Benefits:

  1. Since all database-users are "virtual" users, they don't need a uid/gid nor a shell, which greatly improves security

  2. Lookups in a database are far more efficient then lookups in a standard text-file like /etc/passwd. There is already a database-functionality in qmail: cdb, but this project uses a sql-database, which allows us to add more fields then in /etc/passwd like billing information, expiry-information about users, ...

  3. Since you can connect with the database with any odbc-client, it's perfectly possible to let non-Unix users (eg your administrative department) disable/add users or change passwords. The qmail-system will automatically create the homedir (if you turned this feature on)

  4. It's an effective protection of your user-list: there is no /etc/passwd, and db-lookups are only possible from certain hosts, with a password. Only your qmail-system needs read-access to the file containing the passwd; so nobody can get a user-list

  5. You don't need kernel-quota since you can use the same uid/gid for all (or a group of) users, but ...



Drawbacks

  1. ... the quota management is possibly a bit slower then the kernel-quota's. If it's really to slow for you, you can give each user a different uid, and use kernel quota's. You can of course also turn off the quota system (quota size=0)

  2. If all your databases are down or unreachable, all your mail-deliveries will be delayed. Also note that a databaseserver can cause high load on your systems: it's a more complex system then a text-file.

  3. THIS SOFTWARE IS PROVIDED AS IS. Don't complain if the code is insecure. Or better: yes, complain, but give me time to fix it ;) You should mail all problems to qmail-sql@digibel.be