[Dovecot] When should dictionary entries for the expire plugin be added/updated?
Timo Sirainen
tss at iki.fi
Wed Aug 25 17:29:51 EEST 2010
On Wed, 2010-08-25 at 16:07 +0200, Ralph Seichter wrote:
> On 25.08.10 15:03, Timo Sirainen wrote:
>
> > The group way I mentioned would avoid problems with them, but of
> > course not security problems related to Dovecot processes themselves.
>
> There are users with shell access to the Dovecot server, and as long as
> all these users require write permissions for the dict socket, I see
> some potential for trouble.
But you don't have to give rw access to them. You have to give rw access
to Dovecot processes (this works as long as you don't use dovecot-lda).
See http://wiki2.dovecot.org/Dict
> > the whole point of expire database is that a single command can quickly
> > see what users have mails to expunge. So this needs to be a shared
> > dictionary across users.
>
> Does it really? I use something like this for cleanup:
>
> for user in $MAILUSERS; do
> doveadm expunge -u $user ...
> done
If you do that, then there's no point in using expire database at all.
Even the wiki page says at the top that you don't really need it.. What
the expire plugin optimizes is if you have lots of users and you call it
to all users with -A parameter.
> As I loop over users anyway, I don't think that a per-user dictionary
> would be a bad idea. "doveadm expunge -A" might be different, but I
> think that even with "-A" you'll need to iterate over users.
Yeah, the doveadm_expire plugin makes the iteration skip users who don't
have anything to expunge.
More information about the dovecot
mailing list