Robert Müller wrote:
Hello Hugo,
sounds good - I'll try them when they are online.
Regarding policyd, I currently prefer a stepwise approach. Atm I use
the debian-packaged postfix-policyd (v1.80) in order to quickly get
things to work (This was now successful, thanks again to José). After
getting first impressions and understanding how things work, I want
also to check out policyd v2. Do you have any preferences or caveats
for one of them?
Cheers,
Robert
I've only worked with v1 so far.
For the type of setup i've been using, which is restricted to servers
that handle incoming mail (MX), it has been working very well. The
ability to handle outbound mail as well, either from allowed relay
clients or authenticated users, in single server setups (one machine
does it all), must be addressed a bit differently though. That's because
v1 will only allow an all-or-nothing kind of approach. You might want to
use greylisting and helo checking for inbound mail only and throttling
for outbound mail only, and v1 does not allow rule differentiation.
I've been looking at a legacy policyd v1 patch that implements
whitelisting scopes which is a way to handle this problem. Another
possibility, relying on existing documentation, is to use v2 instead. v2
supports class definition allowing different rules to be applied to
different objects, them being individual users, client addresses or even
netblocks/domains.
My main concerns about v2 right now are actually just 2:
Performance - It's perl based, while v1 is entirely C, there WILL be
some overhead.
Data migration - v2 still lacks the appropriate migration tools. The
database layout is completely new and it would be really nice to be able
to reuse existing data.
Hopefully the new versions of qenvscan-policyd and the qmail-ldap patch
will allow the use of both versions, patched or unpatched. Of course an
unpatched v1 version will always have the limitations i refered.
Regards,
Hugo Monteiro.
--
ci.fct.unl.pt:~# cat .signature
Hugo Monteiro
Email : hugo.monte...@fct.unl.pt
Telefone : +351 212948300 Ext.15307
Web : http://hmonteiro.net
Centro de Informática
Faculdade de Ciências e Tecnologia da
Universidade Nova de Lisboa
Quinta da Torre 2829-516 Caparica Portugal
Telefone: +351 212948596 Fax: +351 212948548
www.ci.fct.unl.pt ap...@fct.unl.pt
ci.fct.unl.pt:~# _
