[Dovecot] Postfix LDA vs the Dovecot LDA + other quetions
Guys ,
- What is the benefit of using Dovecot' LDA as compared to postfix's LDA? Will there be better performance?
And along the same vein,
What is the benefit of using Dovecot's SASL as compared to Cyrus SASL? Is there better performance?
Quota Management ( Creating, enforcing, notifying ) - is it done thru dovecot or postfix or are both needed?
Regards, mgomez
On Sun, Feb 22, 2009 at 11:58:01PM -0800, Linux Advocate wrote:
Guys ,
- What is the benefit of using Dovecot' LDA as compared to postfix's LDA? Will there be better performance?
With Dovecot's LDA, mailbox indexes are updated at mail delivery time instead of (only) at pop3/imap login time, which should result in faster logins when you have a lot of new mail.
And Dovecot's LDA has extra functionality, most notably Sieve support. But if you don't use all that, Postfix' LDA works fine too.
Geert-- Geert Hendrickx -=- ghen@telenet.be -=- PGP: 0xC4BB9E9F This e-mail was composed using 100% recycled spam messages!
On Sun, 2009-02-22 at 23:58 -0800, Linux Advocate wrote:
- What is the benefit of using Dovecot's SASL as compared to Cyrus SASL? Is there better performance?
Probably not, but I've always hated configuring Cyrus SASL. It's not as flexible and the error and debug messages are worse.
- Quota Management ( Creating, enforcing, notifying ) - is it done thru dovecot or postfix or are both needed?
Depends on if you use Dovecot LDA. If not, then both.
On 2/23/2009 9:21 AM, Timo Sirainen wrote:
On Sun, 2009-02-22 at 23:58 -0800, Linux Advocate wrote:
- What is the benefit of using Dovecot's SASL as compared to Cyrus SASL? Is there better performance?
Probably not, but I've always hated configuring Cyrus SASL. It's not as flexible and the error and debug messages are worse.
I agree... but the one disadvantage to dovecot sasl is it cannot be used as CLIENT mechanism... is adding this capability by any chance on the radar?
--
Best regards,
Charles
On Mon, 2009-02-23 at 09:50 -0500, Charles Marcus wrote:
On 2/23/2009 9:21 AM, Timo Sirainen wrote:
On Sun, 2009-02-22 at 23:58 -0800, Linux Advocate wrote:
- What is the benefit of using Dovecot's SASL as compared to Cyrus SASL? Is there better performance?
Probably not, but I've always hated configuring Cyrus SASL. It's not as flexible and the error and debug messages are worse.
I agree... but the one disadvantage to dovecot sasl is it cannot be used as CLIENT mechanism... is adding this capability by any chance on the radar?
Well, as a client Cyrus SASL does pretty well already. And having Dovecot support also client SASL would require a lot of new code which isn't used by Dovecot itself anywhere.
Timo Sirainen schreef:
On Mon, 2009-02-23 at 09:50 -0500, Charles Marcus wrote:
On 2/23/2009 9:21 AM, Timo Sirainen wrote:
On Sun, 2009-02-22 at 23:58 -0800, Linux Advocate wrote:
- What is the benefit of using Dovecot's SASL as compared to Cyrus SASL? Is there better performance? Probably not, but I've always hated configuring Cyrus SASL. It's not as flexible and the error and debug messages are worse. I agree... but the one disadvantage to dovecot sasl is it cannot be used as CLIENT mechanism... is adding this capability by any chance on the radar?
Well, as a client Cyrus SASL does pretty well already. And having Dovecot support also client SASL would require a lot of new code which isn't used by Dovecot itself anywhere. It could however be used in the test suite somewhere, e.g. to test the SASL mechanisms themselves. So it would have some merit :)
Regards,
-- Stephan Bosch stephan@rename-it.nl
On 2/23/2009 12:12 PM, Timo Sirainen wrote:
- What is the benefit of using Dovecot's SASL as compared to Cyrus SASL? Is there better performance?
Probably not, but I've always hated configuring Cyrus SASL. It's not as flexible and the error and debug messages are worse.
I agree... but the one disadvantage to dovecot sasl is it cannot be used as CLIENT mechanism... is adding this capability by any chance on the radar?
Well, as a client Cyrus SASL does pretty well already.
I know, but I'd prefer not to have them both installed if possible... ;)
And having Dovecot support also client SASL would require a lot of new code which isn't used by Dovecot itself anywhere.
I understand... but it would still be nice... ;) maybe a good candidate for the Goggle Summer of Code?
--
Best regards,
Charles
On Mon, 2009-02-23 at 13:14 -0500, Charles Marcus wrote:
And having Dovecot support also client SASL would require a lot of new code which isn't used by Dovecot itself anywhere.
I understand... but it would still be nice... ;) maybe a good candidate for the Goggle Summer of Code?
Maybe .. We're looking into the Google SoC. I can't do it alone (at least last year the rules required at least two mentors).
- What is the benefit of using Dovecot's SASL as compared to Cyrus SASL? Is
On Sun, 2009-02-22 at 23:58 -0800, Linux Advocate wrote: there better performance?
Probably not, but I've always hated configuring Cyrus SASL. It's not as flexible and the error and debug messages are worse.
- Quota Management ( Creating, enforcing, notifying ) - is it done thru dovecot or postfix or are both needed?
Depends on if you use Dovecot LDA. If not, then both.
Timo, if we use the dovecot LDA, we do need to create a user "vmail" , with no login priveleges etc? my /home/vmail/ directories are owned by postfix. do i then need to make vmail a member of the group?
Or will it be easier to make /home/vmail to be owned by user vmail? in this scenario, we need not worry about postfix access bcos its dovecot's LDA that is writing and reading from /home/vmail?
regards, mgomez
On Feb 23, 2009, at 8:49 PM, Linux Advocate wrote:
- What is the benefit of using Dovecot's SASL as compared to
Cyrus SASL? IsOn Sun, 2009-02-22 at 23:58 -0800, Linux Advocate wrote: there better performance?
Probably not, but I've always hated configuring Cyrus SASL. It's
not as flexible and the error and debug messages are worse.
- Quota Management ( Creating, enforcing, notifying ) - is it
done thru dovecot or postfix or are both needed?Depends on if you use Dovecot LDA. If not, then both.
Timo, if we use the dovecot LDA, we do need to create a user
"vmail" , with no login priveleges etc?
No.
my /home/vmail/ directories are owned by postfix. do i then need to
make vmail a member of the group?
You could just execute Dovecot LDA using postfix user.
Or will it be easier to make /home/vmail to be owned by user vmail?
in this scenario, we need not worry about postfix access bcos its
dovecot's LDA that is writing and reading from /home/vmail?
I'd recommend using vmail user in any case. Dovecot (LDA or IMAP or
POP3) really doesn't need access to Postfix's private files.
- Quota Management ( Creating, enforcing, notifying ) - is it done thru dovecot or postfix or are both needed?
Depends on if you use Dovecot LDA. If not, then both.
Timo, if we use the dovecot LDA, we do need to create a user "vmail" , with no login priveleges etc?
No.
my /home/vmail/ directories are owned by postfix. do i then need to make vmail a member of the group?
You could just execute Dovecot LDA using postfix user.
Therefore, ( copied from dovecot wiki, http://wiki.dovecot.org/LDA/Postfix )
dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${recipient}
I could change the user=vmail:vmail to postfix:postfix ?
On Feb 23, 2009, at 9:23 PM, Linux Advocate wrote:
Timo, if we use the dovecot LDA, we do need to create a user
"vmail" , with no login priveleges etc?No.
my /home/vmail/ directories are owned by postfix. do i then need
to make vmail a member of the group?You could just execute Dovecot LDA using postfix user.
Therefore, ( copied from dovecot wiki, http://wiki.dovecot.org/LDA/Postfix )
dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver
-f ${sender} -d ${recipient}I could change the user=vmail:vmail to postfix:postfix ?
I just heard that Postfix doesn't allow you to do that (as you would
have noticed too). So just use vmail.
my /home/vmail/ directories are owned by postfix. do i then need to make vmail a member of the group?
You could just execute Dovecot LDA using postfix user.
Therefore, ( copied from dovecot wiki, http://wiki.dovecot.org/LDA/Postfix )
dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver -f ${sender} -d ${recipient}
I could change the user=vmail:vmail to postfix:postfix ?
I just heard that Postfix doesn't allow you to do that (as you would have noticed too). So just use vmail.
Ok. but its amazing that dovecot can deliver as vmail, a user who doesnt exist.....how does it accomplish this?
[root@fwgw vmail]# ls -l
drwx------ 6 postfix postfix 4096 Feb 23 18:25 mesara.biz
Do i need to changes the permissions on the above?
On Feb 23, 2009, at 9:35 PM, Linux Advocate wrote:
I just heard that Postfix doesn't allow you to do that (as you
would have noticed too). So just use vmail.Ok. but its amazing that dovecot can deliver as vmail, a user who
doesnt exist.....how does it accomplish this?
Huh? Maybe you're confusing some concepts. Let's see..
vmail = UNIX user = typically in /etc/passwd. Postfix's pipe program
looks up the UID number based on the UNIX username. Typically from /
etc/passwd. Then it sets the deliver process's UNIX UID to this number.
Dovecot deliver then reads the config file and looks up the
destination username from dovecot-auth. Depending on your
configuration, it either receives vmail (which gets converted to UID)
or the UID number directly. In any case it notices that the process's
current UNIX UID is the same as the looked up UID, so it does nothing.
Destination username lookup is completely different from the UNIX UID,
so there's no need to have a "vmail" user listed in Dovecot's passdb/
userdb. It's never looked up from there.
[root@fwgw vmail]# ls -l
drwx------ 6 postfix postfix 4096 Feb 23 18:25 mesara.biz
Do i need to changes the permissions on the above?
Yes. Otherwise you'll get a permission denied error.
You could always just try and see what error messages Dovecot logs.
It's really good at giving understandable error messages, especially
the latest v1.1 version.
thanx timo, u were right. i am confusing things.
vmail needs to exist as a unix user (nologin priveleges) not as a virtual user. just give ownership of the folders to vmail... since postfix LDA doesnt need to acccess the folders anymore...
right? will test dovecot lda and report back.
Ok. but its amazing that dovecot can deliver as vmail, a user who doesnt
exist.....how does it accomplish this?
Huh? Maybe you're confusing some concepts. Let's see..
vmail = UNIX user = typically in /etc/passwd. Postfix's pipe program looks up the UID number based on the UNIX username. Typically from /etc/passwd. Then it sets the deliver process's UNIX UID to this number.
Dovecot deliver then reads the config file and looks up the destination username from dovecot-auth. Depending on your configuration, it either receives vmail (which gets converted to UID) or the UID number directly. In any case it notices that the process's current UNIX UID is the same as the looked up UID, so it does nothing.
Destination username lookup is completely different from the UNIX UID, so there's no need to have a "vmail" user listed in Dovecot's passdb/userdb. It's never looked up from there.
[root@fwgw vmail]# ls -l
drwx------ 6 postfix postfix 4096 Feb 23 18:25 mesara.biz
Do i need to changes the permissions on the above?
Yes. Otherwise you'll get a permission denied error.
You could always just try and see what error messages Dovecot logs. It's really good at giving understandable error messages, especially the latest v1.1 version.
participants (5)
-
Charles Marcus
-
Geert Hendrickx
-
Linux Advocate
-
Stephan Bosch
-
Timo Sirainen