Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 04 Oct 2006 23:10:52 +0200
From:      Erik Norgaard <norgaard@locolomo.org>
To:        White Hat <pigskin_referee@yahoo.com>
Cc:        FreeBSD Users Questions <freebsd-questions@freebsd.org>
Subject:   Re: Virtual Users sharing main account
Message-ID:  <4524235C.20501@locolomo.org>
In-Reply-To: <20061004203500.25860.qmail@web34402.mail.mud.yahoo.com>
References:  <20061004203500.25860.qmail@web34402.mail.mud.yahoo.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
White Hat wrote:
> I doubt if this is possible; however, I thought I would inquire anyway.
> 
> Assuming a domain name of 'company.com', we want to add a group of users who could send and receive mail using this domain name; however, we do not want to give them shell accounts. They would access the system simply to send or receive their email. I have SSL/TLS set up and working correctly. At this time we also do not want to set up sub domains like: 'sales.company.com' either, although it may come to that.
> 
> I read through the Virtual documentation and I do not think it is possible. Is that correct, or is there a way to accomplish it.

This can be done. If you only want to serve one domain any imap/pop 
server will do: dovecot, cyrus-imap or currier all serve fine as MDA's 
(although I've only tried cyrus). Postfix is easy to setup as MTA.

For authentication you have a number of choices: The easy is to add 
users as unix users, you don't need to give them a shell, just use 
/sbin/nologin. Then you need to setup sasl with saslauthd.

This setup is fine for small scale. For large scale you may want to look 
at authentication using ldap and choose the more powerful MDA.

If you need virtual domains, or serve multiple domains and allow 
user@domain1.com to be different from user@domain2.com then you 
definitely need ldap and the powerful MDA.

Last time I checked dovecot did not support virtual domains.

One last thing: If you don't rely on unix accounts then you need tell 
the MTA which accounts to receive mail for. Otherwise you can get 
DDOS'ed: The MTA will receive the entire mail (spam) and attempt local 
delivery to the MDA, when this fails try to return it.

This is quickly a lot of data and resources that is sucked up. I have 
tried that, not fun! If the MTA knows valid recipients then a lot of 
junk can be quickly rejected. There are spammers that mail random addresses.

Cheers, Erik
-- 
Ph: +34.666334818                      web: http://www.locolomo.org
X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt
Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?4524235C.20501>