[K12OSN] OT: quote on file / mail server

Rob Owens rowens at bio-chemvalve.com
Thu Jun 28 14:33:51 UTC 2007

John Lucas wrote:
> On Thursday 28 June 2007 08:42, Rob Owens wrote:
>> I've answered your questions inline below.
>> Another thing I should mention:  I need to accommodate users who travel
>> with their laptops.  We have a terminal server that they can connect to
>> through a gateway that the parent company sets up, and they'll use the
>> mail client on that machine to get their email.  I need to keep that
>> machine sync'd with their local machine.  I assume IMAP is the way to do
>> this.  I'm struggling a bit, though, with the specific mail client
>> settings to allow them to keep a local copy of their email (something
>> like MS's "cached exchange mode").
> Thunderbird has the ability to keep offline copies. Look at "Offline & 
> Diskspace" under "Account Settings". Combining this with IMAP (to keep server 
> copies) should work *except* ... 
I've tried this, but I have some problems still.  For instance, my 
server-side k12ltsp folder says I have 8 new messages, but the local 
k12ltsp folder says I have 27 new messages...  I've probably got a 
setting wrong somewhere, but where?

> Am I to assume that IMAP traffic is not allowed beyond the parent 
> gateway/terminal server? That would make local caching pretty difficult if 
> the MUA can't directly reach the mail server from outside your net. Using an 
> IMAP client (i.e. Tbird) on the terminal server would eliminate the need for 
> synncing.
I think I'm going to need to make all remote access to email be through 
the terminal server.  We've been doing it using Outlook, and it seems to 
work fine.  IMAP or IMAPS would not be allowed through the firewall, and 
I don't have much say in that matter.
> If it were up to me, I would allow IMAPS (IMAP over SSL/TLS) out through the 
> firewall as well as the SMTP "Submission" service (authenticated SMTP over 
> TLS, tcp port 587) in a manner similar to GMail. I use Tbird with this sort 
> of configuration for one of my accounts, and I use KMail with POPS and 
> Submission with my GMail (this) account. However if you don't control that 
> policy, you are stuck doing all your mail via terminal services (or perhaps 
> over VPN).
> As one who was responsible for email (and other things) for a small liberal 
> arts college I can state one thing for sure: EMail is a pain. Be thankful you 
> aren't responsible for Spam and malware control.
>> Thanks for all the advice.
>> -Rob
>> John Lucas wrote:
>>> I can't give you a quote, but perhaps I can suggest an approach. You need
>>> to decide on a strategy.
>>> There are probably several ways to accomplish what you want, but you
>>> first need to state your needs more precisely:
>>> 	- what email clients do you intend to support?
>> Thunderbird, mainly.  Outlook would be nice, in case any users are
>> particularly attached to it.  Other than that, it would be free email
>> clients for Linux (possibly Evolution)
>>> 	- are there other "groupware" (beyond email) needs?
>> The only other thing we use that could be considered groupware is
>> perhaps the global address list.
> Thunderbird (and other MUAs) can use LDAP servers as addressbooks. Just make 
> sure the terminal servers's MUA has this feature.
I haven't gotten this to work in Thunderbird or Evolution.  Can you give 
me any pointers?  I'm suspecting it's a problem w/ the AD settings, 
because I'm pretty sure I did everything right on the email client side.
>>> 	- how flexible is your AD (Active Directory) admin?
>> I am the AD admin.  We do a lot of outsourcing of our IT, though, which
>> is why I stated that it may be a good idea to keep Active Directory.
>> I'm starting to reconsider that, though.
> That makes things simpler. Keeping or replacing AD is one of those things only 
> you can decide. With the approach I outlined, you can defer that decision, 
> since it only means changing which LDAP server is used by the mail server 
> should you decide to phase out AD.
>>> What I might do if *only* email is required and there were some freedom
>>> of choice of MUA (Mail User Agent):
>>> 	- extend AD to support Posix/Unix LDAP schema
>>> 	- set up CentOS (my choice) to authenticate via LDAP via AD
>>> 	- install/configure Postfix to use LDAP (from AD)
>>> 	- install Dovecot (IMAP server)
>>> 	- modify imap pam configuration to add "pam_mkhomedir.so"
>>> This would allow the use of any IMAP email client (KMail, Thunderbird,
>>> Evolution, Outlook Express, Squirrelmail etc.). All user creation would
>>> be handled in AD.
>>> I would also add "clamsmtp" to the Postfix configuration to use "clamav"
>>> anti-virus scanning. "Defense in depth" is a good idea, it doesn't hurt
>>> to run the mail through more than one scanner. The more diversity in
>>> scanners, the less likely a single virus will get past all of them.
>>> The single largest potential obstacle to this approach is to get the AD
>>> admin to modify the AD configuration to support Posix/Unix LDAP schema.
>>> If you can't get them to do this, then this approach is a non-starter.
>>> The steps aren't difficult and are covered step-by-step in chapter 9 of
>>> "LDAP System Administration" by Gerald Carter.
>> I'll have to read up on this.  Thanks for the info.
>>> This is a political, rather than a
>>> technical, problem.
>>> One final thought: Do you need to run your own mail host? You might be
>>> able to use one already running within your organization *or* you might
>>> find the moderate expense of using "Google Apps" useful. Either approach
>>> would eliminate the expense of running/administering/upgrading another
>>> server.
>> I'd like to give them a local mail server.  There is the option of
>> letting them use my mail server (in the US), but then if my internet
>> connection goes down, they have no email.  That's happened to us before
>> with another shared server, and it made everybody unhappy.
> True, but if your connection to Google "goes down", you probably would have 
> bigger problems than just getting your email :-}
The thing is, if the US office's internet connection goes down, I don't 
want it to take out any services on the UK side (which is what would 
happen if the UK office used a mail server located in the US office).


More information about the K12OSN mailing list