Usage Convenctions

<sect1 id="configurations-dialup-usage">

    <title>Usage Convenctions</title>

    <para>
        The infrastructure described in this chapter uses the
        client/server model to provide a public mail service through
        the telephone line. In this configuration, we (the poeple
        building the infrastructure) provide the information you (the
        person using the infrastructure) need to know in order to
        establish a point-to-point connection from the client computer
        to the server computer through the telephone line.  </para>

    <para>
        The infrastructure described in this chapter is made available
        to you free of charge, however, you should know that
        maintaining it costs both money and time. For example, for
        each hour the server computer is on production there is an
        electrical consume that need to be paid every month.
        Likewise, each call that you establish from the client
        computer to the server computer will cost you money, based on
        the location you made the call from and the time you spend
        connected.
    </para>

    <para>
        In this section we discuss usage convenctions we all must be
        agree with, in order to achieve a practical and secure
        interchange system.
    </para>

    <sect2 id="configurations-dialup-usage-connlimits">
    <title>Administering Dial-Up Connections</title>

    <para>
        The lifetime of dial-up connections must be limitted based on
        the number of users you expect to establish connection and the
        kind of services you plan to provide. The mail service
        provided by the server computer is conceived as a public
        service so anyone with a modem attached to a computer would be
        able to have access to it.  However, due to hardware
        limitations, only 100 users will be allowed to be registered
        in the public mail service. Based on this information, the
        lifetime of established connections will be of 15 minutes from
        the established moment on. Once the connection has been
        established, if the link is idle for 1 minute, the server
        computer will close the established connection to free the
        telephone line.  This control can be implemented through the
        <option>maxconnect</option> and <option>idle</option> options
        inside the <application>pppd</application>'s configuration
        file.
    </para>

    <para>
        Only registered user profiles will be able to establish connections
        to the server computer.  This control can be implemented using
        the <option>allow-number</option> option in the
        <application>pppd</application>'s configuration file to define a
        list of all telephone numbers that are allowed to establish
        connection with the server computer, based on the list of
        registered user profiles.  By default, all telephone numbers
        are denied from establishing access with the server computer,
        except those ones explicitly set by
        <option>allow-number</option> option.  If the
        <option>allow-number</option> option is not present in
        <application>pppd</application>'s configuration file, all
        telephone numbers are allowed to establish connection with the
        server computer, so be sure to include the
        <option>allow-number</option> option in
        <application>pppd</application>'s configuration file if you
        want to control who can/cannot establish connection with the
        server computer.
    </para>

<screen>
##### centos-pppd-config will overwrite this part!!! (begin) #####
allow-number 12345
allow-number 21345
allow-number 34567
##### centos-pppd-config will overwrite this part!!! (end) #####
</screen>

    <para>
        The <application>centos-pppd-admin</application> application
        must be considered part of user profile registration process
        inside the server computer. The
        <application>centos-pppd-admin</application> application would
        be used to control the list of allowed telephone numbers
        inside the <application>pppd</application>'s configuration
        file, based on the list of user profiles. The
        <application>centos-pppd-admin</application> application
        should be executed after any registration/deletion action
        against the list of user profiles with <systemitem
        class="username">root</systemitem> privilages in order to be
        able of writing the settings on
        <application>pppd</application>'s configuration file.
    </para>

    <para>
        Redialing consecutive connections from the same telephone
        number without any dealy between call retries must be avoided
        from client computers. This would reduce the possibilities for
        other client computers to establish connection with the server
        computer. To prevent this issue from happening, it would be
        necessary to provide more telephone lines than users
        authorized to establish connection with the server computer.
        Nevertheless, there is only one telephone line available for
        the server computer to use.
    </para>
    
    </sect2>

    <sect2 id="configurations-dialup-usage-users">
    <title>Administering User Profiles</title>

    <para>
        In order for you to use any service provided by the server
        computer it is required that you register yourself inside the
        server computer creating a user profile.  The user profile
        provides the user information required by services inside the
        server computer (e.g., username, password, e-mail address,
        telephone number, etc.). To register new user profiles, you
        need to use the web application provided by the server
        computer. For example, assuming the domain name of the server
        computer is <systemitem
        class="domainname">example.com</systemitem>, the web
        application would be accessable through the following URL:
        <ulink url="https://example.com/people/?action=register" />.
    </para>
    
    <para>
        To reach the web interface, the first thing you need to do is
        establishing a dial-up connection to the server computer as
        described in <xref
        linkend="configurations-dialup-client-config-conn"/>. Once the
        dial-up connection has been established, you need to open a
        web browser (e.g., Firefox) and put the URL mentioned above in
        the address space, and press Enter to go. This will present
        you a web page with the instructions you need to follow in
        order to register your user profile.  Other actions like
        updating or deleting your own user profile should be also
        possible from this web interface.
    </para>

    <important>
    <para>
        The web interface used to manage user profiles inside the
        server computer must be presented over an encrypted session in
        order to protect all the information passing through.
    </para>
    </important>

    <para>
        Inside the server computer, all related subsystems in need of
        user information (e.g., Postix, Cyrus-Imapd and Saslauthd)
        retrive user information from one single (LDAP) source. The
        web application provided by the server computer manages all
        these subsystems' configuration files in order to provide a
        pleasant experience for end users.  The web interface must be
        as simple as possible in order to achieve all administration
        tasks in the range of time permitted by the server computer
        before it closes the connection established from the client
        computer.
    </para>

    <para>
        More information about the web interface you need to use to
        manage your user profile inside the server computer can be
        found in <xref linkend="administration-mail" />.
    </para>

    </sect2>

    <sect2 id="configurations-dialup-usage-scope">
    <title>Administering Services</title>

    <para>
        The information generated inside the server computer is
        isolated from Internet. This way, any information generated
        inside the server computer will be available only to people
        registered inside the server computer. For example, don't ever
        expect to send/receive e-mails to/from Internet e-mail
        accounts like Gmail or Yahoo, nor visiting web sites like
        <ulink url="http://www.google.com/">Google</ulink> or <ulink
        url="http://www.wikipedia.org/">Wikipedia</ulink> either. For
        this to happen, it is required an established connection
        between the server computer you are establishing connection
        through and the Internet network those services are available
        in. Without that link, it is not possible to direct your
        requests to those sites.
    </para>

    <para>
        The implementation of services that required persistent
        connections (e.g., <application>chats</application>) will not
        be considered as a practical offer inside the server computer.
        Instead, only asynchronous services (e.g.,
        <application>e-mail</application>) will be supported. This
        restriction is required to reduce the amount of time demanded
        by services. For example, consider an environment where you
        connect to the server computer for sending/receiving e-mails
        messages and then quickly disconnect from it to free the
        telephone line for others to use.  In this environment, there
        is no need for you and other person to be both connected at
        the same time to send/receive e-mail messages to/from each
        other.  The e-mails sent from other person to you will be
        available in your mailbox the next time you get connected to
        the server computer and use your e-mail client to send/receive
        e-mail messages.  Likewise, you don't need to be connected to
        the server computer in order to write your e-mail messages.
        You can write down your messages off-line and then establish
        connection once you've finished writing, just to send them
        out and receive new messages that could have been probably
        sent to you.
    </para>

    <para>
        Another issue related to e-mail exchange is the protocol used
        to receive messages. Presently, there are two popular ways to
        do this, one is through IMAP and another through POP3.  When
        you use IMAP protocol, e-mail messages are retained in the
        server computer and aren't downloaded to client computer.
        Otherwise, when you use POP3 protocol, e-mail messages are
        downloaded to the client computer and removed from server
        computer. Based on the resources we have and the kind of link
        used by the client computer to connect the server computer,
        using POP3 is rather prefered than IMAP. However both are made
        available.
    </para>

    <para>
        Assuming you use IMAP protocol to read your mailbox, be aware
        that you need to be connected to the server computer.  Once
        the connection is lost you won't be able to read your messages
        (unless your e-mail client possesses a feature that let you
        reading messages off-line). Morover, you run the risk of
        getting your mailbox out of space. If your mailbox gets out of
        space, new messages sent to you will not be deliver to your
        mailbox.  Instead, they will be deferred for a period of time
        (e.g., about 5 days when using
        <application>Postfix</application> defaults) hoping you to
        free the space in your mailbox to deliver them.  If you don't
        free space within this period of time, the deferred e-mails
        will be bounced back to their senders and you will never see
        them.  On the other hand, assuming you are using POP3 protocol
        to read your mailbox, you always keep your mailbox free to
        receive new e-mails messages and keep them for you until the
        next time you establish connection with the server computer
        and download them to your client computer using your e-mail
        client.
    </para>
    </sect2>

    <sect2 id="configurations-dialup-usage-diskspace">
    <title>Administering Disk Space</title>

    <para>
        The maximum number of registered user profiles is limited
        inside the server computer, based on the maximum disk space
        the server computer confines to such purpose. For example,
        consider an environment where users can get registered
        themselves using a web interface. In this case the web
        interface must know how much disk space is available before
        proceeding to register new mail accounts inside the server
        computer and this way preventing any disk writing when there
        isn't enough free space on disk to perform a new user
        registration.  Considering the server computer has confined
        1GB of disk space to handle the mail service (e.g., mail
        queues, mailboxes, etc.) and each user mailbox is 10MB, it
        will be possible to provide self-registration through the web
        interface for 100 users in total.
    </para>

    <para>
        Another measure related to save disk space might be to remove
        unused user accounts and their related files (e.g., mailboxes)
        from the server computer. For example, consider an environment
        where user accounts are automatically removed from the server
        computer when they don't establish a connection with the
        server computer in a period greater than 7 days since the last
        valid connection established to the server computer.  Once the
        user account is removed, it is no longer functional of course,
        and the person whom lost the account will need to create a new
        one, assuming it want to have access to the mail service
        again.
    </para>

    </sect2>
        
</sect1>