The OpenNET Project / Index page

[ новости /+++ | форум | wiki | теги | ]

Поиск:  Каталог документации

2. Technologies

2.1. The Postfix MTA


Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different. 

Figure 1. Postfix - the big picture

Doesn't it look impressive? - It looks much more complicated as it is. Postfix is indeed nice to configure and handle.

Unlike sendmail, postfix is not one monolithic program, it is a compilation of small programs, each of it has a specialized function. At this place I don't what to go into details with program does what. If you are interested how Postfix is working, please see the documentation at

In this document you will find the information needed to get the system running.

2.2. Cyrus IMAP

The Cyrus IMAP is developed and maintained by Carnegie Mellon University.

Unlike the WU-IMAPd Cyrus is using its own method to store the users mail. The data is stored in a own method. Each message is stored in its own file. The benefit of separate file is also the reliability, on filesystem errors, only one message is lost. Metadata like statuts of a message (seen etc) is stored in a database. Additionally the messages are indexed. This makes Cyrus very performant. Especially with lots of users and/or lot of big emails, there is nothing else fast as the Cyrus IMAP-server.

Another very important feature is, you don't need a local Un*x user for each account. All users are authenticated by the IMAP-Server. This makes it a great solution for really huge base of users.

User administration is done by special IMAP-commands. This allows you to either use the commandline interface, or use one of the available Webinterfaces. This Method is much more secure than a Webinterface to /etc/passwd.

Starting from Cyrus 2.1, the SASL-lib version 2 is used for authentication. For the setup described in this HOWTO, there is a tree-layer authentication implemented. Cyrus authenticates with saslauthdaemon which forwards the request to pam_mysql which finally looks up the MySQL-table.

Since CMU changed the license policy for Cyrus, this software is going to be used by much more users.

2.3. Cyrus SASL

SASL means ╩Simple Authentication and Security Layer╚. It is standardized by the IETF (Internet Engineering Taskforce). SASL is used by network servers (Here for Cyrus-IMAP) to handle authentication requests from clients.

Cyrus SASL is a extensive software, and sometimes not easy to understand. Even I just have a minimum knowledge needed to write this HOWTO.

2.4. OpenSSL

OpenSSL is a library needed by SASL for encrytion of the data-stream. It is used by by almost all opensource software which needs encryption methods. Most or all distributions comes with a preinstalled OpenSSL. Be sure to install also the appropriate devel-package. If you like, you also can compile OpenSSL by your self. This is especially recommended, if you need to fix a security hole.

2.5. MySQL Database

MySQL is a very fast, powerful and very nice to handle Database.

Since Cyrus can authenticate its users with pam, you can use pam_mysql as a connector to the userdatebase stored in MySQL. This allows you to create a nice Webinterface for your users for changing passwords, define and delete aliases and more.

2.6. pam_mysql

pam means "Pluggable Authentication module" and was originally proposed by some people at Sun. In meantime a lot of modules have been developed. One of them is an interface to MySQL

With pam_mysql you store the users password in a mysql database. Further, Postfix is able to lookup aliases from a MySQL-table. At the end of the day, you have a base for all administrative tasks to be done by the postmaster.

You will be able to delegate some tasks to Powerusers, e.g. creating accounts for a particular domain. Changing passwords and creating new aliases can be delegated to the user. At the end of the day you as a Sysadmin have the time to do some more productive tasks, or write a HOWTO for the Linux Documentation Project.

2.7. Web-cyradm Webinterface

Figure 2. Web-cyradm Domain administration

Web-cyradm is the webinterface that allows you to perform the administrative tasks to your mailsystem. This screenshot shows the domain administration part of Web-cyradm.

Web-cyradm is written in PHP, the most sophisticated html-preprocessor language. If you don't have a webserver with php installed, I would like to refer to my Apache-Compile-HOWTO. This document describes how to set up Apache with PHP and other modules

Web-cyradm is under active development from people around the globe. The list of features grows with each release. If you like to contribute to web-cyradm, or you have a nice idea, feel free to contact the mailinglist on

Here a choice of features:

Web-cyradm has support for different roles of its users. If you plan to use is as a frontend for your powerusers, please notice, that security may be a problem, the role based stuff needs a security review.

Inferno Solutions
Hosting by

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру