popa3d POP3 server users

Solar Designer | 27 Jun 2004 23:56

Re: New User: Supports selective pop3 access? Ldap? support?

On Fri, Jun 25, 2004 at 03:10:16PM +0530, Abhishek Daga wrote:
> My current setup is Redhat 9.0 (kernel 2.4.20-31.9) with Postfix, LDAP, 
> CourierIMAP running a virtual server (with 20 odd domains).
> 
> Now, the goal is to have a setup such that only some users are allowed 
> pop3 access and the rest are denied.

Without virtual domains, PAM authentication with pam_listfile module
is the way to go.  With virtual domains, which approach would work
best for you depends on the details of your existing setup.

> I am not sure how I could go about using popa3d as a proxy with ldap 
> authentication and the courier-imap (Real proxy that i have).

I don't understand this question.  What do you mean when you speak
about using popa3d and Courier-IMAP as "proxies"?

--

-- 
Alexander Peslyak <solar@...>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

headers

Abhishek Daga | 28 Jun 2004 04:52

Re: New User: Supports selective pop3 access? Ldap? support?

Hello,
Thank you for the help. However we were already working with perdition and
were looking at alternatives. We did get perdition working finally.

When time permits in the next few weeks we would also be trying out popa3d
to see if it works with or configuration.

To clarify my question below,
IMAP-Courier is my REAL pop3 Server and LDAP is where all the account
information is stored as opposed to mysql. They will not be used as
proxies, but popa3d(or perdition) will be used as a proxy to "allow" or
"deny".
It can also be used to balance the load across several machines.

thank you again
abhishek

> On Fri, Jun 25, 2004 at 03:10:16PM +0530, Abhishek Daga wrote:
>> My current setup is Redhat 9.0 (kernel 2.4.20-31.9) with Postfix, LDAP,
>> CourierIMAP running a virtual server (with 20 odd domains).
>>
>> Now, the goal is to have a setup such that only some users are allowed
>> pop3 access and the rest are denied.
>
> Without virtual domains, PAM authentication with pam_listfile module
> is the way to go.  With virtual domains, which approach would work
> best for you depends on the details of your existing setup.
>
>> I am not sure how I could go about using popa3d as a proxy with ldap
>> authentication and the courier-imap (Real proxy that i have).

(Continue reading)

headers

Solar Designer | 28 Jun 2004 14:53

Re: New User: Supports selective pop3 access? Ldap? support?

On Mon, Jun 28, 2004 at 08:22:46AM +0530, Abhishek Daga wrote:
> To clarify my question below,
> IMAP-Courier is my REAL pop3 Server and LDAP is where all the account
> information is stored as opposed to mysql. They will not be used as
> proxies, but popa3d(or perdition) will be used as a proxy to "allow" or
> "deny".

popa3d can "allow" or "deny", but it can't be used as a POP3 proxy.
It is a POP3 server, not a POP3 proxy.

If you only want to "allow" or "deny" things, I suggest that you
configure your POP3 server (be it Courier or popa3d) to do that, --
not complicate things by moving some of the authorization checks to a
proxy server.

> It can also be used to balance the load across several machines.

That really does require a POP3 proxy, -- but I doubt that you have
sufficient load to justify it.  How many mailboxes do you have in all
of your domains?  If it's under, say, 20k, then one machine is enough.

Also, from my experience, SMTP deliveries are more likely to become
the performance bottleneck than the POP3 sessions.  Observe:

 1798515  453804.75re     708.31cp         0avio       432k   sendmail*
  911290   18310.03re     283.84cp         0avio       184k   popa3d*
  314347    1529.92re     187.02cp         0avio       201k   procmail.system
  634367     295.63re     122.68cp         0avio       201k   grep
  314340     510.67re      19.12cp         0avio       246k   dynamic-check
     614    1403.75re      16.83cp         0avio       426k   sendmail

(Continue reading)