Prev: suitable webmail
Next: Whitelist: ~user/.postfix_whitelist; chmod 600.postfix_whitelist?
From: Bernhard Schmidt on 2 Feb 2010 18:47
On 02.02.2010 15:29, Victor Duchovni wrote:

Hi,

> And, use "proxy:ldap:${config_directory}/ldap-aliases.cf", LDAP servers
> typically don't like the connection concurrency that results from each
> smtpd(8) and cleanup(8) using a separate connection. Don't do this,
> however, with tables that are used by trivial-rewrite, specifically
> at least:
>
> relay_domains
> mydestination
> virtual_mailbox_domains
> virtual_alias_domains
> transport_maps
> relocated_maps

Because it's broken and causing problems or because there is just one
instance/connection anyway and thus useless?

Thanks,
Bernhard

From: Wietse Venema on 2 Feb 2010 19:05
Bernhard Schmidt:
> On 02.02.2010 15:29, Victor Duchovni wrote:
>
> Hi,
>
> > And, use "proxy:ldap:${config_directory}/ldap-aliases.cf", LDAP servers
> > typically don't like the connection concurrency that results from each
> > smtpd(8) and cleanup(8) using a separate connection. Don't do this,
> > however, with tables that are used by trivial-rewrite, specifically
> > at least:
> >
> > relay_domains
> > mydestination
> > virtual_mailbox_domains
> > virtual_alias_domains
> > transport_maps
> > relocated_maps
>
> Because it's broken and causing problems or because there is just one
> instance/connection anyway and thus useless?

This would require giving the queue manager a trivial-rewrite daemon
that is shared with no-one else, and talks to a proxymap daemon
that is shared with no-one else. Otherwise, performance would
suffer.

Wietse

From: Victor Duchovni on 3 Feb 2010 00:45
On Wed, Feb 03, 2010 at 12:47:31AM +0100, Bernhard Schmidt wrote:

> On 02.02.2010 15:29, Victor Duchovni wrote:
>
> Hi,
>
>> And, use "proxy:ldap:${config_directory}/ldap-aliases.cf", LDAP servers
>> typically don't like the connection concurrency that results from each
>> smtpd(8) and cleanup(8) using a separate connection. Don't do this,
>> however, with tables that are used by trivial-rewrite, specifically
>> at least:
>>
>> relay_domains
>> mydestination
>> virtual_mailbox_domains
>> virtual_alias_domains
>> transport_maps
>> relocated_maps
>
> Because it's broken and causing problems or because there is just one
> instance/connection anyway and thus useless?

Each trivial-rewrite is already a shared multi-service, performing
indirect lookups for other services (including critically the queue
manager). Making trivial-rewrite depend on upstream shared services
is not a good idea. Yes, it works, but latency and throughput will
suffer under load.

--
Viktor.

P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment. If you are interested, please drop me a note.

From: spamvoll on 3 Feb 2010 08:15
strace did the job.

i had the wrong permissions on the certkey, the postfix user cant read it.

thx for help

2010/2/2 Wietse Venema <wietse(a)porcupine.org>:
> spamvoll(a)googlemail.com:
>> thx Wietse
>>
>> trying it as user postfix i get (Can't contact LDAP server)
>>
>> hmm strange
>
> You have some incorrect file permission, or some "security" software
> such as SeLinux or AppArmor is mis-configured.
>
> Try:
>
>    # service selinux stop
>    # service apparmor stop
>
> etc.
>
> If that is not the problem, try:
>
>    $ strace -o tempfile postmap ...
>
> and look for EACCES etc. errors in the strace output. etc.
>
>        Wietse
>

First  |  Prev  | 
Pages: 1 2
Prev: suitable webmail
Next: Whitelist: ~user/.postfix_whitelist; chmod 600.postfix_whitelist?