|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Victor Duchovni (Victor.Duchovni
MorganStanley.com)
Date: Wed Nov 21 2007 - 13:42:22 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, Nov 21, 2007 at 02:30:31PM -0500, Wietse Venema wrote:
> Keean Schupke:
> > Actually, this is no good, as I would need the transport chosen by
> > relayhost not by eventual destination... as we will be using
> > "sender_dependent_relayhost_maps" to decide which relay to send things
> > through...
> >
> > Don't suppose sender_dependent_relayhost_maps could be made to work
> > like transport maps? so that the RHS is "transport:next_hop"? This
> > would allow me to choose different transport options (vai the
> > master.cf) for different senders.
>
> Actually, that would be sender_dependent_relay_transport_maps. It
> has not yet been implemented due to lack of demand.
Back to the verify(8) approach, it is important to not store sucess
results in the verify(8) cache in this case. Store only failures.
The verify(8) service will not replace a success state with a failure
state before the lifetime of the success entry expires.
The "address" argument to the verify service is an arbitrary
null-terminated string. A base64 encoding of the SHA1 hash of
"gateway\0user\0pass\0" would make a reasonable key and will not collide
with addresses (no "" sign).
Enabling a persistent store for this "verify" service is probably a good
idea, so that reboots don't result in re-use of stale passwords.
The down-side is some risk of corrupted ".db" files after a bad crash.
These would require manual intervention.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]