Re: painful mupdate syncs between front-ends and database server

From: Michael Bacon (no email)
Date: Fri Oct 30 2009 - 15:38:07 EDT

  • Next message: Michael Bacon: "Re: painful mupdate syncs between front-ends and database server"

    --On October 19, 2009 9:37:57 PM -0400 Wesley Craig <> wrote:
    > How are your frontend mupdate processes authenticating to your mupdate
    > master? And what version of Kerberos are you using (anticipating the
    > answer to your first question)? I suspect that you're getting a GSSAPI
    > expired context.

    We were originally doing GSSAPI, but ran into catastrophic performance with
    the auth_krb module. I think this relates to Sun's terrible, horrible, no
    good, very bad implementation of krb5 (it appears to have gone downhill
    with the arrival of the cryptoadm framework), but at the time I didn't have
    time to fight with it, so we ditched it in favor of PLAIN with a very long
    password.

    > lmtpd on your proxies is talking directly to the mupdate master? It's
    > possible for lmtpd on your proxies to only check the local mailboxes.db.

    I'm a little confused as to why this is happening too. Initially, when we
    configured inbound mail, we were relying on the lmtpproxyd's to return
    "User unknown" messages, and just telling sendmail to let it all in. Bad
    idea -- I quickly put a valid user database back into place, because that
    was absolutely destroying the mupdate server, with all of the kicks it was
    generating. At this point, we really shouldn't be having any bad users
    coming into the system, but because of various things (like user tables
    that aren't 100% up to date), we still get the occasional ones, but I don't
    think that's what's killing us. At this point, I'm not 100% sure on how to
    quantify exactly what's making connections to the mupdate master and what's
    not, so I could be very off on what's going on.

    Michael Bacon
    UNC Chapel Hill

    ----
    Cyrus Home Page: http://cyrusimap.web.cmu.edu/
    Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
    List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
    

  • Next message: Michael Bacon: "Re: painful mupdate syncs between front-ends and database server"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD