headers
Nicolas De Bari Embriz Garcia Rojas | 1 Jun 2006 01:38
Favicon

Re: Restricting pop3 / imap access

Hi, you can try to use the accountStatus  on the ldiff of the user  
and  LDAP_FILTER (if you use courier-imap)  in conjunction that could  
help

On May 31, 2006, at 10:53 AM, Diego Zuaneti Arruda wrote:

>  Hi all,
>
>   Somebody knows some way to restrict the access of some user only  
> to POP3 but not IMAP. I thought about something in the attribute it  
> schema as noimap would not have access to the IMAP.
>
>   Suggestions?
>
>
>
> Thanks.
>
> Diego.
>
Permalink | Reply | 0 comments |
headers
jay alvarez | 1 Jun 2006 10:26
Picon
Favicon

qmail-pop3d-ssl no longer works after converting userpass to {SASL}principal <at> realm

Hi,

I have an existing qmail-ldap installation with
userPasswords in hash.. However, I have decided to
implement a much more secure authentication using
kerberos. I'm only running smtpd and qmail-pop3d-ssl
which can successfully authenticate users via ldap
lookup. However, I needed to sync our kerberos and
ldap passwords so what I did was to change the
userPassword into the format: userPassword:
{SASL}principal <at> REALM. To my understanding, this
kerberos passthru format means that authentication via
search and compare will not work anymore. Perhaps this
is why qmail-pop3d-ssl didn't work anymore. But after
reverting the password back to hash format, it
authenticated the user successfully.

Needless to say, I need to find an alternative to
those daemons. Here are my requirements:

It can offer pop3,imap, and smtp(auth) with ssl and
can authenticate users via kerberos or ldap binds.

We have clients with Windows workstations and I need
to recommend them to use a particular pop3/imap/smtp
client with full kerberos/ldap(bind) support. Also,
the tickets must come from those that have been
acquired by MIT's network identity manager (this is
because we are already using patched version of putty
that uses ticket which came from NIM.
(Continue reading)

Permalink | Reply | 1 comment |
headers
Jose Luis Faria | 1 Jun 2006 10:27
Picon
Favicon

Qmail with ciphered messages

Hello everyone,

I'm looking for some documentation to help me implementing qmail with 
ciphered messages in each mailbox.
The new instalation have qmail+ldap in cluster.
The cluster use an ax100 storage for mailboxes.

If someone have experience with this approach, what is your opinion?

thanks in advance.
--

-- 

   :) cumprimentos
----------------------
José Luís Faria
Network Eng./Administrador de Sistemas
Cisco Certified Network Associate
Departamento de Informática
Universidade do Minho
Attachment (smime.p7s): application/x-pkcs7-signature, 4494 bytes
Permalink | Reply | 0 comments |
headers
Sergio Pereira | 1 Jun 2006 16:13
Picon
Favicon

qmail-ldap + maxRCPT

Hi all,

I'm looking for a way of limiting the max number of recipients per user. 
I've found the maxrcpt option but it will "block" based on my tcp.smtp rules 
(IP based), am I right? I was thinking in how I can do the same but per user 
insted. Any ideas?
cheers,
shop
Permalink | Reply | 0 comments |
headers
Claudio Jeker | 1 Jun 2006 19:29

Re: qmail-pop3d-ssl no longer works after converting userpass to {SASL}principal <at> realm

On Thu, Jun 01, 2006 at 01:26:09AM -0700, jay alvarez wrote:
> Hi,
> 
> I have an existing qmail-ldap installation with
> userPasswords in hash.. However, I have decided to
> implement a much more secure authentication using
> kerberos. I'm only running smtpd and qmail-pop3d-ssl
> which can successfully authenticate users via ldap
> lookup. However, I needed to sync our kerberos and
> ldap passwords so what I did was to change the
> userPassword into the format: userPassword:
> {SASL}principal <at> REALM. To my understanding, this
> kerberos passthru format means that authentication via
> search and compare will not work anymore. Perhaps this
> is why qmail-pop3d-ssl didn't work anymore. But after
> reverting the password back to hash format, it
> authenticated the user successfully.
> 
> 
> Needless to say, I need to find an alternative to
> those daemons. Here are my requirements:
> 
> It can offer pop3,imap, and smtp(auth) with ssl and
> can authenticate users via kerberos or ldap binds.
> 
> 
> We have clients with Windows workstations and I need
> to recommend them to use a particular pop3/imap/smtp
> client with full kerberos/ldap(bind) support. Also,
> the tickets must come from those that have been
(Continue reading)

Permalink | Reply | 0 comments |
headers
Torgeir Veimo | 1 Jun 2006 19:46
Picon
Favicon

confirming subscriptions with qmailGroup rf822members

Is it possible to combine ezmlm and qmailGroup in any way, so to achieve
confirmation for rf822member emails? 

The qmailGroup functionality is very good, but we'd like to have the
additional protection of subscription confirmation for rfc822member's.

--

-- 
Torgeir Veimo <torgeir <at> pobox.com>
Permalink | Reply | 0 comments |
headers
Rony | 2 Jun 2006 10:32

MAIL REPLY TEXT on Qmail-LDAP

Dear All,

I use MAIL REPLY TEXT on Qmail-LDAP
Mail Reply text  Can Use,   but  if    sender  send email Once again,  no
Mail Reply Text

What Can I set My Qmail LDAP , If  I want  Mail Reply text  can Continued
Sending ..?

Thansk  For Your Help... Sorry  My English not Good..
Permalink | Reply | 0 comments |
headers
Gennady G. Marchenko | 2 Jun 2006 14:43
Picon
Favicon

[feature request] need simple function in qmail-group:

I think this feature needed by many peoples,

 

 

Store prefix or description field in ldap, and add it to the subject of all message approved by moderators or simple sent.

 

What do you think about it?

 

Best wishes, Gennady.

Permalink | Reply | 0 comments |
headers
Felipe Augusto van de Wiel | 2 Jun 2006 22:04
Picon

Conflict between LDAP and passwd usernames


Hi everybody,

	I have a qmail-ldap installation version [1]20050401 and I
would like to understand a certain aspect about the delivery system.
I have an account called webmaster on passwd/shadow. At the same
time, I have an alias (~alias/.qmail-webmaster) that points to
another valid address (user <at> ourdomain.com).

1.RELEASE: current ($Date: 2005/04/01 13:18:30 $)

	I would like to understand why the deliveries are taking
place to the passwd/shadow user instead of the LDAP qmail alias?

	An interesting point is: if I add a mailAlternateAddress
field (webmaster <at> ourdomai.com) to the user entry, is stop
delivering to the passwd/shadow user and then I have the behaviour
I expect.

	Is there some place where I can define the sequence of
user validation? Or maybe, just for the record, someone could
told me that there is no way to do that and I should take care to
not conflict LDAP users and shadow users. :)

	Basically the shadow user is for FTP, the LDAP user is
for the rest of the system, it is a corner case (maybe), and I
would like to listen also about good practices and standards.

	Thanks in advance. Kind regards,

--
Felipe Augusto van de Wiel <felipe <at> paranacidade.org.br>
Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
Permalink | Reply | 2 comments |
headers
Torgeir Veimo | 3 Jun 2006 01:46
Picon
Favicon

qmailGroup: unique mailMessageStore directory necessary?

Can several qmailGroup's share a common mailMessageStore directory, or
do they have to be unique?

--

-- 
Torgeir Veimo <torgeir <at> pobox.com>
Permalink | Reply | 1 comment |

Gmane