[OpenAFS] mail spool on AFS
Paul Blackburn
mpb@est.ibm.com
Wed, 21 Nov 2001 12:34:20 +0000
Hello Enesha,
I have run a production system that delivered email to $HOME/.mail
where $HOME is in AFS. It works very well. It also has some advantages
of scaling because you can clone the mail delivery machine, set the
MX precedence equal for both and then distribute the mail delivery load
between two machines. Once you have two or more running, you can
take one out of service (eg for maintenance) and mail continues
to be delivered.
The other advantage is that because mail is delivered to $HOME
the responsibility for managing the space used by email belongs
to the user. IMHO, this is better than the system administrator
having to worry about the capacity of /var/spool/mail/.
I also disabled use of the .forward file because it could have been
used to exploit the access that the authenticated sendmail daemon has.
IMHO, a managed /etc/aliases file is better than free-for-all
with .forward files.
I implemented "AFS authenticated sendmail" on AIX.
Basically, you authenticate the sendmail daemon as, say, "sendmail" and
then you set ACLs to allow this AFS-id to write $HOME/afsmail/
and link $HOME/afsmail/.mail to $HOME/.mail
[mpb@localhost mpb]$ ls -ld .mail
lrwxr-xr-x 1 7335 root 13 Jan 15 1999 .mail ->
afsmail/.mail
[mpb@localhost mpb]$ fs la afsmail
Access list for afsmail is
Normal rights:
system:administrators rlidwka
mpb rlidwka
sendmail rliwk
The sendmail daemon shares a PAG (Process Authentication Group) with
a re-auth daemon. This way, the sendmail daemon continues to have
authentication.
You can find my scripts etc here:
http://www.angelfire.com/hi/plutonic/images/authsendmail.tar.Z
I hope this helps.
--
cheers
paul http://acm.org/~mpb
Enesha Fairluck wrote:
> Evening
>
>
>
> I am trying to place my /var/spool/mail into afs space, and am
> having troubles trying to do the permissions. A bit new to AFS, so
> the concept might be obvious and just evading my grasp:) I understand
> about the standards such as system:anyuser and system:authuser but not
> sure how to parlay any of that into something useful for me:) I am
> using the latest OpenAFS on RH7.1. I've tried seeking advice in the
> docs, but they have been limited help, tho I get a better
> understanding every minute:) Any help would be appreciated:) Thanks!
>
>
>
> --E
>
>
>
>
>
> DES class struggle munitions supercomputer Waco, Texas Peking Kennedy
> arrangements Serbian NORAD toluene pits Albanian strategic KGB
> [See http://www.aclu.org/echelonwatch/index.html for more about this]
>