V?clav Pernica:
>
> Wietse Venema:
>
> > Alas, as documented tcp_table(5) is an insecure table (no secure
> > communication) so Postfix probably will not allow you to look up
> > mailbox pathnames with this.
>
> You are right it doesn't work:
> fatal: tcp:127.0.0.1:2527 map is not allowed for security sensitive data
>
> Is there an option how to allow it?
The real solution is to add Oracle support, perhaps in the form
of an ODBC driver. I don't use databases. so I can't write that.
Here's a workaround for a workaround.
/etc/postfix/main.cf:
virtual_mailbox_maps = tcp:host:port btree:/some/where/virtual_mailbox
The tcp_table server updates the file-based table and replies with
"not found". Postfix then searches the file-based table.
However, this is not guaranteed to work even if the tcp_table server
uses the same(*) locking method as Postfix (flock() on BSD-ish
systems, fcntl() on SYSV-ish systems incl. Solaris, AIX, SGI, Linux).
It is also possible that Postfix will refuse to read sensitive data
from a file that is not owned by root. After all, the system was
built to resist privilege escalation attacks.
Wietse
(*) Another piece of first-generation code that yet has to be made
run-time configurable.
