pop server in an ISP environment
Hello all, I would like to have your opinions regarding pop server set-up in an ISP environment, what would be the common software used, authentication type etc. I am thinking about using QPOPPER+procmail, but some people say that it is not scalable because its authentication is based on /etc/passwd. And in Unix environment there is certain recommendation not to have more than 5000 users in /etc/passwd file. Another issue is high availability, does any body use server clustering in an ISP environment? I am thinking about having a Sun Cluster for these pop servers, but will I need a special HA agent ? AFAIK, the qpopper daemon will be initiated by the users (via inetd) when they are accessing their mailbox. Hence a Sun cluster will not need a special agent because, if one of the servers crashed, the clustering software should manage to redirect any traffic to the second server, so that the users will connect transparently to that qpopper daemon in the second server. Does clustering in the real world can do the above scenario? What about LDAP for user's authentication ? Is it recommended to use ? Any suggestions/hints will be greatly appreciated. ps: the system should be able to accomodate about 20000 users. regards, Muljawan
On Fri, May 26, 2000 at 05:37:43PM +0800, Muljawan Hendrianto wrote:
I am thinking about using QPOPPER+procmail, but some people say that it is not scalable because its authentication is based on /etc/passwd. And in Unix environment there is certain recommendation not to have more than 5000 users in /etc/passwd file.
Another issue is high availability, does any body use server clustering in an ISP environment?
ps: the system should be able to accomodate about 20000 users.
i used to maintain one of the freenets. we had 60000+ accounts in the password file, which was shared with 8 machines using NIS on the older SunOS 4 (pre-solaris). we never had a problem with scaling. -- [ Jim Mercer jim@reptiles.org +1 416 410-5633 ] [ Reptilian Research -- Longer Life through Colder Blood ] [ Don't be fooled by cheap Finnish imitations; BSD is the One True Code. ]
Thus spake Muljawan Hendrianto (muljawan.hendrianto@siemens.com.sg):
Another issue is high availability, does any body use server clustering in an ISP environment? I am thinking about having a Sun Cluster for these pop servers, but will I need a special HA agent ?
Stick a bunch of them behind a server load balancer like a Foundry ServerIron or an F5. Then you don't have to worry about who the server vendor is. Then you can use FreeBSD boxen for the servers and save a chonka dough.
What about LDAP for user's authentication ? Is it recommended to use ?
I haven't used LDAP yet, but have you looked into RADIUS? I think LDAP is newer, so it might have better features, but as I recall, both are open standards, and open standards should always prevail. Regards, --John
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160
"John" == John Butler <john.butler@netrail.net> writes:
John> Thus spake Muljawan Hendrianto John> (muljawan.hendrianto@siemens.com.sg): >> Another issue is high availability, does any body use server >> clustering in an ISP environment? I am thinking about having a >> Sun Cluster for these pop servers, but will I need a special HA >> agent ? John> Stick a bunch of them behind a server load balancer like a John> Foundry ServerIron or an F5. Then you don't have to worry John> about who the server vendor is. Then you can use FreeBSD John> boxen for the servers and save a chonka dough. A solution that is cheaper yet is to have the servers speak a routing protocol and announce their presence into it that way (see the recent "IGPs and services?" thread on this list). You can do it all with free software and commodity hardware. The big issue here is the back end -- if users may connect to, say, one of four pop3 servers to read their mail, the /var/mail filesystem had better be shared in some way. The easy way to do this is with NFS, but if each of the pop3 servers has a 100Mb ethernet card in it it could easily swamp an NFS server. Perhaps some way to have multiple mail spool filesystems -- foo and bar's mail spools are /var/mail/f/foo and /var/mail/b/bar where /var/mail/(f|b) are separate filesystems mounted from different NFS servers. Cheers, - -w - -- Will Waites \________ ww@shadowfax.styx.org\____________________________ Idiosyntactix Ministry of Research and Development\ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (OpenBSD) Comment: Processed by Mailcrypt 3.5.5 and Gnu Privacy Guard <http://www.gnupg.org/> iQEXAwUBOS60xw4cK24IcAwYFAO0cwP/Upmh1qyDhjFRQzxCl8sCYlMbJt0xUT4q 7eNQ/D8iYZ/nEwIWzuHF2ru6GUtiKAFRsZ0sEjBobJTjAX1QCzdooA39K/6WXFps lt00St8aMoakjTPvwDbojLRN8x8L9NslYw/tmGQLZbF3B0RuH8UNMY7Es3ls14Ly clPiXgZFVp8D/1JMsQgFu16wKBmMSxD4JjXdY1lYsRx3E52WcoI8rcjvX9053XCC DFy/VSDYhtc+3SV8e+IX5UZf65fotDGEwLXrCUsLXHw7pRL75L5LYxa3uTxmzMWO nZpieAdG2uZt/ZNYOusTdVO4q6b3wGnbahqtB2D4aoRQljcuBfasgHc0 =5zKZ -----END PGP SIGNATURE-----
qpopper was written without even slightest thought about performance issues. there is a lot of other pop3 daemons written much more efficiently. (i don't any other that would perform worse than qpopper). try cucipop, for example. it was written by the same guy who wrote procmail. the source code is unreadable in both cases. -- dima.
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Muljawan Hendrianto Sent: Friday, May 26, 2000 5:38 AM To: nanog@merit.edu Subject: pop server in an ISP environment
Hello all,
I would like to have your opinions regarding pop server set-up in an ISP environment, what would be the common software used, authentication type etc.
I am thinking about using QPOPPER+procmail, but some people say that it is not scalable because its authentication is based on /etc/passwd. And in Unix environment there is certain recommendation not to have more than 5000 users in /etc/passwd file.
Another issue is high availability, does any body use server clustering in an ISP environment? I am thinking about having a Sun Cluster for these pop servers, but will I need a special HA agent ? AFAIK, the qpopper daemon will be initiated by the users (via inetd) when they are accessing their mailbox. Hence a Sun cluster will not need a special agent because, if one of the servers crashed, the clustering software should manage to redirect any traffic to the second server, so that the users will connect transparently to that qpopper daemon in the second server. Does clustering in the real world can do the above scenario?
What about LDAP for user's authentication ? Is it recommended to use ?
Any suggestions/hints will be greatly appreciated.
ps: the system should be able to accomodate about 20000 users.
regards, Muljawan
I have run qpopper in HA/high scale environments. Yes, efficiency could be improved. However, it is one of the few POP3 daemons that implement XTND XMIT functionality. The client-base at the time was pure Eudora and we could give them POP3-only access using qpopper, over an SSH tunnel. For this, we needed XTND XMIT and qpopper is the only readily available POP3 daemon that delivers it. It is, in fact, the reference standard for that functionality. The theoretical limit, on most Unix kernels, is 64K users. This is only because the internal representation of the uuid is usually an int. On 64-bit kernels, it is much higher because the definition of "int" is bigger. In reality, the max capacity of the host is strictly dependent on the hardware architecture, how many concurrent sessions, and what the users are actually doing with each session. Your 5000 user limit, based on /etc/passwd, is bogus. For example, on Intel hardware, you will never approach even 500 concurrent shell users (developers) without the silicon melting down. However, a Sun e10K can handle 5000 of such users easily. That same Intel box can handle over 10000 mailboxen, if you give it enough disk space (RAID0 spool) and memory (RAM cache) [but not on a single 56Kbps port <g>].
Dmitri Krioukov: Monday, May 29, 2000 8:43 AM
qpopper was written without even slightest thought about performance issues. there is a lot of other pop3 daemons written much more efficiently. (i don't any other that would perform worse than qpopper). try cucipop, for example. it was written by the same guy who wrote procmail. the source code is unreadable in both cases.
Muljawan Hendrianto: Friday, May 26, 2000 5:38 AM
I would like to have your opinions regarding pop server set-up in an ISP environment, what would be the common software used, authentication type etc.
I am thinking about using QPOPPER+procmail, but some people say that it is not scalable because its authentication is based on /etc/passwd. And in Unix environment there is certain recommendation not to have more than 5000 users in /etc/passwd file.
[ On Monday, May 29, 2000 at 10:16:03 (-0700), Roeland Meyer (E-mail) wrote: ]
Subject: RE: pop server in an ISP environment
The theoretical limit, on most Unix kernels, is 64K users. This is only because the internal representation of the uuid is usually an int.
You're about six years behind the times, I think! ;-) I'd bet that 99.9% of running Unix and Unix-like kernels that are capable of running TCP/IP and would be used in production in an ISP setting today are good to at least 2^31 users, if not 2^32. The first widely used 32-bit system, Unix 32V, used a "short" to represent the UID in the kernel (in struct proc, for example). IIRC a short was indeed still 16 bits on a VAX (and thus a UID was effectively restricted to 15 bits). By the time AT&T UNIX SysIII came along it was a "ushort", and so definitely 16 bits. 4.3net2 still uses a u_short, but I doubt any ISPs are using any such kernels in production. By the time 4.4BSD is available (1994) uid_t is an "unsigned long", so even on a 32-bit machine that's 2^32 users! ;-) AT&T System Vr4 (and thus SunOS-5.x) still calls uid_t just a "long" so it's only good for 2^31 users on 32-bit system, making 32-bit 4.4BSD boxes ~2 billion (and that's an American Billion!) times better than 32-bit SunOS-5 boxes! ;-) [and 64-bit 4.4BSD boxes are "about" 16140901064495857664 times better than 64-bit SunOS-5 boxes! 2^ ;-)]
Your 5000 user limit, based on /etc/passwd, is bogus. For example, on Intel hardware, you will never approach even 500 concurrent shell users (developers) without the silicon melting down. However, a Sun e10K can handle 5000 of such users easily. That same Intel box can handle over 10000 mailboxen, if you give it enough disk space (RAID0 spool) and memory (RAM cache) [but not on a single 56Kbps port <g>].
On machines which do not use a hashed database (dbm, db, etc.) for /etc/passwd (eg. un-adorned SunOS-5.x not using NIS+) there may be some issue with having more than say 20-30 thousand users. More CPU and RAM will offset this limit somewhat of course. -- Greg A. Woods +1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods> Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
Dmitri Krioukov has declared that:
qpopper was written without even slightest thought about performance issues. there is a lot of other pop3 daemons written much more efficiently. (i don't any other that would perform worse than qpopper). try cucipop, for example. it was written by the same guy who wrote procmail. the source code is unreadable in both cases.
Sometimes it helps by running it through indent. Be sure to verify the reformatted src by trying a recompile, to make sure nothing gets broken by possible bugs in indent, etc. Version on FreeBSD seems to be ANSI-PANSY aware (unlike some earlier versions of indent that only worked for 'normal' code) :-) Pat M/HW
-- dima.
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Muljawan Hendrianto Sent: Friday, May 26, 2000 5:38 AM To: nanog@merit.edu Subject: pop server in an ISP environment
Hello all,
I would like to have your opinions regarding pop server set-up in an ISP environment, what would be the common software used, authentication type etc.
I am thinking about using QPOPPER+procmail, but some people say that it is not scalable because its authentication is based on /etc/passwd. And in Unix environment there is certain recommendation not to have more than 5000 users in /etc/passwd file.
Another issue is high availability, does any body use server clustering in an ISP environment? I am thinking about having a Sun Cluster for these pop servers, but will I need a special HA agent ? AFAIK, the qpopper daemon will be initiated by the users (via inetd) when they are accessing their mailbox. Hence a Sun cluster will not need a special agent because, if one of the servers crashed, the clustering software should manage to redirect any traffic to the second server, so that the users will connect transparently to that qpopper daemon in the second server. Does clustering in the real world can do the above scenario?
What about LDAP for user's authentication ? Is it recommended to use ?
Any suggestions/hints will be greatly appreciated.
ps: the system should be able to accomodate about 20000 users.
regards, Muljawan
-- #include <std.disclaimer.h> Pat Myrto (pat at rwing dot ORG) Seattle WA Help Prevent Brush Fires!!!!! Open a big strip mine....
participants (8)
-
Dmitri Krioukov -
Jim Mercer -
John Butler -
Muljawan Hendrianto -
Pat Myrto -
Roeland Meyer (E-mail) -
woods@weird.com -
ww@shadowfax.styx.org