On May 18, 2005, at 3:39 PM, Jeremy Kitchen wrote:
On Wednesday 18 May 2005 01:26 pm, Payal Rathod wrote:
On Wed, May 18, 2005 at 01:15:22PM -0500, Jeremy Kitchen wrote:
don't use vpopmail's roaming-users functionality if you want
pop-before-smtp authentication, use Bruce Guenter's relay-ctrl
package.
Any particular reason why?
vpopmail's roaming-users support is poorly designed, slow, and
prone to
failure.
I'd like to see some evidence to back up this assertion. One could
argue all day about whether it's poorly designed, but as I recall,
you were not there when it was designed. While I completely agree
that smtp-auth is a better method of allowing users to relay, anyone
with even a little bit of experience working in large scale ISP or
other hosting environments knows exactly how much pain and real cost
is involved in getting even a small number (hundreds) of clients to
update their email settings.
Most places assign a dollar value to every support call and when you
start doing the math, if you have 10% of this fellows 3,000 users
calling in because they can't figure out how to update their ancient
version of (Eudora|Outlook|Netscape] from 1995 to use SMTP-AUTH, it's
going to cost his company thousands of dollars. Telling him to
depreciate the use of POP before SMTP simply isn't terribly practical
advise.
How exactly is vpopmail roaming-users slow? You authenticate and the
IP is immediately stuffed into open-smtp, which is compiled into
tcp.smtp that very same second. How is that slow? The user can relay
immediately. I have 600,000 users who have never once complained
about it being slow. I'm sure this fellows 3,000 users have never had
a problem with it being "slow" and never will.
It's only prone to failure if you're using clusters of servers, in
which case you'll have lock contention when re-writing the tcp.smtp
file on a NFS mount. This does not affect many users of vpopmail and
would certainly not show up on a system with only 3,000 users. I
was the first to use vpopmail in such an environment and had over
10,000 users on the system when I ran into it. The tcpserver-MySQL
patch was written and it's worked great for me and many others since.
That "hack" has worked extraordinarily well for thousands of mail
servers since.
relay-ctrl is not, and is even, in fact, safe to use over NFS (I've
done it)
Using relay-ctrl on NFS is no less of a hack. On any well designed
system that uses NFS, a primary limitation of scale will be NFS r/w
operations between the NFS clients and server. Most often the point
of using NFS is scalability. Having a cluster of boxes delivering
mail for hundreds of thousands of users can quickly saturate even a
the beefiest of NFS servers. Thus, a wise systems engineer will do
everything he can to avoid adding to that load.
So, the question becomes whether you prefer to litter /var with
thousands of IP address files or use a MySQL table to store IPs.
Databases were invented just for such purposes and do the job quite
admirably.
Matt
However, I wouldn't even use pop-before-smtp.. I would set up SMTP
authentication and require that.
His usersuMe too. But his users have grown used to it. I suggested
starting SMTP-Auth on another port and slowly switching pop-before-
smtp
completely off.
that's what email is so handy for. You send your users an email
telling them
they have to change in their mail clients, and give them a URL with
some
pictures and instructions, and notify your support staff about the
change,
and train them how to handle the situation.. then send that email
every week
for 3 months. After the 3 months is up, shut pop-before-smtp off.
-Jeremy
--
Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet
Technologies, Inc.
[EMAIL PROTECTED] ++ inter7.com ++ 866.528.3530 ++ 815.776.9465
int'l
kitchen @ #qmail #gentoo on EFnet IRC ++ scriptkitchen.com/qmail
GnuPG Key ID: 481BF7E2 ++ jabber:[EMAIL PROTECTED]
``````````````````````````````````````````````````````````````````
Matt Simerson http://matt.simerson.net
The Network People Inc. http://www.tnpi.biz
Show me a piano falling down a mineshaft and I'll show you A-flat minor.
````````````````````````````````````````````````````````````````````````
````````````````````````
