[OpenAFS] mail spool on AFS
Enesha Fairluck
enesha@sunflower.org
Tue, 20 Nov 2001 00:22:47 -0500
Forcing imap at this time is not an option. We are in an ISP environment
and users are barely able to comprehend and use their pop3, and out webmail
solution for their mail. We also have our servers seperated in as much as
we have one that does the virus scanning, which saves to a directory, and
another machine picks it up for delivery, and the webmail service is another
one altogether, though it does in fact use imap for it's access. Currently
we are using NFS to make this, and several other directories, constantly
available. We are having, what I can only hope, are some file locking
issues centered around the NFS and had hoped that AFS would solve our
problems in this respect, and allow us to move to the next phase of our
expansion. Are there specific reasons that mail on AFS is a bad idea? We
didn't read of the mail on NFS problems until it was already too late to
make a difference Thanks again for your input
----- Original Message -----
From: "Derek Atkins" <warlord@MIT.EDU>
To: "Enesha Fairluck" <enesha@sunflower.org>
Cc: <openafs-info@openafs.org>
Sent: Monday, November 19, 2001 11:27 PM
Subject: Re: [OpenAFS] mail spool on AFS
> It has been shown over and over again that putting /var/spool/mail
> in AFS is a Bad Idea (TM). Use IMAP. You're MUCH better off
> in MANY ways.
>
> If you absolutely insist on using AFS for /var/spool/mail (perhaps
> because you're a masochist or you feel you want to use inferior
> technology to solve your problem), you need to make sure that your
> mail server has write access into the /var/spool/mail volume. This
> can be a challenge as the mail daemon tends to change users all the
> time, for each user for which it delivers mail.
>
> In particular, you are going to want to give the mailer daemon write
> (rlidwk) access. There are many ways to accomplish this:
>
> 1) Give the mailer daemon a token. You do this by giving it a
> kerberos principal and having it obtain a token periodically from
> a keytab.
>
> 2) Use IP Acls. This isn't as secure, and anyone on the server can
> access the mail spool, but you don't need to deal with kerberos
> principals and keytabs.
>
> If, however, you use IMAP, then users can still store their mail in
> AFS when they download it from the server, and you don't have to deal
> with all this authentication crap. Even better, you can use IMAP over
> SSL and users can encrypt their mail as they download it.
>
> -derek
>
> "Enesha Fairluck" <enesha@sunflower.org> writes:
>
> > Evening
> >
> > I am trying to place my /var/spool/mail into afs space, and am =
> > having troubles trying to do the permissions. A bit new to AFS, so the
=
> > concept might be obvious and just evading my grasp:) I understand about
=
> > the standards such as system:anyuser and system:authuser but not sure =
> > how to parlay any of that into something useful for me:) I am using =
> > the latest OpenAFS on RH7.1. I've tried seeking advice in the docs, =
> > but they have been limited help, tho I get a better understanding every
=
> > minute:) Any help would be appreciated:) Thanks!
> >
> > --E
> >
>
> --
> Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> Member, MIT Student Information Processing Board (SIPB)
> URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
> warlord@MIT.EDU PGP key available
>