Mail Server Managing

The ISP that I work for wants to setup a new mail "system" to process outgoing and incoming emails.  The reason is because right now we have ONE single machine running BSDI with Sendmail and QPopper and the load is just too much for thousands of clients.
The Sysadmin's latest idea is to separate the Sendmail/Qpopper processes into 2 different computers dedicated to each task.  Problem is he also wants to centralize our Userbase and _separate_ it from the regular /etc/passwd file, such that our ISP clients are in a user database COMPLETELY independent of the local password files.  Is this possible? We will be using Sendmail with Procmail to process delivery and Qpopper to process POP3 requests.  Can these programs be configured to use another password file than /etc/passwd?  The end being separating our local users (sysadmins only) from our isp email users (plain mortals :)

One more thing... even if all this were possible, is it a good idea? is there any alternative better than this? Any help on the subject will be VERY much appreciated.  I have recently been "promoted" from software design to NOC and have been bestowed with incredible tasks that I don't even know much about.  I learn fast but I don't know where to look for information...

LVL 18
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

well, your question has many parts. basic answers:

  1. yes, it _is_ possible.
  2. coding is required.

more detailed answers:

  replace the username lookup in sendmail and
qpopper with an SQL lookup into a database. The
tables are not that complex and we did that for my
previous ISP (we being me and a friend). True - we
used a single machine for mail and pop (and used
qmail to boot).

  on two machines, you will need to have one service
taking the filesystem from the net (eg. via NFS). I
suggest this be the popper, not sendmail or qmail.

  for mail delivery to local users (i.e. the admins), you
will have to add the admins to the database.

  as for this being a good or bad idea - depends on the
number of users and the load. it will certainly be simpler
to get a stronger machine and disable telnet/ssh from
anywhere outside your local net.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DropZoneAuthor Commented:
  Thanx... that is exactly what I was looking for. I am ready to accept the answer and give you the points, but as one last request I would like you to answer these few questions.  I have increased the point because I consider the original question answered, but want to see if you can help me further.

We have at the moment over 25k users, this is the reason why we want to separate sendmail and qpop services.  We will certainly add the sysadmins to the user_db for mail so that they too can receive local e-mail, and will limit the /etc/passwd users to jsut the sysadmins and close telnet from outside access.

We will setup a filesystem that will contain the local mailboxes.  This machine will be running the qpopper service, not sendmail. We will mount this fs via NFS to the other(s) machine(s) (the one running sendmail) so that they all share one single mail storage area.

Now, my question is, _how_ do I change the user lookup from sendmail and qpop into an SQL lookup to a database? I am somewhat familiar with SQL.

Well - I would do the very reverse thing (with
sendmail at least)  -mount the filesystem via NFS
for qpopper. This mainly because sendmail is
quite finicky with permissions on the spool files
(if you use spool files).

If you prefer to mount the spool dir via sendmail via
NFS, remember to NOT squash_root on the NFS

As for _replacing_ the sendmail user lookup -
we did it for qmail... but the system should not be
different - in the sendmail source, find the file
that does the getpwnam(3) call and replace that
section of code with an appropriate SQLlib call.

you will have to have the spool files themselves
owned by a bogus user and sendmail return the
filename based on the SQL call.
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

DropZoneAuthor Commented:
  Thanx once again.  Then you suggest I setup the mailbox dir (e.g. /var/mail) on the sendmail machine and _export_ it to the qpop machine? we'll consider it.

I am sorry to bother you more, but could you send an example of the SQLlib call, and would you explain in more details about the bogus user for the spool files, I did not quite understand that.

I have incremented the points to 400 for your troubles.  If you think this goes completely out of your way or if it warrants more, let me know.

hmmm... I would prefer using qpop via nfs, not

As for the SQLlib (again - I do NOT know which DB
you intend to use). I suspect that sendmail does
something along the lines of:

  #include <pwd.h>
  struct passwd *pwd_entry;

  // obtain user_name somehow or other

  if ((pwd_entry = getpwdnam(user_name)) == NULL) {
    //explode in some spectacular way
    return -1;
  } else {
    // yummy - we found the user, let's do it!

  The getpwnam call should be replaced with the
sql library call appropriate for the DB you use (eg.
Oracle, mysql, sybase, etc). The query itself should
be along the lines:

  SELECT * FROM users WHERE (uname == \

  Since I am acquainted only with mysql (and that
from an 18-month perspective), I suggest you
check the manual for the DB you use.

  As for the bogus user for the spool files - since
the mail users are NOT in the PWD database and,
since you are NOT replacing the entire authentication
mechanism of the OS, you do NOT have uid info for
the mail users and will require a bogus uid for the
mailbox ownership.
DropZoneAuthor Commented:
Thank you.  I am kinda familiar with mySQL, so that is what we will be using. Thank you so much for your help.  I will propose your comments to the sysadmin and my boss and see work from there.

Again, I appreciate all your help :)
well done, i tototally agree his suggestion.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.