Re: [Dovecot] v2.0 configuration parsing
Timo Sirainen wrote: I'm trying to figure out how exactly v2.0 should be parsing configuration files. The most annoying part is if it should always just use whatever comes first in config or try some kind of a use most specific rule. The most specific kind of makes more sense initially, but then you start wondering how to handle e.g.: 1) User logs in to imap from 192.168.0.1. What is foo's value? protocol imap { remote_ip 192.168.0.0/16 { foo = foo } } remote_ip 192.168.0.0/24 { foo = bar } make it protocols { imap { remote_ip x/16 { foo = foo } } all { remote_ip x/24 { foo = bar } } } 2) User logs in from 192.168.0.1 to 10.1.2.3. What is foo's value? local_ip 192.168.0.1 { remote_ip 10.1.2.0/24 { foo = foo } } remote_ip 10.1.2.3 { local_ip 192.168.0.0/24 { foo = bar } } I'd strongly suggest to use the same approach as firewalls (or exim): first match wins. I love exim because I can configure it much like my firewalls routers, and the fall through until something matches syntax that most firewalls/ACLs use is well-understood flexible. Kind regards, Felix -- Felix Schüren Head of Network --- Host Europe GmbH - http://www.hosteurope.de Welserstraße 14 - 51149 Köln - Germany Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*) HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678 Geschäftsführer: Uwe Braun - Alex Collins - Mark Joseph - Patrick Pulvermüller (*) 0,14 EUR/Min. aus dem dt. Festnetz, Mobilfunkpreise ggf. abweichend
Re: [Dovecot] v2.0 configuration parsing
Daniel L. Miller wrote: Timo Sirainen wrote: On Mon, 2009-08-10 at 12:09 -0700, Daniel L. Miller wrote: If at all possible, I would much rather see an error thrown than choosing which one to accept. To me, having Dovecot tolerate broken configurations is less desirable than giving clear feedback for the user to fix it. Anything from: foo is defined more than once overlapping ip declarations remote_ip declaration in protocol imap conflicts with remote_ip declaration in protocol all It's not necessarily a broken configuration. For example you could have: disable_plaintext_auth = yes # default also remote_ip 192.168.0.0/16 { # allow plaintext auth from intranet disable_plaintext_auth = no } That's an ok configuration, right? But then again, maybe one of those IPs is a proxy to outside world and you don't want plaintext auth from there: remote_ip 192.168.123.44 { disable_plaintext_auth = yes } But I guess if there truly are some conflicts it could warn about them .. although that might be more work than it's worth. :) Well - if those are not broken configs, then I guess I misunderstood the question. I would expect the most restrictive test to govern, so: remote_ip 192.168.0.0/16 { # allow plaintext auth from intranet disable_plaintext_auth = no } remote_ip 192.168.10.0/8 { # allow plaintext auth from intranet disable_plaintext_auth = yes } remote_ip 192.168.0.1 { # allow plaintext auth from intranet disable_plaintext_auth = no } connecting from 192.168.0.1 should result in disable_plaintext_auth = no. I agree - however, it makes the config harder to read, and you pretty much need something like dovecotctl -acl -dump or an equivalent to netstat -r or iptables -L to display them in the correct order if the ruleset becomes complex. By using a first-match wins syntax, you make the actual config file much simpler to read, as it maps to the running process. kind regards, Felix -- Felix Schüren Head of Network --- Host Europe GmbH - http://www.hosteurope.de Welserstraße 14 - 51149 Köln - Germany Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*) HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678 Geschäftsführer: Uwe Braun - Alex Collins - Mark Joseph - Patrick Pulvermüller (*) 0,14 EUR/Min. aus dem dt. Festnetz, Mobilfunkpreise ggf. abweichend
Re: [Dovecot] dbox benchmarks
Timo Sirainen wrote: On Apr 2, 2009, at 10:08 PM, Daniel L. Miller wrote: I can see where large mailservers would benefit from significant write performance increases - but unless the server is being actively limited by the local delivery agent, what other performance benefits does this offer? In particular, is there any increase in READ performance by using dbox? Should be, since the files are larger there is most likely less fragmentation. But it's more difficult to benchmark read performance in a realistic way. Does it reduce memory consumption at all? Maybe a bit, but that's probably irrelevant. what's most relevant for us about dbox: Backups. We have lots of customers with huge maildirs, and Backups are taking forever (just having to fstat 100k entries takes a while, then all the individual stuff for all the new messages...). Go dbox! :) Kind regards, Felix -- Felix Schüren Head of NOC -- Host Europe GmbH - http://www.hosteurope.de Welserstraße 14 - D-51149 Köln - Germany Telefon: (0800) 4 67 83 87 - Telefax: (01805) 66 32 33 HRB 28495 Amtsgericht Köln - UST ID DE187370678 Geschäftsführer: Uwe Braun - Alex Collins - Mark Joseph - Patrick Pulvermüller