From: Derek J. Balling
Date: 2005-09-20 08:52:39 -0400
Subject: Re: Greylist/cache in SQL for milter-sender?
More information..: http://www.milter.info/#Support
On Sep 20, 2005, at 7:48 AM, Anthony Howe wrote:
> Install milter-sender on the 3rd server using an Internet host:port
> specifier instead of the unix domain socket specifier, then specify in
> the Sendmail config for the two MXes that they should consult
> milter-sender via an Internet socket to the 3rd machine.
> In this way you can centralise the cache used by milter-sender. NOTE
> that a copy of the access.db should be found on the 3rd server or
> accessible by NFS for B/W list support.
> ANY milter (not just Snert milters) can be centralised in this manner,
> since its a base functionality of libmilter and Sendmail.
There's lots of reasons to use SQL and not this method:
(1) it requires you to open up libmilter to TCP sockets. There's not
been a lot of libmilter testing when it comes to security, but most
of that is acceptable risk since it's a UNIX socket. When you open
that up to the outside world, that risk is unacceptable in many places.
(2) libmilter really doesn't scale "solo", and by that I mean "a
single host acting as the 'milter host' for a farm of 20-30 servers
will just be absolutely crushed."
By allowing for use of a SQL backend to cached data, you enable the
milter to be used in much larger environments. Also, if you make it
so that it *requires* an SQL backend (like SQLite or whatever it's
called), you can then start to do really cool sorts of things like
not just doing key/value lookups in the database but pattern
matching, etc., etc.
I'm not saying you should go the "require SQL" route, but definitely
you should give it the option of reading/writing its runtime data
from an SQL host somewhere. You absolutely can make it one of those
"if you want to do this, here's the ./configure magic incantations,
we're not going to auto-detect that sort of thing yet" type of
situations, but I think you'll find that you open up a lot of doors
going down that road.
Copyright 2009, 2012 by SnertSoft. All rights reserved.