On Sunday, March 25 at 09:22 PM, quoth Jun Inamori:
With 'UCSPI-TCP MySQL patch', the list of reliable IP address can be
passed from 'vpopmail' to 'tcpserver' through MySQL table, not:
/etc/tcp.smtp.cdb
In other words, 'vpopmail' does not need to update:
/etc/tcp.smtp.cdb
for every successful POP3 authentication.
In other words, it's a re-implementation of relay-ctrl that requires
mysql?
With this patch, greylisting can be skipped for those reliable IP
address.
And it's also a re-implementation of qgreylist?
In addition, the list of malicious IP address can be passed from
'vpopmail' to 'tcpserver' through MySQL table, not:
/etc/tcp.smtp.cdb
What is the benefit of using MySQL? Normally adding a dependency on a
large external piece of software for communicating a bit of
information that small is considered a bad thing (well, wasteful
and/or pointless, anyway) unless there's a significant other benefit.
Also, normally, you want your program that runs as root (read:
tcpserver) to do as little as possible.
I mean, if the reason you want to patch software rather than wrapping
software is that you're trying to avoid the "slowness" of an extra
exec() call (I would question your reasoning there too, but at least
it's a valid argument), why not patch qmail-smtpd to do this?
If POP3 authentication fails more than 2 times from the same IP address
within 2 minutes, 'tcpserver' thinks it as malicious IP address and
drops the connection.
In other words, never ever forget your password? Why does tcpserver
know anything at all about the POP3 protocol?
~Kyle
--
Victory goes to the player who makes the next-to-last mistake.
-- Chessmaster Savielly Gricorievitch Tatrtak
pgp8UUqsLRkIO.pgp
Description: PGP signature
|