# email server and webmail recommendations



## balaji18 (Dec 7, 2021)

Hi,

We are currently using sendmail and usermin for webmail.  Few pain points that we want to change are

is it possible to have sendmail users be only email users and not system users. Currently, every email/sendmail user is a system user, that is an user created with "adduser" command and with an entry in /etc/passwd.
The received mail is stored in mbox format, single file per user under /var/mail. We are fine with this. But sent mails are stored in a directory under the user by usermin. Can sent and other mail folders be in some common location like /var/mail for all users?
We are fine for other alternatives provided the email/webmail combination does not use any full blown database systems like Postgres or Mysql. File based storage or bdb(Berkeley DB) or something similar is fine. We would like to stick to current set up of one MTA(sendmail) and one webmail(usermin) client.

--Thanks.


----------



## trev (Dec 7, 2021)

If you don't want system users, then I would think you would need to embrace a database of some sort which you also do not want. At some point you have to authorise a user for access.


----------



## obsigna (Dec 7, 2021)

I wrote a tiny C program, which takes a simple text file with the users credentials as input and from this generates a handful of virtual users files for the various sub-systems of my mail setup, i.e Postfix/Dovecot/Roundcube. With that, the clear text credentials can be piped through by the way of ssh, and ideally never need to hit the target machine. I use this for a dozen of users only, however I don't see any limitation on why this won't work for much more users. Editing a text file with a decent editor is not inferior to adding/changing users in a database system.

I choose this combo, exactly because I could set up everything easily for virtual users, i.e. non-system users. Dovecot IMAP is configured for storing all user's mails in the maildir format.

Postfix is configured to use the SASL service from Dovecot (CRAM-MD5) for authentication on the submission ports. For this the credentials are stored in an intermediate encrypted format. For knowing which are valid users to receive e-mail for, just another hash table with the users mail addresses is generated. And finally a regex file of catchall addresses is created as well, so users can inform on the fly without anything else disposable mail addresses for receiving mails into their accounts.

Roundcube-Webmail is configured for HTTP-Digest-Authentication (currently yet MD5, however with the advent of HTTP-Digest-SHA256 being supported by the first popular browsers, namely Firefox ≥v93 and Opera ≥80, I will add this one as well, when I find some time).

I described my setup here. You'll find said C program there as well.


----------



## Geezer (Dec 7, 2021)

`chpass` the users' shells to `/sbin/nologin`


----------



## astyle (Dec 7, 2021)

balaji18 said:


> Hi,
> 
> We are currently using sendmail and usermin for webmail.  Few pain points that we want to change are
> 
> ...


mai/sendmail can be compiled with databases/bdb as a backend, or even LDAP support. Sendmail will have no problem getting valid usernames (via the LDAP protocol) from another host. I'm not gonna do your homework for you on that account, just wanted to let OP know that it's perfectly possible. Once you have that in place, I'd recommend Dovecot to move the mail between the server and user inboxes.
--
From personal experience, I can tell you, sendmail can be an unwieldy beast, but if you're willing to do your homework and connect the dots (I did that back in 2006, on FreeBSD 6.0), it'll be a rock-solid setup that really shows how capable your hardware is.


----------



## Max212 (Dec 7, 2021)

If you don't want full blown database, check if sendmail can work with sqlite.

with sqlite you get database like behavior, but in essence it is just a "file"


----------



## astyle (Dec 7, 2021)

Max212 said:


> If you don't want full blown database, check if sendmail can work with sqlite.
> 
> with sqlite you get database like behavior, but in essence it is just a "file"


Sendmail actually doesn't seem to have SQLite support, I just checked on freshports.


----------



## covacat (Dec 7, 2021)

maildrop + courier authlib can do sqllite and probably flat files too
then just change Mlocal in sendmail.cf
probably dovecot/deliver can do it too


----------

