On 16.2.2013, at 23.41, Piotr Rotter piotr.rotter@active24.pl wrote:
Thank you for your assistant.
Broken uidlist errors appears more than 10 time less frequently then in the past and still reduce.
I have question about director and no plain text auth methods. Now I have tricky query in director configuration. password_query = SELECT clear AS password, 'Y' as proxy, '%u' AS destuser, clear AS pass FROM postfix_users WHERE email = '%u'
Is there some method to make it better.
%u as destuser isn't necessary, since it's the default.
Master password is a bit dangerous ( man in the middle ). Is director can relay no plain text authorization with out checking.
If you set NULL as password, director won't verify the password. You could even use passdb static. But this increases director's memory usage since users are verified by backends and director needs to remember all the unknown user login attempts (from brute force bots).
If you want non-plaintext auth:
Master password is slightly annoying, but you can set up the system so that director won't accept it and backends can't be connected directly.
It would also in theory be possible to use a per-user master password by using e.g. md5(username | master_password) as the password, so the master password would never be actually visible in the network (actually adding some non-plaintext SASL auth client support for Dovecot would basically do that).
Or the director <-> backend auth could simply have its own list of randomly generated passwords for users.
I have one more question, which is not concerned subject above. Is there any chance to set dovecot to be policy demon for postfix to check mailbox quota before mail are checking by (amavis, spamassassin, clamav) and before it is sending by lmtp. I think that it could reduce load.
That's something I'm planning on creating.