On Mon, Mar 09, 2015 at 04:40:41AM +0000, Mick wrote:
> >I would not deploy this policy script. It requires a new Perl
> >process for each request. That's a rather bad idea. It does not
> >treat the sender address in a case-insensitive manner.
>
> I hadn't thought of that. If the mail server busy, a lot of processes could
> end up running. You could limit the number of processes in master.cf though
> couldn't you?
I am not talking about concurrency, rather this still costs a Perl
invocation per lookup and Perl start-up time is considerable. The
server might easily have problems under load, especially if you
limit concurrency too much.
> I agree running a service would be better. That's way beyond my limited
> knowledge though.
That's why I am suggesting a TCP table driver, (or even better SQL).
> >With 2.10 use socketmap, and with 2.9 or less the tcp table to
> >implement smtpd_sender_login_maps. Whichever you use, make it
> >a persistent service not one process per lookup.
>
> Out of interest, have you any links showing working examples? I doubt it be
> as simple as creating a file, postmapping it to a db file and adding
> check_sasl_access hash:/etc/postfix/sasl_checks
It's a damn simple protocol, you just need a persistent TCP listener.
However upgrading to Postfix 2.11 which supports check_sasl_access
is surely easier.
--
Viktor.
