Re: Moving from single to multi-domain. Mailboxes from default domain not being the same as before

Heiler Bemerguy via Info-cyrus <info-cyrus@xxxxxxxxxxxxxxxxxxxx> · Mon, 16 Jul 2018 14:37:56 -0300



    Em 06/07/2018 00:10, ellie timoney escreveu:

    
      Hi,

      
      The "defaultdomain" is the domain that's assumed by Cyrus for
        users that are uid only.  Any other domain needs to be
        explicitly specified in the user (this applies to login,
        delivery, etc).  So, if you have:

      
            defaultdomain: foo.com

      
      then "user" and "user@xxxxxxx" are the same account
        (and can login using either variation), but "user@xxxxxxx"
        is some other account and can only login as "user@xxxxxxx".

      
      It's not clear to me how you wish to use the extra domains.
         Do you want your existing users to be able to send/receive from
        multiple different domains?  (e.g. user "anne" has both email
        addresses "anne@xxxxxxx",
        "anne@xxxxxxx").

      
    We used to have some domains that represented the same mailbox. Like
    @cinbesa.com.br being the same as @belem.pa.gov.br.. but now we want
    to create some other domains (while *maintaining* those we already
    had), which will point to totally different mailboxes, like
    @semad.belem.pa.gov.br and @sesma.belem.pa.gov.br :)

    
      Or do you want accounts in different domains to be not
        related to each other? (e.g. "anne@xxxxxxx" and "anne@xxxxxxx"
        are 

      
      two totally different accounts)

      
      In either case, I would think about having one LDAP attribute
        (single-value, unique) to represent a user's "primary" email
        address, and a separate LDAP attribute (multi-value, unique) to
        represent their "aliases".  You would set up Cyrus to only
        consider the "primary" attribute, and then set up your SMTP
        server to deliver email destined for "alias" addresses to the
        "primary" address for the matching account.  I believe this is a
        common enough configuration that it shouldn't be hard to find
        information online.  I have managed (non-Cyrus) systems that
        worked like this in the past, but it was a long time ago so I
        can't offer much specific help.

      
    humm. so the existing "mail" field on ldap would always contain the
    @defaultdomain (as setup on cyrus), but another field for aliases
    where Postfix would look up?!

    
      As for autocreate, it is not compiled in by default, it needs
        to be turned on at build time with the --enable-autocreate
        argument to configure.  If you installed Cyrus from a
        distribution, your distribution may have done this for you.

      
      If you don't want to recompile to remove the feature, you can
        control it using the autocreate_* options in imapd.conf (see man
        imapd.conf.5).  For example you should be able to use
        "autocreate_users" to limit it only to certain LDAP groups
        rather than every valid login (if that is useful to you).

      
      But if you set up your LDAP directory and Cyrus such that
        each user only has a single "primary" email address that they
        can use in Cyrus, and map delivery to aliases outside of Cyrus,
        then people won't be able to login with the "wrong" alias, and
        therefore autocreate won't accidentally make new accounts for
        them. :)

      
     Right now I think they can login with the "uid" only OR with the
    complete mail ("mail" field)

    -- 
Atenciosamente,

Heiler Bensimon Bemerguy - CINBESA
Analista de Redes, Wi-Fi,
Virtualização e Serviços Internet
(55) 91 98151-4894
  

----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus