High Scalability Building bigger, faster, more reliable websites.

nginx is a high performance smtp/pop/imap proxy that lets you do custom authorization and lookups and is very scalable. (just add nodes)

Nginx by default is a reverse proxy and this is what it is doing here for pop/imap connections. It is also an excellelent reverse proxy for web servers.

Advantage: You dont have to have a speacial database or ldap schema. Just an url to do auth and lookup with.
A url that may be accessed by a unix or a tcp socket. Write your own auth handler - according to your own policy.

For example:
A user called atif tries to login with the pass testxyz.
You pass this infomation to a URL such as
socket:/var/tmp/xyz.sock
or
http://auth.corp.mailserver.net:someport/someurl

The auth server replies with either a FAILURE such as

Auth-Status: Invalid Login or password

or with a success such as
Auth-Status: OK
Auth-Server: OneOfThe100Servers
Auth-Port: optionalyAPort

We have implemented it at our ISP and it has saves us a lot of headaches.

This would work for both imap and pop.
I have not yet tried for SMTP.

Just thought I'd drop a brief suggestion to anyone building a large mail system. Our solution for scaling mail pickup was to develop a sharded architecture whereby accounts are spread across a cluster of servers, each with imap/pop3 capability. Then we use a cluster of reverse proxies (Perdition) speaking to the backend imap/pop3 servers . The benefit of this approach is you can use simply use round-robin or HA loadbalancing on the perdition servers that end users connect to (e.g. admins can easily move accounts around on the backend storage servers without affecting end users). Perdition manages routing users to the appropriate backend servers and has MySQL support. What we also liked about this approach was that it had no dependency on a distributed or networked filesystem, so less chance of corruption or data consistency issues. When an individual server reaches capacity, we just off load users to a less used server. If any server goes offline, it only affects the fraction of users assigned to that server.

Best,

Erik Osterman