From: Kuba Jakubik kuba.jakubik@poczta.fm
To: debian-security@lists.debian.org
Subject: Re: securing pop3
Date: Sat, 08 Feb 2003 15:52:37 +0100
Kristof Goossens wrote:
>I need to make a pop3 account on my server. I intend to
work with
>ipop3d to provide secure pop3 service. Now I want to provide
this
>service for only few people, and I don't want them to have an
account
>on the system. Well, they can have a pop3 account, but no
other access
>whatsoever...
>
>I don 't like the idea of giving them an account and setting
their
>shell to /bin/false. So my question is: "Is it possible to
create a
>pop3 account without needing to modify the /etc/passwd
file?"
but it's the simplest way - /bin/false as a shell and they
have only
access to pop3
you need the users to have an account on the system, so smtp
can receive
mail for them afaik.
GreetZ
BIGHard
--
() ascii |GIT d--- s: a--- C UL++++ P+ L+++ E--- W+ N o-- K++
w--- O
/\ ribbon|M- V- PS++ PE Y PGP t 5 X R tv-- b+ DI+ D+ G++ e- h! r+
y+
RLU#165711
From: tps@unslept.com
To: debian-security@lists.debian.org
Subject: Re: securing pop3
Date: Sat, 8 Feb 2003 09:42:59 -0500
On Sat, Feb 08, 2003 at 03:23:33PM +0100, Kristof Goossens wrote:
> I need to make a pop3 account on my server. I intend to
work with
> ipop3d to provide secure pop3 service. Now I want to provide
this
> service for only few people, and I don't want them to have
an account
> on the system. Well, they can have a pop3 account, but no
other
> access whatsoever...
>
> I don 't like the idea of giving them an account and setting
their
> shell to /bin/false. So my question is: "Is it possible to
create a
> pop3 account without needing to modify the /etc/passwd
file?"
Use Perdition, the pop/imap proxy. They should only know the
machine
that is running the proxy, and you can point it to whatever
server you
want, and they shouldn't know about it. Or, you can use one of
the
'sealed servers' like Cyrus
Tim
--
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
>> Tim Sailer (at home) >< Coastal Internet, Inc.
<<
>> Network and Systems Operations >< PO Box 671
<<
>> http://www.buoy.com
>< Ridge, NY 11961 <<
>> tps@unslept.com/tps@buoy.com
>< (631)924-3728 (888) 924-3728 <<
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
From: Tim van Erven tve@vormig.net
To: debian-security@lists.debian.org
Subject: Re: securing pop3
Date: Sat, 8 Feb 2003 16:50:38 +0100
On Sat, 08/02/2003 03:52 +0100, Kuba Jakubik wrote:
> Kristof Goossens wrote:
>> So my question is: "Is it possible to create a pop3
account without
>> needing to modify the /etc/passwd file?"
You should use a pop3 server that supports virtual users,
like
popa3d[1].
> you need the users to have an account on the system, so
smtp can
> receive mail for them afaik.
Nou you don't, you just need to configure your MTA to accept
mail for
them. If you're using exim you could add the following
director:
virtualuser:
driver = aliasfile
transport = local_delivery
file = /etc/vmail
search_type = lsearch
Then put the names for the users you want to receive mail for
in
/etc/vmail. You'd probably want to define a custom transport
though.
1. http://www.openwall.com/popa3d/
--
Tim van Erven tve@vormig.net
Fingerprint: F6C9 61EE 242C C012
OpenPGP Key ID: 712CB811 36D5 BBF8 6310 D557 712C B811
From: Dan Wilder dan@ssc.com
To: linux-questions-only@ssc.com
Subject: fwd: Re: [TAG] wrestling with postfix...
Date: Sun, 19 Jan 2003 09:01:44 -0800
Briefly, you can't do normal UNIX mail delivery except to
users
from /etc/passwd. However you _can_ do POP3/IMAP delivery
to a software that maintains its own list of users. You're
looking
for something like Cyrus. You'll find it under the POP3/IMAP
servers
section of
http://www.postfix.org/addon.html
Take the time to browse the other pages of the postfix.org site.
--
Dan Wilder