Hi again,

> > However, I strongly
> > disagree with the INSTALL wording if that's the case! It makes it sound
> > like Matt's patch is only "suggested", but it honestly seems to be REQUIRED
> > when mysql support is enabled in vpopmail.
> 
> The INSTALL file is right.

Short note; quoting the INSTALL file:

--- begin ---
13. For sites using the mysql module and --enable-roaming-users=y it
    is highly suggested to use Matt Simersons tcpserver-mysql patch.
    This removes the need for vpopmail to compile a tcp.smtp.cdb file
    for each pop authentication. Instead, tcpserver looks directly
    into the vpopmail mysql table of IP's.
--- end ---

It is correct that the tcpserver-mysql patch removes the need for
vpopmail to compile a tcp.smtp.cdb file for each pop authentication.
That's true, the _need_ for that functionality is removed - but not the
functionality itself! vpopmail still compiles a tcp.smtp.cdb file, so
the tcpserver-mysql patch doesn't mean anything to vpopmail. As vpopmail
doesn't know of you're using the tcpserver-mysql patch, it has no way to
know that it doesn't have to update tcp.smtp.cdb.

I don't think there's a big performance hit using the tcpserver-mysql
patch, as reading from a cdb file is already extremely fast. Thus, the
benefit isn't in tcpserver itself; but it's the _possibility_ to remove
the time-consuming tcp.smtp.cdb rebuild functionality from the vpopmail
code. If you don't do that (manually), the tcpserver-mysql patch doesn't
mean anything better to you compared to a working cdb setup without it.

To make that patch really usable, vpopmail needs a way to know that it
doesn't have to update tcp.smtp.cdb, maybe a ./configure parameter like
"--i-use-the-tcpserver-mysql-patch-and-thus-do-not-need-cdb-updates".

In some situations (like yours, Jesse), the tcpserver-mysql patch seems
to act as a "fix", but it actually is a different thing. Your problems
have been with file permissions, not with vpopmail requiring a patch
that's marked as optional/suggested. It only looks like a fix because
its totally different approach doesn't depend on file permissions.

And, while we're at it... the newest README.mysql file tells us to...

#define MYSQL_UPDATE_SERVER "localhost"
#define MYSQL_UPDATE_USER   "root"
#define MYSQL_UPDATE_PASSWD "secret"

#define MYSQL_READ_SERVER   "localhost"
#define MYSQL_READ_USER     "root"
#define MYSQL_READ_PASSWD   "secret"

>From a security perspective, it should be preferred to use a dedicated
MySQL user instead of "root"; this would highly reduce the danger that a
possibly table-corrupting vpopmail bug would have on MySQL data. Yes,
it's the user's choice, and MySQL administrators should already know
that, but IMHO the README.mysql file should set a good example here.

Jonas


Reply via email to