Hello,
To the members who replied me, thank you for your suggestions.
As described in:
http://cr.yp.to/cdb.html
CDB is reliable enough to write/read large amount of records.
I agree with you that 'tcpserver' should read the information per IP
address from:
/etc/tcp.smtp.cdb
rather than MySQL.
And 'vpopmail' gives us the option to write them either into:
/etc/tcp.smtp.cdb
or
MySQL
For example, 'vpopmail' can update:
/etc/tcp.smtp.cdb
for the successful POP3 authentication, and can include:
'RELYCLIENT'
in the line for that client IP address.
Then, the original 'tcpserver' reads:
/etc/tcp.smtp.cdb
and can pass:
'RELYCLIENT'
environment variable to 'qmail-smtpd'.
Optionally, 'vpopmail' records the failures of POP3 authentication into:
vlog
SQL table.
With my patch, 'tcpserver' reads this SQL table, and drops the
connection if more than 2 records within 2 minutes are found.
But, it may be better idea to patch 'vpopmail' so that 'vpopmail' updates:
/etc/tcp.smtp.cdb
to include the line for that client IP address with 'deny', rather than
patching 'tcpserver'.
In addition, common programming languages implement API for CDB, as
listed in:
http://cr.yp.to/cdb.html
So, there is no advantage of MySQL over CDB.
But, my client prefers MySQL, and this is why I implement my patch.
I guess they are planning to build some kind of web interface for
customer support, and it will be implemented by API for MySQL.
Jun Inamori
|