Administration System for Courier MTA
Hi people! I've started working on a new web-based Administration System for Courier MTA, under this premises/requirements:
SECURE: Minimize what can be done to the least set of features possible:
1) Adding/Removing hosted/accepted domains
2) Add/Modify/Remove mail accounts (anything that courier-authlib understands for each backend type)
3) Add/Modify/Remove aliases
For 1) and 3) we will probably need some daemon/app/middleware/something to edit/create files of courier configuration that are not courier-authlib managed.
For 2), we will limit ilcm's supported backends to mysql, postgresql and ldap, because we can access that with PHP's mysql, postgresql and ldap capabilities, directly connecting to the backend, without messing with courier's config stored in /etc/courier/* files.
FAST: Template-based html
Smarty sounds good for this task. We can use very simple html, and then add a CSS to the templates when we find a good web designer :P
ROLE-BASED: Domain Administrators, and Courier Managers
As Courier Managers will be able to (indirectly) edit /etc/courier/* files, we understand there are security risks so we enforce a role-based user system for ilcm.
Minimalist as much as possible, (in terms of functionality, compatibility, and extra backends needed).
This depends from the "Secure" requirement. The less functionality, the more secure the system can get. By using a Role Based system, we limit which users can use extra functionality.
SIMPLE:
When ilcm is installed, a script should be run with just two parameters: Base dir to courier's etc dir (/etc/courier, /usr/local/etc/courier, /usr/lib/courier/etc, etc) and base dir to authlib's dir: (/etc/courier/authlib, or the path where authdaemonrc, auth{ldap,mysql,pgsql}rc are located).
From there, the script will get all required credentials, and file locations, and should be able to write an outside-documentroot accesible ilcm-config.php file. The person installing the system should decide where to put this file, and what modes and ownership it should have.
Finally, the admin will also need to tell ilcm where that config file is located. So, we have a 3-step configuration stage: Run configurator script, securify ilcm-config.php, tell ilcm (set of php scripts under a documentroot) where that ilcm-config.php file is.
Additionally, I was thinking on adding mysql/pgsql/ldap support for hsoteddomains, smtpacceptmailfor and smtpaccess. We could avoid the whole sudo/privileged-backend thing altogether that way.
Well, that's the idea :)
If anyone is interested, contact me.
Sincerely,
Buanzo
SECURE: Minimize what can be done to the least set of features possible:
1) Adding/Removing hosted/accepted domains
2) Add/Modify/Remove mail accounts (anything that courier-authlib understands for each backend type)
3) Add/Modify/Remove aliases
For 1) and 3) we will probably need some daemon/app/middleware/something to edit/create files of courier configuration that are not courier-authlib managed.
For 2), we will limit ilcm's supported backends to mysql, postgresql and ldap, because we can access that with PHP's mysql, postgresql and ldap capabilities, directly connecting to the backend, without messing with courier's config stored in /etc/courier/* files.
FAST: Template-based html
Smarty sounds good for this task. We can use very simple html, and then add a CSS to the templates when we find a good web designer :P
ROLE-BASED: Domain Administrators, and Courier Managers
As Courier Managers will be able to (indirectly) edit /etc/courier/* files, we understand there are security risks so we enforce a role-based user system for ilcm.
Minimalist as much as possible, (in terms of functionality, compatibility, and extra backends needed).
This depends from the "Secure" requirement. The less functionality, the more secure the system can get. By using a Role Based system, we limit which users can use extra functionality.
SIMPLE:
When ilcm is installed, a script should be run with just two parameters: Base dir to courier's etc dir (/etc/courier, /usr/local/etc/courier, /usr/lib/courier/etc, etc) and base dir to authlib's dir: (/etc/courier/authlib, or the path where authdaemonrc, auth{ldap,mysql,pgsql}rc are located).
From there, the script will get all required credentials, and file locations, and should be able to write an outside-documentroot accesible ilcm-config.php file. The person installing the system should decide where to put this file, and what modes and ownership it should have.
Finally, the admin will also need to tell ilcm where that config file is located. So, we have a 3-step configuration stage: Run configurator script, securify ilcm-config.php, tell ilcm (set of php scripts under a documentroot) where that ilcm-config.php file is.
Additionally, I was thinking on adding mysql/pgsql/ldap support for hsoteddomains, smtpacceptmailfor and smtpaccess. We could avoid the whole sudo/privileged-backend thing altogether that way.
Well, that's the idea :)
If anyone is interested, contact me.
Sincerely,
Buanzo
Labels: English
 Liked it? Submit this post to Slashdot!
|
| posted by Arturo 'Buanzo' Busleiman @ 4:30 PM |
