Date: Tue, 3 Aug 1999 15:31:09 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: Alex Zepeda <garbanzo@hooked.net> Cc: Markus Stumpf <maex-freebsd-hackers@Space.Net>, Mike Hoskins <mike@snafu.adept.org>, hackers@FreeBSD.ORG Subject: Re: Solution for mail pseudo-users? Message-ID: <199908032231.PAA23922@apollo.backplane.com> References: <Pine.BSI.3.95.990803141818.27230A-100000@fish.hooked.net>
next in thread | previous in thread | raw e-mail | index | archive | help
:On Tue, 3 Aug 1999, Markus Stumpf wrote:
:
:> > I just don't see any justification in hacking away at all of your software
:> > to bypass the passwd database. What is gained?
:>
:> If you have 100000+ users you'll run out of UIDs (see recent thread).
:
:I find it hard to believe that handling 100,000 users on one box is a good
:idea in the first place.
:
:> Also you'll have to run the script to allow users to change passwords as
:> "root", which you probably will NOT want to do (same for adding/
:> deleting/changing users)
:
:So with your setup, any user can add/delete/modify existing users? Yeah,
:that's secure.
:
:> Also with 30000+ (maybe even with 10000+) users each rebuild of the
:> passwd database will become SLOW and you have to take care about locking
:> and such ... been there, tried it, didn't like it.
:
:Yes, but with 100k+ users, a database (that requires slow rebuilding) is
:faster to find random records in than a flat text file. In fact, perhaps
:you should have instituted some sort of cron'd rebuild (once every 30
:minutes for instance), and then queued the changes, so as to prevent users
:from frobbing in an incorrect manner.
:
:- alex
:
:You better believe that marijuana can cause castration. Just suppose your
:girlfriend gets the munchies!
I'm going to try again. The last response I posted to the wrong thread.
This is what I do. I create a pseudo domain and a separate kmap in
sendmail and route the mail to a separate backend. There are no
user id's to have to worry about. The password file is not involved
at all.
Here's an example.
S98
# ... whatever else was in ruleset 98 before ...
R$+ + $* < @ pplus . $=w > $* $#popplus $: $1 < @ pplus . $3 > $4
R$+ + $* < @ pplus . $=w . > $* $#popplus $: $1 < @ pplus . $3 > $4
R$* < @ pplus . $=w > $* $#popplus $: $1 < @ pplus . $2 > $3
R$* < @ pplus . $=w . > $* $#popplus $: $1 < @ pplus . $2 > $3
Add to the SBasic_check_rcpt rule:
R$+ < @ pplus . $=w > $@ OK
Add to the mailers ( this is just an example, you would need to
construct your own backend though, I suppose, I could make my
dpopper backend available. It is not 100% finished though ).
Mpopplus, P=/usr/local/bin/dpopmail, F=SDEFhlMsu, S=10/30, R=20/40,
U=dpop, A=dpopmail $u
Then all I do is create entries in my forwarding Kmaps or aliases
file to direct somecomplexusername to username@pplus.my.domain.
Ok, that seems a bit more complex that it really is, but if you are
handling hundreds or thousands of users it is worth the trouble to
setup something like this.
Sendmail operates off of KMap's ... basically dbmed map files. At
BEST, before I left, some of our sendmail KMaps had over a fifty-thousand
entries in them. It's worth doing. Linear files are death.
You can easily support several hundred thousand users with a setup like
this. Even more.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908032231.PAA23922>