+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Development Area (/forum-1.html)
+--- Forum: Suggestions (/forum-2.html)
+--- Thread: Email security options (/thread-1699.html)
Email security options - bodysplit - 11-02-2007 09:37 PM
I had already posted this on the german forums, but as suggested by BeNe I also make it public here.
After setting up 1.0RC2 and updating it to a more recent nighty, I have stumbled over some problems which might need changes in the future.
I already opened as a ticket are the typos in postfix configs. Hey it is also been fixed already!
Next, courier-auth is sending DIGEST-MD5 and CRAM-MD5 for authentication. I think besides IMAP and POP3, also SMTP is affected (I didn't check if sasl is using courier or MySQL). Anyhow, MD5-based auth doesn't work without a computed hash. ISPCP user creation should be modded according to this info. I personally prefer the generation of a userdb from MySQL as it realy speeds up mail server authentication, at least on my setup.
If MD5-based authentication works, we could kick out clear-text PASSWORD and LOGIN authentication on non-SSL connections, just to make sure a clear-text password is never being used.
Checking communication with several other public mail servers, I also had to find out that my self-signed certificate isn't accepted by some servers. Therefore mail is getting lost. I made it like Google and moved authentication completly to port 587. This said port 25 doesn't give AUTH or STARTTLS any more. 587 has to be used by every customer to send mail out, but it's working realy good. Perhaps it's an idea for 1.1.
Less on security, mailbox quotas aren't implemented per-user. Just like having an option to give every mailbox access to POP/IMAP and anti-virus/spam. I will check these and submit patches if I can.
Last, mail forwards are counted like mailboxes although they should be handled individually just like domain aliases.
Okay, that's it for some real long post.
RE: Email security options - joximu - 11-02-2007 09:46 PM
One point is (seems to me).
Today it's not possible to have a mailbox temporarly act as forward only and then set back to normal mailbox.
So - the forward-being-mailbox is maybe not a bad solution but it should be possible to change from mailbox to forward without removing the mailbox (and all mails in it).
We already had this somewhere in the forum...
/J
RE: Email security options - bodysplit - 11-02-2007 10:46 PM
I think this could be done. You have an alias lookup step and you have a mailbox lookup step. In the typical mysql-postfix howto's you'll find on the net, they mostly have 2 tables, one for the aliases and one for the mailboxes.
I will do some testings and think about the whole setup. At first I will exchange courier with dovecot. Then I will have a look at the delivery thing. The problem is, when we want to change a mailbox to an alias forever, the mail will not be deleted. But one might add an clear mailbox step for this in the web-interface.
This all comes together with mailbox quotas and stuff. I definitly will have a look at all this these days. I realy want to get my hands dirty
RE: Email security options - raphael - 11-03-2007 11:15 AM
Quote:mailbox quotas aren't implemented per-usermailbox quotas ARE counted in the user's disk usage; but they aren't actually used by postfix
RE: Email security options - Cube - 11-03-2007 11:53 AM
Quote:mailbox quotas ARE counted in the user's disk usage;Which is quite strange. What do I need to change to disable this?
RE: Email security options - bodysplit - 11-04-2007 07:51 PM
raphael Wrote:Quote:mailbox quotas aren't implemented per-usermailbox quotas ARE counted in the user's disk usage; but they aren't actually used by postfix
That's the domain-users setting. I meant the individual email user. My domain owners want to give their users mailboxes with say 20 MB or one 50 MB oder 100 MB. Just like each should have a setting for accessing the mailbox via IMAP or POP. On the other hand, antivirus and antispam could be set on a per-domain basis (set by the resellers).
RE: Email security options - raphael - 11-05-2007 04:16 AM
Quote:What do I need to change to disable this?hack around the disk usage script of the engine
Quote:My domain owners want to give their users mailboxes with say 20 MB or one 50 MB oder 100 MByou can do it by writing the proper map to be used (see the main.cf).
RE: Email security options - BeNe - 11-05-2007 04:41 PM
I found this HowTo on the Wishlist --> http://vhcs.puuhis.net/wiki/index.php/Mail_quota
Maybe you can work with it...
Greez BeNe