| Commit message (Collapse) | Author | Age | Files |
|
|
|
|
| |
We don't use the provided 'slapd_' Munin plugin because it doesn't
support SASL binds.
|
|
|
|
| |
E.g., ‘0.ldif’ → ‘slapd-0.ldif’.
|
|
|
|
|
| |
Using client-side data signing/encryption and wrapping inter-host
communication into stunnel.
|
| |
|
| |
|
|
|
|
|
| |
This decision is left to the MX (as for 'fripostIsStatusActive'), which
will set the envelope recipient accordingly.
|
|
|
|
|
|
| |
So our suffix is now a mere 'dc=fripost,dc=org'. We're also using the
default '/var/lib/ldap' as olcDbDirectory (hence we don't clear it
before hand).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We introduce a limitation on the domain-aliases: they can't have
children (e.g., lists or users) any longer.
The whole alias resolution, including catch-alls and domain aliases, is
now done in 'virtual_alias_maps'. We stop the resolution by returning a
dummy alias A -> A for mailboxes, before trying the catch-all maps.
We're still using transport_maps for lists. If it turns out to be a
bottleneck due to the high-latency coming from LDAP maps, (and the fact
that there is a single qmgr(8) daemon), we could rewrite lists to a
dummy subdomain and use a static transport_maps instead:
virtual_alias_maps:
mylist@example.org -> mylist#example.org@mlmmj.localhost.localdomain
transport_maps:
mlmmj.localhost.localdomain mlmmj:
|
|
|
|
|
|
| |
They were only a dirty hack for list commands à la Mailman such as
mylist-request. If we are to use another list manager such as mlmmj,
which uses a VERP delimiter instead, the problem disappears.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead, we pretend that lists are valid users (via a match in the
mailbox_transport_maps) but choose a different transport (with the same
request in transport_maps).
The advantage is that we get rid of the ugly hack for list transport…
A minor drawback is that we now have two LDAP lookups instead of one for
non local addresses (ie, everything but reserved addresses). Hopefully
the requests are cached; but even if they aren't, querying a local LDAP
server is supposed to be cheap.
|
| |
|
|
|
|
|
|
| |
It'd certainly be nicer if we didn't have to deploy amavis' schema
everywhere, but we need the 'objectClass' in our replicates, hence they
need to be aware of the 'amavisAccount' class.
|
| |
|
|
|