> >>For that volume, I always recommend running IMGate alone as MX, and moving >content-scanning (aggressive header/body checks, AV) to an intermediate >box, and then finally the mailbox server. > >> > >That's my setup the virus box is a dual pentium III
not much of a CPU for 250K msgs. What are memory and disk(s) on that box? > >>You could probably tighten up your envelope rejection significantly to >reduce what the content-scanning has to look at. > >> > >how would I do that ? anvil, postgrey, "advanced" IMGate. > >> what is your pflogsumm rejection rate? > 73% It used to be much higher so something changed for the worse, so figure out why/when it went much lower. >smtpd_recipient_restrictions = > reject_unauth_pipelining, > reject_non_fqdn_sender, > reject_non_fqdn_recipient, > reject_unknown_recipient_domain, .... just about here, you should have reject_unverified_recipient, or reject_unlisted_recipient hmm, no. for your volume, you MUST use reject_unlisted_recipient > hash:/etc/postfix/to_recipients_bad.map, remove this when adding reject_unlisted_recipient Len