On Thu, Jul 24, 2008 at 07:48:51PM +0200, mouss wrote:
> Victor Duchovni wrote:
> >[snip]
> >Listen carefully when Wietse and I recommend "proxymap".
> >
> >Step 1: migrate to "proxy:ldap:" tables
> >
> >Step 2: debug any problems that remain after Step 1.
>
> a question here. is there a reason why proxymap wouldn't be the default
> (so people would have to exclude maps instead of listing the ones that
> use the proxymap service)?
The only tables in a default Postfix configuration are (I compile with
"cdb" as the default_database_type):
alias_database = cdb:/etc/mail/aliases
alias_maps = cdb:/etc/mail/aliases
authorized_flush_users = static:anyone
authorized_mailq_users = static:anyone
authorized_submit_users = static:anyone
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
Any other tables are user defined. You seem to suggest that all "ldap",
"mysql", ... tables be automatically proxied, even when defined as:
foo_maps = ldap:/some/table.cf
how would one specify an unproxied table? If we want to force all
LDAP and *SQL to be proxied when allowed, we'd need to revise the
dict_open() interface, so that clients can specify tables that
must not be proxied for security reasons, and also the map type
registration interface, so that appropriate types are marked for
auto-proxy.
It is not obious how proxy_read_maps will cove to have the right value
when people use custom tables. I don't know that it is safe to allow
proxymap() to be "promiscuous" and allow any table to be opened.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[EMAIL PROTECTED]>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
