|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: OT: Postfix - remote controll (Diploma thesis)
From: mouss (usebsd
free.fr)
Date: Wed Aug 02 2006 - 17:32:37 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ml_fleglcentrum.cz wrote:
> Hello,
> I've got a question to Postfix administrators. At this time, I'm
> considering a theme of Diploma thesis. One of them is 'Remote controll of
> Postfix systems via electronic mail communication'. I'd like to know if
> this would be usable in practice and if it's got a sence to spare a time
> on this job and also if it's not yet solved (via mailling lists servers?
> etc.).
> My idea is:
> - when configured postfix (main.cf, master.cf) admins must connect to
> server via ssh, if one has got tens of servers and need change some
> parameter, one must log on to all of them and do the same job
>
depends on what you wanna do. "data" administration is done by
administering data via whatever mechanism you choose (mysql, ladp, ...).
This can be centralized (even hash file mgmt may be centralized if you
want). the rest is "system" parameters. These too can be managed via a
central db and some scripts, if ever needed.
> - there is a module to WEBMIN system, but I suppose that admins of MTA
> servers don't want (throught security reasons) to install perl and open
> other port in firewall
>
The argument against webmin isn't perl (after all, the kernel is larger
than perl). the issue is allowing sstem access via the network. but then
you will end up doing that in some form anyway. so choose how to do it
and secure that way.
> How it should do a job:
> - admins will send an email from web interface to specific email address
>
At some point, something will occur on the system, triggered by an
action decided by a remote system. whether you use smtp or http doesn't
change the situation. so why use smtp? http is a better choice.
> - on MTA will be special relaying to local pipe where script or
> C-program will process controlling email
> - emails will be crypted for security reasons
>
if you can encrypt mail, you can encrypt http (https, ssh tunnel, ipsec,
...)
> - response of succesful changes will be stored back to mysql server via
> mysql-cli and showed in web interface or sended by email to admin
>
>
if using mysql, just find a way to securely manage mysql. there is no
need to send mail.
> What you think about it? May you replay me?
> Thanks for all contributions
>
I believe that smtp isn't a management protocol.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]