[K12OSN] OT: quote on file / mail server

John Lucas mrjohnlucas at gmail.com
Thu Jun 28 13:23:03 UTC 2007

On Thursday 28 June 2007 08:42, Rob Owens wrote:
> I've answered your questions inline below.
> Another thing I should mention:  I need to accommodate users who travel
> with their laptops.  We have a terminal server that they can connect to
> through a gateway that the parent company sets up, and they'll use the
> mail client on that machine to get their email.  I need to keep that
> machine sync'd with their local machine.  I assume IMAP is the way to do
> this.  I'm struggling a bit, though, with the specific mail client
> settings to allow them to keep a local copy of their email (something
> like MS's "cached exchange mode").

Thunderbird has the ability to keep offline copies. Look at "Offline & 
Diskspace" under "Account Settings". Combining this with IMAP (to keep server 
copies) should work *except* ... 

Am I to assume that IMAP traffic is not allowed beyond the parent 
gateway/terminal server? That would make local caching pretty difficult if 
the MUA can't directly reach the mail server from outside your net. Using an 
IMAP client (i.e. Tbird) on the terminal server would eliminate the need for 

If it were up to me, I would allow IMAPS (IMAP over SSL/TLS) out through the 
firewall as well as the SMTP "Submission" service (authenticated SMTP over 
TLS, tcp port 587) in a manner similar to GMail. I use Tbird with this sort 
of configuration for one of my accounts, and I use KMail with POPS and 
Submission with my GMail (this) account. However if you don't control that 
policy, you are stuck doing all your mail via terminal services (or perhaps 
over VPN).

As one who was responsible for email (and other things) for a small liberal 
arts college I can state one thing for sure: EMail is a pain. Be thankful you 
aren't responsible for Spam and malware control.

> Thanks for all the advice.
> -Rob
> John Lucas wrote:
> > I can't give you a quote, but perhaps I can suggest an approach. You need
> > to decide on a strategy.
> >
> > There are probably several ways to accomplish what you want, but you
> > first need to state your needs more precisely:
> >
> > 	- what email clients do you intend to support?
> Thunderbird, mainly.  Outlook would be nice, in case any users are
> particularly attached to it.  Other than that, it would be free email
> clients for Linux (possibly Evolution)
> > 	- are there other "groupware" (beyond email) needs?
> The only other thing we use that could be considered groupware is
> perhaps the global address list.

Thunderbird (and other MUAs) can use LDAP servers as addressbooks. Just make 
sure the terminal servers's MUA has this feature.

> > 	- how flexible is your AD (Active Directory) admin?
> I am the AD admin.  We do a lot of outsourcing of our IT, though, which
> is why I stated that it may be a good idea to keep Active Directory.
> I'm starting to reconsider that, though.

That makes things simpler. Keeping or replacing AD is one of those things only 
you can decide. With the approach I outlined, you can defer that decision, 
since it only means changing which LDAP server is used by the mail server 
should you decide to phase out AD.

> > What I might do if *only* email is required and there were some freedom
> > of choice of MUA (Mail User Agent):
> >
> > 	- extend AD to support Posix/Unix LDAP schema
> > 	- set up CentOS (my choice) to authenticate via LDAP via AD
> > 	- install/configure Postfix to use LDAP (from AD)
> > 	- install Dovecot (IMAP server)
> > 	- modify imap pam configuration to add "pam_mkhomedir.so"
> >
> > This would allow the use of any IMAP email client (KMail, Thunderbird,
> > Evolution, Outlook Express, Squirrelmail etc.). All user creation would
> > be handled in AD.
> >
> > I would also add "clamsmtp" to the Postfix configuration to use "clamav"
> > anti-virus scanning. "Defense in depth" is a good idea, it doesn't hurt
> > to run the mail through more than one scanner. The more diversity in
> > scanners, the less likely a single virus will get past all of them.
> >
> > The single largest potential obstacle to this approach is to get the AD
> > admin to modify the AD configuration to support Posix/Unix LDAP schema.
> > If you can't get them to do this, then this approach is a non-starter.
> > The steps aren't difficult and are covered step-by-step in chapter 9 of
> > "LDAP System Administration" by Gerald Carter.
> I'll have to read up on this.  Thanks for the info.
> > This is a political, rather than a
> > technical, problem.
> >
> > One final thought: Do you need to run your own mail host? You might be
> > able to use one already running within your organization *or* you might
> > find the moderate expense of using "Google Apps" useful. Either approach
> > would eliminate the expense of running/administering/upgrading another
> > server.
> I'd like to give them a local mail server.  There is the option of
> letting them use my mail server (in the US), but then if my internet
> connection goes down, they have no email.  That's happened to us before
> with another shared server, and it made everybody unhappy.

True, but if your connection to Google "goes down", you probably would have 
bigger problems than just getting your email :-}

        "History doesn't repeat itself; at best it rhymes."
                        - Mark Twain

| John Lucas                          MrJohnLucas at gmail.com               |
| St. Thomas, VI 00802                http://mrjohnlucas.googlepages.com/ |
| 18.3°N, 65°W                        AST (UTC-4)                         |

More information about the K12OSN mailing list