On 01/10/2010 17:23, Timo Sirainen wrote:
On Wed, 2010-09-29 at 17:07 +0200, mail...@securitylabs.it wrote:
Hello, I'm finding a way to have a pool of smtp-auth servers in front
of my actuals servers to permit relay to our customers. Now users sends
emails connecting to the right IP via mail.domain.tld, with
authentication. Every server has it's own user database in mysql.
Can I use:
http://wiki.dovecot.org/Authentication/MultipleDatabases
to tell Dovecot to authenticate with every MySQL database on the servers
"behind"?
Yes, but if you have many of them, that's quite a lot of unnecessary SQL
lookups. And since they're done one at a time each lookup slows down the
authentication.
I'm quite possibly missing the point, but you might restructure your
application to have:
- one mysql db (replicated if necessary for robustness) with ALL
customer data in it
- pool of postfix servers which auth to the remote db (they can be
persuaded to cache auth results if you wish)
Optionally you could also adjust your structure to:
- first smtp server to be hit accepts mail
- transport map in sql which then directs that server to forward the
mail onto the correct backend server
- remember that your transport map can indicate the use of other ports,
eg you can have an optimised postfix installation which is only
reachable from the frontend machines, but skips a load of
address-rewriting/spam scanning, etc. Configuration is a bit like the
re-injection configu when using amavis
Could have completely missed the point, but this way you get a shared
pool of frontend machines (so might as well spam/av block on them),
which then use a transport map to get the mail internally to the correct
mailbox server. You can obviously also use a similar sql query to ask
Dovecot frontend servers to proxy connections to the correct backend
server...
Does that help at all?
Ed W