One quick comment about check_sasl_access and established sessions. This may not work reliably with Berkeley DB.
It is best to use a SQL, LDAP, ... database. I haven't checked
whether tinycdb (when not chrooted) automatically re-opens updated
".cdb" files. If so, CDB might work too.
--
Viktor.
