mySQL

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

mySQL

Jos Chrispijn
What would be the advantage of using MySQL with Postfix? I now use it
without and I have no complaints about it...

Thanks,
Jos Chrispijn

Reply | Threaded
Open this post in threaded view
|

Re: mySQL

Jack Raats
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


From: "Jos Chrispijn" <[hidden email]>


> What would be the advantage of using MySQL with Postfix? I now use it
> without and I have no complaints about it...

Without mysql the accounts of postfix must be local accounts.

scalability:
without mysql you can only have about 65000 accounts (linux?) while using
mysql you can serve a lot more...

security
less security problems because mailaccounts != localaccounts

Jack

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - GPGrelay v0.959

iD8DBQFIKDc8Ph5RwW/NzC4RApDYAJ9lehSEG6lICGGZs5+LR6hzEAYCPwCfeFI/
Evi3EOgZFTidCx0wmUGGxsw=
=zU/1
-----END PGP SIGNATURE-----
Reply | Threaded
Open this post in threaded view
|

Re: mySQL

/dev/rob0
> From: "Jos Chrispijn" <[hidden email]>
>
> > What would be the advantage of using MySQL with Postfix? I now
> > use it without and I have no complaints about it...

Then relax, you don't need it. Eventually you might see a benefit to
maintaining some lookups in SQL or other network-based service, but
when that time comes you will know.


On Mon May 12 2008 07:25:31 Jack Raats wrote:
> Without mysql the accounts of postfix must be local accounts.

This is not true; virtual_*_maps and relay_recipient_maps can be in
hash: or other tables. (ANY supported and appropriate map type.)

> scalability:
> without mysql you can only have about 65000 accounts (linux?)
> while using mysql you can serve a lot more...

If your service is going to scale up to such numbers, indeed, a SQL or
LDAP backend is highly recommended. At that point you might also need
to distribute users among different mailstores, too.

> security
> less security problems because mailaccounts != localaccounts

That's too simplistic. If a Unix user doesn't have shell access, there
is arguably much greater security in that his UID can only affect his
own mail. In a typical virtual(8) setup, a single UID might control all
mail for a given domain, or even all virtual_mailbox_domains. A
compromise of that UID could be disastrous.

Conversely if a virtual user *needs* shell access, you have the worst  
of both: the reduced functionality of the virtual(8) delivery agent,
and the greater exposure to potential exploits that comes with
providing shell access.

The matter of how to secure a system with shell users is beyond the
scope of this list, and I admit, it's not trivial. I merely wish to
dispute the FUD that virtual(8) is inherently "more secure".
--
    Offlist mail to this address is discarded unless
    "/dev/rob0" or "not-spam" is in Subject: header
Reply | Threaded
Open this post in threaded view
|

Re: mySQL

mouss-2
In reply to this post by Jack Raats
Jack Raats wrote:
>
> From: "Jos Chrispijn" <[hidden email]>
>
>
> > What would be the advantage of using MySQL with Postfix? I now use it
> > without and I have no complaints about it...

- remote admin using a web UI or a mysql tool.
- mysql replication
- possibility to put some "logic" in the queries.
- ...

now, only use mysql if you are familiar with mysql.

>
> Without mysql the accounts of postfix must be local accounts.

this is not true. virtual_mailbox_maps may be stored in hash/cdb/... etc.
>
> scalability:
> without mysql you can only have about 65000 accounts (linux?) while using
> mysql you can serve a lot more...

Berkeley DB supports more than that.
>
> security
> less security problems because mailaccounts != localaccounts

This is not true.




Reply | Threaded
Open this post in threaded view
|

RE: mySQL

Jos Chrispijn
In reply to this post by Jack Raats
Hi,
I don't understand; why is a mySQL account not a local account?
Regarding scalability I will never give out more than 100 accounts max L-)

-----Original Message-----

Without mysql the accounts of postfix must be local accounts.

scalability:
without mysql you can only have about 65000 accounts (linux?) while using
mysql you can serve a lot more...

security
less security problems because mailaccounts != localaccounts

Jack

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - GPGrelay v0.959

iD8DBQFIKDc8Ph5RwW/NzC4RApDYAJ9lehSEG6lICGGZs5+LR6hzEAYCPwCfeFI/
Evi3EOgZFTidCx0wmUGGxsw=
=zU/1
-----END PGP SIGNATURE-----

Reply | Threaded
Open this post in threaded view
|

RE: mySQL

Brian Collins-3
> Hi,
> I don't understand; why is a mySQL account not a local account?
> Regarding scalability I will never give out more than 100 accounts max
> L-)

I think the more accurate statement is that mysql accounts are not local
unix/linux user accounts (i.e. from /etc/passwd).  In that sense they are
virtual accounts.  That is not to say that mysql accounts cannot be shell
accounts, which can obviously be accomplished with some work, but I think
the original responder was saying they are not part of the default account
system.

--Brian


Reply | Threaded
Open this post in threaded view
|

`RE: mySQL

Jos Chrispijn
Oke, thank you all for your replies; I will stick to my simple setup.
Must be said that Postfix imho for me it is and will be as long as I use my
own mailserver.

--Floor

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Brian Collins
Sent: Monday, May 12, 2008 4:52 PM
To: 'postfix users list'
Subject: RE: mySQL

> Hi,
> I don't understand; why is a mySQL account not a local account?
> Regarding scalability I will never give out more than 100 accounts max
> L-)

I think the more accurate statement is that mysql accounts are not local
unix/linux user accounts (i.e. from /etc/passwd).  In that sense they are
virtual accounts.  That is not to say that mysql accounts cannot be shell
accounts, which can obviously be accomplished with some work, but I think
the original responder was saying they are not part of the default account
system.

--Brian


Reply | Threaded
Open this post in threaded view
|

Re: mySQL

mouss-2
In reply to this post by Brian Collins-3
Brian Collins wrote:
>> Hi,
>> I don't understand; why is a mySQL account not a local account?
>> Regarding scalability I will never give out more than 100 accounts max
>> L-)
>>    
>
> I think the more accurate statement is that mysql accounts are not local
> unix/linux user accounts (i.e. from /etc/passwd).

even this is not true. one can use pam_mysql.

>   In that sense they are
> virtual accounts.  That is not to say that mysql accounts cannot be shell
> accounts, which can obviously be accomplished with some work, but I think
> the original responder was saying they are not part of the default account
> system.
>
> --Brian
>
>
>