Re: [Dovecot] dovecot and AFS SOLVED
Sorry for the fuzz on the thread earlier. I now have dovecots deliver (1.1.?)up and running and delivering mails to maildirs located on the AFS So if anyone is wondering, I would say that AFS works as a backend for storing emails without any ugly patches.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 10 Feb 2010, Per-Erik Persson wrote:
I now have dovecots deliver (1.1.?)up and running and delivering mails to maildirs located on the AFS
So if anyone is wondering, I would say that AFS works as a backend for storing emails without any ugly patches.
Do you have a local keytab and use an kerberos account, that may write to any AFS volume, in order to run deliver?
Regards,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBS3J0xr+Vh58GPL/cAQIFKAf+IAS0f/jZFUwk70pJ+2KcvbPsLnZjKBQN UQdzevkWfaA8vrAcl+3+DysmSocVJl7VakGwa+FTUd8JuBhzfLYt8aRwX06BeUq+ U1bul1X1iUqty0cgbQYC4kCaOADGzbRu8VT2FYDQ2GACUNOAwfm/Eiq22iQnEt6h cuvSe359VnnsqajN2UTawcDxLqOb5qIdcPeEj4wmOBsJyiOIYXhJx7Uhb8N6RpNC 63+vH5vlHpSHHKt8EHwDxFpS3sBm7qgpiD66xIEvSEvK1UszlaQ0V6mAN9stbT5x LX21VubZg8URD6z1pjQrO4Sd+j7m/DDYVEa2PxCq0y52XVnBkNtD0Q== =G5GF -----END PGP SIGNATURE-----
Well, what you describe would be the correct and security aware way of doing it.
However since I am still testing i just did it the quick and dirty way. By adding the IP of the server handling the maildeliveries to the group called mail-writers which has permissions on every users Maildir. Something like "pts adduser 1.2.3.4 mail-writers" if I remeber correctly. In theory this would decrease the load on the kdc and the afs server, but in practice I don't know if it would be possible to measure a difference.
On 02/10/2010 09:56 AM, Steffen Kaiser wrote:
On Wed, 10 Feb 2010, Per-Erik Persson wrote:
I now have dovecots deliver (1.1.?)up and running and delivering mails to maildirs located on the AFS
So if anyone is wondering, I would say that AFS works as a backend for storing emails without any ugly patches.
Do you have a local keytab and use an kerberos account, that may write to any AFS volume, in order to run deliver?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 10 Feb 2010, Per-Erik Persson wrote:
By adding the IP of the server handling the maildeliveries to the group called mail-writers which has permissions on every users Maildir.
Ah, got it, thanks.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBS3J75L+Vh58GPL/cAQLL8wgAhvzDHXjx0eN74Ab1weEjEKyKcluyguDN 1RlStqC4MCT8XGa3OdMD++cigE4W5tfUoNRoA1qgxz8Bm8JTi8KjidXP8T9nqtzk cch+k1guNGW4vlTUh5hZk6b5EGXR8mcvHPyDIdrs4q5G0yZ7EShbcO4aP8AhPGSt e65vbfxfusWQ9GAh3JnX0vNDr1RKDmSwDHMioZCBHE4YFipJQ91/U/5edZVq3dYd 0vuXQQRf0DRW9GjzVvuWpcaoq8NFrxN4RqisDI0SPPaNojvMJY0AGk6rxonVJFQJ syG6Ks6BkKdlIYWqaC6xYmF150+S6TQwnD8036ZgTV2q7wgb/NfAaQ== =GOq1 -----END PGP SIGNATURE-----
IP-based access is totally fine if that part of your network is physically secure. It sure solves a lot of headaches.
On 2/10/10 10:22 AM +0100 Per-Erik Persson wrote:
Well, what you describe would be the correct and security aware way of doing it.
However since I am still testing i just did it the quick and dirty way. By adding the IP of the server handling the maildeliveries to the group called mail-writers which has permissions on every users Maildir. Something like "pts adduser 1.2.3.4 mail-writers" if I remeber correctly. In theory this would decrease the load on the kdc and the afs server, but in practice I don't know if it would be possible to measure a difference.
On 02/10/2010 09:56 AM, Steffen Kaiser wrote:
On Wed, 10 Feb 2010, Per-Erik Persson wrote:
I now have dovecots deliver (1.1.?)up and running and delivering mails to maildirs located on the AFS
So if anyone is wondering, I would say that AFS works as a backend for storing emails without any ugly patches.
Do you have a local keytab and use an kerberos account, that may write to any AFS volume, in order to run deliver?
participants (3)
-
Frank Cusack
-
Per-Erik Persson
-
Steffen Kaiser