On 2000-11-20 16:52, Tommi Virtanen wrote:
>Based on Postfix, LDAP, Courier-IMAP and maildrop.
>
>"mailsystem" etc are just temporary placeholders for a good software name.
>
>
>Mail Delivery
>=============
>
>Frontend
>--------
>
>1..n frontend boxes
>
>Have targetdomains @example.com and @invalid as virtual domains.
>
>virtual_maps = hash:/etc/postfix/virtual, ldap:ldapvirtual
>ldapvirtual_query_filter =
> (&(mail=%s)(!(|(maildrop="*|*")(maildrop="*:*")(maildrop="*/*"))))
> ldapvirtual_result_attribute = maildrop
>
>/etc/postfix/virtual:
>
>example.com dummy
>invalid dummy
>
>{NOTE to Russell: you can put the those in LDAP, too. It's all in the
>LDAP_README}
>
>
>ldap entries like:
>
>dn: cn=foo, dc=my, dc=com
>mail: [EMAIL PROTECTED]
>maildrop: [EMAIL PROTECTED]
I am playing with the following. This meets all schema validation (I have
full schema checking turned on):
dn: [EMAIL PROTECTED], ou=EMail, dc=coker, dc=com, dc=au
objectclass: pilotPerson
objectclass: inetLocalMailRecipient
cn: [EMAIL PROTECTED]
sn: Test mail aliases
mail: [EMAIL PROTECTED]
mailPreferenceOption: 0
mailLocalAddress: /tmp
mailLocalAddress: [EMAIL PROTECTED]
One problem I am having is that /tmp becomes expanded to [EMAIL PROTECTED]
instead of resulting in a write to /tmp/user .
>1..m backend boxes, may overlap with frontend boxes. More than one
>"logical backend" can reside in the same physical server; e.g. you
>may split by the hard disk the mail reside in.
>
>Backend box #42:
>
>virtual_maps = hash:/etc/postfix/virtual-h42
>
>/etc/postfix/virtual-h42:
>
>h42.mail.example.com dummy
>@h42.mail.example.com mailuid
>
>h42.mail.invalid dummy
>@h42.mail.invalid mailuid
>
>~mailuid/.forward:
>|mailsystem-store-mail
>
>mailsystem-store-mail uses env. vars USER, EXTENSION and DOMAIN to:
>
>1. if $DOMAIN/$USER does not exist, search ldap for maildrop=$USER@$DOMAIN
> and create maildir or bounce as appropriate.
>
>2. if $EXTENSION set, ensure that subfolder exists; create with maildirmake
> -f if necessary
>
>3. store mail in $DOMAIN/$USER/.$EXTENSION/ or $DOMAIN/$USER/ with
> deliverquota (fetch quota from LDAP, cache on disk?)
> (a bash script could use USERPAD="${USER:0:2}__";
> "$DOMAIN/${USERPAD:0:2}/$USER/.$EXTENSION/"
> for hashing)
This all sounds great! Does postfix currently set all these variables?
>Regularly run a cross-reference between LDAP and actual maildirs, remove
> maildirs for which no LDAP entry is found.
A better solution is to not remove the LDAP but flag it as deleted to remove
a user. Then have a cron job to clean up things which will search for the
deleted flag, delete maildir's, web space, etc (as appropriate), then do the
actual deletion.
Compiling a list of 50,000 users and matching them against a similar LDAP
directory isn't going to be fun!
>Alternative 3: IMAP/POP frontend passes connections on
>------------------------------------------------------
>
>There are frontend IMAP/POP servers that listen for connection, get username
>and proxy the connection to the correct backend IMAP/POP server that can
> access mail for that user.
>
>No need for NFS mount, atleast not for cross-mounts.
>
>May hinder authentication methods.
>
>Has overhead.
A better idea IMHO. Netscape mail server has been doing this for a while and
it works OK for Netscape.
>TODO
>====
>
>Reliability?
>
>Mailbox migration? Is it needed?
Ability to migrate mailboxes would be really good. What I would like to see
is a pair of front-end programs for SMTP and POP which work together for
migrating email from one server to another. When the user connects to the
old server via POP the password could be recorded which would allow a third
program to change the DB to direct all that user's traffic to the new server
and then suck all email from the old server and deliver it to the new server.
--
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/ My home page
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
