[TriLUG] The buck stops here (unfortunately)

Jason Tower jason at cerient.net
Thu Nov 11 12:47:45 EST 2004 

we recently deployed a server very similar to what you are thinking about
moving to (postfix w/ smtp-auth, virt users w/ mysql, courier-imap/pop,
tls or ssl all around, apache and squirrelmail, shorewall, etc).  we did
it on mandrake instead of debian though.  took a while to get everything
working but no major headaches.

imo, unless you have lots of users or are hosting lots of virtual domains,
both ldap and mysql are overkill.  for a small company with (presumably) a
small number of domains, using regular user accounts is a lot easier, just
take away shell access for security (that's how i set up my business
server).  having said that, i suspect that sql is a bit easier to wrap
your head around than ldap, especially if you're just using it for mail,
and is probably easier to customize.

feel free to contact me offline if you would like assistance with your
project.

jason

> I am an apps developer for a small company, and I happen to also be the
> manager
> of our IS department, deservingly or not.  I am faced with a fairly
> important
> decision about our email, and being a relative Linux newbie, I feel
> unqualified
> to make it without some additional assistance.
>
> My sys-admin, god love him,
> a F/OSS guru, keeps me on my toes.  The current proposal is to change our
> email server as follows:
>
> from:
>
> RedHat Linux 7.3
> Open LDAP (accounts
> & passwords updated daily via a script)
> procmail
> postfix-tls
>
> SpamAssassin
>
> Shorewall
> Webmail: Apache + Neomail
>
> To:
>
> Debian Testing
> MySQL 4.0
> (accounts and passwords updated via SQL)
> Courier-IMAP-SSL
> Courier-POP-SSL
>
> postfix-tls
> postfix-mysql
> Webmail: Apache + SquirrelMail
>
> His rationale...
>
>
> "I want to replace OpenLDAP with MySQL for the accounts.  Making SQL
> queries
> will be more intuitive for both of us, vastly increasing the amount of
> control
> we may exercise over the system."
>
> "The reason I want to use certs is, simply,
> to make my life easier on the mail server.  Our current SMTP AUTH process
> uses SASL ("Simple Authentication and Security Library", although there's
> little simple about it).  "
>
> My initial reaction is, if it ain't broke why
> fix it.  But if this is a better solution, then I'm willing to approve it.
>
>
> Your thoughts?
>
> Bob Shepher
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
>
>

More information about the TriLUG mailing list