|
 |
d46962 |
<sect1 id="configurations-dialup-usage">
|
|
|
d46962 |
|
|
|
d46962 |
<title>Usage Convenctions</title>
|
|
|
d46962 |
|
|
|
d46962 |
<para>
|
|
|
d46962 |
The infrastructure described in this chapter uses the
|
|
|
d46962 |
client/server model to provide a public mail service through
|
|
|
d46962 |
the telephone line. In this configuration, we (the poeple
|
|
|
d46962 |
building the infrastructure) provide the information you (the
|
|
|
d46962 |
person using the infrastructure) need to know in order to
|
|
|
586431 |
establish a point-to-point connection from the client computer
|
|
|
586431 |
to the server computer through the telephone line. </para>
|
|
|
d46962 |
|
|
|
d46962 |
<para>
|
|
|
d46962 |
The infrastructure described in this chapter is made available
|
|
|
d46962 |
to you free of charge, however, you should know that
|
|
|
d46962 |
maintaining it costs both money and time. For example, for
|
|
|
d46962 |
each hour the server computer is on production there is an
|
|
|
d46962 |
electrical consume that need to be paid every month.
|
|
|
586431 |
Likewise, each call that you establish from the client
|
|
|
d46962 |
computer to the server computer will cost you money, based on
|
|
|
d46962 |
the location you made the call from and the time you spend
|
|
|
d46962 |
connected.
|
|
|
d46962 |
</para>
|
|
|
d46962 |
|
|
|
d46962 |
<para>
|
|
|
d46962 |
In this section we discuss usage convenctions we all must be
|
|
|
d46962 |
agree with, in order to achieve a practical and secure
|
|
|
d46962 |
interchange system.
|
|
|
d46962 |
</para>
|
|
|
d46962 |
|
|
|
d46962 |
<sect2 id="configurations-dialup-usage-connlimits">
|
|
|
269239 |
<title>Administering Dial-Up Connections</title>
|
|
|
d46962 |
|
|
|
d46962 |
<para>
|
|
|
269239 |
The lifetime of dial-up connections must be limitted based on
|
|
|
269239 |
the number of users you expect to establish connection and the
|
|
|
586431 |
kind of services you plan to provide. The mail service
|
|
|
586431 |
provided by the server computer is conceived as a public
|
|
|
586431 |
service so anyone with a modem attached to a computer would be
|
|
|
586431 |
able to have access to it. However, due to hardware
|
|
|
586431 |
limitations, only 100 users will be allowed to be registered
|
|
|
586431 |
in the public mail service. Based on this information, the
|
|
|
586431 |
lifetime of established connections will be of 15 minutes from
|
|
|
586431 |
the established moment on. Once the connection has been
|
|
|
586431 |
established, if the link is idle for 1 minute, the server
|
|
|
586431 |
computer will close the established connection to free the
|
|
|
586431 |
telephone line. This control can be implemented through the
|
|
|
586431 |
<option>maxconnect</option> and <option>idle</option> options
|
|
|
586431 |
inside the <application>pppd</application>'s configuration
|
|
|
586431 |
file.
|
|
|
d46962 |
</para>
|
|
|
d46962 |
|
|
|
d46962 |
<para>
|
|
|
586431 |
Only registered user profiles will be able to establish connections
|
|
|
586431 |
to the server computer. This control can be implemented using
|
|
|
586431 |
the <option>allow-number</option> option in the
|
|
|
586431 |
<application>pppd</application>'s configuration file to define a
|
|
|
586431 |
list of all telephone numbers that are allowed to establish
|
|
|
586431 |
connection with the server computer, based on the list of
|
|
|
586431 |
registered user profiles. By default, all telephone numbers
|
|
|
586431 |
are denied from establishing access with the server computer,
|
|
|
586431 |
except those ones explicitly set by
|
|
|
586431 |
<option>allow-number</option> option. If the
|
|
|
586431 |
<option>allow-number</option> option is not present in
|
|
|
586431 |
<application>pppd</application>'s configuration file, all
|
|
|
586431 |
telephone numbers are allowed to establish connection with the
|
|
|
586431 |
server computer, so be sure to include the
|
|
|
586431 |
<option>allow-number</option> option in
|
|
|
586431 |
<application>pppd</application>'s configuration file if you
|
|
|
586431 |
want to control who can/cannot establish connection with the
|
|
|
586431 |
server computer.
|
|
|
d46962 |
</para>
|
|
|
d46962 |
|
|
|
586431 |
<screen>
|
|
|
586431 |
##### centos-pppd-config will overwrite this part!!! (begin) #####
|
|
|
586431 |
allow-number 12345
|
|
|
586431 |
allow-number 21345
|
|
|
586431 |
allow-number 34567
|
|
|
586431 |
##### centos-pppd-config will overwrite this part!!! (end) #####
|
|
|
586431 |
</screen>
|
|
|
586431 |
|
|
|
d46962 |
<para>
|
|
|
586431 |
The <application>centos-pppd-admin</application> application
|
|
|
586431 |
must be considered part of user profile registration process
|
|
|
586431 |
inside the server computer. The
|
|
|
586431 |
<application>centos-pppd-admin</application> application would
|
|
|
586431 |
be used to control the list of allowed telephone numbers
|
|
|
586431 |
inside the <application>pppd</application>'s configuration
|
|
|
586431 |
file, based on the list of user profiles. The
|
|
|
586431 |
<application>centos-pppd-admin</application> application
|
|
|
586431 |
should be executed after any registration/deletion action
|
|
|
586431 |
against the list of user profiles with
|
|
|
586431 |
class="username">root</systemitem> privilages in order to be
|
|
|
586431 |
able of writing the settings on
|
|
|
586431 |
<application>pppd</application>'s configuration file.
|
|
|
d46962 |
</para>
|
|
|
269239 |
|
|
|
269239 |
<para>
|
|
|
586431 |
Redialing consecutive connections from the same telephone
|
|
|
586431 |
number without any dealy between call retries must be avoided
|
|
|
586431 |
from client computers. This would reduce the possibilities for
|
|
|
586431 |
other client computers to establish connection with the server
|
|
|
586431 |
computer. To prevent this issue from happening, it would be
|
|
|
586431 |
necessary to provide more telephone lines than users
|
|
|
586431 |
authorized to establish connection with the server computer.
|
|
|
586431 |
Nevertheless, there is only one telephone line available for
|
|
|
586431 |
the server computer to use.
|
|
|
269239 |
</para>
|
|
|
586431 |
|
|
|
d46962 |
</sect2>
|
|
|
d46962 |
|
|
|
d46962 |
<sect2 id="configurations-dialup-usage-users">
|
|
|
d46962 |
<title>Administering User Profiles</title>
|
|
|
d46962 |
|
|
|
d46962 |
<para>
|
|
|
586431 |
In order for you to use any service provided by the server
|
|
|
586431 |
computer it is required that you register yourself inside the
|
|
|
586431 |
server computer creating a user profile. The user profile
|
|
|
586431 |
provides the user information required by services inside the
|
|
|
586431 |
server computer (e.g., username, password, e-mail address,
|
|
|
586431 |
telephone number, etc.). To register new user profiles, you
|
|
|
586431 |
need to use the web application provided by the server
|
|
|
586431 |
computer. For example, assuming the domain name of the server
|
|
|
586431 |
computer is
|
|
|
586431 |
class="domainname">example.com</systemitem>, the web
|
|
|
586431 |
application would be accessable through the following URL:
|
|
|
586431 |
<ulink url="https://example.com/people/?action=register" />.
|
|
|
d46962 |
</para>
|
|
|
d46962 |
|
|
|
d46962 |
<para>
|
|
|
d46962 |
To reach the web interface, the first thing you need to do is
|
|
|
d46962 |
establishing a dial-up connection to the server computer as
|
|
|
d46962 |
described in
|
|
|
586431 |
linkend="configurations-dialup-client-config-conn"/>. Once the
|
|
|
586431 |
dial-up connection has been established, you need to open a
|
|
|
586431 |
web browser (e.g., Firefox) and put the URL mentioned above in
|
|
|
586431 |
the address space, and press Enter to go. This will present
|
|
|
586431 |
you a web page with the instructions you need to follow in
|
|
|
586431 |
order to register your user profile. Other actions like
|
|
|
586431 |
updating or deleting your own user profile should be also
|
|
|
586431 |
possible from this web interface.
|
|
|
d46962 |
</para>
|
|
|
d46962 |
|
|
|
d46962 |
<important>
|
|
|
d46962 |
<para>
|
|
|
d46962 |
The web interface used to manage user profiles inside the
|
|
|
d46962 |
server computer must be presented over an encrypted session in
|
|
|
d46962 |
order to protect all the information passing through.
|
|
|
d46962 |
</para>
|
|
|
d46962 |
</important>
|
|
|
d46962 |
|
|
|
d46962 |
<para>
|
|
|
d46962 |
Inside the server computer, all related subsystems in need of
|
|
|
d46962 |
user information (e.g., Postix, Cyrus-Imapd and Saslauthd)
|
|
|
d46962 |
retrive user information from one single (LDAP) source. The
|
|
|
d46962 |
web application provided by the server computer manages all
|
|
|
d46962 |
these subsystems' configuration files in order to provide a
|
|
|
d46962 |
pleasant experience for end users. The web interface must be
|
|
|
d46962 |
as simple as possible in order to achieve all administration
|
|
|
d46962 |
tasks in the range of time permitted by the server computer
|
|
|
d46962 |
before it closes the connection established from the client
|
|
|
d46962 |
computer.
|
|
|
d46962 |
</para>
|
|
|
d46962 |
|
|
|
d46962 |
<para>
|
|
|
d46962 |
More information about the web interface you need to use to
|
|
|
d46962 |
manage your user profile inside the server computer can be
|
|
|
d46962 |
found in <xref linkend="administration-mail" />.
|
|
|
d46962 |
</para>
|
|
|
d46962 |
|
|
|
d46962 |
</sect2>
|
|
|
d46962 |
|
|
|
d46962 |
<sect2 id="configurations-dialup-usage-scope">
|
|
|
586431 |
<title>Administering Services</title>
|
|
|
d46962 |
|
|
|
d46962 |
<para>
|
|
|
d46962 |
The information generated inside the server computer is
|
|
|
d46962 |
isolated from Internet. This way, any information generated
|
|
|
d46962 |
inside the server computer will be available only to people
|
|
|
d46962 |
registered inside the server computer. For example, don't ever
|
|
|
d46962 |
expect to send/receive e-mails to/from Internet e-mail
|
|
|
d46962 |
accounts like Gmail or Yahoo, nor visiting web sites like
|
|
|
d46962 |
<ulink url="http://www.google.com/">Google</ulink> or
|
|
|
d46962 |
url="http://www.wikipedia.org/">Wikipedia</ulink> either. For
|
|
|
d46962 |
this to happen, it is required an established connection
|
|
|
586431 |
between the server computer you are establishing connection
|
|
|
586431 |
through and the Internet network those services are available
|
|
|
586431 |
in. Without that link, it is not possible to direct your
|
|
|
586431 |
requests to those sites.
|
|
|
d46962 |
</para>
|
|
|
d46962 |
|
|
|
d46962 |
<para>
|
|
|
d46962 |
The implementation of services that required persistent
|
|
|
d46962 |
connections (e.g., <application>chats</application>) will not
|
|
|
d46962 |
be considered as a practical offer inside the server computer.
|
|
|
d46962 |
Instead, only asynchronous services (e.g.,
|
|
|
d46962 |
<application>e-mail</application>) will be supported. This
|
|
|
586431 |
restriction is required to reduce the amount of time demanded
|
|
|
586431 |
by services. For example, consider an environment where you
|
|
|
d46962 |
connect to the server computer for sending/receiving e-mails
|
|
|
d46962 |
messages and then quickly disconnect from it to free the
|
|
|
d46962 |
telephone line for others to use. In this environment, there
|
|
|
d46962 |
is no need for you and other person to be both connected at
|
|
|
d46962 |
the same time to send/receive e-mail messages to/from each
|
|
|
d46962 |
other. The e-mails sent from other person to you will be
|
|
|
d46962 |
available in your mailbox the next time you get connected to
|
|
|
d46962 |
the server computer and use your e-mail client to send/receive
|
|
|
d46962 |
e-mail messages. Likewise, you don't need to be connected to
|
|
|
d46962 |
the server computer in order to write your e-mail messages.
|
|
|
d46962 |
You can write down your messages off-line and then establish
|
|
|
d46962 |
connection once you've finished writing, just to send them
|
|
|
d46962 |
out and receive new messages that could have been probably
|
|
|
d46962 |
sent to you.
|
|
|
d46962 |
</para>
|
|
|
d46962 |
|
|
|
d46962 |
<para>
|
|
|
d46962 |
Another issue related to e-mail exchange is the protocol used
|
|
|
d46962 |
to receive messages. Presently, there are two popular ways to
|
|
|
d46962 |
do this, one is through IMAP and another through POP3. When
|
|
|
d46962 |
you use IMAP protocol, e-mail messages are retained in the
|
|
|
d46962 |
server computer and aren't downloaded to client computer.
|
|
|
d46962 |
Otherwise, when you use POP3 protocol, e-mail messages are
|
|
|
d46962 |
downloaded to the client computer and removed from server
|
|
|
d46962 |
computer. Based on the resources we have and the kind of link
|
|
|
d46962 |
used by the client computer to connect the server computer,
|
|
|
586431 |
using POP3 is rather prefered than IMAP. However both are made
|
|
|
d46962 |
available.
|
|
|
d46962 |
</para>
|
|
|
d46962 |
|
|
|
d46962 |
<para>
|
|
|
d46962 |
Assuming you use IMAP protocol to read your mailbox, be aware
|
|
|
d46962 |
that you need to be connected to the server computer. Once
|
|
|
d46962 |
the connection is lost you won't be able to read your messages
|
|
|
d46962 |
(unless your e-mail client possesses a feature that let you
|
|
|
586431 |
reading messages off-line). Morover, you run the risk of
|
|
|
586431 |
getting your mailbox out of space. If your mailbox gets out of
|
|
|
586431 |
space, new messages sent to you will not be deliver to your
|
|
|
586431 |
mailbox. Instead, they will be deferred for a period of time
|
|
|
586431 |
(e.g., about 5 days when using
|
|
|
586431 |
<application>Postfix</application> defaults) hoping you to
|
|
|
586431 |
free the space in your mailbox to deliver them. If you don't
|
|
|
586431 |
free space within this period of time, the deferred e-mails
|
|
|
586431 |
will be bounced back to their senders and you will never see
|
|
|
586431 |
them. On the other hand, assuming you are using POP3 protocol
|
|
|
586431 |
to read your mailbox, you always keep your mailbox free to
|
|
|
586431 |
receive new e-mails messages and keep them for you until the
|
|
|
586431 |
next time you establish connection with the server computer
|
|
|
586431 |
and download them to your client computer using your e-mail
|
|
|
586431 |
client.
|
|
|
d46962 |
</para>
|
|
|
d46962 |
</sect2>
|
|
|
d46962 |
|
|
|
586431 |
<sect2 id="configurations-dialup-usage-diskspace">
|
|
|
586431 |
<title>Administering Disk Space</title>
|
|
|
d46962 |
|
|
|
d46962 |
<para>
|
|
|
586431 |
The maximum number of registered user profiles is limited
|
|
|
586431 |
inside the server computer, based on the maximum disk space
|
|
|
586431 |
the server computer confines to such purpose. For example,
|
|
|
586431 |
consider an environment where users can get registered
|
|
|
586431 |
themselves using a web interface. In this case the web
|
|
|
586431 |
interface must know how much disk space is available before
|
|
|
586431 |
proceeding to register new mail accounts inside the server
|
|
|
586431 |
computer and this way preventing any disk writing when there
|
|
|
586431 |
isn't enough free space on disk to perform a new user
|
|
|
586431 |
registration. Considering the server computer has confined
|
|
|
586431 |
1GB of disk space to handle the mail service (e.g., mail
|
|
|
586431 |
queues, mailboxes, etc.) and each user mailbox is 10MB, it
|
|
|
586431 |
will be possible to provide self-registration through the web
|
|
|
586431 |
interface for 100 users in total.
|
|
|
d46962 |
</para>
|
|
|
d46962 |
|
|
|
d46962 |
<para>
|
|
|
586431 |
Another measure related to save disk space might be to remove
|
|
|
586431 |
unused user accounts and their related files (e.g., mailboxes)
|
|
|
586431 |
from the server computer. For example, consider an environment
|
|
|
586431 |
where user accounts are automatically removed from the server
|
|
|
586431 |
computer when they don't establish a connection with the
|
|
|
586431 |
server computer in a period greater than 7 days since the last
|
|
|
586431 |
valid connection established to the server computer. Once the
|
|
|
586431 |
user account is removed, it is no longer functional of course,
|
|
|
586431 |
and the person whom lost the account will need to create a new
|
|
|
586431 |
one, assuming it want to have access to the mail service
|
|
|
586431 |
again.
|
|
|
d46962 |
</para>
|
|
|
d46962 |
|
|
|
d46962 |
</sect2>
|
|
|
d46962 |
|
|
|
d46962 |
</sect1>
|