Current time: 12-31-2024, 08:52 AM Hello There, Guest! (LoginRegister)


Post Reply 
Email security options
Author Message
bodysplit Offline
Junior Member
*

Posts: 45
Joined: Nov 2007
Reputation: 1
Post: #1
Email security options
I had already posted this on the german forums, but as suggested by BeNe I also make it public here.

After setting up 1.0RC2 and updating it to a more recent nighty, I have stumbled over some problems which might need changes in the future.

I already opened as a ticket are the typos in postfix configs. Hey it is also been fixed already!

Next, courier-auth is sending DIGEST-MD5 and CRAM-MD5 for authentication. I think besides IMAP and POP3, also SMTP is affected (I didn't check if sasl is using courier or MySQL). Anyhow, MD5-based auth doesn't work without a computed hash. ISPCP user creation should be modded according to this info. I personally prefer the generation of a userdb from MySQL as it realy speeds up mail server authentication, at least on my setup.

If MD5-based authentication works, we could kick out clear-text PASSWORD and LOGIN authentication on non-SSL connections, just to make sure a clear-text password is never being used.

Checking communication with several other public mail servers, I also had to find out that my self-signed certificate isn't accepted by some servers. Therefore mail is getting lost. I made it like Google and moved authentication completly to port 587. This said port 25 doesn't give AUTH or STARTTLS any more. 587 has to be used by every customer to send mail out, but it's working realy good. Perhaps it's an idea for 1.1.

Less on security, mailbox quotas aren't implemented per-user. Just like having an option to give every mailbox access to POP/IMAP and anti-virus/spam. I will check these and submit patches if I can.

Last, mail forwards are counted like mailboxes although they should be handled individually just like domain aliases.

Okay, that's it for some real long post.
11-02-2007 09:37 PM
Find all posts by this user Quote this message in a reply
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #2
RE: Email security options
One point is (seems to me).
Today it's not possible to have a mailbox temporarly act as forward only and then set back to normal mailbox.

So - the forward-being-mailbox is maybe not a bad solution but it should be possible to change from mailbox to forward without removing the mailbox (and all mails in it).
We already had this somewhere in the forum...

/J
11-02-2007 09:46 PM
Visit this user's website Find all posts by this user Quote this message in a reply
bodysplit Offline
Junior Member
*

Posts: 45
Joined: Nov 2007
Reputation: 1
Post: #3
RE: Email security options
I think this could be done. You have an alias lookup step and you have a mailbox lookup step. In the typical mysql-postfix howto's you'll find on the net, they mostly have 2 tables, one for the aliases and one for the mailboxes.

I will do some testings and think about the whole setup. At first I will exchange courier with dovecot. Then I will have a look at the delivery thing. The problem is, when we want to change a mailbox to an alias forever, the mail will not be deleted. But one might add an clear mailbox step for this in the web-interface.

This all comes together with mailbox quotas and stuff. I definitly will have a look at all this these days. I realy want to get my hands dirty Smile
11-02-2007 10:46 PM
Find all posts by this user Quote this message in a reply
raphael Offline
Member
***

Posts: 474
Joined: Apr 2007
Reputation: 8
Post: #4
RE: Email security options
Quote:mailbox quotas aren't implemented per-user
mailbox quotas ARE counted in the user's disk usage; but they aren't actually used by postfix
11-03-2007 11:15 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Cube Offline
Member
***

Posts: 740
Joined: Apr 2007
Reputation: 9
Post: #5
RE: Email security options
Quote:mailbox quotas ARE counted in the user's disk usage;
Which is quite strange. What do I need to change to disable this?
11-03-2007 11:53 AM
Find all posts by this user Quote this message in a reply
bodysplit Offline
Junior Member
*

Posts: 45
Joined: Nov 2007
Reputation: 1
Post: #6
RE: Email security options
raphael Wrote:
Quote:mailbox quotas aren't implemented per-user
mailbox quotas ARE counted in the user's disk usage; but they aren't actually used by postfix

That's the domain-users setting. I meant the individual email user. My domain owners want to give their users mailboxes with say 20 MB or one 50 MB oder 100 MB. Just like each should have a setting for accessing the mailbox via IMAP or POP. On the other hand, antivirus and antispam could be set on a per-domain basis (set by the resellers).
11-04-2007 07:51 PM
Find all posts by this user Quote this message in a reply
raphael Offline
Member
***

Posts: 474
Joined: Apr 2007
Reputation: 8
Post: #7
RE: Email security options
Quote:What do I need to change to disable this?
hack around the disk usage script of the engine

Quote:My domain owners want to give their users mailboxes with say 20 MB or one 50 MB oder 100 MB
you can do it by writing the proper map to be used (see the main.cf).
11-05-2007 04:16 AM
Visit this user's website Find all posts by this user Quote this message in a reply
BeNe Offline
Moderator
*****
Moderators

Posts: 5,899
Joined: Jan 2007
Reputation: 68
Post: #8
RE: Email security options
I found this HowTo on the Wishlist --> http://vhcs.puuhis.net/wiki/index.php/Mail_quota

Maybe you can work with it...

Greez BeNe
11-05-2007 04:41 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)