Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Configuring multiple domins ang giving Administrative rights

Status
Not open for further replies.
Sedmail

Sedmail

IS-IT--Management
Jun 23, 2005
24
Dear All,

Can you please help me to configure multiple domains and administrative rights to those domain administrators

Panchara
 
Sort by date Sort by votes
Sendmail alone is not able to allow an administrator for each domain. You would have to give each of the super user status on your system so they can edit sendmail's configuration files and be able to add users and groups to the system. You could not maintain security in a system that is run like this. Hosting providers pay thousands of dollars for software that will do what you are asking. There is another option. You can use a program called webmin. It is a program that lets you administer your entire system either remotely or locally from your web browser. Once you have your servers configured, you can install a module for webmin called usermin. It will let you give users an interface exactly like your but you can control which modules they can have. For example, you may just want them to be able to add/delete users. You will want their users to have mail only access. That means they will have nothing more than a user name and password. Their home directory will be /dev/null which means they have none and their login shell is /sbin/nologin which means they also have no access to the system. The only space these users take up is a file with all the users names and passwords. Check this out and if you have any specific questions, I'll be glad to help. The address for webmin is
 
Upvote 0 Downvote
Webmin is a good solution, has worked great for me..

If you're looking to allow domain owners to only create additional pop and or forwards for their domains there's also a webmin module called Virtualmail.
 
Upvote 0 Downvote
i have installed webmin found it s very good to understand.it solved one of my old problem also.

But still i am not verymuch sure about how to make users in different domains . after creating the users how Linux differnciate the users from different domain.

Thank you for your support
expecting the same for this query also

panchara
 
Upvote 0 Downvote
You will need to use the virtusertable for this. In webmin go to sendmail configuration. Then Address Mappings (virtuser). Int the first box "Mail From", you want to click the address button. Then type the full address of the user or virtual user. A virtual user is a name such as webmaster, admin, sales and info. Lets say domain1.com has three users, joe, fred and al. Now you want webmaster's mail to go to joe. Admin's mail to fred and sales and info to al. Here is what the virtusertable would look like:

joe@domain1.com joe
webmaster@domain1.com joe
fred@domain1.com fred
admin@domain1.com fred
al@domain1.com al
sales@domain1.com al
info@domain1.com al
@domain.com error:nouser This server does not allow spam

Notice that the last line has a "catch-all". This line means that if there is no match for bogus-user@domain1.com then return an error message. In this case I have "This server does not allow spam" but you can put whatever you want. Do this for each domain you host. Although you can have duplicate virtual user names, real user names must be unique. I should mention that the destination address can also be an external account i.e. fred@yahoo.com. Once you do this for each of your domains, all you have to do is make sure the domains are listed in Local Domails (Cw). Let me know if you need help setting up relaying for them.

 
Upvote 0 Downvote


Hi thanks for the qyuick reply.

can you just explain me, If i want to host three or four domains and i have given the rihts to add or delete the user accounts.but how we can ensure that domain administrator of one domain should not create or delete the users in the other domain.

how we can sendmail/linux will know this .

panchara
 
Upvote 0 Downvote
When mail comes in for a user at a domain handled by the server, everything after the username part of the address gets stripped away and the mail gets routed to that users mailbox which is nothing more than a file located in a specific directory such as /var/spool/mail/username. Where user name is the unique name of a user on your system. This is not unique to linux or sendmail. It is the standard for internet mail. There are two ways around this that I know of. The first is to pay tousands of dollars to buy a server that uses its own databases for domains and their users. The second is very simple and you may have seen it used by some providers. Just make the domain part of the username i.e. joe@domain1.com or joe+domain1.com. Now you can use joe as a virtual user. In the virtusertable it would look like this:

joe@domain1.com joe@domain1.com

old way:

joe@domai1.com joe

This does not stop admins from seeing each others users but there should be no mistaking which users are theirs. There are a couple modules for webmin that you may want to check out. I have not tried them though so I don't know if they do what you want. Virtualmin is much like cPanel in that it provides a control panel so that administrators can admin their own domains. from what I understand is that this software is basically free but would like a donation to help support it if you use it. The other is Virtual Mail and also works as a webmin module. It runs about $35.
 
Upvote 0 Downvote
[joe@domain1.com joe@domain1.com]

did you mean joe1@domain1.com joe@domain1.com ?
indicating a forward for joe1 to joe?

The reason I ask is as far a user accounts are concerned '@' is an invalid (illegal) character

Use of which would result in a email address such as joe@domain1.com@domain1.com which is invalid

 
Upvote 0 Downvote
webmin itself having a module of virtualmin
which helps to make virtual domain
there are some changes to be done in send mail conigration and add some entries . i hope this will help me .
i will test this next week. willbe updated next week.

thanks

Panchara
 
Upvote 0 Downvote
I see your logic BitFuzzy. It would look on the surface that you would be creating recursive situation causing the mail server to send an error message. If you are using sendmail+procmail+dovecot right out of the box this would be true. You would need to do some rewriting of the address in procmail. You would also need to use the escape char "\" in front of the "@" in the username in the virtusertable. I should have made it:

joe@domain1.com joe\@domain1.com

Other than that "@" is a valid character. However, some e-mail clients such as netscape don't like it. One would be better off using an underscore or a dot. As for the funky address, joe@domain1.com@domain1.com, It never really comes to that. Joe@domain1.com is a valid unix username. joe@domain1.com is also a valid e-mail address. In our case, it is a virtual user address and is being routed to a valid system user. Most e-mail servers have no problem with this at all. I use sendmail with cyrus imap as my pop3 and imap servers. Cyrus, however, uses its own user database. What we're talking about here is all handled behind the scenes anyway. Each administrator can add users to their own domains. All they do is create a user named joe and virtualmin appends the domain to the user's name. Now all domains can have joe@theirdomain.com.
 
Upvote 0 Downvote
Virtualmail [webmin module mentioned earlier] requires that each domain belongs to a unique group.

[ex- abc.com belongs to grp: def, xyz.net belongs to grp: qrs]

If "joe" already exists, and abc.com proceeds to create an account by that name. The resulting account will be "joe.abc" a forward is also created sending all mail sent to "joe@abc.com" to "joe.abc@abc.com"

but yea, the goal is the same, allowing each domain to have the address they want.

Can't say I agree with "user@domain.com@domain.com" though ;)
 
Upvote 0 Downvote
You MUST agree to that or the whole world will fall apart. ;-)

 
Upvote 0 Downvote
There are other ways of doing what he wants, but most of it is back to the "expensive management software" to do it. We use a homegrown LDAP control system, and OpenLDAP supports ACL's to allows users to have different admin rights depending on what they're trying to access. So in that light, it's not so different than Windows' user management with AD.

In short, what you're trying to do is very difficult and is one of the reasons that those "expensive management softwares" exist (unless you can write your own).
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

sjohnson1300
  • Locked
  • Question
Configuring sendmail in a QA or Development environment
Replies
0
Views
37
sjohnson1300
sjohnson1300
DanielSwan
  • Locked
  • Question
How to accept only administrative mail to a domain? 1
Replies
1
Views
47
RhythmAce
RhythmAce
spanton
  • Locked
  • Question
Configuring Sendmail
Replies
0
Views
32
spanton
spanton
airblainer
  • Locked
  • Question
returned mail from multiple domains
Replies
0
Views
34
airblainer
airblainer
pnmcosta
  • Locked
  • Question
Inbound only for multiple domains.
Replies
0
Views
31
pnmcosta
pnmcosta

Part and Inventory Search

Sponsor

Back
Top