Solved

Sendmail "virtual domains"

Posted on 2002-06-28
56
16,700 Views
Last Modified: 2013-12-18
OK, here's the situation on which I'm currently working - I want to have multiple domains on my mail server (i.e. example1.com, example2.com, example3.org, example4.net, etc) which is easy.  

I also want to be able to have the ability to have identical usernames across multiple domains, but have them refer to different accounts (i.e. bob@example1.com is a completely different mailbox than bob@example4.net), which is not too tough if you feel like remapping every user to a unique ID using virtusertable or other such schemes.

I also want to be able to allow users to check email via POP3, with the pop username using a format of username@somedomain.com (i.e. the actual username used in the POP3 transaction might be bob@example1.com or bob@example4.net), which has got me scratching my head.  I've seen software packages for other platforms that handle this well, but most of my google searches for linux mail software gets cluttered with sendmail references which fail to address this issue whatsoever.

Oh yeah, and I want to do it all on one IP (seriously).

Things that have occured to me (but which do not appeal, other than as a last resort):

1. recompile the pop3 daemon so it can figure out a mappings to a unique-id scheme (ala virtusertable)

2. read my O'Reilly sendmail tome 'till my eyes bleed to try and figure out a ruleset that will check local users before attempting to do an MX lookup/remote SMTP delivery (which would enable me to just create unix users called bob@example1.com, etc).

3. instead of recompiling pop3d, write a serious of scripts that would add links between unique mailboxes (ala virtusertable) and "fully qualified" references (i.e. bob@example1.com)



Of the above, I'm currently focusing on #2, and I suspect the winner(s) of pts here will probably provide that (if I don't get it first - in that case, the best suggestions get pts).  If anyone needs any clarification on any of the above, please ask.

I'm really hoping someone has seen this before (it doesn't sound too, crazy, does it?) and can just post the appropriate ruleset (care to take it away, Jim?)

Thanks,
-Jon

0
Comment
Question by:The--Captain
  • 32
  • 11
  • 9
  • +3
56 Comments
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
OS is Redhat 7.2 (sorry for not posting that originally).

Cheers,
-Jon
0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
(Doh!)

Sendmail 8.11.2
0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
Oops - I mean 8.1.6 - too many sessions open to too many places.

Cheers,
-Jon
0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
OK, I promise I will get it right this time - it's 8.11.6
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
Have you checked:
  http://www.sendmail.org/virtual-hosting.html

Do you insist on using pretty-good-old sendmail? Have you thought about using postfix?
0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
Yup - these solutions seem to be along the lines of #1 & #3 above - I'm really looking for a sendmail ruleset that will check local usernames (regardless of whether or not they contain the '@' character) before attemping to resolve the remote MX server for the recipient...

Cheers,
-Jon
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
it's far toooo long swapped out of my brain how to fiddle around with sendmails sophisticated rules. I give up here, but I check if I find something in my archive ...
If I'll not come back, I've no working solution, sorry.
0
 
LVL 15

Expert Comment

by:samri
Comment Utility
Jon,

I belive I came across a question closely similar to this one (http://www.experts-exchange.com/questions/Q_20311164.html)

To my understanding, it would be quite hard to get sendmail to do this (with the kbowledge I have, it would be impossible).  

It might be possible to hack sendmail, and the pop3 code to enable recipient to come from a different userlist (rather than the system passwd file), but  I would think that it would not be an easy job.

Alternately, it might be possible to use Qmail (I knew... this is Sendmail TA :)

http://www.qmail.org/top.html

There is one link that describes on how to get pop3, to work with non system account

http://www.pgregg.com/projects/

I hope the information could be of some help.

cheers.



0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
Thanks, all - I will try the samri URLs soon (btw, I've got no problem w/ using another open-src MTA - I just need to find some (fairly easy) way to make this happen) - for now it is time for sleep - keep those comments coming - I may yet up the pts...

Cheers,
-Jon
0
 
LVL 15

Expert Comment

by:samri
Comment Utility
0
 
LVL 15

Expert Comment

by:samri
Comment Utility
Jon,

I think this would qualify for 20pts, and an A+ grade.

http://www.experts-exchange.com/linuxnet/Q_20317546.html

cheers,
0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
http://www.pgregg.com/projects/qmail/singleuid/index.php

Yeah,this would work, but it's even uglier than my #3 above.  

Saw this http://www.whirlycott.com/phil/pop3.html here http://www.experts-exchange.com/questions/Q_20311164.html, and I have the same criticism

My solution has *got* to be scalable - I can't waste time fiddling with a bunch of silly files every time I want to add a new user/domain (I already have an easy way to add new domains and users - if I had a good sendmail.cf that does what I need, I'd be finished now).  Nothing against qmail - it's just that all those docs seemed to assume you had an hour on your hands for every new user/domain you wanted to add.

I already *have* a solution (#3 above) - use virtusertable to map everyone to unique IDs, and then put links in /var/spool/mail that map the unique IDs back to a user@domain.tld style address so folks can access their mailboxes sanely.  I need something easier than this - the qmail solutions seem on a par with my #3, or even more unscalable/difficult to implement.

I appreciate the suggestions (please don't think I'm ungrateful in any way) - I just need to keep looking...

Keep 'em coming, if ya got 'em...

Cheers,
-Jon
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
hmm, I still mentioned postfix, just a few examples from the configuration file, build your own opinion ...


# The local machine is always the final destination for mail addressed
# to user@[the.net.work.address] of an interface that the mail system
# receives mail on (see the inet_interfaces parameter).
#
# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key.  Continue long lines by starting the
# next line with whitespace.
#
mydestination = $myhostname, localhost.$mydomain, mail.example1.com, mail.example2.com, mail.example4.com
# The virtual_maps parameter specifies optional lookup tables to
# redirect specific addresses or even complete domains to another
# address. This is typically used to implement virtual domain support.
#
# By default, no address redirection is done.
#
# If you use this feature, run "postmap /etc/postfix/virtual" to
# build the necessary DBM or DB file after change.
#
# It will take a minute or so before the change becomes visible.
# Use "postfix reload" to eliminate the delay.
#
# virtual_maps = dbm:/etc/postfix/virtual
# virtual_maps = hash:/etc/postfix/virtual
# virtual_maps = hash:/etc/postfix/virtual, nis:virtual
# DELIVERY TO MAILBOX
#
# The home_mailbox parameter specifies the optional pathname of a
# mailbox relative to a user's home directory. The default is to
# deliver to the UNIX-style /var/spool/mail/user or /var/mail/user.
# Specify "Maildir/" for qmail-style delivery (the / is required).
#
#home_mailbox = Mailbox
#home_mailbox = Maildir/


0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
Maybe I'm being dense, but how is this different from virtusertable in sendmail?  That was the same problem I had with your sendmail suggestion (Well, not really a problem - I'm just waaayyy ahead of you there) - see #1 and #3 in my list of unappealling but possible solutions...

Cheers,
-Jon


0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
Recompiling pop3d (or maybe just finding a perl version that can be modified) to use virtusertable is seeming mroe and more appealing hehe...

Cheers,
-Jon
0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
Does anyone know of a perl pop3d that supports the sendmail mailbox format (yeah, I know there's a more technical name for that mailbox standard, but it escapes me)?  I'm not too worried about speed - I have a fair amount of perlcc experience if it becomes an issue...

Cheers,
-Jon
0
 
LVL 15

Expert Comment

by:samri
Comment Utility
Jon,

Have you tried searching CPAN?

http://search.cpan.org/search?mode=module&query=pop3

http://www.cpan.org/modules/by-authors/id/M/MT/MTIRAMANI/

However, it looks like it is supporting Qmail style maildir.  But might worth to look at.

cheers.
0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
Hadn't gotten to the CPAN searches yet (but thx for the reminder) - I will keep looking, since it seems like beariung down and writing a perl virusertable parser is going to be less painful than spending a week debugging sendmail rulesets - any thoughts on the security of using a perl pop3d to do what I am considering?

Many thanks,
-Jon

P.S.  Someone can still win gold here if they have the sendmail ruleset that I require...

0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
hmm, sounds that I didn't get the question right, need to reread it again, and again ... be patient with me.
0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
Executive summary:

I need to have POP users be able to specify their username as something like "bob@example1.com" (linux will permit such usernames, BTW), and have sendmail deliver mail to a mailbox called "bob@example1.com" - currently, if I try to deliver email to such an address via sendmail, sendmail thinks I want to deliver mail to the server responsible for "exmaple1.com", realizes that it refers to itself, then attmepts to deliver the message to the user "bob" on the system, rather than to the user "bob@example1.com", which is a real username present on the system.  I know I could work around it with virtusertable (or something like it), but most users don't understand the need to use a different (unique) POP username from their SMTP name, the need for scalability, nor the need for email admins to maintain their sanity.  I could get around this with a silly symbolic link scheme, a rewite of a POP daemon that checks the virtusertable (which removes the need for the silly symbolic link scheme), or a sendmail ruleset that checks the recipient address against the list of local users (from the passwd file) *before* attempting to determin the delivery method (which it thinks should be SMTP, given the '@' character present int the address).   Presently, I cannot stop sendmail from splitting "bob" and "example1.com" apart when it attempts to perform delivery.

And I can't do it with virtfs/chroot jails because I only have one IP.

Yeah, I know - that's the longest executive summary on record.

Hope that helps clarify...

Cheers,
-Jon (who thought this would be an easy 500 pts for someone [chuckle])


0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
samri - I had about as much luck as you in tracking down sendmail-compliant perl pop daemons - mostly wasted a lot of time tracking down dead URLs (or the software wound up being commercial/proprietary) - seems that there used to be such open-src beasts, but they seem to be almost extinct (someone please prove me wrong - seriously, I'd love to get my hands on one).

With such ill-luck, I've been thinking about the sendmail rulesets - according to my (admittedly fallable) reasoning, sendmail checks to see if local delivery is possible at some point (I'm guessing, based on my problem and prior readings, that this is after the domain is split off, and the server has determined that it hosts mail for said domain).  I think that all that may be needed is perhaps to copy the appropriate local user check ruleset and insert it above the ruleset that splits off the domain?  The only modification I can think of is that it needs to jump to the appropriate spot in the delivery ruleset (which should be the next line after the pasted block) if it determines the address to be locally valid - otherwise, rather than throwing an error, it just needs to continue through the rulesets.

Sounds simple, but I guarantee my eyes will still be bleeding from reading my O'Reilly if I ever manage to pull this off.  

Still hoping against hope for the miracle post...

Cheers,
-Jon
0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
Although I'm a top expert in the Security TA, I would like to know if there are any potential security considerations with regard to my proposed sendmail config (or any operational considerations) - I'm just trying to wrap my head around the reason for the processing of sendmail rulesets as they occur/appear by default in most sendmail.cf's [including stock sendmail in redhat 7.2] - why is local delivery deferred initially?)

Cheers,
-Jon

P.S.  Jim Levie - Where are you?  I have an almost complete certainty that you possess valuable info on this topic...  Your participation would be immeasurably appreciated.  I can only hope that my appeal to the EE gods, err, umh, hall-'o-famers does not go unnoticed...



0
 
LVL 40

Expert Comment

by:jlevie
Comment Utility
It sounds like what you are asking for is what I'd call a true virtual server capability, and to the best of my knowledge that doesn't currently exist. Some of the lastest additions to the Cyrus IMAP implemention come close, but I'm not convinced that they are completely ready for prime time.

Theoretically we could get sendmail to deliver mail to a local user with any form of username. As long as sendmail can be convinced that it is a local user name it will pass the message to a local delivery agent. This means that one could have inboxes like user@first-virtual.tld, user@second-virtual.tld. Obviously, the local delivery agent would need to be able to use inboxes with names of that form. The other part of the problem is in giving those users access to their INBOX. There is the possibility of doing that with Cyrus, and someone did manage that with a hack to an earlier version. Since Cyrus isn't required to use the system authentication methods, the username isn't bound by the same rules. And there's also the possibility of using SASL realms.

Then there is the problem of sendmail mail back thorugh the server. In the general case of virtual email addresses the users aren't on a local network and don't have fixed IP's this means that the best solution to allowing them access to the MTA, without becomming a promiscous relay, is to use SMTP AUTH. As is, I don't believe sendmail would accept usernames for authentication of the form user@domain, but that is probably fairly easy to adjust.

As I said, this capability doesn't quite exist as yet. But you could get pretty close with sendmail+virtusertable+AUTH in conjunction with Cyrus. I think, from what I've seen on the Cyrus list that you'd need to modify both sendmail and Cyrus to be able to have the users connection to IMAP/POP/MTA with a username of the desired form.
0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
Jim - you understand my problem perfectly...

Roaming users/dynamic IPs are not currently an issue - we use VPNs if it does, which removes the need for sendmail auth.

I have confirmed that my pop daemon does indeed permit users of this form ("bob@example1.com"), as does the system itself.  Only one thing currently missing...

>Theoretically we could get sendmail to deliver mail to a local user with any form of username

You got it.  Any way to turn theory into reality (.cf examples would reeeaallly help)....?

Cheers (and thanks),
-Jon
0
 
LVL 15

Expert Comment

by:samri
Comment Utility
Listening (silently and try to absorb as much as possible)...  :)
0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
Well, I've gotten a chance now to talk with all my colleagues whose opinions I cherish on this topic (thanks, again, Jim, for your input - you are definitely among those - been a while since last we spoke), and they pretty much agree - recompile pop3 (sigh), adjust sendmail.cf (sigh), or write some silly scripts that link unique virtusertable IDs with alternatively-named pop3 mailboxes (big sigh).

The only upside I can see to this is that if I can get #1 or #2 to work, then I can publicize myself (and my woefully slow consulting business) as "the guy that made true virtual domains possible on sendmail".  At least one of my colleagues has told me they will implement my solution if I can get #1 or #2 working, since it *is* something they would desire, if available...

Jim - I don't suppose you have heard of any BSD tools that will do this?  I tend to get isolated in my linux world sometimes...

BTW, the biggest kick in the pants (from a linux/open-src standpoint) is that many proprietary email systems do this already (I'm trying to replace an OS/2 server that has been doing this for the better part of 5 years - nothing against OS/2 - it's just that the system no longer will start the IP config control panel [ouch], and no one remembers enough about OS/2 to go setting up a whole new server).

Samri, did you get my recent off-list email?

Many thank to all contributors.

Cheers,
-Jon (who still can't believe he is the only one at EE working on this kind of thing)


0
 
LVL 15

Accepted Solution

by:
samri earned 200 total points
Comment Utility
Jon,

Yes, indeed.  Still thinking of what it write though.

This topic is indeed very interesting.  And I would be more that willing to stay awake and see how far it progressed.  Obviously, I thought that it would be close to impossible with current sendmail implementation.  BUT (the BIG but here), after going looking at the discussion, it is not that hard (hmm... since I'm not the one who does the coding :)) And I wonder why nobody ever think of that before.  Sure there is many admins out there that would be more that willing to pay for that kind of flexibility that sendmail could have offered.

I am just curious - did you have this feature when you purchase the Commercia version os Sendmail?

cheers.
0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
>did you have this feature when you purchase the Commercia version os Sendmail

If you're referring to Redhat Enterprise edition (with commensurate support), I think I can safely say that no, this is not an option without doing some of the things I have proposed (I have a client that has an Enterprise license, and support, and who encourages me to use it).

If you mean a commercial value-added sendmail solution (i.e. sendmail.com), then no, I haven't tried it - they seem to want $$ before considering your implementation, although a shop with enough .cf coders could certainly arrive at the soltion I require, I would think...  In any case, I did fill out the form to have their sales rep give me a call - I will post the info they provide back here (unless they restrict me via some license agreement or something)

Speaking of restrictions upon re-posting, is anyone here completely tired of these morons who have a .sig along the lines of: "Note: The information contained in this message
may be privileged and confidential and protected from
disclosure. If the reader of this message is not the
intended recipient, or an employee or agent responsible for
delivering this message to the intended recipient, you are
hereby notified that any dissemination, distribution or
copying of this communication is strictly prohibited. If
you have received this communication in error,
please notify us immediately by replying to the message
and deleting it from your computer blah blah blah".  Do these people really think they have a legal leg to stand on if I resend/repost their emails?  I think the courts have pretty much ruled that "assumed preagreement" is utter BS, but folks still seem to want to put such crap in their signatures.  If the requirements of my business did not permit me to utterly ignore these morons, I certainly would...

I will keep pounding on this one - fame and glory appear to await hehe...

Cheers,
-Jon
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 16

Author Comment

by:The--Captain
Comment Utility
And yes, I know that such .sigs are often added by the outbound email server (much like the yahoo or msn banners that appear below any emails sent through those systems) - it still does not excuse such behaviour - at least the sender could add their own personal .sig that says something to the effect of "please ignore the following corporate-mandated, idiotic .sig"

Cheers,
-Jon
0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
Please, though, do not let this discussion degenerate into a .sig contest/flamewar - I really want to find a decent solution to hosting multiple virtual sendmail domains on a single IP...

Cheers,
-Jon
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
oops, need to read lot of comments, so please be patient if I'm behind, somehow ..

Jim, ".. my knowledge that doesn't currently exist .."
Wrong. Sun's old Messanger, Netscape's and iPLanet's Messanger (and probably Sun One's Messanger) can do it. I'm shure for Netscape, `cause I did it, once, in the past ...
And, even I didn't it, I'm pretty shure that postfix can do it also.

But I'm off topic again, 'cause of the $$ (Sun, Netscape) suggestion, and 'cause Jon insists on sendmail ;-)
Sounds like #3 is the most effective way to go.

About the security: is there anybody really thinking about security when talking about pop3?

So, I'll go with samri: listening, not coding .cf (I stiil have the bleedy eyes too, from reading the bat-book)
0
 
LVL 3

Expert Comment

by:ITsheresomewhere
Comment Utility
Yep this was an interesting walk to a world before unknown and which still remains a mystery.  

gonna have to get that ux book out again and revitalize the grey matter. I might have had better luck sourcing a OS/2 repair.  hahahaha

ITsy

well off to a less virtual space of nuts,bolts,chips and wires.

0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
ahoffman - well done!  I am really rather flexible as to my choice of MTA - I will abandon sendmail completely if I can find any solution that fit my requirements wrt SMTP and POP3 integration (the reason I am preferring sendmail is that my admin gui (webmin) allows me to administer domains in a sane fashion, and to sub-delegate user additions, etc. to a specific admin for each domain (as well as providing webmail functionality)).

You keep mentioning postfix - I've got no problem with postfix - got a URL w/ examples of what I'm trying to do?

I welcome any solution to my problem - sendmail is not by any means a necessary component - my basic requirements are that it fits my intended functionality (identical POP3 and SMTP addresses), administration of each domain can be delegated to an appropriate admin, that it migrates easily from an existing config (where each user expect both their SMTP and POP names to be corresponding to the format of "user@domain.tld"), operates only on one IP (why would you need more than one (other than that it would solve everything hehe) given the proposed config?), and is scalable...

Cheers,
-Jon


0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
ITsy - glad to see you have joined the fray...

Cheers,
-Jon
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
http://www.postfix.org/ (isn't it simple:)
about the examples: I'm searching for you, keep waiting ...

About "delegated admin": iPlanet Messanger has this feature (sorry no experiance with it now).
AFAIK, you can download  iPlanet servers for free (trial, or whatever now) at http://wwws.sun.com/software/download/allproducts.html

Disclaimer: I'm not involved in any business at Sun, Netscape, iPlanet, ...
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
think this contains most you want to do:
  http://www.holgilein.de/coolprox/tequila
(don't worry about the .de, see the last sentence there, I'm used to this language, so feel free to ask me :-))

Loohing at http://www.postfix.org/addon.html might be worth too.



BTW, webmin has a module for postfix
     Cyrus also works with postfix (Jim mentioned it)
0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
I am delerious with joy as I seem to have found a solution along the lines of my #2.  

After excessive eye bleeding from digging into the depths of my O'Reilly Sendmail tome, I managed to track down the rulesets responsible for stripping away the domain portion of the email address.  I have only done limited testing with this config, but it seems to work...

First of all, you will need to specify global users (that appear across all domains) by defining them in the 'L' class like this:

CLroot

Then change the s line in the Parse1 ruleset (which is part of ruleset 0) - the relevant part of my old config used to look like this:



# short circuit local delivery so forwarded email works


R$=L < @ $=w . >   $#local $: @ $1       special local names
R$+ < @ $=w . >    $#local $: $1         regular local name



And now it looks like this:



# short circuit local delivery so forwarded email works


R$=L < @ $=w . >   $#local $: @ $1      special local names
R$+ < @ $=w . >    $#local $: $1@$2     regular local name



Note the addition of '@$2' to that last line.  Also, the EnvToL ruleset must be modified in exactly the same way - here's my old version of EnvToL:


#  Envelope recipient rewriting
#
SEnvToL=20
R$+ < @ $* . >       $: $1              strip host part


and here is the new version:


#  Envelope recipient rewriting
#
SEnvToL=20
R$+ < @ $* . >       $: $1@$2              strip host part



Note the identical change (adding '@$2')

I thought I might have to adjust my local mailer definition, but in the end I did not - in any case, here it is:

Mlocal,         P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,
                T=DNS/RFC822/X-Unix,
                A=procmail -Y -a $h -d $u




Can anyone see any abvious flaws with this config?


In any case, I will split pts among contributing experts.

Cheers,
-Jon
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
wow, that's why some people insist on pretty good old sendmail ;-)
0
 
LVL 15

Expert Comment

by:samri
Comment Utility
Jon,

My are expertise really ends and general sendmail support (:, somehow I would believe ahoffman, jlevie, or markt might be able to do the ruleset testing.

I would surely love to see the working solution as much as you did, but reading the sendmail macro... hmmm... ummm.... (remember the cold-syrup when you are 3-4 years old...:)

The pts... hmmm... sounds good.. But I think you might deserve the pts for the solution.  I'm not sure about the EE policy, if let say I want to *buy* your solution, and post a separate pts for you.  :)

I have't got much time to reply to you mail.

cheers.
0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
OK, the server is in limited production - seems to be working great!  Now, if only I the developers of usermin could work out the bugs (particularly in the webmail portion), I'd be set...  (Anyone care to suggest some free/open src http->pop3 gateways or other unix-based webmail software?  That would be superb - I'll even kick in some extra pts)

Sorry about the pt split delay - been a busy week - I'll take care of it soon...

Cheers,
-Jon

0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
> .. superb ... http->pop3 ..

hmm, and simple to admin too, and with secure transport (SSL): I'm interested too.
0
 
LVL 15

Expert Comment

by:samri
Comment Utility
Jon,

There might be such packages.  Off hand, all I can think at the moment perl modules.  Maybe Mail-POP3Client, or POP3Client.

This is what I might be good at - giving links;
http://dmoz.org/Computers/Software/Internet/Clients/Mail/Web-Based/

cheers.

0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
Thanks samri for the excellent URL - I had forgotten about acmemail - thanks for the reminder!

I will keep everyone here posted...

Cheers,
-Jon
0
 
LVL 15

Expert Comment

by:samri
Comment Utility
Jon,

I had a pts giveaway for you in Lounge TA;

http://www.experts-exchange.com/jsp/qManageQuestion.jsp?qid=20321068


cheers
0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
samri - thx - I *never* get lounge pts

OK - time for the grand summary...

Everything works fine, the solution being:

1 .Use webmin to delegate acct creation within a particular domain to sub-admins (the only fault this has is that admin@example1.com could conceivably create a user called bob@example2.net, but a 5 line script can check for those anomalies [mismatched user suffix against GID] and blow them away every so often.)

2. Rewrite two lines of sendmail.cf (described above) so that sendmail will not strip the domain when attempting local delivery.

3. Use usermin to allow web-based access to user-level functions i.e. change password, adjust forwarding, add fetchmail rules, set up (and use) GPG, read mail via usermin webmail.  This (usermin webmail) is actually a benefit for me in this config, since I will never have to listen to anyone whining "I can't check my yahoo mail from this webmail form" (like I might w/ acmemail), because the only mailbox to which usermin allows access is the local mailbox on the system, avoiding http->pop3 gateways (as nice as they may be in other stuations [a tip o' the hat to ahoffman].  If they want to access other mailboxes via the webmail form, that's what fetchmail config is for.  One other nice thing about usermin (this explanation is here for folks who don't use it much) is it's webmail form integrates with it's GPG config, which allows you to send signed email directly from the webmail form (and even Outlook recognizes the signature - not much freeware can claim that!).  BTW, this (#3) was the main reason I was avoiding virtualized (non-user) mailboxes as suggested by postfix/qmail configs (although aparently usermin *does* support checking mail on qmail systems - maybe something to look into in the future).

So, my work with mail server development seems at an end (for now).  I hope this config benefits someone other than myself - I spent waaayyy to much time on it to be the only person to find it helpful hehe....

In any case, I'm off to CS for the pt split - here's how I see it breaking down...

200 - samri
175 - ahoffman
150 - jlevie
25 - Itsy

Any objections (yeah, I know that's 550pts - shouldn't be hard to accomplish under a normal pt split)?  I will add pts (since I have them to burn) if anyonwe feels they aren't receiving their due...

Cheers,
-Jon



0
 
LVL 3

Expert Comment

by:ITsheresomewhere
Comment Utility
Oh Captain

Thanks for the offer but I just enjoyed watching the dogged determination.  Now package it with a nice wrapper full of marketing BS and sharware it.  ha ha ha

you keep the points.

ITsy
0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
Sorry - already posted the pt split request - you're not getting away that easy hehe

Seriously, I wanted to thank everyone that participated here - I think it was worth 25 pts to know that you didn't have an explicit solution offhand (and I enjoyed the OS/2 comment - not many folks remember OS/2, but I'm betting most of the contributors here do)...  Be glad I didn't dumnp more pts on you hehe (besides, we have to get our EE Pro somehow ;-)...

Cheers,
-Jon


0
 
LVL 1

Expert Comment

by:Computer101
Comment Utility
I think I got it right.  4 experts.  Points reduced to 125 for split.

:-)

Computer101
E-E Moderator
0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
I guess that works - I'll just re-up the pts to 200 (for samri) and post additional Q's to distribute as mentioned.

Cheers (and thanks, Comp101),
-Jon
0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
Thanks again to all who participated here - the moral support was invaluable.

Cheers,
-Jon
0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
P.S.  samri - I didn't have to use acmemail because upgrading usermin resolved all the bugs I was seeing in the old version, and it integrates seamlessly w/ webmin
0
 
LVL 15

Expert Comment

by:samri
Comment Utility
Jon,

Thanks for the appreciation.

I bet I'll check out the RH and try to simulate the scenario, and Webmin/Usermin stuff.

cheers.

ps/ I still owe you one email reply. :)
0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
samri - Email me off-site with a preferred username/password, and you can see it firsthand (same goes for any of the other contributors - if you don't know my email address, just ask).  If you have a domain to play with, I can let you see how the admin side for each domain works, as well (or I guess I could just setup a fake one [domain])

The only thing I can't give you is full admin access on the webmin side (for obvious reasons).  I am serious about the rest, though - I would like to see more testing of delegation of lesser authority to sub-admins, many of which I will wind up knowing less than I know the folks a
around here.

Cheers,
-Jon (who still can't believe he managed to come up with a successful alteration to sendmail rulesets, except for the stabbing eye pain reminding him)



0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
For anyone who's still interested, I've got my next question lined up (prob to be posted in linux networking, with a link here in the sendmail TA), to wit:

What's the best way to duplicate/update the current mailserver config (including ongoing domain and user additions) across multiple servers (for the purposes of redundancy)?  I've played w/ rsync (integrated w/ ssh) and others, and I will use DNS to resolve connectivity issues...  As usual, I will probably come up with my own best solution (just ask Jim), but I am (again, as usual) willing to split pts between folks genuinely trying to help.

Cheers,
-Jon

0
 
LVL 15

Expert Comment

by:samri
Comment Utility
Jon,

Well it's quite obvious, giving an admin access would be as good as goving somebody a free-ride :)

For starters on the new thread:  Maybe anybody would be willing to write a *new* webmin module for this.

The sendmail config -  perhaps we could reverse-engineers the .cf file and come up with it's equivalent .mc, it would be nice.  Assuming the most unix would have m4 installed, it would not be a problem to just "m4 xyz.mc > sendmail.cf"

cheers.
0
 
LVL 16

Author Comment

by:The--Captain
Comment Utility
>The sendmail config -  perhaps we could reverse-engineers the .cf file and come up with it's equivalent .mc, it would be
>nice.  Assuming the most unix would have m4 installed, it would not be a problem to just "m4 xyz.mc > sendmail.cf

That would be cool, except after these 2 1/2 years I still suck at m4 - I just wanted to mention that this solution saved my ass once again today...

Cheers,
-Jon
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
Email signatures have numerous marketing benefits. Here are 8 top reasons to turn your email signature into a marketing channel.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now