[OpenAFS] qmail and user mail accounts in AFS

Brian Huntley bhuntley@clarkson.edu
Mon, 23 Feb 2004 15:57:13 -0500 

This is a multipart message in MIME format.
--=_alternative 00731A3A85256E43_=
Content-Type: text/plain; charset="US-ASCII"

We used  IP-based ACL's to get around the token problem.  We created a 
subdirectory in ~/ in which the new, cur and tmp dir's lived.  Then, we 
created PTS users/groups that contained the IP's of our mail servers, and 
gave those groups write access into the mail subdirectory.  Just make sure 
your mail servers are hardened, as IP ACL's  represent a significant 
security issue.

I'll put our patch on my web site... feel free to give it a test drive 
http://www.clarkson.edu/~bhuntley/qmail-1.03-clarkson.patch
Beware that this patch does some other stuff, too... there is a 00CHANGES 
file also there that explains what the patch does.  I didn't write any of 
it, so use any/all at your own risk, yadda,yadda...

HTH...
-b

--
Brian T. Huntley, Systems Administrator
Office of Information Technology
Clarkson University
bhuntley@clarkson.edu -- 315.268.6723
"UNIX *is* user friendly. It's just selective about who its friends are."




"Michael Raitza" <m.raitza@gmx.net> 
02/23/2004 14:10

To
Brian Huntley <bhuntley@clarkson.edu>
cc

Subject
Re: [OpenAFS] qmail and user mail accounts in AFS






> We delivered all of our users' email directly into AFS for several years 

> using qmail.... We modified it for a variety of site-specific needs, but 

> included in that was making it such that delivering into a 
maildir-format 
> inbox didn't require a hardlink across directories, which AFS forbids. 
All
> 
> of our mods were based on qmail 1.03.  Is this the problem you are 
having?

Yes, I read about that but was unable to 'tweak' qmail. The other problem 
is
to get qmail afs tokens for delivery.

 
> Best,
> Brian

Thanks in advance,
Michael

-- 
GMX ProMail (250 MB Mailbox, 50 FreeSMS, Virenschutz, 2,99 EUR/Monat...)
jetzt 3 Monate GRATIS + 3x DER SPIEGEL +++ http://www.gmx.net/derspiegel 
+++



--=_alternative 00731A3A85256E43_=
Content-Type: text/html; charset="US-ASCII"


<br><font size=2 face="sans-serif">We used &nbsp;IP-based ACL's to get
around the token problem. &nbsp;We created a subdirectory in ~/ in which
the new, cur and tmp dir's lived. &nbsp;Then, we created PTS users/groups
that contained the IP's of our mail servers, and gave those groups write
access into the mail subdirectory. &nbsp;Just make sure your mail servers
are hardened, as IP ACL's &nbsp;represent a significant security issue.</font>
<br>
<br><font size=2 face="sans-serif">I'll put our patch on my web site...
feel free to give it a test drive http://www.clarkson.edu/~bhuntley/qmail-1.03-clarkson.patch</font>
<br><font size=2 face="sans-serif">Beware that this patch does some other
stuff, too... there is a 00CHANGES file also there that explains what the
patch does. &nbsp;I didn't write any of it, so use any/all at your own
risk, yadda,yadda...</font>
<br>
<br><font size=2 face="sans-serif">HTH...</font>
<br><font size=2 face="sans-serif">-b</font>
<br>
<br><font size=2 face="sans-serif">--<br>
Brian T. Huntley, Systems Administrator<br>
Office of Information Technology<br>
Clarkson University<br>
bhuntley@clarkson.edu -- 315.268.6723<br>
&quot;UNIX *is* user friendly. It's just selective about who its friends
are.&quot;<br>
</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>&quot;Michael Raitza&quot;
&lt;m.raitza@gmx.net&gt;</b> </font>
<p><font size=1 face="sans-serif">02/23/2004 14:10</font>
<td width=59%>
<table width=100%>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td valign=top><font size=1 face="sans-serif">Brian Huntley &lt;bhuntley@clarkson.edu&gt;</font>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td valign=top>
<tr>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td valign=top><font size=1 face="sans-serif">Re: [OpenAFS] qmail and user
mail accounts in AFS</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><font size=2><tt>&gt; We delivered all of our users' email directly
into AFS for several years <br>
&gt; using qmail.... We modified it for a variety of site-specific needs,
but <br>
&gt; included in that was making it such that delivering into a maildir-format
<br>
&gt; inbox didn't require a hardlink across directories, which AFS forbids.
All<br>
&gt; <br>
&gt; of our mods were based on qmail 1.03. &nbsp;Is this the problem you
are having?<br>
<br>
Yes, I read about that but was unable to 'tweak' qmail. The other problem
is<br>
to get qmail afs tokens for delivery.<br>
<br>
 <br>
&gt; Best,<br>
&gt; Brian<br>
<br>
Thanks in advance,<br>
Michael<br>
<br>
-- <br>
GMX ProMail (250 MB Mailbox, 50 FreeSMS, Virenschutz, 2,99 EUR/Monat...)<br>
jetzt 3 Monate GRATIS + 3x DER SPIEGEL +++ http://www.gmx.net/derspiegel
+++<br>
<br>
</tt></font>
<br>
--=_alternative 00731A3A85256E43_=--