Hi,
I was thinking about the best way to query external processes as
databases for postfix lookup tables. Almost all methods described in
https://www.postfix.org/DATABASE_README.html
are bound to a particular file format or a particular database, and the
only method that allows to contact an arbitrary separate process is tcp,
which, on the other hand, is rather limited based on
https://www.postfix.org/tcp_table.5.html
and even this manpage says
Do not use TCP lookup tables for security critical purposes.
The client-server connection is not protected and the server is
not authenticated.
I'd therefore like to propose two enhancements:
1. (minor): Do support connecting to unix domain sockets as well. They
are a much better way to protect a service by keeping it completely
outside of internet protocols and allowing to use unix/linux file
owner ships and permissions. Should be simple to implement, just use
a unix domain socket and connect to a path.
2. (major): Use HTTP(S)/REST as an alternative protocol, allowing
things like TLS, client certs, password authentication.
best regards
Hadmut
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
