Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20031018134831.GA3300@openwall.com>
Date: Sat, 18 Oct 2003 17:48:31 +0400
From: Solar Designer <solar@...nwall.com>
To: popa3d-users@...ts.openwall.com
Subject: Re: Virtual Domains

On Sat, Oct 18, 2003 at 01:21:52PM +0200, Tim van Erven wrote:
[this is actually an older quote from Tim]
> >> IIRC you can use ${domain} to get the
> >> domain part of the address, so you could use a line like:
> >> 
> >> file = VIRTUAL_HOME_PATH/127.0.0.1/mail/${local_part}-${domain}
> >> 
> >> instead of the line
> >> 
> >> file = VIRTUAL_HOME_PATH/127.0.0.1/mail/${local_part}
> >> 
> >> in the HOWTO.

I don't really like this suggestion.  If you do use popa3d's sample
virtual domain support code unmodified, then please also place the
domain information where the code expects it, -- in place of the
"127.0.0.1".  Yes, it means that you may need to have your MTA or LDA
translate the recipient's domain name into the corresponding virtual
mail server's IP address.  (OK, perhaps the sample virtual.c should be
enhanced to also support name-based virtual domains.)

> On Sat, 18/10/2003 13:07 +0200, Philipp Jacob wrote:
> > Yes, this could be a solution for me to get individual mboxes
> > for every email address hosted on the server. But
> > 'add-popa3d-user' doesn't allow usernames containing dots
> > ('.'). I could fix this in the perl script, but I think this restriction
> > has its purpose, probably for security reasons.
> 
> popa3d doesn't accept usernames with dots in them, so changing the
> script wouldn't help you.

If you do things in the way I've described above, you wouldn't have to
encode the domain name as a part of the username and thus wouldn't get
the dots where they're currently disallowed.

Yes, is_valid_user() in the sample virtual.c disallows dots for security
reasons, but that restriction can be relaxed to only apply to the first
character of a username.

-- 
Alexander Peslyak <solar@...nwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.