Loading ...
Sorry, an error occurred while loading the content.

Re: memcached questions

Expand Messages
  • Viktor Dukhovni
    ... I would not use memcache for TLS session state. This is pointless unless your servers are behind a load balancer, and also unnecessary if the sending
    Message 1 of 3 , Jan 20, 2013
    View Source
    • 0 Attachment
      On Sun, Jan 20, 2013 at 05:17:19PM -0500, Jon A. wrote:

      > It appears that memcache may only be used for dynamic content (write) for
      >
      > - postscreen whitelist cache
      > - address verification cache
      > - TLS session key cache

      I would not use memcache for TLS session state. This is pointless
      unless your servers are behind a load balancer, and also unnecessary
      if the sending system uses the Postfix SMTP client's algorithm to
      distinguish between multiple MTAs sharing a common TCP service
      endpoint (perhaps by now Postfix is not the only MTA able to do this).

      Regardless you need to hide the memcache TCP endpoint behind a
      firewall to prevent unauthorized access by anything other than
      the intended Postfix processes.

      Better yet, use a proxy that does mutual authentication and
      uses unix-domain sockets on both ends (and an authenticated
      TCP stream in the middle).

      --
      Viktor.
    Your message has been successfully submitted and would be delivered to recipients shortly.