Re: [vchkpw] many roaming users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Kitchen wrote: | On Wednesday 18 May 2005 12:45 pm, Payal Rathod wrote: | |>Hi, |>The other day a friend showed interest in qmail server. He is running |>sendmail for many years and wants to shift to a better MTA (for his |>moderately loaded server of 3 thousand users) during hardware change. I |>have advised him qmail + vpopmail combo, but am scared of one thing |>only. Can cdb handle that lot of recompiling (he surely does not want |>any kind of sql) because almost all his users are roaming users? | | | don't use vpopmail's roaming-users functionality if you want pop-before-smtp | authentication, use Bruce Guenter's relay-ctrl package. vpopmail's roaming users should be fine for a smaller system such as this one. You wouldn't nessarily want to use it in a clustered environment, but it should be fine for a single-server, smaller configuration. If you're clustered, or planning on clustering, then Matt Simmerson's tcpserver patch would be a good alternative. | | However, I wouldn't even use pop-before-smtp.. I would set up SMTP | authentication and require that. Agreed. SMTP authentication is the prefered method these days, but, if because of your user-base, this is not feasable, roaming users should be fine in this type of environment. | | -Jeremy | - -- /* ~Matt Brookings <[EMAIL PROTECTED]> GnuPG Key 7D7E5F37 ~Software developer Systems technician ~Inter7 Internet Technologies, Inc. (815)776-9465 */ banner("Support open-source!\n"); void banner(char *arg) { ~ char b[50]; ~ strcpy(b, arg); ~ printf(b); } -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFClLGZ/pZz8n1+XzcRAm+rAJ4iJXApD/Z0GWwAdcV7RP8VaV8GXQCgmkyy Cb7uXMI9JVzkWdm3DCX9S3U= =3x7N -END PGP SIGNATURE-
Re: [vchkpw] many roaming users
On Saturday 21 May 2005 11:05 am, Matt Simerson wrote: > On May 18, 2005, at 3:39 PM, Jeremy Kitchen wrote: > > On Wednesday 18 May 2005 01:26 pm, Payal Rathod wrote: > >> On Wed, May 18, 2005 at 01:15:22PM -0500, Jeremy Kitchen wrote: > >>> don't use vpopmail's roaming-users functionality if you want > >>> pop-before-smtp authentication, use Bruce Guenter's relay-ctrl > >>> package. > >> > >> Any particular reason why? > > > > vpopmail's roaming-users support is poorly designed, slow, and > > prone to > > failure. > > I'd like to see some evidence to back up this assertion. the fact that it's based around one file (actually, 3) that can theoretically be attempted to be updated many times simultaneously (requiring locking, etc) the open-smtp file has to be locked, old entries purged, then the cdb file has to be locked, and rebuilt. If you have 10k users and their mail clients check every .. 10 minutes.. you're rebuilding this giant tcp.smtp.cdb file quite often. with relay-ctrl, it simply creates a file in a directory for each IP allowed, and checks for old ones that should be removed. This is NFS safe, requires no locking (who cares if two processes try to create the same empty file at the same time), and is a lot more fault-tolerant. Plus, since the relay-ctrl software is independent of any other qmail process, no other qmail process needs to know the location of the relay-ctrl directory, whereas vpopmail's roaming users either requires you to change where your cdb file is, or tell it specifically where your cdb file is. Also.. some people use scripts to generate their tcp.smtp.cdb file, since tcprules simply generates a cdb file based on stdin. vpopmail's roaming users breaks this. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] pgpJrYPfjsAjd.pgp Description: PGP signature
Re: [vchkpw] many roaming users
On May 18, 2005, at 3:39 PM, Jeremy Kitchen wrote: On Wednesday 18 May 2005 01:26 pm, Payal Rathod wrote: On Wed, May 18, 2005 at 01:15:22PM -0500, Jeremy Kitchen wrote: don't use vpopmail's roaming-users functionality if you want pop-before-smtp authentication, use Bruce Guenter's relay-ctrl package. Any particular reason why? vpopmail's roaming-users support is poorly designed, slow, and prone to failure. I'd like to see some evidence to back up this assertion. One could argue all day about whether it's poorly designed, but as I recall, you were not there when it was designed. While I completely agree that smtp-auth is a better method of allowing users to relay, anyone with even a little bit of experience working in large scale ISP or other hosting environments knows exactly how much pain and real cost is involved in getting even a small number (hundreds) of clients to update their email settings. Most places assign a dollar value to every support call and when you start doing the math, if you have 10% of this fellows 3,000 users calling in because they can't figure out how to update their ancient version of (Eudora|Outlook|Netscape] from 1995 to use SMTP-AUTH, it's going to cost his company thousands of dollars. Telling him to depreciate the use of POP before SMTP simply isn't terribly practical advise. How exactly is vpopmail roaming-users slow? You authenticate and the IP is immediately stuffed into open-smtp, which is compiled into tcp.smtp that very same second. How is that slow? The user can relay immediately. I have 600,000 users who have never once complained about it being slow. I'm sure this fellows 3,000 users have never had a problem with it being "slow" and never will. It's only prone to failure if you're using clusters of servers, in which case you'll have lock contention when re-writing the tcp.smtp file on a NFS mount. This does not affect many users of vpopmail and would certainly not show up on a system with only 3,000 users. I was the first to use vpopmail in such an environment and had over 10,000 users on the system when I ran into it. The tcpserver-MySQL patch was written and it's worked great for me and many others since. That "hack" has worked extraordinarily well for thousands of mail servers since. relay-ctrl is not, and is even, in fact, safe to use over NFS (I've done it) Using relay-ctrl on NFS is no less of a hack. On any well designed system that uses NFS, a primary limitation of scale will be NFS r/w operations between the NFS clients and server. Most often the point of using NFS is scalability. Having a cluster of boxes delivering mail for hundreds of thousands of users can quickly saturate even a the beefiest of NFS servers. Thus, a wise systems engineer will do everything he can to avoid adding to that load. So, the question becomes whether you prefer to litter /var with thousands of IP address files or use a MySQL table to store IPs. Databases were invented just for such purposes and do the job quite admirably. Matt However, I wouldn't even use pop-before-smtp.. I would set up SMTP authentication and require that. His usersuMe too. But his users have grown used to it. I suggested starting SMTP-Auth on another port and slowly switching pop-before- smtp completely off. that's what email is so handy for. You send your users an email telling them they have to change in their mail clients, and give them a URL with some pictures and instructions, and notify your support staff about the change, and train them how to handle the situation.. then send that email every week for 3 months. After the 3 months is up, shut pop-before-smtp off. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] `` Matt Simersonhttp://matt.simerson.net The Network People Inc. http://www.tnpi.biz Show me a piano falling down a mineshaft and I'll show you A-flat minor.
Re: [vchkpw] many roaming users
On Wednesday 18 May 2005 02:57 pm, Sylwester S. Biernacki wrote: > On Wednesday, May 18, 2005, 9:46:30 PM, Jeremy wrote: > >> http://www.tnpi.biz/internet/mail/toaster/patches/tcpserver-mysql.shtml > > > > that's a hack, and I would not recommend using it. > > > > it's not tcpserver's job to handle specific functions such as this. > > However sometimes you have to do sth even if it looks bad and is not > scalable ;) why, when there are such better alternatives? http://untroubled.org/relay-ctrl/ It's simple, easy to use, easy to set up, and fits in with the UNIX mindset of doing things. Simple tools with specific functions that interact with each other. 6 of one half dozen of the other, I suppose. I guess I'm just a purist and don't patch anything unless I absolutely have to. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] pgpbgQebHPf1Q.pgp Description: PGP signature
Re: [vchkpw] many roaming users
On Wednesday 18 May 2005 01:50 pm, Davide Giunchi wrote: > Payal Rathod ha scritto: > > Hi, > > The other day a friend showed interest in qmail server. He is running > > sendmail for many years and wants to shift to a better MTA (for his > > moderately loaded server of 3 thousand users) during hardware change. I > > have advised him qmail + vpopmail combo, but am scared of one thing > > only. Can cdb handle that lot of recompiling (he surely does not want > > any kind of sql) because almost all his users are roaming users? > > I use roaming user with a ~ 1600 server, the system is made by 2 > frontend and an NFS server, i've used this patch to make the roaming > users function work with mysql instead of cdb over NFS: > > http://www.tnpi.biz/internet/mail/toaster/patches/tcpserver-mysql.shtml that's a hack, and I would not recommend using it. it's not tcpserver's job to handle specific functions such as this. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] pgp76NuGenJaX.pgp Description: PGP signature
Re: [vchkpw] many roaming users
On Wednesday 18 May 2005 01:26 pm, Payal Rathod wrote: > On Wed, May 18, 2005 at 01:15:22PM -0500, Jeremy Kitchen wrote: > > don't use vpopmail's roaming-users functionality if you want > > pop-before-smtp authentication, use Bruce Guenter's relay-ctrl > > package. > > Any particular reason why? vpopmail's roaming-users support is poorly designed, slow, and prone to failure. relay-ctrl is not, and is even, in fact, safe to use over NFS (I've done it) > > However, I wouldn't even use pop-before-smtp.. I would set up SMTP > > authentication and require that. > > His usersuMe too. But his users have grown used to it. I suggested > starting SMTP-Auth on another port and slowly switching pop-before-smtp > completely off. that's what email is so handy for. You send your users an email telling them they have to change in their mail clients, and give them a URL with some pictures and instructions, and notify your support staff about the change, and train them how to handle the situation.. then send that email every week for 3 months. After the 3 months is up, shut pop-before-smtp off. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] pgpg9RvvDmhFP.pgp Description: PGP signature
Re: [vchkpw] many roaming users
Payal Rathod ha scritto: Hi, The other day a friend showed interest in qmail server. He is running sendmail for many years and wants to shift to a better MTA (for his moderately loaded server of 3 thousand users) during hardware change. I have advised him qmail + vpopmail combo, but am scared of one thing only. Can cdb handle that lot of recompiling (he surely does not want any kind of sql) because almost all his users are roaming users? I use roaming user with a ~ 1600 server, the system is made by 2 frontend and an NFS server, i've used this patch to make the roaming users function work with mysql instead of cdb over NFS: http://www.tnpi.biz/internet/mail/toaster/patches/tcpserver-mysql.shtml The server works great since 3 years. Regards.
Re: [vchkpw] many roaming users
On Wed, May 18, 2005 at 01:15:22PM -0500, Jeremy Kitchen wrote: > don't use vpopmail's roaming-users functionality if you want > pop-before-smtp authentication, use Bruce Guenter's relay-ctrl > package. Any particular reason why? > However, I wouldn't even use pop-before-smtp.. I would set up SMTP > authentication and require that. His usersuMe too. But his users have grown used to it. I suggested starting SMTP-Auth on another port and slowly switching pop-before-smtp completely off. With warm regards, -Payal
Re: [vchkpw] many roaming users
On Wednesday 18 May 2005 12:45 pm, Payal Rathod wrote: > Hi, > The other day a friend showed interest in qmail server. He is running > sendmail for many years and wants to shift to a better MTA (for his > moderately loaded server of 3 thousand users) during hardware change. I > have advised him qmail + vpopmail combo, but am scared of one thing > only. Can cdb handle that lot of recompiling (he surely does not want > any kind of sql) because almost all his users are roaming users? don't use vpopmail's roaming-users functionality if you want pop-before-smtp authentication, use Bruce Guenter's relay-ctrl package. However, I wouldn't even use pop-before-smtp.. I would set up SMTP authentication and require that. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED] pgp84VSwqcz1d.pgp Description: PGP signature