Hello again; On Tue, 2003-01-14 at 19:55, Henning Brauer wrote: > your implementation has several flaws IMHO... > [...] > > 2 - if CHECKRCPT is true, control/checkdomains will be read. > > bad. this has enourmous performance/scaling problems, just like rcpthosts - > that's why morercpthosts.cdb exists in the first place... > I don't see the point in this control file at all. >
You did later on :-) I'll get to that later. > > 3 - If the recipient domain is listed in checkdomains, control/checkskip > > will be read. > > uneeded too IMHO... Same here. > > > 4 - If the recipient local part is *not* listed in checkskip, > > qmail-smtpd searches the LDAP server for > > [EMAIL PROTECTED] > > supports extension addresses? > Yeap. Both catchall and DASH_EXT (if enabled) [...] > > Why checkdomains? - Because I only want to check a few of my own > > domains. I could use locals, but that would be unconfortable if I wanted > > a whole domain to sit in ~alias. > > Hmm you have a point here. though checkdomains is the wrong solution IMHO. A CDB could be used, it would be relatively easy. But in my case, it's (currently) only a couple of domains, and the performance impact has been (so far) disregardable. I do have to pre-validate the domains, but any improvement ideas are welcome. Anyway... I guess the code could be changed so an empty or non-existent checkdomains would imply "check everything". Then, the default rule for tcpserver would be :allow,CHECKRCPT=1 This would, however, forbid using this qmail installation as a secondary MX, since all validations would fail for those domains. > > > Why checkskip? - Because some addresses aren't at the LDAP server, like > > root, postmaster, and mailer-daemon. They sit in ~alias, and would be > > rejected if searched. > > yup, and that makes this even harder. Life's a bitch, huh? :-) I really can't think of anything better, though... > > you are inventing more control files that need to be kept in sync. > management issues. I can live with those, although I don't like it. I currently rsync all common files (badmailfrom, rcpthosts, morercpthosts, checkdomains, etc) from a single management machine to all qmail servers. It's just a matter of adding/editing files in that machine. -- Ricardo Cerqueira "ASCII stupid question, get a stupid ANSI"
