On 10/16/07, Freddie Cash <fcash-ml@xxxxxxxxxx> wrote: > On October 16, 2007 06:35 am Steve Moyes wrote: > > On Fri, 2007-10-12 at 12:44 -0700, Paul Lesniewski wrote: > > > Separate from exactly what? Not meaning to offend, but my guess is > > > that you may not understand the concept of how SM authenticates > > > and/or what a "mail account" is. SM can care less about what kind of > > > account the user has; SM merely takes the credentials you give it and > > > uses them to ask the IMAP server if the user is authenticated or not. > > > That's it. There is only one set of credentials. The fact that SM > > > asks the IMAP server means that you can put SM and the IMAP server in > > > two completely different hemispheres and it does not matter. The > > > user credentials would still be the SAME, not "separate". > > > > OK.. this is the deal. I've been asked to provide a front end to our > > email system. So.. I have the mail server which has unix user accounts > > with Maildir. And I have a separate box which will be the SM server > > viewable to the internet. It has been requested that NO users have > > access to their actual login details and that the mail server remains > > on the internal network only for security precautions. > > Think of it this way: > how would you make this work if you were using Outlook or Thunderbird > instead of Squirrelmail? > > What you are being asked to do is not possible. Squirrelmail is an e-mail > client, same as Outlook, same as Thunderbird. Just because it runs in a > web browser does not make it work any different. > > The e-mail client doesn't have separate user credentials from the e-mail > server. All the e-mail client does is send the username/password to the > e-mail server. Right. The *requirements* that you've been given are based on false assumptions or bad information or a poor technical understanding. If the basic thing you're after is to protect the mail server as much as possible, then the very best you could do is not run a mail server where mail accounts are synonymous with local user accounts - virtual user mail systems are far more secure in this respect, not to mention far more flexible and adaptable in many other ways. But if you're stuck with a local account-based system, you need to make sure all user accounts have login capability turned off in /etc/passwd, and more importantly, you should simply configure your network so that machine is only available on your local network/firewall so no one can even get to it beside the web server and SMTP server. Shut down all unused ports, etc. These things are what you should be thinking about - masking the user account info in SM can in fact achieve a layer of obfuscation (users won't actually know their actual usernames), but it's a pretty bad hack and no fun to maintain. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
