[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] OT: quote on file / mail server

John Lucas wrote:
On Thursday 28 June 2007 08:42, Rob Owens wrote:
I've answered your questions inline below.

Another thing I should mention:  I need to accommodate users who travel
with their laptops.  We have a terminal server that they can connect to
through a gateway that the parent company sets up, and they'll use the
mail client on that machine to get their email.  I need to keep that
machine sync'd with their local machine.  I assume IMAP is the way to do
this.  I'm struggling a bit, though, with the specific mail client
settings to allow them to keep a local copy of their email (something
like MS's "cached exchange mode").

Thunderbird has the ability to keep offline copies. Look at "Offline & Diskspace" under "Account Settings". Combining this with IMAP (to keep server copies) should work *except* ...
I've tried this, but I have some problems still. For instance, my server-side k12ltsp folder says I have 8 new messages, but the local k12ltsp folder says I have 27 new messages... I've probably got a setting wrong somewhere, but where?

Am I to assume that IMAP traffic is not allowed beyond the parent gateway/terminal server? That would make local caching pretty difficult if the MUA can't directly reach the mail server from outside your net. Using an IMAP client (i.e. Tbird) on the terminal server would eliminate the need for synncing.
I think I'm going to need to make all remote access to email be through the terminal server. We've been doing it using Outlook, and it seems to work fine. IMAP or IMAPS would not be allowed through the firewall, and I don't have much say in that matter.
If it were up to me, I would allow IMAPS (IMAP over SSL/TLS) out through the firewall as well as the SMTP "Submission" service (authenticated SMTP over TLS, tcp port 587) in a manner similar to GMail. I use Tbird with this sort of configuration for one of my accounts, and I use KMail with POPS and Submission with my GMail (this) account. However if you don't control that policy, you are stuck doing all your mail via terminal services (or perhaps over VPN).

As one who was responsible for email (and other things) for a small liberal arts college I can state one thing for sure: EMail is a pain. Be thankful you aren't responsible for Spam and malware control.

Thanks for all the advice.


John Lucas wrote:
I can't give you a quote, but perhaps I can suggest an approach. You need
to decide on a strategy.

There are probably several ways to accomplish what you want, but you
first need to state your needs more precisely:

	- what email clients do you intend to support?
Thunderbird, mainly.  Outlook would be nice, in case any users are
particularly attached to it.  Other than that, it would be free email
clients for Linux (possibly Evolution)

	- are there other "groupware" (beyond email) needs?
The only other thing we use that could be considered groupware is
perhaps the global address list.

Thunderbird (and other MUAs) can use LDAP servers as addressbooks. Just make sure the terminal servers's MUA has this feature.
I haven't gotten this to work in Thunderbird or Evolution. Can you give me any pointers? I'm suspecting it's a problem w/ the AD settings, because I'm pretty sure I did everything right on the email client side.
	- how flexible is your AD (Active Directory) admin?
I am the AD admin.  We do a lot of outsourcing of our IT, though, which
is why I stated that it may be a good idea to keep Active Directory.
I'm starting to reconsider that, though.

That makes things simpler. Keeping or replacing AD is one of those things only you can decide. With the approach I outlined, you can defer that decision, since it only means changing which LDAP server is used by the mail server should you decide to phase out AD.

What I might do if *only* email is required and there were some freedom
of choice of MUA (Mail User Agent):

	- extend AD to support Posix/Unix LDAP schema
	- set up CentOS (my choice) to authenticate via LDAP via AD
	- install/configure Postfix to use LDAP (from AD)
	- install Dovecot (IMAP server)
	- modify imap pam configuration to add "pam_mkhomedir.so"

This would allow the use of any IMAP email client (KMail, Thunderbird,
Evolution, Outlook Express, Squirrelmail etc.). All user creation would
be handled in AD.

I would also add "clamsmtp" to the Postfix configuration to use "clamav"
anti-virus scanning. "Defense in depth" is a good idea, it doesn't hurt
to run the mail through more than one scanner. The more diversity in
scanners, the less likely a single virus will get past all of them.

The single largest potential obstacle to this approach is to get the AD
admin to modify the AD configuration to support Posix/Unix LDAP schema.
If you can't get them to do this, then this approach is a non-starter.
The steps aren't difficult and are covered step-by-step in chapter 9 of
"LDAP System Administration" by Gerald Carter.
I'll have to read up on this.  Thanks for the info.

This is a political, rather than a
technical, problem.

One final thought: Do you need to run your own mail host? You might be
able to use one already running within your organization *or* you might
find the moderate expense of using "Google Apps" useful. Either approach
would eliminate the expense of running/administering/upgrading another
I'd like to give them a local mail server.  There is the option of
letting them use my mail server (in the US), but then if my internet
connection goes down, they have no email.  That's happened to us before
with another shared server, and it made everybody unhappy.

True, but if your connection to Google "goes down", you probably would have bigger problems than just getting your email :-}

The thing is, if the US office's internet connection goes down, I don't want it to take out any services on the UK side (which is what would happen if the UK office used a mail server located in the US office).


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]