On May 18, 2005, at 3:39 PM, Jeremy Kitchen wrote:

On Wednesday 18 May 2005 01:26 pm, Payal Rathod wrote:

On Wed, May 18, 2005 at 01:15:22PM -0500, Jeremy Kitchen wrote:

don't use vpopmail's roaming-users functionality if you want
pop-before-smtp authentication, use Bruce Guenter's relay-ctrl

Any particular reason why?

vpopmail's roaming-users support is poorly designed, slow, and prone to

I'd like to see some evidence to back up this assertion. One could argue all day about whether it's poorly designed, but as I recall, you were not there when it was designed. While I completely agree that smtp-auth is a better method of allowing users to relay, anyone with even a little bit of experience working in large scale ISP or other hosting environments knows exactly how much pain and real cost is involved in getting even a small number (hundreds) of clients to update their email settings.

Most places assign a dollar value to every support call and when you start doing the math, if you have 10% of this fellows 3,000 users calling in because they can't figure out how to update their ancient version of (Eudora|Outlook|Netscape] from 1995 to use SMTP-AUTH, it's going to cost his company thousands of dollars. Telling him to depreciate the use of POP before SMTP simply isn't terribly practical advise.

How exactly is vpopmail roaming-users slow? You authenticate and the IP is immediately stuffed into open-smtp, which is compiled into tcp.smtp that very same second. How is that slow? The user can relay immediately. I have 600,000 users who have never once complained about it being slow. I'm sure this fellows 3,000 users have never had a problem with it being "slow" and never will.

It's only prone to failure if you're using clusters of servers, in which case you'll have lock contention when re-writing the tcp.smtp file on a NFS mount. This does not affect many users of vpopmail and would certainly not show up on a system with only 3,000 users. I was the first to use vpopmail in such an environment and had over 10,000 users on the system when I ran into it. The tcpserver-MySQL patch was written and it's worked great for me and many others since.

That "hack" has worked extraordinarily well for thousands of mail servers since.

relay-ctrl is not, and is even, in fact, safe to use over NFS (I've done it)

Using relay-ctrl on NFS is no less of a hack. On any well designed system that uses NFS, a primary limitation of scale will be NFS r/w operations between the NFS clients and server. Most often the point of using NFS is scalability. Having a cluster of boxes delivering mail for hundreds of thousands of users can quickly saturate even a the beefiest of NFS servers. Thus, a wise systems engineer will do everything he can to avoid adding to that load.

So, the question becomes whether you prefer to litter /var with thousands of IP address files or use a MySQL table to store IPs. Databases were invented just for such purposes and do the job quite admirably.


However, I wouldn't even use pop-before-smtp.. I would set up SMTP
authentication and require that.

His usersuMe too. But his users have grown used to it. I suggested
starting SMTP-Auth on another port and slowly switching pop-before- smtp
completely off.

that's what email is so handy for. You send your users an email telling them they have to change in their mail clients, and give them a URL with some pictures and instructions, and notify your support staff about the change, and train them how to handle the situation.. then send that email every week
for 3 months.  After the 3 months is up, shut pop-before-smtp off.


Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l
      kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail
         GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED]

  Matt Simerson                    http://matt.simerson.net
  The Network People Inc.  http://www.tnpi.biz

Show me a piano falling down a mineshaft and I'll show you A-flat minor.
```````````````````````````````````````````````````````````````````````` ````````````````````````

Reply via email to