Henning Brauer wrote:
> > Obviously - but all the hosts have to speak SMTP anyway (to receive mail
> > from clients and foreign MTAs) so what's the point in running QMQP?
>
> efficiency, reliability, pure speed. ressource consumption, delivery time.
At the expense of supporting two protocols instead of just one,
increasing complexity, and decreasing security (in the form of potential
mail abuse). This is not an acceptable tradeoff.
> It's usually safe to allw access to the qmail-qmqpd for your entire subnet.
No it's not (and especially in my case where the local subnet is
effectively the internet).
> Any mail injected at the foreign machine destined for the local domain but
> for a user on a different system will be undeliverable.
Not true. The only requirement is that box thinks the domain for that
address is local to that box. Remember that all ten machines believe
that all domains are their "local domain".
> Still broken design. Internet mail does not work this way.
Yes it does. Netscape Messaging server works this way very successfully.
> "Others do it this way" to things the same way. It is clearly documented
> that in-cluster deliveries work over qmqp and not smtp. If you don't read
> the docs...
...and I am arguing that doing this over QMQP is the wrong approach in
my case. I am not arguing as to whether doing it over SMTP is possible
*now* or not, I am arguing that there is no reason that it shouldn't be
possible.
> Then don't talk, do. Don't write mails, code.
I already offered to, but you made it clear that if I submitted a patch
to do this you would not accept it.
> You are convinced that what you have is _the_ solution. I treat it as a
> design failure. You misunderstand the way internet mail works IMHO.
Having been involved in the integration of a number of large email
systems (the largest scaled at an initial capacity of 1.4 million
mailboxes) I would disagree with you. This solution is not mine, but
someone else's - it works. As yet you have not been able to give a
reason why it's a bad idea, only that you have a different idea.
> Obviously we don't need to discuss this further. We won't agree.
> You still insist on what you call your solution instead of answering a
> simple question. "What problem are you trying to solve?".
This question is answered in my next paragraph:
> > The trouble is that you are opposing the suggestions I have for
> > achieving the last ten percent of my design requirement - and in doing
> > so you are suggesting workarounds and kludges that *do not meet* my
> > design requirements. My requirements are:
> >
> > - It must scale from one to n machines
> > - All machines must have a virtually identical config and be consistent
> > - All machines must share *one* authoritative LDAP account tree with
> > *no* record duplication
> > - Any user should be able to send mail via SMTP to any machine and mail
> > delivery to the specific machine should "just work".
> > - Any external MTA should be able to deliver any email for any locally
> > hosted domain by connecting to any of these boxes, and mail delivery
> > should "just work".
> > - (The problem of getting the users to fetch their mail from the correct
> > server is a separate problem, but easily solved.)
>
> Not a single problem here as long as all machines are qmail-ldap, including
> the last one. qmail-ldap supports session forwarding for pop3 and imap.
>
> > Removing the restriction that mailHost-based mail delivery is only
> > possible on QMQP and not SMTP will allow me to achieve the above with
> > Qmail-ldap. If you can suggest something different that meets my
> > requirements and is more elegant than I am all ears.
>
> just use qmqp. qmqp is especially designed for this type of usage while smtp
> is not.
But QMQP is not secure without some form of explicit IP address based
packet filter protection, on machines that are on the internet which
adds an unacceptable adminstrative burden to the system. If QMQP had
some form of security on it (TLS + client certificates, perhaps?) then
it would be an option. In the mean time SMTP may be less performance,
but it works and is secure.
Regards,
Graham
--
-----------------------------------------
[EMAIL PROTECTED] "There's a moon
over Bourbon Street
tonight..."
S/MIME Cryptographic Signature
