|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Keean Schupke (keean
fry-it.com)
Date: Mon Dec 03 2007 - 03:56:07 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
Does this mean using "dict_get" etc from the smtp_sasl code?
if so will there be support for a configurable service name?
smtp_sasl_auth_fail_map = proxy:btree:authcache
but i am confused... is "authcache" in the above line, the name of the
db file, or the name of the sevice in the master.cf table? Can it be
both? (IE if a service of that name exists we use it, otherwise we use
the generic proxymap service with that as the db-file name)
If we can address the umask and sigterm issues I think we will all be happy...
Does the patch posted include the configurable service name?
I guess I will produce a V3 of the auth_failure_cache/map patch going
back to using dict_open/dict_get/dict_put/dict_del, but with the other
general code improvements made in the meantime.
Regards,
Keean Schupke, Fry-IT Ltd.
On 03/12/2007, Victor Duchovni <Victor.Duchovnimorganstanley.com> wrote:
> On Sun, Dec 02, 2007 at 10:05:09PM -0500, Wietse Venema wrote:
>
> > > So the SASL code needs to use "proxymap" protocol directly, not
> > > "proxy:..." tables, which always contacts the "real" proxymap.
> >
> > To access a single-writer auth_fail_map, use
> > proxy:btree:/some/where/auth_fail_map a dedicated proxymap service,
>
> While the delivery agent concurrency to a single destination is ideally
> just "1" in this case, the process limit for the delivery agent may
> well be significantly higher. Is it acceptable for all the smtp(8)
> delivery agents to use a single proxymap(8) for all lookups in addition
> to auth_fail cache updates?
>
> If it is, the remaining obstacles are table permissions and how the new
> table updating proxymap handles SIGTERM on "postfix stop". Do we do anything
> special for these? The cloned proxymap needs to create new tables mode 0600
> and change its process group to avoid untimely SIGTERM. Does the umask need
> to be configurable?
>
> --
> Viktor.
>
> Disclaimer: off-list followups get on-list replies or get ignored.
> Please do not ignore the "Reply-To" header.
>
> To unsubscribe from the postfix-users list, visit
> http://www.postfix.org/lists.html or click the link below:
> <mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
>
> If my response solves your problem, the best way to thank me is to not
> send an "it worked, thanks" follow-up. If you must respond, please put
> "It worked, thanks" in the "Subject" so I can delete these quickly.
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]