully-featured IMAP daemon, with a number of features not found in other IMAP implementations, including: o Designed to handle massive quantities of mail o No need for users to have login accounts o Support for POP3 in addition to IMAP o Servers don't run as root o Easy support for mail quotas . Note: Cyrus doesn't support reading from and storing mail in your standard mail spool - it stores mail in a separate directory in its own MH-like format. . This package contains the cyradm tool which can be used to administer both local and remote Cyrus mail systems. cyrus' mailbox format is similar to the Maildir format so should be NFS safe (or at least as safe as anything is likely to be under NFS). i haven't used cyrus myself yet in any serious way, just played with it a bit. it looks good, i'm impressed. cyrus will work with sendmail or exim or most other mailers (dunno if it works with qmail). i'd recommend using it with postfix, because postfix is about the best mailer available - it's fast, secure, and backwards compatible with sendmail. from what i've read on the postfix-users list, cyrus + postfix makes an excellent combination. postfix scales extremely well. i would guess that your mail server is straining under an extremely high load average with 200,000 users on sendmail. under postfix it would just chug along barely breaking a sweat. craig -- craig sanders
RE: very long passwd
-Mensaje original- De: Jeremy C. Reed [mailto:[EMAIL PROTECTED]] Enviado el: viernes, 04 de agosto de 2000 19:38 Para: Joaquin Ferrero CC: [EMAIL PROTECTED] Asunto: Re: very long passwd On Fri, 4 Aug 2000, Joaquin Ferrero wrote: I have 200.000 users. The most part only have email service. Are they for different domains? If so, you could use different password files for each domain. (This is what I do.) And you can also use databases (instead of flat-text) for the authentication. What databases? What is the name of debian package? You'd also need to have your IMAP server be able to use these authentication databases (or password files). (I don't use IMAP though -- I use POP3.) authentication is ok with pam_mysql. The problem is that IMAP server need the home dir location. Jeremy C. Reed http://www.reedmedia.net/ http://bsd.reedmedia.net/ Thanks! Joaquin Ferrero [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: very long passwd
-Mensaje original- De: Jeremy C. Reed [mailto:[EMAIL PROTECTED] Enviado el: viernes, 04 de agosto de 2000 19:38 Para: Joaquin Ferrero CC: debian-isp@lists.debian.org Asunto: Re: very long passwd On Fri, 4 Aug 2000, Joaquin Ferrero wrote: I have 200.000 users. The most part only have email service. Are they for different domains? If so, you could use different password files for each domain. (This is what I do.) And you can also use databases (instead of flat-text) for the authentication. What databases? What is the name of debian package? You'd also need to have your IMAP server be able to use these authentication databases (or password files). (I don't use IMAP though -- I use POP3.) authentication is ok with pam_mysql. The problem is that IMAP server need the home dir location. Jeremy C. Reed http://www.reedmedia.net/ http://bsd.reedmedia.net/ Thanks! Joaquin Ferrero [EMAIL PROTECTED]
RE: very long passwd (in spanish)
-Mensaje original- De: Alberto [mailto:[EMAIL PROTECTED] Enviado el: viernes, 04 de agosto de 2000 22:22 Para: Joaquin Ferrero; debian-isp@lists.debian.org Asunto: Re: very long passwd Just add a wrapper before procesing any incoming mail which auth on mysql. --- Antes de pasar el mail al delivery añade un nivel de chequeo via wrapper (ahora que lo pienso puedes hacerlo tb añadiendolo como status de retorno de una regla que definas) y que sea quien autentifique en el mysql. bye At 11:40 04/08/00 +0200, Joaquin Ferrero wrote: I have 200.000 users. The most part only have email service. The file /etc/passwd es very, very long... but es necessary for IMAP server to check the home directory for every user. Buenas... gracias por la respuesta, aunque no la pillo muy bien... :) El problema no es la autentificación (podría quitar el flag w del procmail (que lo tengo puesto como local mailer del sendmail) (Thanks, brian moore!). Como dije antes, puedo colocar los buzones, cada uno en su cuenta virtual, con la ayuda del procmail (o dejo al sendmail que lo deje en /var/spool/mail). El problema es cuando IMAP va a ver, por una parte el buzón principal en /var/spool/mail y por otra parte los buzones privados de esa persona, en su cuenta. Y para saber donde está la cuenta, necesita saber eso: el home dir. Asi que consulta el passwd. Ahora estoy en conversaciones con el programador del nss_mysql que dice que es justo lo que necesitamos. Joaquin Ferrero [EMAIL PROTECTED]
RE: very long passwd
What databases? What is the name of debian package? libpam-pwdb authentication is ok with pam_mysql. The problem is that IMAP server need the home dir location. thats what you need nss for. it can authenticate not only passwords against varoius services
Re: very long passwd
The file /etc/passwd es very, very long... but es necessary for IMAP server to check the home directory for every user. nss_mysql is the only solution? nope. Now, I have mysql to auth users for proftpd apache via PAM (pam_mysql) there is also ldap, pg_sql and, probably what you want - dbpam, which keeps copy of passwd and shadow in db-files which are very fast to search. i've seen this solution first in freeBSD, and it's default solution there now, methinks. it's simple, fast, and doesen't rely on unreliable programs like mysql. Sendmail can't delivery emails to not existents users (it check /etc/passwd). you can use nsswitch to handle this. hmm, besides, i don't think sendmail is such bad and useless piece of software, I don't like it, but i am sure it can deliver emails to non-existent users. common' it's childish with exim. IMAP server need /etc/passwd for check user home dir. With pam_mysql check the user but not the home dir. I don't think so, although I recently disabled imap and stayed with pop, I had no problem with imapserver. Any solution for only-email users without /etc/passwd file??? yes, hell lot of solutions exist. you just need to choose one that fits you. How can to have many users easy? I fell in love with ldap, it's easy to set-up, easy to administer, easy to programm, and quite easy to write web-based admin tools which are safe. regards, Eyck -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: very long passwd
On Fri, 4 Aug 2000, Joaquin Ferrero wrote: I have 200.000 users. The most part only have email service. Are they for different domains? If so, you could use different password files for each domain. (This is what I do.) And you can also use databases (instead of flat-text) for the authentication. This is pretty easy with Exim. (It is well-documented with examples at the Exim site.) You'd also need to have your IMAP server be able to use these authentication databases (or password files). (I don't use IMAP though -- I use POP3.) Jeremy C. Reed http://www.reedmedia.net/ http://bsd.reedmedia.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: very long passwd
Just add a wrapper before procesing any incoming mail which auth on mysql. --- Antes de pasar el mail al delivery añade un nivel de chequeo via wrapper (ahora que lo pienso puedes hacerlo tb añadiendolo como status de retorno de una regla que definas) y que sea quien autentifique en el mysql. bye At 11:40 04/08/00 +0200, Joaquin Ferrero wrote: I have 200.000 users. The most part only have email service. The file /etc/passwd es very, very long... but es necessary for IMAP server to check the home directory for every user. nss_mysql is the only solution? Now, I have mysql to auth users for proftpd apache via PAM (pam_mysql) Sendmail can't delivery emails to not existents users (it check /etc/passwd). IMAP server need /etc/passwd for check user home dir. With pam_mysql check the user but not the home dir. Any solution for only-email users without /etc/passwd file??? How can to have many users easy? Joaquin Ferrero [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: very long passwd
On Fri, Aug 04, 2000 at 11:40:11AM +0200, Joaquin Ferrero wrote: I have 200.000 users. The most part only have email service. The file /etc/passwd es very, very long... but es necessary for IMAP server to check the home directory for every user. nss_mysql is the only solution? Now, I have mysql to auth users for proftpd apache via PAM (pam_mysql) Sendmail can't delivery emails to not existents users (it check /etc/passwd). IMAP server need /etc/passwd for check user home dir. With pam_mysql check the user but not the home dir. Any solution for only-email users without /etc/passwd file??? You can tell sendmail to not look at /etc/passwd. This is the 'F=w' flag in sendmail for your local mailer. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: very long passwd
The file /etc/passwd es very, very long... but es necessary for IMAP server to check the home directory for every user. nss_mysql is the only solution? nope. Now, I have mysql to auth users for proftpd apache via PAM (pam_mysql) there is also ldap, pg_sql and, probably what you want - dbpam, which keeps copy of passwd and shadow in db-files which are very fast to search. i've seen this solution first in freeBSD, and it's default solution there now, methinks. it's simple, fast, and doesen't rely on unreliable programs like mysql. Sendmail can't delivery emails to not existents users (it check /etc/passwd). you can use nsswitch to handle this. hmm, besides, i don't think sendmail is such bad and useless piece of software, I don't like it, but i am sure it can deliver emails to non-existent users. common' it's childish with exim. IMAP server need /etc/passwd for check user home dir. With pam_mysql check the user but not the home dir. I don't think so, although I recently disabled imap and stayed with pop, I had no problem with imapserver. Any solution for only-email users without /etc/passwd file??? yes, hell lot of solutions exist. you just need to choose one that fits you. How can to have many users easy? I fell in love with ldap, it's easy to set-up, easy to administer, easy to programm, and quite easy to write web-based admin tools which are safe. regards, Eyck
Re: very long passwd
On Fri, 4 Aug 2000, Joaquin Ferrero wrote: I have 200.000 users. The most part only have email service. Are they for different domains? If so, you could use different password files for each domain. (This is what I do.) And you can also use databases (instead of flat-text) for the authentication. This is pretty easy with Exim. (It is well-documented with examples at the Exim site.) You'd also need to have your IMAP server be able to use these authentication databases (or password files). (I don't use IMAP though -- I use POP3.) Jeremy C. Reed http://www.reedmedia.net/ http://bsd.reedmedia.net/
Re: very long passwd
Just add a wrapper before procesing any incoming mail which auth on mysql. --- Antes de pasar el mail al delivery añade un nivel de chequeo via wrapper (ahora que lo pienso puedes hacerlo tb añadiendolo como status de retorno de una regla que definas) y que sea quien autentifique en el mysql. bye At 11:40 04/08/00 +0200, Joaquin Ferrero wrote: I have 200.000 users. The most part only have email service. The file /etc/passwd es very, very long... but es necessary for IMAP server to check the home directory for every user. nss_mysql is the only solution? Now, I have mysql to auth users for proftpd apache via PAM (pam_mysql) Sendmail can't delivery emails to not existents users (it check /etc/passwd). IMAP server need /etc/passwd for check user home dir. With pam_mysql check the user but not the home dir. Any solution for only-email users without /etc/passwd file??? How can to have many users easy? Joaquin Ferrero [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: very long passwd
On Fri, Aug 04, 2000 at 11:40:11AM +0200, Joaquin Ferrero wrote: I have 200.000 users. The most part only have email service. The file /etc/passwd es very, very long... but es necessary for IMAP server to check the home directory for every user. nss_mysql is the only solution? Now, I have mysql to auth users for proftpd apache via PAM (pam_mysql) Sendmail can't delivery emails to not existents users (it check /etc/passwd). IMAP server need /etc/passwd for check user home dir. With pam_mysql check the user but not the home dir. Any solution for only-email users without /etc/passwd file??? You can tell sendmail to not look at /etc/passwd. This is the 'F=w' flag in sendmail for your local mailer.