From owner-freebsd-questions@FreeBSD.ORG Wed Oct 4 21:12:10 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6307216A403 for ; Wed, 4 Oct 2006 21:12:10 +0000 (UTC) (envelope-from norgaard@locolomo.org) Received: from strange.daemonsecurity.com (59.Red-81-33-11.staticIP.rima-tde.net [81.33.11.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id C9E4A43D6B for ; Wed, 4 Oct 2006 21:12:09 +0000 (GMT) (envelope-from norgaard@locolomo.org) Received: from [10.35.4.65] (65.4-35-10-static.chueca.wifi [10.35.4.65]) by strange.daemonsecurity.com (Postfix) with ESMTP id A39F22E024; Wed, 4 Oct 2006 23:12:08 +0200 (CEST) Message-ID: <4524235C.20501@locolomo.org> Date: Wed, 04 Oct 2006 23:10:52 +0200 From: Erik Norgaard User-Agent: Thunderbird 1.5.0.7 (X11/20060916) MIME-Version: 1.0 To: White Hat References: <20061004203500.25860.qmail@web34402.mail.mud.yahoo.com> In-Reply-To: <20061004203500.25860.qmail@web34402.mail.mud.yahoo.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Users Questions Subject: Re: Virtual Users sharing main account X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Oct 2006 21:12:10 -0000 White Hat wrote: > I doubt if this is possible; however, I thought I would inquire anyway. > > Assuming a domain name of 'company.com', we want to add a group of users who could send and receive mail using this domain name; however, we do not want to give them shell accounts. They would access the system simply to send or receive their email. I have SSL/TLS set up and working correctly. At this time we also do not want to set up sub domains like: 'sales.company.com' either, although it may come to that. > > I read through the Virtual documentation and I do not think it is possible. Is that correct, or is there a way to accomplish it. This can be done. If you only want to serve one domain any imap/pop server will do: dovecot, cyrus-imap or currier all serve fine as MDA's (although I've only tried cyrus). Postfix is easy to setup as MTA. For authentication you have a number of choices: The easy is to add users as unix users, you don't need to give them a shell, just use /sbin/nologin. Then you need to setup sasl with saslauthd. This setup is fine for small scale. For large scale you may want to look at authentication using ldap and choose the more powerful MDA. If you need virtual domains, or serve multiple domains and allow user@domain1.com to be different from user@domain2.com then you definitely need ldap and the powerful MDA. Last time I checked dovecot did not support virtual domains. One last thing: If you don't rely on unix accounts then you need tell the MTA which accounts to receive mail for. Otherwise you can get DDOS'ed: The MTA will receive the entire mail (spam) and attempt local delivery to the MDA, when this fails try to return it. This is quickly a lot of data and resources that is sucked up. I have tried that, not fun! If the MTA knows valid recipients then a lot of junk can be quickly rejected. There are spammers that mail random addresses. Cheers, Erik -- Ph: +34.666334818 web: http://www.locolomo.org X.509 Certificate: http://www.locolomo.org/crt/8D03551FFCE04F0C.crt Key ID: 69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9