On 31-01-14 16:45, KT Walrus wrote:
> I only have one domain for my mail addresses, e.g.
> usern...@domain.com.
>
> When I create a new account, should the userid be set to username and
> a single alias created for usern...@domain.com for this userid? Is
> this the best way to set up new accounts?
The userid is the login handle. Choose whatever you prefer. Users will
generally expect to be able to login with their address. If the address
equals the login, you don't need to add the alias. That would be redundant.
>
> I see the aliases table has a column called client_idnr. What is
> this column used for?
That field is in the users table. It's an archaeological anachronism
that was never used, except by third-party users.
>
> I also want to set up IMAP/POP3 access to allow only IMAP/POP3 for a
> certain group of users, and deny IMAP/POP3 access to all others
> except from a Roundcube Mail installation on my website. I assume I
> can do this using Usermaps feature, but I’m having a little
> difficulty understanding the best way to set this up.
>
> What rows should I have in my usermaps table to implement this? Do I
> need 4 rows per user to allow IMAP/POP3 access from the web or
> Roundcube Mail servers or can I set things up such that there is a
> group for the users and only add a couple of rows to grant access to
> all users in the group?
First set your default policy:
login=ANY, sock_allow='inet:10.0.0.1:143'
to allow any connection on a non-routed address - i.e. from roundcube.
Block anyone else:
login=ANY, sock_deny='inet:1.2.3.4:0'
on the external public address
Next set specific access for designated users:
login='us...@domain.org', sock_allow='inet:1.2.3.4:0'
login='us...@domain.org', sock_allow='inet:1.2.3.4.0'
The match on ANY takes a lower precedence than the full login match.
More specific CIDR blocks also take precedence over less specific ones.
> Lastly, I want to have an admin IMAP user that can login (only from
> localhost) and access/update/create/delete mailboxes for any existing
> user using IMAP. What is the best way to set this up? I’ve been
> assuming I need to set up an ACL for each user mailbox to allow the
> admin user access, but I don’t think this will allow the admin user
> to create/delete mailboxes (and autosubscribe the user to them). Is
> there a way to set up a wildcard ACL (mailbox id 0?) to allow access
> to the admin user to all mailboxes?
Don't do that! Bad Idea! Don't use IMAP to casually grant access to
other people's mailboxes. Integrity alert. Bad karma. Bad business. Just
plain creepy, imo. And *very* bad security from someone who is worried
about compute cycles in password cracks.
You must have us confused with exchange.
--
________________________________________________________________
Paul J Stevens pjstevns @ gmail, twitter, github, linkedin
* Premium Hosting Services and Web Application Consultancy *
www.nfg.nl/i...@nfg.nl/+31.85.877.99.97
________________________________________________________________
_______________________________________________
DBmail mailing list
DBmail@dbmail.org
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail
