Creating Shell-less E-Mail Accounts?

Ryan asks: "I work for a small ISP (2000 e-mail clients) and my task is to create a Web interface so that we and our affiliates can enter a username, password, and e-mail address(es) along with any other pertinent information for a client and have them be automatically entered into our radius table and MTA/POP server's tables. Sendmail supports LDAP, however there doesn't seem to be a POP server that also supports it. There is EXIM with its native MySQL support, and a patch for qpopper to work with it, but it has the downside of requiring the POP3 username to be username@hostname.com. Has anyone found a better solution for creating e-mail users using SQL databases rather than physical shell accounts? Qmail appears to do all of this, but I'm not sure if it does it exactly how we need it to. Any suggestions?"

Use pam_ldap along with POP/IMAP server

[kenn]

Two years ago, when I was looking into LDAP stuff, there was talk of a pam_ldap module, which you could use to authenticate all sorts of services against your LDAP directory. If it's available it'll probably be available in the OpenLDAP [openldap.org] distribution.

Then hack /etc/pam.d/pop and/or /etc/pam.d/imap to use pam_ldap.so for 'auth' rather than use pam_pwdb.so

Cyrus a possibility...

[riley]

The Cyrus server from CMU might have the features you are interested in.

In cyrus, there is no requirement for shell account for mailboxes to exist. There is both a POP server and an IMAP server associated with cyrus, but you don't have to run the pieces you don't want. There are patches that allow cyrus to authenticate via LDAP or SQL (a password file and kerberos are supported out of the box).

It scales well. I have it going for 60K users across four machines. The newer versions also have an aggregator that allows you to scale across multiple machines. It interfaces well with both sendmail and qmail (I have not tried postfix yet) and it is pretty easy to manage.

You can check it out at http://asg.web.cmu.edu/cyrus/

qmail

[Dionysus]

If you want to check on qmail again, I think it has what you are looking for + it's more secure than sendmail.

using qmail with LDAP database [nrg4u.com]
Using qmail with only one single user account [tibus.net]

IMP

[talonyx]

somewhere on net is program called IMP, it is hotmail like interface to standard mta mail. ...dont know if that helps you

check out Communigate pro

[malice95]

I just set this up for my boss. It has no requirement for local user accounts and it can authenticate and deal with aliases from ldap.

Or you can just set everyones shell to /bin/passwd and make sure you lock down ftp.
Then you could use whatever you want.

Mike

Stalker Software

[FoxIVX]

Communigate Pro is costly, (a grand for 250 users, but pricing gets better once you cross the 1000 user line) and it's not free software (obviously) but it's amazing, and I use it where ever I go. I just make the company spring the dough. It's a breeze to admin, set up and use. I can admin the whole thing through it's built in web server from anywhere in the company, heck, from anywhere in the world. It has all the features you need, even some you dont... Especailly the price tag. Check it out at www.stalker.com (I also give them props for getting that domian before some psycho did) -Josh

Documented and source included

[alank]

TWIG-ISP
have a look through http://www.hklc.com/projects

We have done it with postgres, cyrus, exim, twig - handles multiple domains etc.

I was planning to port it to mysql - the only issues are modifing the pwcheck to use mysql instead of postgres - the webmail system is mysql ready.

Use LDAP

[WestonB]

I've just finished implementing this for the ISP I work for. Almost everything here is stored in an LDAP directory. I've managed to located LDAP-enabled software for the services we offer.

• SMTP Both Sendmail and Postfix have support for LDAP lookups.
• IMAP/POP3 Cyrus IMAP uses Cyrus SASL, which, among support for Kerberos and such, supports PAM. Use pam_ldap for authentication via LDAP. Using Cyrus, you will have an extra admin task of setting up mailboxes.
• Telnet Through pam_ldap and nss_ldap, you can move accounts in /etc/passwd to LDAP.
• FTP Proftpd claims to have LDAP support, but I have not tested it yet.
• HTTP mod_ldap for Apache

I have only tested the first two services, but I will be implementing the FTP and HTTP soon.

Re:check out Communigate pro

[CyberKnet]

If you dont need ftp access you can set the shell to /dev/null. If you require ftp access, I think you actually need a valid shell account, but from the sound of it this guy doesnt need any shell features, so creating a shell account per user is a waste of his time.