On 10/08/2015 05:01 PM, Viktor Dukhovni wrote:
On Thu, Oct 08, 2015 at 04:54:08PM +0200, Rob Sterenborg (Lists) wrote:
On 10/07/2015 05:35 PM, Viktor Dukhovni wrote:
If your smtpd is not chrooted, you might have better luck with CDB,
than Berkeley DB, though I am not sure whether tinycdb (like DJB's
original implementation) detects table file changes and automatically
reopens the table on the fly.
It seems it does:
postfix/smtpd[20438]: table cdb:/path/to/recipients(0,lock|fold_fix|
utf8_request) has changed -- restarting
That's not sufficient. It would have to see the new data without
restarting. With DJB's CDB, I think the underlying mmaped file is
reopened transparently if it changes. With tinycdb, it might not
be. At the very least, that can't happen if Postfix is chrooted,
or the table can only be opened by root.
As the filename implies it contains recipients. When the file is
updated, I see the above line and after that Postfix knows about any
change in the file.
There's one thing though that I overlooked when posting and what you're
referring to: we're not running Postfix chrooted so we wouldn't be
running into that.
Wietse Venema wrote:
> Yes, but the check happens at the beginning of an SMTP session, not
> in the middle. A Postfix process does not reopen files mid-flight
> because it may not have sufficient privileges to do so (iin addition,
> cdb files are renamed, not overwritten, so the lookup result does
> not change during the lifetime of the SMTP daemon process; if you
> need instant visibility, use LMDB, LDAP or *SQL).
I see. Except for recipients we already have most lookup tables in SQL.
So far having recipients in a regularly updated cdb hasn't been a
problem for us, but it seems it could be in the future so I think I'll
change that to SQL too.
--
Rob
