Date: Fri, 06 Dec 2002 10:55:49 -0800
From: Glen Mehn (glen@burningman.com)
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020623 Debian/1.0.0-0.woody.1
To: debian-security@lists.debian.org
Subject: Re: pop mail recommendations

Jeff AA wrote:

>Second the recommendation for courier.
>
>We have exim / courier [pop imap pops imaps] using maildir formats
>and controlled from mysql for virtual users accepting mail for about
>20 domains.
>
>We did compare with Cyrus, but that fell down on integration with
>exim.
>
>This is the list dpkg -l *courier* | grep ii shows:
>
>ii courier-authda 0.37.3-2.3 Courier Mail Server authentication daemon
>ii courier-authmy 0.37.3-2.3 MySQL Authentication for Courier Mail Server
>ii courier-base 0.37.3-2.3 Courier Mail Server Base System
>ii courier-imap 1.4.3-2.3 IMAP daemon with PAM and Maildir support
>ii courier-imap-s 1.4.3-3.1 IMAP daemon with SSL, PAM and Maildir suppor
>ii courier-pop 0.37.3-2.3 POP3 daemon with PAM and Maildir support
>ii courier-pop-ss 0.37.3-3.1 POP3 daemon with SSL, PAM and Maildir suppor
>ii courier-ssl 0.37.3-3.1 Courier Mail Server SSL Package

third the recco for courier/exim. lightweight, fast, reliable. You can also use sqwebmail for your webmail, which is written by the courier author(s), and uses the same libs to talk directly to the maildir folders. It'll allow users to login and change passwords (which may require sqwebmail to be setuid root if you authenticate off of /etc/passwd, which you likely don't want to do, but use postgres or something instead)

ymmv, but this is definitely the way to go for me.

From: "Jeff AA" (jaa.debian@aquabolt.com)
To: debian-security@lists.debian.org
Subject: RE: pop mail recommendations
Date: Fri, 6 Dec 2002 14:17:53 -0000

Phillip Hofmeister (plhofmei@zionlth.org) wrote:
> On Fri, 06 Dec 2002 at 12:48:19PM -0000, Jeff AA wrote:
>
>> We have exim / courier [pop imap pops imaps] using maildir formats
>> and controlled from mysql for virtual users accepting mail for about
>> 20 domains.
>
> How do you handle virtual user password changes with this setup? Can
> the users change their own password?

A little HTTPS PHP web page lets users change passwords, enter a vacation message or set up personal exim filters. We don't allow remote pop3 or imap - all is SSL wrapped. We run SquirrelMail through https for users who want a Web client.

The nicest thing, IMO, though, is that we only allow relay for authenticated smtp connections via TLS and have a system filter that automatically copies all outgoing mail into a Sent folder - we don't have to rely on buggy clients, and users that have several PCs/laptops etc, can see ALL their Sent items in a single server-side imap folder.

All our domains, users and aliases are read by exim from a local mysql instance.

Using maildir format makes it easy for exim to filter into sub-folders etc. We can have shared folders with a single READ status for our tech team, etc., etc.

Regards
Jeff