Re: Postfix(chroot) and Postgresql
On 2007/12/25 12:57, badeguruji wrote: I want to setup postfix and dovecot. i want to authenticate my users thru ldap. [...] (i do not want to be a ldap guru) If you want to use ldap for critical infrastructure, you'd better understand it (and an email setup big enough to need some kind of distributed database implies it's going to be fairly critical). Is there a place where i can find some 'ponited' help on how to build such an 'email users' database? i do not want to have unix logins for them. I don't have a clue what 'ponited' means but if you need a set of instructions to follow to set it up, how are you going to fix it when there's a problem? Dovecot works nicely with virtual users (no unix logins) with simple user/password databases (flat-file, Berkeley db, etc). Have you tried it? From: Craig Skinner [EMAIL PROTECTED] Sent: Saturday, December 1, 2007 7:12:54 AM Subject: Re: Postfix(chroot) and Postgresql How about - using OpenLDAP? Same thing. Flat files are fast and reliable [...] To add to Craig's comment from the mail you quoted, they're also a lot simpler.
Re: Postfix(chroot) and Postgresql
badeguruji wrote: [...] i am searching on google and have not found anything yet. i am therefore looking into generic ldap manuals. (i do not want to be a ldap guru) I maintaining some larger email installations that use LDAP. If you are not willing/don't want to dig deep into the matter, then I suggest that you don't use it all. It can be complicated and complex. Of course, once installed it works like a charm (oh, and we even have an LDAP enabled version of the venerable vacation(8) program). - Marc Balmer [...] -- SELECT services FROM companies WHERE name = 'micro systems' marc balmer, micro systems, wiesendamm 2a, postfach, ch-4019 basel internet www.msys.ch, phone +41 61 383 05 10, fax +41 61 383 05 12
Re: Postfix(chroot) and Postgresql
I want to setup postfix and dovecot. i want to authenticate my users thru ldap. for that i have installed openldap server package. Is there a place where i can find some 'ponited' help on how to build such an 'email users' database? i do not want to have unix logins for them. i am searching on google and have not found anything yet. i am therefore looking into generic ldap manuals. (i do not want to be a ldap guru) thank you. -BG ~~Kalyan-mastu~~ - Original Message From: Craig Skinner [EMAIL PROTECTED] To: misc@openbsd.org Sent: Saturday, December 1, 2007 7:12:54 AM Subject: Re: Postfix(chroot) and Postgresql On Sat, Dec 01, 2007 at 12:07:54AM +0100, Bengt Frost wrote: Someone out there have any suggestions how use Postfix (and Dovecot) with PostgreSQL? Pull the user data from PostgreSQL and generate the files: /etc/sasldb2.db (copy to /var/spool/postfix/etc postfix reload) /etc/cram-md5.pwd e.g: have a cron driven perl script check for changes to the user tables in the last 15 mins if so, then generate new files. Stops PostgreSQL becoming a bottleneck when under high load (a spam attack). Ok. Not quite sure I'm following you. You mean pull user data from PostgreSQL and generate flat(db) user file for smtp-auth using p5-Authen-SASL-2.10p0 ... Aye, using whatever you fancy, probably loads of modules on CPAN that will do most of what you want for your site. Perl is in base, so you wont run the risk of a broken port of ruby/python/whatever stopping you working after an upgrade. Same for /etc/postfix/{aliases,canonical.map,virtual.map} As your site grows, you can punt the flat files out across your mail farm from your central db/admin box, use rdist or something similar. Then pull out 'other' Postfix data maps via (f.ex) Perl script across my 'mail farm'. Not sure yet how to do it - but I figure it out. PostgreSQL is brilliant as you can have views of multiple tables, such as user id passwd, then reference another accounts table with foriegn keys to see if payment is upto date, how much they paid (disk quota). Then from this one view, just select * and dump that data into flat files, then push to your front line smtp, imap, webmail, shell... boxes. No fancy SQL in the scripts, let the DB do the work for you with views stored procedures. (Your business logic is separate from the oily bits of service implementation) Implement another service, such as web hosting accounts, then just write another SQL view, and another Perl script to config apache, etc, etc. My basic point is this: you can go to a lot of bother to get some services to auth against SQL, then you want to bring up another service and there is no way of using SQL directly, so you write some scripts to generate flat files. Then you bring up another service, So why not just do it that way from the beginning? After all, the app was developed to use flat files, so as a mere user of an app, why fight against the developer? How about - using OpenLDAP? Same thing. Flat files are fast and reliable, and are basically the only way to give users shell access (mutt/pine) on OpenBSD as login wont auth against LDAP or SQL. -- Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED]
Re: Postfix(chroot) and Postgresql
On Dec 25, 2007, at 12:57 PM, badeguruji wrote: I want to setup postfix and dovecot. i want to authenticate my users thru ldap. for that i have installed openldap server package. Is there a place where i can find some 'ponited' help on how to build such an 'email users' database? i do not want to have unix logins for them. i am searching on google and have not found anything yet. i am therefore looking into generic ldap manuals. (i do not want to be a ldap guru) http://wiki.dovecot.org/VirtualUsers http://wiki.dovecot.org/AuthDatabase/SQL I think everything you asked about is documented right there.
Re: Postfix(chroot) and Postgresql
On Sat, Dec 01, 2007 at 12:07:54AM +0100, Bengt Frost wrote: Someone out there have any suggestions how use Postfix (and Dovecot) with PostgreSQL? Pull the user data from PostgreSQL and generate the files: /etc/sasldb2.db (copy to /var/spool/postfix/etc postfix reload) /etc/cram-md5.pwd e.g: have a cron driven perl script check for changes to the user tables in the last 15 mins if so, then generate new files. Stops PostgreSQL becoming a bottleneck when under high load (a spam attack). Ok. Not quite sure I'm following you. You mean pull user data from PostgreSQL and generate flat(db) user file for smtp-auth using p5-Authen-SASL-2.10p0 ... Aye, using whatever you fancy, probably loads of modules on CPAN that will do most of what you want for your site. Perl is in base, so you wont run the risk of a broken port of ruby/python/whatever stopping you working after an upgrade. Same for /etc/postfix/{aliases,canonical.map,virtual.map} As your site grows, you can punt the flat files out across your mail farm from your central db/admin box, use rdist or something similar. Then pull out 'other' Postfix data maps via (f.ex) Perl script across my 'mail farm'. Not sure yet how to do it - but I figure it out. PostgreSQL is brilliant as you can have views of multiple tables, such as user id passwd, then reference another accounts table with foriegn keys to see if payment is upto date, how much they paid (disk quota). Then from this one view, just select * and dump that data into flat files, then push to your front line smtp, imap, webmail, shell... boxes. No fancy SQL in the scripts, let the DB do the work for you with views stored procedures. (Your business logic is separate from the oily bits of service implementation) Implement another service, such as web hosting accounts, then just write another SQL view, and another Perl script to config apache, etc, etc. My basic point is this: you can go to a lot of bother to get some services to auth against SQL, then you want to bring up another service and there is no way of using SQL directly, so you write some scripts to generate flat files. Then you bring up another service, So why not just do it that way from the beginning? After all, the app was developed to use flat files, so as a mere user of an app, why fight against the developer? How about - using OpenLDAP? Same thing. Flat files are fast and reliable, and are basically the only way to give users shell access (mutt/pine) on OpenBSD as login wont auth against LDAP or SQL. -- Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED]
Re: Postfix(chroot) and Postgresql
Thanks! I have underestimate the use of flat files and you have give me useful tips. I have to refresh my perl programming - lately most C and Python (and sh of course ...) --bfrost (fvp.se, fvp.eu, fvpideas.com) P.S I am not sure if this gets through to misc mailinglist - sending from my mailserver. On Sat, Dec 01, 2007 at 01:12:54PM +, Craig Skinner wrote: On Sat, Dec 01, 2007 at 12:07:54AM +0100, Bengt Frost wrote: Someone out there have any suggestions how use Postfix (and Dovecot) with PostgreSQL? ... Ok. Not quite sure I'm following you. You mean pull user data from PostgreSQL and generate flat(db) user file for smtp-auth using p5-Authen-SASL-2.10p0 ... Aye, using whatever you fancy, probably loads of modules on CPAN that will do most of what you want for your site. Perl is in base, so you wont run the risk of a broken port of ruby/python/whatever stopping you working after an upgrade. Same for /etc/postfix/{aliases,canonical.map,virtual.map} ... Then pull out 'other' Postfix data maps via (f.ex) Perl script across my 'mail farm'. Not sure yet how to do it - but I figure it out. PostgreSQL is brilliant as you can have views of multiple tables, such as user id passwd, then reference another accounts table with foriegn keys to see if payment is upto date, how much they paid (disk quota). Then from this one view, just select * and dump that data into flat files, then push to your front line smtp, imap, webmail, shell... boxes. No fancy SQL in the scripts, let the DB do the work for you with views stored procedures. (Your business logic is separate from the oily bits of service implementation) Implement another service, such as web hosting accounts, then just write another SQL view, and another Perl script to config apache, etc, etc. My basic point is this: you can go to a lot of bother to get some services to auth against SQL, then you want to bring up another service and there is no way of using SQL directly, so you write some scripts to generate flat files. Then you bring up another service, So why not just do it that way from the beginning? After all, the app was developed to use flat files, so as a mere user of an app, why fight against the developer? How about - using OpenLDAP? Same thing. Flat files are fast and reliable, and are basically the only way to give users shell access (mutt/pine) on OpenBSD as login wont auth against LDAP or SQL. -- Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED]
Re: Postfix(chroot) and Postgresql
Thanks, Not sure if this mail is showing in correct thread - lost your mail att google server. On Fri, Nov 30, 2007 at 10:15:29PM +, Craig Skinner wrote: On Fri, Nov 30, 2007 at 10:33:04PM +0100, Bengt Frost wrote: Someone out there have any suggestions how use Postfix (and Dovecot) with PostgreSQL? Pull the user data from PostgreSQL and generate the files: /etc/sasldb2.db (copy to /var/spool/postfix/etc postfix reload) /etc/cram-md5.pwd e.g: have a cron driven perl script check for changes to the user tables in the last 15 mins if so, then generate new files. Stops PostgreSQL becoming a bottleneck when under high load (a spam attack). Ok. Not quite sure I'm following you. You mean pull user data from PostgreSQL and generate flat(db) user file for smtp-auth using p5-Authen-SASL-2.10p0 ... As your site grows, you can punt the flat files out across your mail farm from your central db/admin box, use rdist or something similar. Then pull out 'other' Postfix data maps via (f.ex) Perl script across my 'mail farm'. Not sure yet how to do it - but I figure it out. How about - using OpenLDAP? Thanks --bfrost
Re: Postfix(chroot) and Postgresql
Ok, Efficiency can sometimes be important. Had no idea about this solution - have to figure out how to do it. Thanks! Is OpenLDAP something to consider. --bfrost Genadijus Paleckis wrote: Instead of that I would recommend you to use DB files generated at regular intervals instead of 'online' access to postgresql. It is less CPU expensive and much faster. But if you wish to use SQL maps I guess you may want to use 127.0.0.1 instead of local socket and of course you need to configure postgresql to accept network access. *Addition* to above: In pg_hba.conf (PosgreSQL):
Re: Postfix(chroot) and Postgresql
On Fri, Nov 30, 2007 at 10:33:04PM +0100, Bengt Frost wrote: Someone out there have any suggestions how use Postfix (and Dovecot) with PostgreSQL? Pull the user data from PostgreSQL and generate the files: /etc/sasldb2.db (copy to /var/spool/postfix/etc postfix reload) /etc/cram-md5.pwd e.g: have a cron driven perl script check for changes to the user tables in the last 15 mins if so, then generate new files. Stops PostgreSQL becoming a bottleneck when under high load (a spam attack). As your site grows, you can punt the flat files out across your mail farm from your central db/admin box, use rdist or something similar. DB down? DB backing up? No probs as mail still goes through until you are finished. Probably not the answers you are looking for -- Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED]
Re: Postfix(chroot) and Postgresql
*Addition* to above: In pg_hba.conf (PosgreSQL): vmail(user) access to datab with md5 password local(and host) --bfrost Bengt Frost wrote: Hi, I am trying to use PostgreSQL as a backend for my Postfix virtual mail system and dovecot(psql) for smtp-auth. 'Postfix' is chrooted - most of it - and with MySQL socket there is no problem to auth users and use Postfix transport_maps and virtual_*_maps. I have problem with postgresql socket(.s.PGSQL.5432). Neither dovecot(auth) or Postfix(processes) can connect to PostgreSQL. I have tried to google, read OpenBSD misc and ports maillinglists with no success. Here is some files with related 'stuff': ### rc - system /etc/rc.local: # Postfix - PostgreSQL if [ -x /usr/local/bin/pg_ctl ]; then echo -n ' postgresql' su -l _postgresql -c nohup /usr/local/bin/pg_ctl start \ -D /var/postgresql/data -l /var/postgresql/logfile \ -o '-D /var/postgresql/data' /dev/null su -l _postgresql -c ln -s /var/spool/postfix/tmp/.s.PGSQL.5432 /tmp su -l _postgresql -c ln -s /var/spool/postfix/tmp/.s.PGSQL.5432.lock /tmp fi /etc/rc.shutdown: # Posfix - PostgreSQL if [ -f /var/postgresql/data/postmaster.pid ]; then su -l _postgresql -c /usr/local/bin/pg_ctl stop -m fast \ -D /var/postgresql/data rm -f /var/postgresql/data/postmaster.pid \ /var/spool/postfix/tmp/.s.PGSQL.5432 \ /var/spool/postfix/tmp/.s.PGSQL.5432.lock \ /tmp/.s.PGSQL.5432 \ /tmp/.s.PGSQL.5432.lock fi ### Dovecot: /etc/dovecot.conf: passdb sql { args = /etc/dovecot-pgsql.conf } ... userdb sql { args = /etc/dovecot-pgsql.conf ... socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = _postfix group = _postfix } /etc/dovecot-pgsql: # Currently supported schemes include PLAIN, PLAIN-MD5, DIGEST-MD5, and CRYPT. default_pass_scheme = CRYPT # also above schemes # Database options # UNIX socket - see host connect = host=/tmp/.s.PGSQL.5432 dbname= user=vmail password=x ### Postfix - referensed from main.conf(pgsql: - no proxymap used): /etc/postfix/pgsql_transport: # UNIX socket - PostgreSQL - relative path(chroot) hosts = unix:/tmp/.s.PGSQL.5432 # inet: for TCP connections (default) #hosts = localhost ##hosts = 127.0.0.1 ### PostgreSQL /var/postgresql/postgresql.conf: unix_socket_directory = '/var/spool/postfix/tmp' # tmp directory in Postfix root : rwxrwxr-t permission and 'owned' by _postfix _postgresql Someone out there have any suggestions how use Postfix (and Dovecot) with PostgreSQL? Thanks! --bfrost
Postfix(chroot) and Postgresql
Hi, I am trying to use PostgreSQL as a backend for my Postfix virtual mail system and dovecot(psql) for smtp-auth. 'Postfix' is chrooted - most of it - and with MySQL socket there is no problem to auth users and use Postfix transport_maps and virtual_*_maps. I have problem with postgresql socket(.s.PGSQL.5432). Neither dovecot(auth) or Postfix(processes) can connect to PostgreSQL. I have tried to google, read OpenBSD misc and ports maillinglists with no success. Here is some files with related 'stuff': ### rc - system /etc/rc.local: # Postfix - PostgreSQL if [ -x /usr/local/bin/pg_ctl ]; then echo -n ' postgresql' su -l _postgresql -c nohup /usr/local/bin/pg_ctl start \ -D /var/postgresql/data -l /var/postgresql/logfile \ -o '-D /var/postgresql/data' /dev/null su -l _postgresql -c ln -s /var/spool/postfix/tmp/.s.PGSQL.5432 /tmp su -l _postgresql -c ln -s /var/spool/postfix/tmp/.s.PGSQL.5432.lock /tmp fi /etc/rc.shutdown: # Posfix - PostgreSQL if [ -f /var/postgresql/data/postmaster.pid ]; then su -l _postgresql -c /usr/local/bin/pg_ctl stop -m fast \ -D /var/postgresql/data rm -f /var/postgresql/data/postmaster.pid \ /var/spool/postfix/tmp/.s.PGSQL.5432 \ /var/spool/postfix/tmp/.s.PGSQL.5432.lock \ /tmp/.s.PGSQL.5432 \ /tmp/.s.PGSQL.5432.lock fi ### Dovecot: /etc/dovecot.conf: passdb sql { args = /etc/dovecot-pgsql.conf } ... userdb sql { args = /etc/dovecot-pgsql.conf ... socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = _postfix group = _postfix } /etc/dovecot-pgsql: # Currently supported schemes include PLAIN, PLAIN-MD5, DIGEST-MD5, and CRYPT. default_pass_scheme = CRYPT # also above schemes # Database options # UNIX socket - see host connect = host=/tmp/.s.PGSQL.5432 dbname= user=vmail password=x ### Postfix - referensed from main.conf(pgsql: - no proxymap used): /etc/postfix/pgsql_transport: # UNIX socket - PostgreSQL - relative path(chroot) hosts = unix:/tmp/.s.PGSQL.5432 # inet: for TCP connections (default) #hosts = localhost ##hosts = 127.0.0.1 ### PostgreSQL /var/postgresql/postgresql.conf: unix_socket_directory = '/var/spool/postfix/tmp' # tmp directory in Postfix root : rwxrwxr-t permission and 'owned' by _postfix _postgresql Someone out there have any suggestions how use Postfix (and Dovecot) with PostgreSQL? Thanks! --bfrost
Re: Postfix(chroot) and Postgresql
Instead of that I would recommend you to use DB files generated at regular intervals instead of 'online' access to postgresql. It is less CPU expensive and much faster. But if you wish to use SQL maps I guess you may want to use 127.0.0.1 instead of local socket and of course you need to configure postgresql to accept network access. Bengt Frost wrote: *Addition* to above: In pg_hba.conf (PosgreSQL): vmail(user) access to datab with md5 password local(and host) --bfrost Bengt Frost wrote: Hi, I am trying to use PostgreSQL as a backend for my Postfix virtual mail system and dovecot(psql) for smtp-auth. 'Postfix' is chrooted - most of it - and with MySQL socket there is no problem to auth users and use Postfix transport_maps and virtual_*_maps. I have problem with postgresql socket(.s.PGSQL.5432). Neither dovecot(auth) or Postfix(processes) can connect to PostgreSQL. I have tried to google, read OpenBSD misc and ports maillinglists with no success. Here is some files with related 'stuff': ### rc - system /etc/rc.local: # Postfix - PostgreSQL if [ -x /usr/local/bin/pg_ctl ]; then echo -n ' postgresql' su -l _postgresql -c nohup /usr/local/bin/pg_ctl start \ -D /var/postgresql/data -l /var/postgresql/logfile \ -o '-D /var/postgresql/data' /dev/null su -l _postgresql -c ln -s /var/spool/postfix/tmp/.s.PGSQL.5432 /tmp su -l _postgresql -c ln -s /var/spool/postfix/tmp/.s.PGSQL.5432.lock /tmp fi /etc/rc.shutdown: # Posfix - PostgreSQL if [ -f /var/postgresql/data/postmaster.pid ]; then su -l _postgresql -c /usr/local/bin/pg_ctl stop -m fast \ -D /var/postgresql/data rm -f /var/postgresql/data/postmaster.pid \ /var/spool/postfix/tmp/.s.PGSQL.5432 \ /var/spool/postfix/tmp/.s.PGSQL.5432.lock \ /tmp/.s.PGSQL.5432 \ /tmp/.s.PGSQL.5432.lock fi ### Dovecot: /etc/dovecot.conf: passdb sql { args = /etc/dovecot-pgsql.conf } ... userdb sql { args = /etc/dovecot-pgsql.conf ... socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = _postfix group = _postfix } /etc/dovecot-pgsql: # Currently supported schemes include PLAIN, PLAIN-MD5, DIGEST-MD5, and CRYPT. default_pass_scheme = CRYPT # also above schemes # Database options # UNIX socket - see host connect = host=/tmp/.s.PGSQL.5432 dbname= user=vmail password=x ### Postfix - referensed from main.conf(pgsql: - no proxymap used): /etc/postfix/pgsql_transport: # UNIX socket - PostgreSQL - relative path(chroot) hosts = unix:/tmp/.s.PGSQL.5432 # inet: for TCP connections (default) #hosts = localhost ##hosts = 127.0.0.1 ### PostgreSQL /var/postgresql/postgresql.conf: unix_socket_directory = '/var/spool/postfix/tmp' # tmp directory in Postfix root : rwxrwxr-t permission and 'owned' by _postfix _postgresql Someone out there have any suggestions how use Postfix (and Dovecot) with PostgreSQL? Thanks! --bfrost