An electronic mail infrastructure consists of a number of different components that are chosen and combined in different ways depending on your organization's needs. This section provides an overview of the different components that comprise an M-Store-based electronic mail infrastructure, and describes the role of each within the entire system. Later sections aid in deciding how these components can best be deployed for your organization.
The figure below provides a conceptual look at the different types of mail components and how they interrelate.
This section introduces the core components of M-Store. Please note the additional references for more detailed information.
More detailed information is available from the system prompt via the man command. (man pages are located in /usr/local/md/man/catn/filename) Or please refer to the table of contents or index in this document. Furthermore, all M-Store print manuals are located in /usr/local/md/doc/ in PostScript (.ps) and Adobe Acrobat format (.pdf).
The following diagram details the M-Store Component Architecture.
Please see Chapter 11, “Server Commands” for further details on the usage of the following servers.
M-Store is an IMAP4 revision 1 (RFC2060) compliant mailbox server. The SASL authentication mechanisms PLAIN and CRAM-MD5 are built in, and other available mechanisms can be made available by placing the appropriate plugin into the M-Store plugin directory.
This daemon process provides a LMPT message injection interface to the MessagingDirect message store. It provides numerous benefits over deliver and is the preferred delivery interface between the MTA and the message store.
This daemon process is a front-end to the M-Store message store providing support for the pop3 protocol. An experimental implementation of the CAPA command is provided; please see “POP3 Message Service (pop3d)” in Chapter 11.
This daemon process provides authentication services to the M-Store imapd and pop3d servers. This server fulfills two roles: to isolate all code requiring superuser privileges into a single process, and to provide proxy authentication services to clients that do not understand SASL-based authentication.
msadm_tclsh is a powerful and flexible command line interface that provides many tools needed for mailstore administration. It is built with the Tcl/Tk shell scripting language. See “IM-Store Administration Command Interpreter (msadm_tclsh)” in Chapter 12 for more information.
The following is the M-Store database layout:
/var/md/store/ | database/ | __db_lock.share | Shared memory segments. |
|
| __db_mpool.share |
|
|
| __db_txn.share |
|
|
| /data |
|
|
|
| acl.db |
|
|
| administrators.db |
|
|
| authmap.db |
|
|
| domain.db |
|
|
| identifiers.db |
|
|
| mailboxaccess.db |
|
|
| mailboxbyid.db |
|
|
| mailboxbyname.db |
|
|
| quota.db |
|
|
| sec.deb |
|
|
| subscription.db |
|
|
| userbyid.db |
|
|
| userbyname.db |
|
| /transaction_log |
|
|
|
| __db_log.share |
|
|
| log.0000000001 |
The M-Store mailbox directory is laid out as follows (additional details can be found in Chapter 9, “File and Directory Layouts”.).
/var/md/store/
| mailstore/ | XX/ |
| Hex named hash directory. (min 5, max 500, default 5 directories at this level) |
|
| YY/ |
| Hex named hash directory. (min 5, max 500, default 20 directories at this level) |
|
| ZZ/ | fdb.cache | Pre-parsed envelope and body data for each message. |
|
|
| fdb.header | General mailbox specific information. |
|
|
| fdb.index | Mailbox and message information. |
|
|
| fdb.seen | Tracks seen and recent flags on a per message per user basis |
|
|
| 1. | Stored messages. (RFC 822 compliant) |
|
|
| 2. |
|
|
|
| . . . |
|
| ipc/ |
|
| The UNIX domain socket files for authproxyd and lmtpd communications. |
| tmp/ |
|
| The directory for store temporary when new messages are injected into the store. |
| etc/ | nologin/ |
| Path of the imapd and pop3 shutdown file. |
| run/ |
|
| Location of the lock files containing the process id of each running daemon process. These files ensure that only one instance of a daemon runs for any given message store. Multiple instances of an M-Store daemon must use different configuration files each with a different ms-path value. |
The following concepts provide a basis for understanding the proper administration of the message store.
Partitions, or mailstores, are directories on a hard disk that contain mailboxes and stored mail messages. Upon creation, mailboxes are assigned a specific partition according to rules defined in the configuration file.
M-Store fully supports the use of multiple domains in the message store. Domains are used to group sets of users in a logical or logistic manner. For example, a web hosting company hosts separate companies Foo and Bar, using the domains foo.com and bar.com to separate email addresses belonging to the companies. Or a company may wish to distinguish between offices in different cities and would then use the sub-domains city1.company.com and city2.company.com to partition the employee email addresses. Domains can be administered through the web-based administration interface or through msadm_tclsh (See “IM-Store Administration Command Interpreter (msadm_tclsh)” in Chapter 12.).
The mailbox hierarchy refers to the collection of visible folders for a particular user. For example, Joe's mailbox hierarchy may include:
Inbox (Joe's incoming mail folder)
drafts
sentmail/1999
sentmail/2000
Important (Joe's personal folders)
Other Users/jane/memo
Shared Folders/admin
Shared Folders/staff (Folders within the domain that are shared between all users.)
To create a new mailbox called foobar the client just needs to send:
0 create foobar |
 | Note: This command is only for IMAP. |
This has improved the administration interface because users can now see the mailbox hierarchy in which they are working.
Quotas are used to restrict the size of mailboxes and effect all sub-mailboxes. The mailbox that has a quota directly applied to it is called a 'quotaroot'. For example, we apply a quota of 2000 Kbytes to the quota root user/joe. Now user/joe and all of his sub-mailboxes can contain at most 2 Mbytes of mail. After filling the quota, no more mail can be delivered into the quotaroot or its sub-mailboxes. Quotas can also be applied to domains to restrict disk usage.
Mailbox access control refers to a set of controls used to restrict the types of access to the mailbox of individual users. The controls include, but are not restricted to, read, write, create, delete, and administration rights. These rights are assigned on a per user basis. A user may be assigned positive or negative rights to a particular mailbox to allow or disallow a particular type of access. M-Store uses access control lists or ACLs to restrict access to mailboxes. ACLs may be modified through the IMAP protocol (RFC2086) or through the included Web-based administration interface (See Chapter 6, “ Site Administration”.)
M-Store separates the concepts of users, authentication identifiers (the string used to login), and mailboxes for architectural reasons. A mailbox and authentication identifier cannot exist without a user, but a user can exist without a mailbox or without an authentication identifier. Hence, to create a typical user, the following multiple steps are required:
Create a user in an existing domain.
Create a mailbox for the user.
Create an authentication account for the user.
Note that even though steps 2 and 3 are optional, all three steps are the typical procedure. Steps 1 and 2 are usually combined in the administration tools to create both a user and inbox for incoming mail. Step 3 allows the user to authenticate to the IMAP or POP server if M-Store will not be holding the authentication accounts. For example, this is used if your site uses an external authentication mechanism like kerberos4 or the /etc/passwd file.