Re: mail.local NSS awareness

To: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Subject: Re: mail.local NSS awareness
From: Emmanuel Dreyfus <manu%netbsd.org@localhost>
Date: Wed, 30 Apr 2008 09:16:52 +0000

On Wed, Apr 30, 2008 at 11:08:50AM +0200, Manuel Bouyer wrote:
> Do all MTAs check that the local user exists before calling mail.local ?

Well I assume that there would have been widespread complains if that
was not the case.

> Hum, in light of this I don't understand your problem any more
> (I mean, I see the benefit of having mail.local handle nss failures
> gracefully, but I don't understand how you did run into it).
> If the MTA checks that the user exists, if there's a LDAP failure
> it should fail the message before calling mail.local, isn't it ?

Chaos starts if you have network outage or overloaded LDAP server: 
you can easily reach the situation where MTA can look up the user
successfully, and mail.local gets a failure. The situation is rare,
but it can happen. With current mail.local behavior, the mail is 
silently discarded, which is extremely bad.

-- 
Emmanuel Dreyfus
manu%netbsd.org@localhost

Follow-Ups:
- Re: mail.local NSS awareness
  - From: Manuel Bouyer

References:
- Re: mail.local NSS awareness
  - From: Manuel Bouyer
- Re: mail.local NSS awareness
  - From: Emmanuel Dreyfus
- Re: mail.local NSS awareness
  - From: Manuel Bouyer
- Re: mail.local NSS awareness
  - From: Emmanuel Dreyfus
- Re: mail.local NSS awareness
  - From: Manuel Bouyer

Prev by Date: Re: RFC: Going the LDAP/Kerberos way with NetBSD.
Next by Date: Re: RFC: Going the LDAP/Kerberos way with NetBSD.
Previous by Thread: Re: mail.local NSS awareness
Next by Thread: Re: mail.local NSS awareness
Indexes:

Home | Main Index | Thread Index | Old Index