deliver vs LMTP for shared folders

[Scott Balmos]

Hi all,

This is probably a bad subject line for the topic, but I can't think of 
a better one. I've always heard, between here and on the Postfix list, 
that delivering directly via LMTP to Cyrus is better than using the 
deliver wrapper program. I was curious how much of a performance hit 
there is by using deliver rather than LMTP directly? There's a method to 
my madness.

Delivering user emails to their personal folders directly via LMTP works 
fine. However, I seem to need to use deliver, and the ability to 
arbitrarily set the authentication username, in order to deliver to 
shared folders. This is because I use a hacked-up scheme to do 
pseudo-authorization and access controls on my shared folders. Shared 
folders, in my system, have the format of 
user+folder.name at post.boards.blah.com where user is the username of the 
person posting, and folder.name is the shared folder name. Using the 
deliver wrapper, I can have the authentication name (-a option) to be 
set to the value of user. And thus I can control the access rights to 
who can post to what shared folder, rather than the standard scheme of 
giving the anonymous user posting rights and letting shared folders be a 
free-for-all. :)

Before we go too far, you're probably saying "what keeps someone from 
putting any old username in the address, one that is authorized to post 
to the given folder?". Because post.boards.blah.com has no DNS entry, 
and emails actually come into the address folder.name at boards.blah.com . 
I have a small Postfix policy server program which looks up the user 
account in LDAP of the sending address and rewrites the address to the 
user+folder.name at post.boards format. Then I have a Postfix transport 
entry for post.boards to send it to the deliver program with the 
necessary options. Since this is all done "inside" Postfix's flow of 
processing, post.boards does not have to exist in DNS, and thus is 
inaccessible to the outside world.

Anyway... The main problem is that I have found no way to get Postfix to 
authenticate as an arbitary user over LMTP (e.g. to pull the username 
from the user+folder address). I can set the Postfix LMTP client to 
authenticate with SASL... But then Postfix requires a SASL password map, 
which is impossible because the user account passwords are not stored 
anywhere in cleartext.

So it seems I have to use the deliver wrapper in this case, because it 
somehow magically authenticates to Cyrus as a given user without needing 
the password (how's it do that? :D). Thus, what kind of performance hit 
will I see? How many less messages/second or whatever using deliver vs. 
LMTP directly? This is on a run-of-the-mill P4 2.4 / 512 running FreeBSD 
5.3.

Thanks! Sorry for the long-winded explanation of things. Maybe in my 
rambling some others would like the idea of access-controlled shared 
folders. I can send code if anyone wants the policy server and my setup. 
It's a tiny command-line PHP script.

--Scott

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html