I may be slightly misunderstanding the problem, but there is (i think) a way
to accomplish what you want to accomplish. I am very, very tight on time
right this second, so im going to speed through this and try to get it all
out. I apologize in advance for typos and/or brain freeze.
Assuming:
Users want to have one single identifier for their email account.
You are using aliasing to deliver mail (eg: virtuser table in sendmail).
You dont mind using mysql.
You dont mind using perdition (a POP/IMAP proxy).
You dont mind modifying the way you create the virtuser table to have
that data authoritively stored in the mysql database.
You never have 1:N alias:target relationships in your aliasing. That is
to say that no one email address forwards to more than one mailbox on your
cyrus server. If this is an impossibility you can get around this, but its a
bit more sticky.
You can do the following:
Set up a database in your mysql server which has (at least) the following
columns:
email_address, cyrus_username
Set up sendmail (or whichever MTA you use) to use this database in lieu
of its virtusertable (there are patches floating around out there that
enable you to do this) or write an abstraction script that will dump the
info from the database and write it to sendmail's virtusertable.
Set up perdition to use the mysql database to translate the username it
is given (the email address) to the username it should use when connecting
to the cyrus server (cyrus_username).
If you do the above, all users will ever need to know is any one of their
email addresses and their password. Period. If you want to have 1:N
alias:targets this wont work quite as hot, but as long as every user has at
least one email address that *ONLY* goes to them, youre fine.
How it works:
Email arrives for [EMAIL PROTECTED] Sendmail (or whatever) looks
[EMAIL PROTECTED] up in the database (or in the copy of virtusertable that the
database dumped). It finds the target (the cyrus username) and delivers the
mail via lmtp to cyrus.
Joe Blow decides to check his mail. His POP client logs into perdition
with the username '[EMAIL PROTECTED]' and his password. Perdition takes this
username and looks it up in the database. It then uses the cyrus_username
and the supplied password to connect through to the cyrus server (via
localhost if the cyrus server and perdition server are on the same machine).
After it does that, it simply proxys the POP3 traffic and Joe gets his mail.
In this manner, your cyrus usernames can be whatever you want. For all
you care, they can be MD5 hashes of random data. It really doesnt matter.
This also will allow you to use multiple backend cyrus servers too; though
that isnt really related to this problem specifically. (though it is nice)
If people have questions about this, ask away. I am totally sure I have
missed something in describing this.
Hope this helps!
- Matt
Links:
MySQL - http://www.mysql.com
Sendmail - http://www.sendmail.org
Perdition - http://www.ny.us.vergenet.net/linux/perdition/
----- Original Message -----
From: "Michael Fair" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, October 04, 2001 2:11 PM
Subject: Re: Many domains, one Cyrus
> You cannot, at this time, have multiple domains and one Cyrus
> in the way you want it. There's nothing more to say. Given
> the current constraints it cannot be done. You must go to a
> multiple Cyrus solution unless you are willing to change
> login identifiers.
>
> To accomplish this using only one machine and without changing
> login IDs you must use 1 IP address per domain and run multiple
> master processes.
>
> You can either create "jails" via chroot, or you can specfiy
> the -c parameter to read different configuration files for
> each of the master processes. See the archives for instructions.
>
> Even if you were to hack the source code you could not do
> what you wanted. This is a design limitation in the IMAPv4
> specification, or DNS, or both depending on how you want to
> look at it. Unlike HTTP 1.1, the domain name an IMAP
> client is trying to contact is not listed as part of the
> greeting paramters and therefore the only information the
> server has to distinguish domain information comes from
> the login id. I've been over it, it cannot be done. The
> closest I got was modifying the IMAP clients to use SVR
> record lookups rather than A record lookups and run the
> different domains on different ports of the same IP, but
> this is not a generic solution because ALL IMAP clients
> would have to contact the servers via SVR records.
>
> You can use fully qualified email addresses as login IDs.
> "[EMAIL PROTECTED]" can be used with the heirer-sep patch
> which converts the heirarchy separator character to "/"
> instead of ".". This is what I recommend. This is the
> easiest for your end users to understand, and provides
> for other options in the future (like domain grouped
> shared folders) in the easiest most straightforward manner.
>
> Beyond that there are other source code changes that
> can be made to give an even more clean separation between
> domains in the server which you could work on, but it
> is impossible to create web-like virtual domains
> with IMAP due to design limitations. I hope IMAPv5 or
> whatever becomes the official standard fixes this
> limitation as it currently is the bane of many an
> ISPs existence (including my own. We essentially
> dropped our whole IMAP transition as a result of too
> many engineering and plausible complication problems
> (like scaling)).
>
> Good Luck,
> -- Michael --
>
> On Thu, 2001-10-04 at 07:46, djinn wrote:
> > I am looking for a way to set up cyrus (2.0.9) to deliver to mail boxes
> > that are unique within their domain but not necessarily across the
> > entire server.
> >
> > For example, we have a client named Chris Primus, [EMAIL PROTECTED]
> > We have another client, Christopher Secundus, [EMAIL PROTECTED]
> >
> > These are obviously not the same people, and their mail should go to
> > different mailboxes. The obvious and oft-suggested method for this is
> > to create mailboxes named chris.client1 and chris.client2 and map,
> > either with aliases or LDAP, [EMAIL PROTECTED]>chris.client1.
> >
> > This is fine and works well once you get it set up (I have). However,
> > both Chris's have existing accounts with us, both Chris's pay us a lot
> > of money and both Chris's are not technically savvy and will get very
> > annoyed if I call them up and tell them that they have to change their
> > Outlook mail settings to log in as a new, harder to remember username to
> > check their mail. I have read that Cyrus can handle this sort of
> > thing. Can anyone who's faced a similar situation help me out?
> >
> > TIA
> > jenn
>
>
>
