From owner-freebsd-database@FreeBSD.ORG  Fri Feb 25 03:56:24 2005
Return-Path: <owner-freebsd-database@FreeBSD.ORG>
Delivered-To: freebsd-database@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6818016A4CE
	for <freebsd-database@freebsd.org>;
	Fri, 25 Feb 2005 03:56:24 +0000 (GMT)
Received: from search.sparks.net (search.sparks.net [207.5.180.136])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2E5B843D45
	for <freebsd-database@freebsd.org>;
	Fri, 25 Feb 2005 03:56:24 +0000 (GMT)
	(envelope-from dmiller@sparks.net)
Received: by search.sparks.net (Postfix, from userid 100)
	id 6D656A906; Thu, 24 Feb 2005 22:56:23 -0500 (EST)
Received: from localhost (localhost [127.0.0.1])
	by search.sparks.net (Postfix) with ESMTP
	id 6ABA1A904; Thu, 24 Feb 2005 22:56:23 -0500 (EST)
Date: Thu, 24 Feb 2005 22:56:23 -0500 (EST)
From: David Miller <dmiller@search.sparks.net>
To: "Joseph E. Maxwell" <jemaxwell@jaymax.com>
In-Reply-To: <421E4E5B.6010705@jaymax.com>
Message-ID: <Pine.BSF.4.21.0502242249030.61985-100000@search.sparks.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: dmiller@sparks.net
cc: freebsd-database@freebsd.org
Subject: Re: Setting up -  Users with mail access but without telnet access
X-BeenThere: freebsd-database@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Database use and development under FreeBSD
	<freebsd-database.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-database>,
	<mailto:freebsd-database-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-database>
List-Post: <mailto:freebsd-database@freebsd.org>
List-Help: <mailto:freebsd-database-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-database>,
	<mailto:freebsd-database-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Feb 2005 03:56:24 -0000

On Thu, 24 Feb 2005, Joseph E. Maxwell wrote:

> I am running a mail server (qmail) on a machine (freebsd 4.9). How can I 
> set up users on it with email functioning but without telnet access ?

This really isn't a database question, but I'll take a stab at it anyway.

The quick answer is to just add them as unix users but turn telnet off in
inetd.conf. That's almost certainly the default anyway, nobody uses telnet
to access a system anymore.  It's also kind of a wisecrack, because you're
probably asking how to deny them shell access.

If you just give them a shell of /bin/false they won't be able to login
with ssh, rlogin, telnet, or a serial terminal.

There are other more complex answers too, like setting up qmail to use
LDAP or query some sort of database to see if the recipient is a
legitimate user.  This is not a trivial thing to setup, and will be client
specific (qmail/POP/IMAP all have to match up).

Hope this helps,

--- David