Steve Moyes wrote: > On Fri, 2007-10-12 at 12:44 -0700, Paul Lesniewski wrote: > >> Please do NOT top post, thank you. >> >> > Sorry.. wasn't watching what I was doing. > > >>>>> Hi thanx for the reply. It's not the shell access I'm bothered about.. >>>>> allow me to explain further. >>>>> What I was thinking is, the frontend squirrelmail is just that, nothing >>>>> else. It will be just a webserver, serving that page. There will be no >>>>> user accounts on there what so ever. I was thinking about having >>>>> virtual user accounts that log into the frontend and this somehow logs >>>>> into the actual mail server (located elsewhere) with the actual user >>>>> accounts on that server. Now is PAM some kind of solution? and if so, >>>>> how would I get squirrelmail to talk to PAM on another server? >>>>> If you need anymore info, please tell me what you need. >>>>> >>>> It is possible to seperate web server and mail server on different hosts, >>>> but squirrelmail uses imap authentication (from the mail server) to log >>>> the user in, it has no user database on its own. >>>> Do you really need different users/passwords on your squirrelmail server? >>>> >>> yes.. separate credentials are one of the things that has specifically >>> been requested. >>> >> Separate from exactly what? Not meaning to offend, but my guess is >> that you may not understand the concept of how SM authenticates and/or >> what a "mail account" is. SM can care less about what kind of account >> the user has; SM merely takes the credentials you give it and uses >> them to ask the IMAP server if the user is authenticated or not. >> That's it. There is only one set of credentials. The fact that SM >> asks the IMAP server means that you can put SM and the IMAP server in >> two completely different hemispheres and it does not matter. The user >> credentials would still be the SAME, not "separate". >> > > OK.. this is the deal. I've been asked to provide a front end to our > email system. So.. I have the mail server which has unix user accounts > with Maildir. And I have a separate box which will be the SM server > viewable to the internet. It has been requested that NO users have > access to their actual login details and that the mail server remains on > the internal network only for security precautions. > > >>> I have everything ready to go, it's just this >>> authentication issue I have. >>> >> As has been suggested, Login Manager (vlogin) can help you remap >> usernames, but I can't see any reason why you'd want to create such a >> convoluted system. Because users are "logging in" to SM on the web >> server does not mean that they have ANY access to the web server at >> all. >> > > Hmmm... not sounding good then.. oh well.. back to the drawing board I > As a completely non-expert who sort of understands the miracle you're being asked to perform and the tools you have to perform with:- What about a server (web/mail/sq) in a DMZ isolated from the internal network. SQ users with login access only to the DMZ server can appear to read and send their email from outside - but they don't - the mails just sit there waiting for the internal mail server to collect them. Every so often the internal mail system polls the DMZ server to collect whatever needs to be sent out or delivered locally and syncs the mailboxes on the DMZ server with the internal mailboxes. This means that there is a barrier that can only be punctured from inside and this will isolate the external users from the internal network. All this of course totally pointless. The problem that you have, relates to the emails themselves (and the viruses that they carry) - not the users or the delivery system - and the emails are still going through! It will also create extra administration chores. It will however give the appearance of invulnerability and might keep management of your back for a week (day) or two! Just my tuppence-worth. - David > guess. Thanks for the input. > > Steve > >> >>>>>>> I've spent a few hours searching this before I posted, but if I have >>>>>>> missed something, please feel free to flame me. >>>>>>> Anyway.. to the point. Both of these servers are running Debian. The >>>>>>> main mail server is running Exim4 and Dovecot and the frontend is >>>>>>> running Squirrelmail (who'da thunk it). What I am trying to do now is >>>>>>> have one set of credentials on the frontend that the user obviously >>>>>>> needs to know and for those details to access the actual credentials >>>>>>> >>>>>> on >>>>>> >>>>>>> the mail server itself, which the user doesn't need to know. >>>>>>> Has anyone ever done this and what is involved? >>>>>>> >>>>>>> >>>>>> If you want to use user accounts that don't have shell access on server, >>>>>> see >>>>>> http://www.google.com/search?q=exim+dovecot+virtual+users >>>>>> >>>>>> -- >>>>>> Tomas >>>>>> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by: Splunk Inc. >> Still grepping through log files to find problems? Stop. >> Now Search log events and configuration files using AJAX and a browser. >> Download your FREE copy of Splunk now >> http://get.splunk.com/ >> -- >> squirrelmail-users mailing list >> Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines >> List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx >> List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user >> List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 >> List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users >> > > > ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
