Become a fan of Slashdot on Facebook


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
User Journal

Journal Chacham's Journal: Verbiage: Setup email server, front-ends, coding our own. 2

Well, a friend and i decided to setup up his and my email system.

For email, we're using Exim 4. For me, a rule rejects all email at the smtp level for the base domain, rewrites the envelope header ignoring the username, and puts the subdomain as the user. Between that and aliases, i have three subdomains where the email comes to the same email address, but the header (in the email, not the envelope) is not changed. For him, he expects a dot in the email address, and ignores the data after the dot.

For example, for me:


Case 1 is ignored, case two gets sent to, case 3 gets sent to

For him:

gets sent to

In either case, the header can be used for identification. And that all works fine.

Next comes the server. We chose Cyrus because its supports virtual users, IMAP, and Sieve. It's documentation is basically non-existent, but it can be done with some effort.

For the front-end we tried SquirrelMail, Horde /Imp, and We found them hard to use or inconsistent in design, but we're using SquirrelMail in the meanwhile.

So, we decided to write our own web front-end. We brainstormed this Sunday for an hour or so, and decided to make a read only version (at first). We'll use Ajax so we only update the apropriate parts of the page, the Yahoo! UI libraries so it looks nice, javascript all over the place for automation (and AJAX), and Perl with CPAN's libraries for IMAP and the like. We'll skip mod_perl for now, and do straight CGI unless there's a reason to use mod_perl.

We discussed password storing. A persistent IMAP connection may not make sense, though even if it did, storing the password seems optimal. Cookies are usually used, but we'd like to skip those. I despise cookies. (I also despise flash, but my despisal for Javascript has gone down since Netscape stopped crashing on me. :) ) Saving it in the session seems like not a good idea, and in the user's HTML page too. So, for a basic encryption scheme we decided to use a crypt key (bi-directional, one key) created by the server on a per session basis. The encrypted password is stored in the session, and the key is stored in the user's webpage.

So, the order is:

1) User connects.
2) Check username/password.
3) Create session key.
4) Create crypt key.
5) Encrypt password with key, store is session var.
6) Store session key in a HIDDEN HTML INPUT tag.
7) Store crypt key in a HIDDEN HTML INPUT tag.

This way, the password is stored, but is only in clear-text in memory. It's not bulletproof, but we think it'll do the job.

We hope to design it to use CSS, so it can be made pretty later. Being neither of us really knows it, however, we may not get it perfectly.

I had started Learning Perl (actually, i have the third edition) some time back, but stopped when the need dropped. I just picked it up again, and even put it in the (coveted) bathroom--where most reading gets done--replacing Daughters of England (temporarily, i'm sure!). Needless to say, i hope to be hacking out some Perl soon.

I actually am not sure if this whole thing will work out. But for now, i'm going to enjoy being "involved" in a project.

This discussion has been archived. No new comments can be posted.

Verbiage: Setup email server, front-ends, coding our own.

Comments Filter:

Chemist who falls in acid will be tripping for weeks.