[SunHELP] Mail Server Solution
Phil Brutsche
sunhelp at sunhelp.org
Tue Apr 17 19:03:27 CDT 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
A long time ago, in a galaxy far, far way, someone said...
> We have about 15,000 email accounts on our mail server(s). We are
> currently using the passwd file for authentication. Provisioning is
> done manually every day using some homegrown Perl/Shell scripts.
>
> We are using Sendmail, Procmail as MDA and Cucipop.
>
> All our accounts are stored in an Oracle database. We are already
> using Steel Belted Radius to authenticate dial-up users using the
> Oracle db.
>
> I think it's time that we automate email provisioning.
>
> I was thinking of using a radius PAM module but that would still
> require the user to be in the passwd file since both Sendmail and
> Cucipop need to lookup the UID and home directory in the passwd file.
Solaris supports the "name service switch" mechanism for password
databases other than /etc/passwd. Modules exist for Linux to have the
user database stored in SQL tables (with the MySQL and PostgreSQL
databases) and via LDAP. These modules may be source-compatible with
Solaris.
Unfortunately, I know of no module to do this with Oracle.
> Cost is a big factor because the company doen't want to spend too much
> money on this.
It's going to be hard to do this without spending a lot of time (and hence
money) on it.
It might be easier to simply streamline your existing perl/shell scripts
and make them more "automatic" than to try to make all the pieces talk to
the Oracle database.
> Does anyone know of any mail server suite(s) ( SMTP / POP ) that can
> authenticate users off of an Oracle db or Radius.
Any POP3 daemon that supports PAM will be able to authenticate off RADIUS.
Patches exist for Cucipop to support PAM (go to
http://www.ca.us.vergenet.net/linux/cucipop/).
Recent versions of Sendmail (IIRC 8.10 and higher) can authenticate via
CMU's Cyrus SASL library, which in turn can authenticate via PAM. The
downsides, however are that SASL is a pain to get configured correctly,
and SMTP AUTH via SASL leaves about 90% of all SMTP AUTH- capable email
clients unable to authenticate.
The Exim SMTP agent can do lookups in SQL databases for the user database;
however, Exim doesn't support Oracle directly; it does have the ability to
call external perl scripts to perform various tasks. Exim also directly
supports PAM for SMTP AUTH.
- --
- ----------------------------------------------------------------------
Phil Brutsche pbrutsch at creighton.edu
GPG fingerprint: BDA4 C23C 1989 31FF CBE8 7EB4 6CA7 9636 941E 8451
GPG key id: 941E8451
GPG public key: http://www.creighton.edu/~pbrutsch/public-key.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Made with pgp4pine
iD8DBQE63NnUbKeWNpQehFERAh0eAJ0UQk1ueVHWyZK5uuezrnZq/JBntwCfaOng
mACnLkforAC/sgKGjnXYs64=
=4U6H
-----END PGP SIGNATURE-----
More information about the SunHELP
mailing list