[Dovecot] SASL auth and proxy
mailing at securitylabs.it
mailing at securitylabs.it
Fri Oct 1 20:33:26 EEST 2010
Il 01/10/2010 18:55, Ed W ha scritto:
> On 01/10/2010 17:23, Timo Sirainen wrote:
>
> I'm quite possibly missing the point, but you might restructure your
> application to have:
>
> - one mysql db (replicated if necessary for robustness) with ALL
> customer data in it
> - pool of postfix servers which auth to the remote db (they can be
> persuaded to cache auth results if you wish)
>
You are completely right, I simply don't like the idea to have one
single big db with user data and all troubles that can happen
(performance, replication configuration, data corruption...)
>
> Could have completely missed the point, but this way you get a shared
> pool of frontend machines (so might as well spam/av block on them),
> which then use a transport map to get the mail internally to the
> correct mailbox server. You can obviously also use a similar sql
> query to ask Dovecot frontend servers to proxy connections to the
> correct backend server...
>
I already have a pool of frontend server (MX) that do AV/Spam filtering
and a transport map to the internal machine, but I don't do any query, I
verify the existence of the recipient via recipient address verification
before queue with Postfix.
I think - for now - I will try authentication with multiple database
with Dovecot, by now I only have 4 internal servers with MySQL, so
performance I hope will not be a problem considering that Dovecot cache
the results.
I can also implement a procedure that periodically extract only
user/password from the internal DB and export them to the smtp auth db
servers, but it's not in real time and may be I'll encounter some
locking/performance problem during export/import.
More information about the dovecot
mailing list