[Dovecot] SASL auth and proxy
Ed W
lists at wildgooses.com
Fri Oct 1 19:55:01 EEST 2010
On 01/10/2010 17:23, Timo Sirainen wrote:
> On Wed, 2010-09-29 at 17:07 +0200, mailing at securitylabs.it wrote:
>
>> Hello, I'm finding a way to have a pool of smtp-auth servers in front
>> of my actuals servers to permit relay to our customers. Now users sends
>> emails connecting to the right IP via mail.domain.tld, with
>> authentication. Every server has it's own user database in mysql.
>>
>> Can I use:
>>
>> http://wiki.dovecot.org/Authentication/MultipleDatabases
>>
>> to tell Dovecot to authenticate with every MySQL database on the servers
>> "behind"?
> Yes, but if you have many of them, that's quite a lot of unnecessary SQL
> lookups. And since they're done one at a time each lookup slows down the
> authentication.
I'm quite possibly missing the point, but you might restructure your
application to have:
- one mysql db (replicated if necessary for robustness) with ALL
customer data in it
- pool of postfix servers which auth to the remote db (they can be
persuaded to cache auth results if you wish)
Optionally you could also adjust your structure to:
- first smtp server to be hit accepts mail
- transport map in sql which then directs that server to forward the
mail onto the correct backend server
- remember that your transport map can indicate the use of other ports,
eg you can have an optimised postfix installation which is only
reachable from the frontend machines, but skips a load of
address-rewriting/spam scanning, etc. Configuration is a bit like the
re-injection configu when using amavis
Could have completely missed the point, but this way you get a shared
pool of frontend machines (so might as well spam/av block on them),
which then use a transport map to get the mail internally to the correct
mailbox server. You can obviously also use a similar sql query to ask
Dovecot frontend servers to proxy connections to the correct backend
server...
Does that help at all?
Ed W
More information about the dovecot
mailing list