| 1 |
Bill Roberts wrote: |
| 2 |
> I am planning on building a simpler email system (I don't use imap, |
| 3 |
> virtual domains, or a user database). In my quest for Zen-like simplicity |
| 4 |
> and rock-solid quality, I'm planning on using postfix, plus courier as a |
| 5 |
> pop3 server. For authentication, some guides use sasl, some use authlib. |
| 6 |
> Which is better?? And why would anyone use both?! They seem to both serve |
| 7 |
> the same function. Any suggestions/pointer appreciated. |
| 8 |
|
| 9 |
There are a number of different services and auth'ing going on in your |
| 10 |
mail system as proposed. Courier-imap provides imap and pop. Authlib |
| 11 |
provides authentication for all Courier processes. Authlib can auth from |
| 12 |
local accounts, mysql, postgres, or ldap. cyrus-sasl provides smtp auth |
| 13 |
for Postix in order to relay from places that aren't in your allowed IP |
| 14 |
space. cyrus-sasl can use a few different backends to auth as well which |
| 15 |
is where the problems come in. |
| 16 |
|
| 17 |
Courier-imap 4.0 and up began using courier-authlib. Since you have to |
| 18 |
run authlib to use courier-imap, many virtual how-to's started slaving |
| 19 |
cyrus-sasl off authlib rather than have it talk to Mysql directly |
| 20 |
through pam_mysql. Also with authlib you could use encrypted passwords |
| 21 |
in your db whereas you could not with pam_mysql. Additionally why |
| 22 |
troubleshoot two different auth mechanisms and and have yet another |
| 23 |
package on your system. And finally authlib supports pam, ldap, mysql, |
| 24 |
and postgres in a single place. |
| 25 |
For completeness authlib updates have caused the occasional auth issue |
| 26 |
though they seem to have settled down over the last six months. |
| 27 |
|
| 28 |
In summary: |
| 29 |
sasl + pam_mysql = the suck, IMO |
| 30 |
|
| 31 |
If you don't need any virtual nonsense I'd compile postfix, |
| 32 |
courier-imap, and cyrus-sasl with -mysql. I'd also compile cyrus-sasl |
| 33 |
-authdaemond and just run a normal system. Everything will default to |
| 34 |
local system accounts, though you might need to config |
| 35 |
/etc/sasl2/smtpd.conf to do that. I do this on my personal box and |
| 36 |
haven't had any issues over the past 3 1/2 years. |
| 37 |
|
| 38 |
kashani |
| 39 |
-- |
| 40 |
gentoo-user@g.o mailing list |
Archives