Configuration

In the following, I assume that everything is installed under /usr/local/shohei. This can be changed by editing the #defines at the top of shohei.c.

usr/
 |
 `-local/
    |
    `-shohei/
       |
       |-tickets/
       |  |
       |  |-1345
       |  `-1346
       |
       |-shohei/
       |  |
       |  |-img/
       |  |  |
       |  |  `-gulbg.gif
       |  |
       |  `-attachments/
       |     |
       |     `-1345/
       |        |
       |        |-foo.doc
       |        `-bar.jpg
       |
       `-spool/
          |
          |-@SUPERVISORS
          |
          |-foo.com/
          |  |
          |  |-@SERVER
          |  |-@SITES
          |  |-@CX
          |  |-@ADMINS
          |  |
          |  |-user1/
          |  |  |
          |  |  |-@CFG
          |  |  |-@DN
          |  |  |
          |  |  |-@CAL/
          |  |  |  |
          |  |  |  `-99/
          |  |  |     |
          |  |  |     `-11/
          |  |  |        |
          |  |  |        `-29
          |  |  |
          |  |  |-@WWW/
          |  |  |  |
          |  |  |  `-index.html
          |  |  |
          |  |  |-@NOTES/
          |  |  |  |
          |  |  |  `-An example note
          |  |  |
          |  |  `-INBOX
          |  |
          |  `-user2/
          |     |
          |     `-INBOX
          |
          `-bar.com/
             |
             |-user1/
             |  |
             |  `-INBOX
             |
             `-user2/
                |
                `-INBOX

The file @SUPERVISORS contains a list of users who are allowed to add domains to the server using a web interface. List users as user@domain with one per line. This file is not necessary.

Every supported domain has a subdirectory under /usr/local/readmail/spool. The directory must be created manually. By default, the domain name is also used as site name and as the name of the pop server. In many cases, this is sufficient. More human-readable names can be specified by entering them one per line in the file @SITES. A different name for the pop server can be specified in the file @SERVER.

The @ADMINS file contains a list of users who are allowed to modify the @SITES and @CX files of this domain. They do this through the web interface, using forms that normal users are not allowed to access.

Neither @ADMINS nor @SUPERVISORS are necessary, as all administration tasks can be done manually. They are there to allow distributed administration without creating local users on the Shohei host.

The final site configuration file is @CX, which is used when the pop server is Mercury on a Novell Netware 4 or 5 server. In this case, a single mail domain can serve several NDS contexts by listing them one per line in @CX. Shohei then tries to locate the user by appending the contexts to the user name when logging in. This is somewhat similar to a brute force password attack on the server, but the number of failed logins will be limited to one per nonexisting user. No user accounts will be locked.

Because of the awkward way we locate users in NDS, it is desirable to cache the distinguished name of a user once he is found. This is done in the file @DN. The file consists of a single line with the typeless distinguished name. The next time the user logs in, the cached name is used before systematically going through @CX. This should limit the number of "ugly" logins to one per user, even without any real NDS support.

If the cached user name fails, @DN is deleted and @CX consulted again. @DN is automatically recreated after every successful login.

Every user in a domain has his own subdirectory, containing one file per folder. The only system-created folder is INBOX, which is used for incoming mail. The user can then create and delete folders at will, and also move messages between folders using the web interface. The user can even delete INBOX, but it will be recreated the next time mail is fetched from the pop server.

Custom user settings, if any, are stored in the file @CFG. Examples of things to customize:

Full name
Signature
Preferred language
Re: string
Quote string

Currently, @CFG is not used at all.

The @CAL directory contains the user's calendar. An entry for 25 December 2001 will be in the file .../@CAL/101/11/25.

The @NOTES directory contains the user's notes.

The @WWW directory contains the user's personal web pages. Users can use FTP to change the contents of this directory, logging in as user@domain with their usual passwords.

Security

Shohei runs as whatever user normally runs cgi programs, usually nobody. All directories in the mail spool are created mode 700 (600 for files) in order to prevent access from local users.

Still, it is not recommended to run shohei on a host with untrusted local users. Use a dedicated box instead.

For remote users, the issues are the same as for any other cgi program. If Shohei can be made to crash, then it may also be made to execute arbitrary code as user nobody. The code has been audited to prevent the usual buffer-stuffing techniques, but if vsnprintf is not available on the system, vsprintf will be used instead. All bets are off in that case.

The pop protocol sends passwords in cleartext over the net. There is not much for us or any other pop client to do about that. The password is only used for communication with the pop server. Users authenticate to Shohei using one-time tickets that are generated when they log in. The tickets are random and should be hard to guess. After a period of inactivity, the ticket is automatically deleted and can no longer be used to read the user's mail. The user can of course log out manually (by clicking the "Log out" link) which will delete the ticket immediately.

Ulric Eriksson - September 2000 - ulric@siag.nu