1 |
Bill Roberts wrote: |
2 |
> I am planning on building a simpler email system (I don't use imap, |
3 |
> virtual domains, or a user database). In my quest for Zen-like simplicity |
4 |
> and rock-solid quality, I'm planning on using postfix, plus courier as a |
5 |
> pop3 server. For authentication, some guides use sasl, some use authlib. |
6 |
> Which is better?? And why would anyone use both?! They seem to both serve |
7 |
> the same function. Any suggestions/pointer appreciated. |
8 |
|
9 |
There are a number of different services and auth'ing going on in your |
10 |
mail system as proposed. Courier-imap provides imap and pop. Authlib |
11 |
provides authentication for all Courier processes. Authlib can auth from |
12 |
local accounts, mysql, postgres, or ldap. cyrus-sasl provides smtp auth |
13 |
for Postix in order to relay from places that aren't in your allowed IP |
14 |
space. cyrus-sasl can use a few different backends to auth as well which |
15 |
is where the problems come in. |
16 |
|
17 |
Courier-imap 4.0 and up began using courier-authlib. Since you have to |
18 |
run authlib to use courier-imap, many virtual how-to's started slaving |
19 |
cyrus-sasl off authlib rather than have it talk to Mysql directly |
20 |
through pam_mysql. Also with authlib you could use encrypted passwords |
21 |
in your db whereas you could not with pam_mysql. Additionally why |
22 |
troubleshoot two different auth mechanisms and and have yet another |
23 |
package on your system. And finally authlib supports pam, ldap, mysql, |
24 |
and postgres in a single place. |
25 |
For completeness authlib updates have caused the occasional auth issue |
26 |
though they seem to have settled down over the last six months. |
27 |
|
28 |
In summary: |
29 |
sasl + pam_mysql = the suck, IMO |
30 |
|
31 |
If you don't need any virtual nonsense I'd compile postfix, |
32 |
courier-imap, and cyrus-sasl with -mysql. I'd also compile cyrus-sasl |
33 |
-authdaemond and just run a normal system. Everything will default to |
34 |
local system accounts, though you might need to config |
35 |
/etc/sasl2/smtpd.conf to do that. I do this on my personal box and |
36 |
haven't had any issues over the past 3 1/2 years. |
37 |
|
38 |
kashani |
39 |
-- |
40 |
gentoo-user@g.o mailing list |