Best practize for $USER -> EMail

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Best practize for $USER -> EMail

Michelle Konzack
Hello *,

I have following server:

<storrage00.tdnet.eu>   (store all the UNIX users and
                         there content)

<mail.tamay-dogan.net>  (has <storrageNN> over NFS mounted)

<pgsql>                 (non public)

<tdhome.net>            (access all the ~/public_html/
                         on the <storrageNN> servers)

<tdcloud.net>           (access private date on
                         )

<vserver00.tdnet.eu>    (store websites and can access ~/web/
                         over NFS on <storrageNN> servers)

All the users where created on <storage00> as "normal"  UNIX  users  and
there login name is also there email address.  So, now you can  imagine,
that this give problems if <mail> is responsable for different  domains,
where maybe two users have the same names...

So my idea is, to use a script an rename all UNIX users by  a  construct
like
        user00001
        user00002
        user00003
        etc

and then use the /etc/courier/aliases/  directory  to  point  the  EMail
adresses to the new user construct.

Do you think, this is OK?

I mean, I do absolutely not want  to  use  LDAP.   But  I  can  use  the
PostgreSQL to use the mapping or whatever is required.  I  mean,  I  can
use pam_pgsql and courier authpgsql.

Since my users can creathe ANY mail names of there  choice,  every  user
has a ~/.courier_aliasses file which is maped  to  /etc/courier/aliases/
and whatched by a cron process for changes which run "makealiases".

Question:   Is there a limitation in the number if files or symlinks  in
            the /etc/courier/aliases/ directory? I think also  on  using
            my PostgreSQL for all this aliasses and  generate  only  one
            file automated which then run "makealiases"

            Any suggestions?

Thanks in avance

--
Michelle Konzack        ITSystems
GNU/Linux Developer     0033-6-61925193

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

signature.asc (853 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Best practize for $USER -> EMail

Sam Varshavchik
Michelle Konzack writes:

> So my idea is, to use a script an rename all UNIX users by  a  construct
> like
>         user00001
>         user00002
>         user00003
>         etc
>
> and then use the /etc/courier/aliases/  directory  to  point  the  EMail
> adresses to the new user construct.
>
> Do you think, this is OK?
>
> I mean, I do absolutely not want  to  use  LDAP.   But  I  can  use  the
> PostgreSQL to use the mapping or whatever is required.  I  mean,  I  can
> use pam_pgsql and courier authpgsql.
>
> Since my users can creathe ANY mail names of there  choice,  every  user
> has a ~/.courier_aliasses file which is maped  to  /etc/courier/aliases/
> and whatched by a cron process for changes which run "makealiases".
>
> Question:   Is there a limitation in the number if files or symlinks  in
>             the /etc/courier/aliases/ directory? I think also  on  using
>             my PostgreSQL for all this aliasses and  generate  only  one
>             file automated which then run "makealiases"
>
>             Any suggestions?
This is mostly a system limitation. Last time I read this topic, Linux  
starts to grind down with around 20000 files in the same directory. But  
that's old info, things might have changed. And that applies to native Linux  
filesystems. With NFS-mounted filesystems, this becomes an issue for the NFS  
server (won't matter if the server is also Linux, of course).

You don't have to have just one alias defined in each file of its own. You  
can put everything into a single alias file.

Linux userids are 32 bits; but it is not advised to use 32 bit userids for  
compatibility with filesystems and APIs that expect 16 bit UIDs. Pretty sure  
one of them is NFS, so that's going to be your limiting factor.



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

attachment0 (817 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Best practize for $USER -> EMail

Mark Constable
In reply to this post by Michelle Konzack
On 20/01/17 22:22, Michelle Konzack wrote:
> All the users where created on <storage00> as "normal" UNIX users
> and there login name is also there email address. So, now you can
> imagine, that this give problems if <mail> is responsable for
> different  domains, where maybe two users have the same names...

You could go completely virtual and store [hidden email] and
[hidden email] usernames in PG, MySQL or SQLite, along with
different home/maildir paths, quotas and uid/gids.

> Question: Is there a limitation in the number if files or symlinks
>  in the /etc/courier/aliases/ directory? I think also on using my
> PostgreSQL for all this aliasses and generate only one file
>automated which then run "makealiases" Any suggestions?

System aliases are certainly efficient but if you would consider
running maildrop as the delivery agent then you could "naturally"
split up all user aliasing to each users home dir dictated by the
above SQL query (not the /etc/passwd homedir, but could be the same.)

maildrop also provides per-user mailfilters which allows for per-user
vacation scripts along with a wide range of flexibility to do just
about anything.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Reply | Threaded
Open this post in threaded view
|

Re: Best practize for $USER -> EMail

Alessandro Vesely
In reply to this post by Michelle Konzack
On Fri 20/Jan/2017 13:22:26 +0100 Michelle Konzack wrote:
> So my idea is, to use a script an rename all UNIX users by  a  construct
> like
>         user00001
>         user00002
>         user00003
>         etc
>
> and then use the /etc/courier/aliases/  directory  to  point  the  EMail
> adresses to the new user construct.

That is going to imply having all users change their userid/password settings
on each device they have, isn't it?

> Do you think, this is OK?

An advantage is that naive password crackers will never try "userNNNNN", so
using an alias may deliver a somewhat better protection, especially for users
who pigheadedly use the same password for each website they subscribe to.

Ale

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
Reply | Threaded
Open this post in threaded view
|

Re: Best practize for $USER -> EMail

Gordon Messmer-2
In reply to this post by Michelle Konzack
On 01/20/2017 04:22 AM, Michelle Konzack wrote:
> All the users where created on <storage00> as "normal"  UNIX  users  and
> there login name is also there email address.  So, now you can  imagine,
> that this give problems if <mail> is responsable for different  domains,
> where maybe two users have the same names...
>
> So my idea is, to use a script an rename all UNIX users

I assume you mean that their login name is the left-hand-side of their
email address.  Is that right?

If your users are currently logging in with the username only, not the
domain, then regardless of how you store usernames in the password
files, you would need to change all of the clients if you want a
consistent work-around to the basic problem of having a different
"user1" in "example1.com" than in "example2.com".

Alternatively, you could leave your existing systems unchanged, and
engineer a new process for future domains.  If you have "user1" in
"example1.com" now and want to set up a separate user to receive "user1"
in "example2.com", you could create a user named "user1-example2.com"
and an alias that directs "[hidden email]" to that address.  You'd
lose the ability to use .courier files within those user accounts, but
it'd be a non-invasive change.

On the other hand, if you're OK with the idea of changing all of your
client configurations to use the full email address as a login name, you
still don't need to rewrite your password files.  If you can map
"[hidden email]" to "user0001", you can just as easily map the
existing accounts without changing them, and start using sequentially
numbered usernames for future accounts.  You'd just need to convert all
of your domains from local domains to virtual domains.

> I mean, I do absolutely not want  to  use  LDAP.   But  I  can  use  the
> PostgreSQL to use the mapping or whatever is required.  I  mean,  I  can
> use pam_pgsql and courier authpgsql.

Why PAM?  Are those users logging in to non-courier services?  Shell
accounts, maybe?



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
courier-users mailing list
[hidden email]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users