LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   Postfix and Courier help (http://www.linuxquestions.org/questions/linux-server-73/postfix-and-courier-help-820774/)

mwjones 07-19-2010 02:28 PM

Postfix and Courier help
 
I am having trouble setting up Postfix and Courier in what should be a simple case. My end goal is to be able to have a user account (added via useradd -m -s /bin/bash) on the system send mail via SMTP and receive via IMAP.

Reading through the Postfix documentation feels like overkill. So much stuff is written in there that doesn't seem applicable to my case. Additionally almost all of the tutorials I find online are either for local delivery or using MySQL.

Can anyone give me some help or point me in the right direction, please?

millergroup 07-19-2010 09:11 PM

You will need to use Mysql. No way around if you want IMAP.

This will tell you how to do it: http://codepoets.co.uk/2009/postfixa...rs-on-postfix/

Don't know what flavor of Linux you are using, but this helped me to get through it. Qmail is a better MTA though.

mwjones 07-19-2010 10:05 PM

Thanks for the link. I am using Debian on this server. I noticed that there is an option in authdaemon for authpam; this made me think that it should be able to use the shell accounts on the system.

Perhaps I am being overly paranoid, but doesn't it seem dangerous that this is taking user input and passing that data in a SQL query? Consider this line from the article you linked:

Code:

query = SELECT quota FROM mailbox WHERE username='%s'
What if the domain were linuxquestions.org and I sent an email to millergroup';DROP/**/DATABASE/**/postfix;--@linuxquestions.org? Seeing as how it gets dropped into that query, if the admin had done a GRANT ALL PRIVILEGES, the database would be gone, would it not?

jcalzare 07-19-2010 10:17 PM

Would your email server accept an email from that address? Probably not. Input scrubbing is important any time you are accepting user input, and the mailserver is going to do a lot of that for you. Also, the author says: (Note: I’ve never used quota support, so I can’t guarantee the above is correct), so there is a caveat there.

mwjones 07-19-2010 11:01 PM

Perhaps I can build a VM to test that out. Anywho, this helped me get set up: https://help.ubuntu.com/community/Po...asicSetupHowto

As a related note, it helps to correctly type the email address when testing. An unnoticed typo tripped me up for a bit.


All times are GMT -5. The time now is 04:49 PM.