[Dovecot] SASL auth and proxy

mailing at securitylabs.it mailing at securitylabs.it
Fri Oct 1 20:33:26 EEST 2010


  Il 01/10/2010 18:55, Ed W ha scritto:
>  On 01/10/2010 17:23, Timo Sirainen wrote:
>
> I'm quite possibly missing the point, but you might restructure your 
> application to have:
>
> - one mysql db (replicated if necessary for robustness) with ALL 
> customer data in it
> - pool of postfix servers which auth to the remote db (they can be 
> persuaded to cache auth results if you wish)
>

You are completely right, I simply don't like the idea to have one 
single big db with user data and all troubles that can happen 
(performance, replication configuration, data corruption...)

>
> Could have completely missed the point, but this way you get a shared 
> pool of frontend machines (so might as well spam/av block on them), 
> which then use a transport map to get the mail internally to the 
> correct mailbox server.  You can obviously also use a similar sql 
> query to ask Dovecot frontend servers to proxy connections to the 
> correct backend server...
>

I already have a pool of frontend server (MX) that do AV/Spam filtering 
and a transport map to the internal machine, but I don't do any query, I 
verify the existence of the recipient via recipient address verification 
before queue with Postfix.

I think - for now - I will try authentication with multiple database 
with Dovecot, by now I only have 4 internal servers with MySQL, so 
performance I hope will not be a problem considering that Dovecot cache 
the results.

I can also implement a procedure that periodically extract only 
user/password from the internal DB and export them to the smtp auth db 
servers, but it's not in real time and may be I'll encounter some 
locking/performance problem during export/import.




More information about the dovecot mailing list