What would be the advantage of using MySQL with Postfix? I now use it
without and I have no complaints about it... Thanks, Jos Chrispijn |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 From: "Jos Chrispijn" <[hidden email]> > What would be the advantage of using MySQL with Postfix? I now use it > without and I have no complaints about it... Without mysql the accounts of postfix must be local accounts. scalability: without mysql you can only have about 65000 accounts (linux?) while using mysql you can serve a lot more... security less security problems because mailaccounts != localaccounts Jack -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) - GPGrelay v0.959 iD8DBQFIKDc8Ph5RwW/NzC4RApDYAJ9lehSEG6lICGGZs5+LR6hzEAYCPwCfeFI/ Evi3EOgZFTidCx0wmUGGxsw= =zU/1 -----END PGP SIGNATURE----- |
> From: "Jos Chrispijn" <[hidden email]>
> > > What would be the advantage of using MySQL with Postfix? I now > > use it without and I have no complaints about it... Then relax, you don't need it. Eventually you might see a benefit to maintaining some lookups in SQL or other network-based service, but when that time comes you will know. On Mon May 12 2008 07:25:31 Jack Raats wrote: > Without mysql the accounts of postfix must be local accounts. This is not true; virtual_*_maps and relay_recipient_maps can be in hash: or other tables. (ANY supported and appropriate map type.) > scalability: > without mysql you can only have about 65000 accounts (linux?) > while using mysql you can serve a lot more... If your service is going to scale up to such numbers, indeed, a SQL or LDAP backend is highly recommended. At that point you might also need to distribute users among different mailstores, too. > security > less security problems because mailaccounts != localaccounts That's too simplistic. If a Unix user doesn't have shell access, there is arguably much greater security in that his UID can only affect his own mail. In a typical virtual(8) setup, a single UID might control all mail for a given domain, or even all virtual_mailbox_domains. A compromise of that UID could be disastrous. Conversely if a virtual user *needs* shell access, you have the worst of both: the reduced functionality of the virtual(8) delivery agent, and the greater exposure to potential exploits that comes with providing shell access. The matter of how to secure a system with shell users is beyond the scope of this list, and I admit, it's not trivial. I merely wish to dispute the FUD that virtual(8) is inherently "more secure". -- Offlist mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header |
In reply to this post by Jack Raats
Jack Raats wrote:
> > From: "Jos Chrispijn" <[hidden email]> > > > > What would be the advantage of using MySQL with Postfix? I now use it > > without and I have no complaints about it... - remote admin using a web UI or a mysql tool. - mysql replication - possibility to put some "logic" in the queries. - ... now, only use mysql if you are familiar with mysql. > > Without mysql the accounts of postfix must be local accounts. this is not true. virtual_mailbox_maps may be stored in hash/cdb/... etc. > > scalability: > without mysql you can only have about 65000 accounts (linux?) while using > mysql you can serve a lot more... Berkeley DB supports more than that. > > security > less security problems because mailaccounts != localaccounts This is not true. |
In reply to this post by Jack Raats
Hi,
I don't understand; why is a mySQL account not a local account? Regarding scalability I will never give out more than 100 accounts max L-) -----Original Message----- Without mysql the accounts of postfix must be local accounts. scalability: without mysql you can only have about 65000 accounts (linux?) while using mysql you can serve a lot more... security less security problems because mailaccounts != localaccounts Jack -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) - GPGrelay v0.959 iD8DBQFIKDc8Ph5RwW/NzC4RApDYAJ9lehSEG6lICGGZs5+LR6hzEAYCPwCfeFI/ Evi3EOgZFTidCx0wmUGGxsw= =zU/1 -----END PGP SIGNATURE----- |
> Hi,
> I don't understand; why is a mySQL account not a local account? > Regarding scalability I will never give out more than 100 accounts max > L-) I think the more accurate statement is that mysql accounts are not local unix/linux user accounts (i.e. from /etc/passwd). In that sense they are virtual accounts. That is not to say that mysql accounts cannot be shell accounts, which can obviously be accomplished with some work, but I think the original responder was saying they are not part of the default account system. --Brian |
Oke, thank you all for your replies; I will stick to my simple setup.
Must be said that Postfix imho for me it is and will be as long as I use my own mailserver. --Floor -----Original Message----- From: [hidden email] [mailto:[hidden email]] On Behalf Of Brian Collins Sent: Monday, May 12, 2008 4:52 PM To: 'postfix users list' Subject: RE: mySQL > Hi, > I don't understand; why is a mySQL account not a local account? > Regarding scalability I will never give out more than 100 accounts max > L-) I think the more accurate statement is that mysql accounts are not local unix/linux user accounts (i.e. from /etc/passwd). In that sense they are virtual accounts. That is not to say that mysql accounts cannot be shell accounts, which can obviously be accomplished with some work, but I think the original responder was saying they are not part of the default account system. --Brian |
In reply to this post by Brian Collins-3
Brian Collins wrote:
>> Hi, >> I don't understand; why is a mySQL account not a local account? >> Regarding scalability I will never give out more than 100 accounts max >> L-) >> > > I think the more accurate statement is that mysql accounts are not local > unix/linux user accounts (i.e. from /etc/passwd). even this is not true. one can use pam_mysql. > In that sense they are > virtual accounts. That is not to say that mysql accounts cannot be shell > accounts, which can obviously be accomplished with some work, but I think > the original responder was saying they are not part of the default account > system. > > --Brian > > > |
Free forum by Nabble | Edit this page |