[milters] Archive

Lists Index Date Thread Search

Article: 725
From: Derek J. Balling
Date: 2005-09-20 08:52:39 -0400
Subject: Re: Greylist/cache in SQL for milter-sender?

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support

On Sep 20, 2005, at 7:48 AM, Anthony Howe wrote:
> Install milter-sender on the 3rd server using an Internet host:port
> specifier instead of the unix domain socket specifier, then specify in
> the Sendmail config for the two MXes that they should consult
> milter-sender via an Internet socket to the 3rd machine.
> In this way you can centralise the cache used by milter-sender. NOTE
> that a copy of the access.db should be found on the 3rd server or
> accessible by NFS for B/W list support.
> ANY milter (not just Snert milters) can be centralised in this manner,
> since its a base functionality of libmilter and Sendmail.

There's lots of reasons to use SQL and not this method:

(1) it requires you to open up libmilter to TCP sockets. There's not  
been a lot of libmilter testing when it comes to security, but most  
of that is acceptable risk since it's a UNIX socket. When you open  
that up to the outside world, that risk is unacceptable in many places.

(2) libmilter really doesn't scale "solo", and by that I mean "a  
single host acting as the 'milter host' for a farm of 20-30 servers  
will just be absolutely crushed."

By allowing for use of a SQL backend to cached data, you enable the  
milter to be used in much larger environments. Also, if you make it  
so that it *requires* an SQL backend (like SQLite or whatever it's  
called), you can then start to do really cool sorts of things like  
not just doing key/value lookups in the database but pattern  
matching, etc., etc.

I'm not saying you should go the "require SQL" route, but definitely  
you should give it the option of reading/writing its runtime data  
from an SQL host somewhere. You absolutely can make it one of those  
"if you want to do this, here's the ./configure magic incantations,  
we're not going to auto-detect that sort of thing yet" type of  
situations, but I think you'll find that you open up a lot of doors  
going down that road.


Lists Index Date Thread Search