On Mon, 2002-04-08 at 16:02, Brian Schonecker wrote:
> ...considering moving my company's primary email access to IMAP server.
> Anyone using sanitizer/IMAP?
> So far, I've been able to get the IMAP server to start but my mail delivery
> location is in $HOME and I want to 'chroot' it to $HOME/mail so that users
> cannot access their $HOME files. This is a Linux server that is used only
> for mail access and doesn't allow logins from the outside (other than
> Anyone doing this already? Caveats?
If you're using a sealed server anyway, then Cyrus IMAPd is your friend.
It's significantly faster than the UW implementation, but that's because
it's optimised for IMAP delivery. Normal UNIX mail tools will *not*
work. Users don't exist on a system level, and so don't even *have* a
home directory. Good, eh? The server does no setuid stuff, and needs no
root access. (Actually there's a packaged inetd/cron equivalent which
uses root access to listen on POP3, IMAP, and LMTP ports, but this
really isn't a big deal.)
Unfortunately, it's also optimised for LMTP delivery - I believe that
Exim can handle this, as can Sendmail (which I normally use).
Procmail can receive emails through LMTP, but I'm not so certain about
sending through LMTP. Besides which, procmail would only be used for
firing off the sanitizer, since Cyrus uses SIEVE standard filtering
scripts for sorting and filtering email which I can actually understand
(unlike procmail. And given I understand sendmail's cf format, I'm not
100% certain this is entirely me being stupid).
In order to eliminate procmail, and hopefully make things faster, I
knocked together a LMTP (And (E)SMTP) filtering version of Sanitizer,
which I dutifully slung URLs on the list for. Since nobody seemed
interested, I've plonked that on the back burner, and it definitely
contains bugs, from what I remember. I did used to use it, but dropped
it some time ago due to lack of need for any sanitization at all.
It's still available on http://www.btinternet.com/~davecridland/
somewhere (First item, in fact.). I apologise in advance for the "fully
configurable source code" mentality - as I say, nobody else was
interested anyway, so I've more or less shelved the project until I need
I may rewrite it sometime soon, as I'm working on yet another email
project which probably will end up using the Sanitizer, but in the
meantime, if you're interested, then let me know and I may work up some
enthusiasm for it again. :-)