From owner-freebsd-isp@FreeBSD.ORG Wed Jun 27 02:48:06 2007 Return-Path: X-Original-To: isp@freebsd.org Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BBE8916A400 for ; Wed, 27 Jun 2007 02:48:06 +0000 (UTC) (envelope-from mwlucas@bewilderbeast.blackhelicopters.org) Received: from bewilderbeast.blackhelicopters.org (bewilderbeast.blackhelicopters.org [198.22.63.8]) by mx1.freebsd.org (Postfix) with ESMTP id 81E5713C458 for ; Wed, 27 Jun 2007 02:48:06 +0000 (UTC) (envelope-from mwlucas@bewilderbeast.blackhelicopters.org) Received: from bewilderbeast.blackhelicopters.org (localhost [127.0.0.1]) by bewilderbeast.blackhelicopters.org (8.14.1/8.13.8) with ESMTP id l5R2EXcB073630 for ; Tue, 26 Jun 2007 22:14:33 -0400 (EDT) (envelope-from mwlucas@bewilderbeast.blackhelicopters.org) Received: (from mwlucas@localhost) by bewilderbeast.blackhelicopters.org (8.14.1/8.13.8/Submit) id l5R2EWvr073629 for isp@freebsd.org; Tue, 26 Jun 2007 22:14:32 -0400 (EDT) (envelope-from mwlucas) Date: Tue, 26 Jun 2007 22:14:32 -0400 From: "Michael W. Lucas" To: isp@freebsd.org Message-ID: <20070627021432.GA73579@bewilderbeast.blackhelicopters.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.2i X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (bewilderbeast.blackhelicopters.org [127.0.0.1]); Tue, 26 Jun 2007 22:14:33 -0400 (EDT) Cc: Subject: Recommended IMAP server? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2007 02:48:06 -0000 Hi, I find myself needing to implement IMAP on FreeBSD. Any suggestions on the "preferred" IMAP server? It appears that we have three "main" IMAP daemons in ports: imap-wu, cyrus-imapd, and courier-imap. I need to pick one. My mail system uses Sendmail+sasl2 and milter-greylist. I want to stick as close to a "stock" FreeBSD as possible, so I'm not into reading users from LDAP or anything like that. It seems that imap-wu lets you synch up to /var/mail/username, but only that. Courier uses maildir, which means installing procmail and having a .procmailrc for every account. It appears that cyrus-imap23 uses its own delivery agent to build a maildir-like structure. Does this pretty much summarize my choices, or are there other things I should be aware of before implementing any of these on FreeBSD? Thanks, ==ml -- Michael W. Lucas mwlucas@BlackHelicopters.org, mwlucas@FreeBSD.org http://www.BlackHelicopters.org/~mwlucas/ Coming Soon: "Absolute FreeBSD" -- http://www.AbsoluteFreeBSD.com On 5/4/2007, the TSA kept 3 pairs of my soiled undies "for security reasons." From owner-freebsd-isp@FreeBSD.ORG Wed Jun 27 03:17:31 2007 Return-Path: X-Original-To: isp@freebsd.org Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DD1DB16A468 for ; Wed, 27 Jun 2007 03:17:31 +0000 (UTC) (envelope-from evs@telod.net) Received: from kohav.telod.net (h-72-245-221-62.chcgilgm.covad.net [72.245.221.62]) by mx1.freebsd.org (Postfix) with ESMTP id 9228913C45A for ; Wed, 27 Jun 2007 03:17:31 +0000 (UTC) (envelope-from evs@telod.net) Received: from [192.168.0.2] (wall.hm.telod.net [72.245.221.58]) (authenticated bits=0) by kohav.telod.net (8.13.8/8.13.3) with ESMTP id l5R34jdv055627; Tue, 26 Jun 2007 22:04:45 -0500 (CDT) (envelope-from evs@telod.net) In-Reply-To: <20070627021432.GA73579@bewilderbeast.blackhelicopters.org> References: <20070627021432.GA73579@bewilderbeast.blackhelicopters.org> Mime-Version: 1.0 (Apple Message framework v752.3) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <21EA5E66-5F27-402C-8324-2A21143CC5C8@telod.net> Content-Transfer-Encoding: 7bit From: Edward Shabotinsky Date: Tue, 26 Jun 2007 22:04:52 -0500 To: "Michael W. Lucas" X-Mailer: Apple Mail (2.752.3) Cc: isp@freebsd.org Subject: Re: Recommended IMAP server? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2007 03:17:31 -0000 hi, try dovecot i like it. very light and easy to configure On Jun 26, 2007, at 9:14 PM, Michael W. Lucas wrote: > Hi, > > I find myself needing to implement IMAP on FreeBSD. Any suggestions > on the "preferred" IMAP server? > > It appears that we have three "main" IMAP daemons in ports: imap-wu, > cyrus-imapd, and courier-imap. I need to pick one. My mail system > uses Sendmail+sasl2 and milter-greylist. I want to stick as close to > a "stock" FreeBSD as possible, so I'm not into reading users from LDAP > or anything like that. > > It seems that imap-wu lets you synch up to /var/mail/username, but > only that. > > Courier uses maildir, which means installing procmail and having a > .procmailrc for every account. > > It appears that cyrus-imap23 uses its own delivery agent to build a > maildir-like structure. > > Does this pretty much summarize my choices, or are there other things > I should be aware of before implementing any of these on FreeBSD? > > Thanks, > ==ml > > -- > Michael W. Lucas mwlucas@BlackHelicopters.org, mwlucas@FreeBSD.org > http://www.BlackHelicopters.org/~mwlucas/ > Coming Soon: "Absolute FreeBSD" -- http:// > www.AbsoluteFreeBSD.com > On 5/4/2007, the TSA kept 3 pairs of my soiled undies "for security > reasons." > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Wed Jun 27 03:41:15 2007 Return-Path: X-Original-To: isp@freebsd.org Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DD32416A468 for ; Wed, 27 Jun 2007 03:41:15 +0000 (UTC) (envelope-from mail@ozzmosis.com) Received: from smtp.mel.people.net.au (smtp.mel.people.net.au [218.214.17.98]) by mx1.freebsd.org (Postfix) with SMTP id 2A2F213C48C for ; Wed, 27 Jun 2007 03:41:14 +0000 (UTC) (envelope-from mail@ozzmosis.com) Received: (qmail 4872 invoked from network); 27 Jun 2007 03:14:33 -0000 Received: from unknown (HELO blizzard.dnsalias.org) (218.215.144.61) by smtp.mel.people.net.au with SMTP; 27 Jun 2007 03:14:33 -0000 Received: by blizzard.dnsalias.org (Postfix, from userid 1001) id 0EE59330; Wed, 27 Jun 2007 13:14:29 +1000 (EST) Date: Wed, 27 Jun 2007 13:14:28 +1000 From: andrew clarke To: "Michael W. Lucas" Message-ID: <20070627031428.GA89955@ozzmosis.com> References: <20070627021432.GA73579@bewilderbeast.blackhelicopters.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070627021432.GA73579@bewilderbeast.blackhelicopters.org> User-Agent: Mutt/1.4.2.3i Cc: isp@freebsd.org Subject: Re: Recommended IMAP server? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2007 03:41:15 -0000 On Tue, Jun 26, 2007 at 10:14:32PM -0400, Michael W. Lucas wrote: > I find myself needing to implement IMAP on FreeBSD. Any suggestions > on the "preferred" IMAP server? Dovecot is fairly popular. From owner-freebsd-isp@FreeBSD.ORG Wed Jun 27 04:22:48 2007 Return-Path: X-Original-To: isp@freebsd.org Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 244A416A421 for ; Wed, 27 Jun 2007 04:22:48 +0000 (UTC) (envelope-from gary@tbe.net) Received: from kerplunk.tbe.net (kerplunk.tbe.net [209.123.115.134]) by mx1.freebsd.org (Postfix) with ESMTP id F1A4A13C457 for ; Wed, 27 Jun 2007 04:22:47 +0000 (UTC) (envelope-from gary@tbe.net) Received: from kerplunk.tbe.net (localhost [127.0.0.1]) by kerplunk.tbe.net (Postfix) with ESMTP id 33AD45E9E; Tue, 26 Jun 2007 23:52:44 -0400 (EDT) Received: from localhost (gary@localhost) by kerplunk.tbe.net (8.13.8/8.13.8/Submit) with ESMTP id l5R3qhAu084429; Tue, 26 Jun 2007 23:52:43 -0400 (EDT) (envelope-from gary@tbe.net) X-Authentication-Warning: kerplunk.tbe.net: gary owned process doing -bs Date: Tue, 26 Jun 2007 23:52:43 -0400 (EDT) From: "Gary D. Margiotta" To: "Michael W. Lucas" In-Reply-To: <20070627021432.GA73579@bewilderbeast.blackhelicopters.org> Message-ID: <20070626234710.H75674@kerplunk.tbe.net> References: <20070627021432.GA73579@bewilderbeast.blackhelicopters.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: isp@freebsd.org Subject: Re: Recommended IMAP server? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2007 04:22:48 -0000 > > I find myself needing to implement IMAP on FreeBSD. Any suggestions > on the "preferred" IMAP server? I've begun migrating all my machines from pretty much vanilla UW-IMAP (with the built in pop3d) over to Dovecot with Maildir delivery. I've used UW for over 10 years on my mail servers, but I'm starting to get away from standard mbox format. I like the benefits of Maildir for my specific needs, and it's much safer over NFS, which is what I'm also starting to use for some servers. Dovecot was a very simple install from source, and I had it up and running with Maildir support, SASL smtp auth, and both pop3 and imap in about 10 minutes after compiation. I use Postfix for my MTA, but it should work with Sendmail or whatever. I played with Courier a little bit, didn't really like it, and Cyrus was way too much for my needs at the time, and I'm not really looking to try it again. Good luck. > > -- > Michael W. Lucas mwlucas@BlackHelicopters.org, mwlucas@FreeBSD.org > http://www.BlackHelicopters.org/~mwlucas/ > Coming Soon: "Absolute FreeBSD" -- http://www.AbsoluteFreeBSD.com > On 5/4/2007, the TSA kept 3 pairs of my soiled undies "for security reasons." > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Wed Jun 27 05:42:13 2007 Return-Path: X-Original-To: isp@freebsd.org Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9BCE416A400 for ; Wed, 27 Jun 2007 05:42:13 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from noop.in-addr.com (noop.in-addr.com [208.58.23.51]) by mx1.freebsd.org (Postfix) with ESMTP id 6F85113C484 for ; Wed, 27 Jun 2007 05:42:13 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from gjp by noop.in-addr.com with local (Exim 4.54 (FreeBSD)) id 1I3Q0b-000If6-Qh; Wed, 27 Jun 2007 01:24:05 -0400 Date: Wed, 27 Jun 2007 01:24:05 -0400 From: Gary Palmer To: "Michael W. Lucas" Message-ID: <20070627052405.GB1002@in-addr.com> Mail-Followup-To: "Michael W. Lucas" , isp@freebsd.org References: <20070627021432.GA73579@bewilderbeast.blackhelicopters.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070627021432.GA73579@bewilderbeast.blackhelicopters.org> Cc: isp@freebsd.org Subject: Re: Recommended IMAP server? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2007 05:42:13 -0000 On Tue, Jun 26, 2007 at 10:14:32PM -0400, Michael W. Lucas wrote: > Hi, > > I find myself needing to implement IMAP on FreeBSD. Any suggestions > on the "preferred" IMAP server? > > It appears that we have three "main" IMAP daemons in ports: imap-wu, > cyrus-imapd, and courier-imap. I need to pick one. My mail system > uses Sendmail+sasl2 and milter-greylist. I want to stick as close to > a "stock" FreeBSD as possible, so I'm not into reading users from LDAP > or anything like that. > > It seems that imap-wu lets you synch up to /var/mail/username, but > only that. Avoid UW IMAP. If nothing else, last I heard it wasn't 64 bit clean and there are various other well known issues with its implementation. For example, there are race conditions with concurrent access to the same folder that can lead to issues. In general I'd advise to use a daemon that has one-file-per-message format (e.g. cyrus, dovecot, etc) rather than mbox for scalability reasons (imagine trying to delete a message in the middle of a several hundred megabyte mbox "folder"). Also make sure that whatever you use builds an index of each folder so that IMAP clients can load the folder summary quickly, else you could very quickly run into performance problems if the daemon has to scan every message in a folder to gather common information (e.g. sender and subject) Also think about other issues that might affect your implementation, e.g. will you ever need to enforce quotas? This is not as innocuous a question as it seems as IMAP does not have a "move" command to move messages between folders, you have to copy the e-mail, mark the old copy of the e-mail as Deleted and then expunge it (this is normally all hidden transparently from the user by the mail client). This can play havoc with users mailboxes if you use operating system quotas to enforce mailbox sizes. Message expiration might also be a desirable feature, where you can automatically "age out" (i.e. delete) messages from certain folders after the e-mail has been in there for x days. This can be useful to keep Trash and Junk Mail/spam folders from growing out of control. Will you be offering webmail? Do you have a webmail selected already and does it work well with your IMAP server? I'm sure there are other considerations also, I'm just giving you a start here to try and help the decision process. From owner-freebsd-isp@FreeBSD.ORG Wed Jun 27 08:13:42 2007 Return-Path: X-Original-To: isp@freebsd.org Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 81E0016A468 for ; Wed, 27 Jun 2007 08:13:42 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from mesiob.obspm.fr (mesiob.obspm.fr [145.238.2.2]) by mx1.freebsd.org (Postfix) with ESMTP id 1CC5513C4C1 for ; Wed, 27 Jun 2007 08:13:41 +0000 (UTC) (envelope-from Albert.Shih@obspm.fr) Received: from localhost (pcjas.obspm.fr [145.238.2.126]) by mesiob.obspm.fr (8.13.4/8.13.4/SIO Observatoire de Paris) with ESMTP id l5R80kBn013249; Wed, 27 Jun 2007 10:00:46 +0200 Date: Wed, 27 Jun 2007 10:00:46 +0200 From: Albert Shih To: "Michael W. Lucas" Message-ID: <20070627080046.GB52063@pcjas.obspm.fr> References: <20070627021432.GA73579@bewilderbeast.blackhelicopters.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20070627021432.GA73579@bewilderbeast.blackhelicopters.org> User-Agent: Mutt/1.5.15 (2007-04-06) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0.2 (mesiob.obspm.fr [145.238.2.2]); Wed, 27 Jun 2007 10:00:46 +0200 (CEST) X-Virus-Scanned: ClamAV version 0.90.3, clamav-milter version 0.90.3 on mesiob.obspm.fr X-Virus-Status: Clean Cc: isp@freebsd.org Subject: Re: Recommended IMAP server? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Albert.Shih@obspm.fr List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2007 08:13:42 -0000 Le 26/06/2007 22:14:32-0400, Michael W. Lucas a écrit > Hi, > > I find myself needing to implement IMAP on FreeBSD. Any suggestions > on the "preferred" IMAP server? > > It appears that we have three "main" IMAP daemons in ports: imap-wu, > cyrus-imapd, and courier-imap. I need to pick one. My mail system > uses Sendmail+sasl2 and milter-greylist. I want to stick as close to > a "stock" FreeBSD as possible, so I'm not into reading users from LDAP > or anything like that. > > It seems that imap-wu lets you synch up to /var/mail/username, but > only that. > > Courier uses maildir, which means installing procmail and having a > .procmailrc for every account. > > It appears that cyrus-imap23 uses its own delivery agent to build a > maildir-like structure. > > Does this pretty much summarize my choices, or are there other things > I should be aware of before implementing any of these on FreeBSD? > IMHO the first question I need to answer : Have you any IMAP-Server yet, and if it so and if this server use mbox format, can you change this to Maildir. If you cannot use other format instead mbox, you already have you answer. It's uw-imap. Many peoples tell you uw-imap is very suck. Maybe it's true, maybe the code is not clean, but I'm running uw-imap for small groups (<1000 account) very fine and without any problem. If you can use Maildir, don't use UW-Imap. Because mbox is not scalable. You can use on very large with Maildir. Cyrus-imap is for lots of lots of account, because there using something like Database for storage and indexing. You can have two servers automaticaly synchronised etc... But Cyrus-Imap is more complexe than other. I don't known Dovecot. I've using courier-imap and work very fine. You don't need procmail for courier-imap. You can use procmail but it's not needed. The perf is very good with courier-imap (vs uw-imap where the perf is very poor when the number of mail increase). Regards. -- Albert SHIH Observatoire de Paris Meudon SIO batiment 15 Heure local/Local time: Wed Jun 27 09:48:42 CEST 2007 From owner-freebsd-isp@FreeBSD.ORG Wed Jun 27 19:50:14 2007 Return-Path: X-Original-To: isp@freebsd.org Delivered-To: freebsd-isp@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7164D16A400 for ; Wed, 27 Jun 2007 19:50:14 +0000 (UTC) (envelope-from tom.yerex@science.ubc.ca) Received: from gable.science.ubc.ca (gable.science.ubc.ca [142.103.151.10]) by mx1.freebsd.org (Postfix) with ESMTP id 5535B13C45E for ; Wed, 27 Jun 2007 19:50:14 +0000 (UTC) (envelope-from tom.yerex@science.ubc.ca) In-Reply-To: <20070627021432.GA73579@bewilderbeast.blackhelicopters.org> To: "Michael W. Lucas" MIME-Version: 1.0 X-Mailer: Lotus Notes Release 7.0.2 September 26, 2006 Message-ID: From: Tom Yerex Date: Wed, 27 Jun 2007 12:36:40 -0700 X-MIMETrack: Serialize by Router on GABLE/UBC(Release 7.0.2FP1|January 10, 2007) at 06/27/2007 12:50:14, Serialize complete at 06/27/2007 12:50:14 Content-Type: text/plain; charset="US-ASCII" X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: isp@freebsd.org Subject: Re: Recommended IMAP server? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2007 19:50:14 -0000 I found the end-user features were more significant than the particular implementation. (Keep in mind that I have not used any of these products recently, my last contact was early last year...) For example, Cyrus configured with Berkeley DB as the backend seemed to provide faster search results than Courier, which for end-users that relied on their mail to store documents made a big difference for us. Courier with maildir provided easier backup than Cyrus. Cyrus seems to provide the ability to replicate and distribute loads much easier than Courier. Cyrus with db backend required periodic checks for database corruption..etc... >From what I am told, Dovecot is a "cleaner" implementation and shows promise, but is not as mature and suffers under high loads. Hope this helps some, Tom. "Michael W. Lucas" Sent by: owner-freebsd-isp@freebsd.org 06/26/2007 07:49 PM To isp@freebsd.org cc Subject Recommended IMAP server? Hi, I find myself needing to implement IMAP on FreeBSD. Any suggestions on the "preferred" IMAP server? It appears that we have three "main" IMAP daemons in ports: imap-wu, cyrus-imapd, and courier-imap. I need to pick one. My mail system uses Sendmail+sasl2 and milter-greylist. I want to stick as close to a "stock" FreeBSD as possible, so I'm not into reading users from LDAP or anything like that. It seems that imap-wu lets you synch up to /var/mail/username, but only that. Courier uses maildir, which means installing procmail and having a .procmailrc for every account. It appears that cyrus-imap23 uses its own delivery agent to build a maildir-like structure. Does this pretty much summarize my choices, or are there other things I should be aware of before implementing any of these on FreeBSD? Thanks, ==ml -- Michael W. Lucas mwlucas@BlackHelicopters.org, mwlucas@FreeBSD.org http://www.BlackHelicopters.org/~mwlucas/ Coming Soon: "Absolute FreeBSD" -- http://www.AbsoluteFreeBSD.com On 5/4/2007, the TSA kept 3 pairs of my soiled undies "for security reasons." _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Wed Jun 27 21:49:37 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 54B7E16A400 for ; Wed, 27 Jun 2007 21:49:37 +0000 (UTC) (envelope-from paulo@nlink.com.br) Received: from smtp.nlink.com.br (smtp.nlink.com.br [201.12.59.3]) by mx1.freebsd.org (Postfix) with SMTP id BDF8C13C487 for ; Wed, 27 Jun 2007 21:49:36 +0000 (UTC) (envelope-from paulo@nlink.com.br) Received: (qmail 2483 invoked from network); 27 Jun 2007 21:18:59 -0000 Received: from foker.nlink.com.br (HELO cesna.nlink.com.br) (paulo@intra.nlink.com.br@201.12.60.146) by smtp.nlink.com.br with SMTP; 27 Jun 2007 21:18:59 -0000 Message-ID: <4682D528.7060107@nlink.com.br> Date: Wed, 27 Jun 2007 18:22:48 -0300 From: Paulo Fragoso User-Agent: Thunderbird 2.0.0.0 (X11/20070523) MIME-Version: 1.0 To: freebsd-isp@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: PHP suexec (binfmt) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2007 21:49:37 -0000 Hi, Are there any solution like linux binfmt (http://pookey.co.uk/wiki/php/security) for FreeBSD? We are migrating a multi-home PHP server running mod_php to new server without mod_php. We won't like to change all .php files to put #!/usr/local/bin/php Paulo Fragoso. From owner-freebsd-isp@FreeBSD.ORG Thu Jun 28 05:52:02 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 068AB16A421 for ; Thu, 28 Jun 2007 05:52:02 +0000 (UTC) (envelope-from bsd@kajs.co.nz) Received: from mx1.orcon.net.nz (loadbalancer1.orcon.net.nz [219.88.242.3]) by mx1.freebsd.org (Postfix) with ESMTP id A7F9A13C469 for ; Thu, 28 Jun 2007 05:52:01 +0000 (UTC) (envelope-from bsd@kajs.co.nz) Received: from Debian-exim by mx1.orcon.net.nz with local (Exim 4.63) (envelope-from ) id 1I3mSZ-0006D5-FF for freebsd-isp@freebsd.org; Thu, 28 Jun 2007 17:22:27 +1200 Received: from [60.234.135.124] (helo=jbox.spinningplanet.co.nz) by mx1.orcon.net.nz with esmtp (Exim 4.63) (envelope-from ) id 1I3gKS-0005Zk-UO; Thu, 28 Jun 2007 10:49:41 +1200 Message-ID: <4682E983.4050507@kajs.co.nz> Date: Thu, 28 Jun 2007 10:49:39 +1200 From: Josh User-Agent: Thunderbird 2.0.0.4 (X11/20070626) MIME-Version: 1.0 To: Paulo Fragoso , freebsd-isp@freebsd.org References: <4682D528.7060107@nlink.com.br> In-Reply-To: <4682D528.7060107@nlink.com.br> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-DSPAM-Check: by mx1.orcon.net.nz on Thu, 28 Jun 2007 17:22:27 +1200 X-DSPAM-Result: Innocent X-DSPAM-Processed: Thu Jun 28 17:22:27 2007 X-DSPAM-Confidence: 0.8512 X-DSPAM-Improbability: 1 in 573 chance of being spam X-DSPAM-Probability: 0.0000 Cc: Subject: Re: PHP suexec (binfmt) X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jun 2007 05:52:02 -0000 I wrote a mini howto thing on this a while ago install apache 2.0, with suexec enabled. Put these lines into /etc/make.conf: SUEXEC_UIDMIN=500 - the lowest UID of your vhost users. Normally 1000. SUEXEC_GIDMIN=500 - the lowest GID of your vhost users. Normally 1000. SUEXEC_DOCROOT="/home/sites" - where the vhost directorys are. Note the UIDMIN and GIDMIN. These can probably be omitted. I only put them in there because I transferred some users from a linux system, on which the UID's and GID's start at 500. Now install apache: cd /usr/ports/www/apache20 make install echo "Hello" In freebsd; cd /usr/ports/lang/php5 make config In the config set these options: CLI - for php on command line. CGI - For cgi use of php SUHOSIN - Security enhancments for php MAILHEAD - A gizmo. REDIRECT DISCARD FASTCGI - Needed to use fastcgi or fcgid modules PATHINO Then run: make install Now install mod_fcgid: cd /usr/ports/www/mod_fcgid make install ( accept default options ) Now, in httpd.conf, make sure you have some lines like this in the module section: LoadModule suexec_module libexec/apache2/mod_suexec.so LoadModule fcgid_module libexec/apache2/mod_fcgid.so And then somewhere else in the httpd.conf, put this: AddHandler php-script .php Action php-script /cgi-bin/php # this is to handle php-cgi with mod_fcgid SetHandler fcgid-script # this is to handle php-cgi with mod_fastcgi #SetHandler fastcgi-script Ok, now, in each entry that you want to run php, you need to put this: ScriptAlias /cgi-bin/ /path/to/vhost/users/home/dir/cgi-bin/ And in that users cgi-bin, you put this into a file called php: #!/bin/sh #PHPRC="/usr/local/etc/php/client" # can use this to set custom php.ini export PHPRC PHP_FCGI_CHILDREN=4 export PHP_FCGI_CHILDREN exec /usr/local/bin/php-cgi And make the script executable, and owned by the virtual hosts user and group. You should use chflags to make it so that users cant mince around with anything in the cgi-dir, or alternatively modify suexec.c to take the check of the uid/gid of the cgi-bin dir and then you can make it owned by root:wheel. And, in theory, that should be it. Start up apache and it should work. After that you should consider making a php.ini for each and every vhost, in which you set open_basedir and other gizmos to tighten things up. This is only a quick 5 minute writeup, so it is more than likely I have missed something. Paulo Fragoso wrote: > Hi, > > Are there any solution like linux binfmt > (http://pookey.co.uk/wiki/php/security) for FreeBSD? > > We are migrating a multi-home PHP server running mod_php to new server > without mod_php. We won't like to change all .php files to put > #!/usr/local/bin/php > > Paulo Fragoso. > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Thu Jun 28 10:42:54 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E7D5B16A477 for ; Thu, 28 Jun 2007 10:42:54 +0000 (UTC) (envelope-from "") Received: from www.pclab.pl (xeon.PCLab.pl [217.17.35.194]) by mx1.freebsd.org (Postfix) with SMTP id 5507713C489 for ; Thu, 28 Jun 2007 10:42:54 +0000 (UTC) (envelope-from "") Received: (qmail 6146 invoked by uid 117); 28 Jun 2007 10:16:11 -0000 Date: 28 Jun 2007 10:16:11 -0000 From: "System Anti-Virus Administrator" To: freebsd-isp@freebsd.org Message-ID: X-Tnz-Problem-Type: 40 MIME-Version: 1.0 Content-type: text/plain Subject: problem found in sent message "Mail Delivery System (pila@pclab.pl)" X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jun 2007 10:42:55 -0000 Attention: freebsd-isp@freebsd.org A problem was found in an Email message you sent. This Email scanner intercepted it and stopped the entire message reaching its destination. The problem was reported to be: Disallowed file (message.pif) assosiated with unrelated MIME type (audio/x-wav) - potential virus Please contact your IT support personnel with any queries regarding this policy. Your message was sent with the following envelope: MAIL FROM: freebsd-isp@freebsd.org RCPT TO: pila@pclab.pl ... and with the following headers: --- MAILFROM: freebsd-isp@freebsd.org Received: from aakv109.neoplus.adsl.tpnet.pl (HELO pclab.pl) (83.5.25.109) by www.pclab.pl with SMTP; 28 Jun 2007 10:16:08 -0000 From: freebsd-isp@freebsd.org To: pila@pclab.pl Subject: Mail Delivery System (pila@pclab.pl) Date: Thu, 28 Jun 2007 12:11:01 +0200 MIME-Version: 1.0 Content-Type: multipart/related; type="multipart/alternative"; boundary="----=_NextPart_000_001B_01C0CA81.7B015D10" X-Priority: 1 X-MSMail-Priority: High --- The original message is kept in: pclab.pclab.pl:/var/spool/qmailscan/quarantine/new/pclab.pclab.pl118302576847122731 where the System Anti-Virus Administrator can further diagnose it. The Email scanner reported the following when it scanned that message: --- ---perlscanner results --- problem 'Disallowed file (message.pif) assosiated with unrelated MIME type (audio/x-wav) - potential virus' found in attachment message.pif --- From owner-freebsd-isp@FreeBSD.ORG Thu Jun 28 20:57:59 2007 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E373816A46B; Thu, 28 Jun 2007 20:57:59 +0000 (UTC) (envelope-from greg@laaco.net) Received: from mail.laaco.net (mail.laaco.net [38.99.244.3]) by mx1.freebsd.org (Postfix) with ESMTP id AB4D713C455; Thu, 28 Jun 2007 20:57:57 +0000 (UTC) (envelope-from greg@laaco.net) Received: from localhost (www@localhost.laaco.net [127.0.0.1]) by mail.laaco.net (8.13.3/8.13.4) with SMTP id l5SKZ8sm023140; Thu, 28 Jun 2007 13:35:08 -0700 (PDT) (envelope-from greg@laaco.net) Message-Id: <200706282035.l5SKZ8sm023140@mail.laaco.net> Received-On-Port: 25 X-Port: 25 To: , , From: "=?UTF-8?B?R3JlZyBILg==?= " Date: Thu, 28 Jun 2007 13:35:08 PDT Errors-To: "=?UTF-8?B?R3JlZyBILg==?= " X-Priority: 3 (Normal) User-Agent: NOCC MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit X-Scanned-By: MIMEDefang 2.52 on 38.99.244.3 Cc: Subject: Qlogic 2432, Multipath, Dynamic LUNs, and NTFS X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: =?UTF-8?B?R3JlZyBILg==?= List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jun 2007 20:58:00 -0000 Hello All, I've just installed a new HP BladeSystem with BL460c blades, connected via dual on-board Qlogic 2432 Fibre Channel controllers, to an EVA4000 SAN. After getting the isp driver from 6.2-Stable, everything runs very smoothly. Now, I've been asked to use our very stable FreeBSD blades to backup the often flakey Windows 2003 Server drives. Both the FreeBSD blades and the Windows blades have their own LUNs on the EVA4000 SAN. To do this, I've created a snapshot of one of the non-compressed NTFS drives on the EVA, and presented it to the FreeBSD system, dynamically. After doing a camcontrol rescan all, both a camcontrol devlist, or an ls /dev/ntfs crash the system. Because of the silly HP blade environment, I don't have access to the console during the crashes. I also haven't found any signs in the logs. Here is an additional quirk. When the system comes back up, the snapshot LUN show up, and seems to mount properly with mount -t ntfs. I can't get ntfs-3g to work properly when loaded as a package, and the port won't compile. The strange thing is that an ls of the NTFS snapshot shows a file that is 7,653,312,512 bytes, but cat | bzip2 (and dd) only reads 3,358,345,216 bytes. Reading a larger file of 50,135,415,808 bytes crashes the system. These are the files from the SAN snapshot of the NTFS drive: -rwxr-xr-x 1 root wheel 7653312512 Jun 26 20:31 MV-C.bkf -rwxr-xr-x 1 root wheel 50135415808 Jun 26 21:28 MV-E.bkf -rwxr-xr-x 1 root wheel 575225856 Jun 26 20:12 MV-SysState.bkf Here's what happens when I try to read them: Copying MV-SysState.bkf Wed Jun 27 17:58:00 PDT 2007 (stdin): 2.792:1, 2.866 bits/byte, 64.18% saved, 575225856 in, 206056048 out Copying MV-C.bkf Wed Jun 27 18:01:08 PDT 2007 (stdin): 4.047:1, 1.977 bits/byte, 75.29% saved, 3358345216 in, 829840937 out Copying MV-E.bkf Wed Jun 27 18:19:34 PDT 2007 (stdin): If this is the wrong list, I'll happily send it to the proper list if someone tells me what it is. Other interesting facts are that each LUN presented by the SAN appears 4 times, once on each FC port (as was expected), and GEOM seems to handle it just fine. Mounts reference the GEOM label such as /dev/ufs/mail2root or /dev/ntfs/MV-Backup. Any suggestions of how to dynamically mount/unmount FC LUNs, and faithfully read files from an NTFS file system? Thanks everybody, Greg H. ___________________________________ NOCC, http://nocc.sourceforge.net