> More ram and perhaps more disks could solve the IO load for now;
> however, a much simpler and cheaper solution is to change the cleanup
> script to run once per day rather than hourly during an hour when
> nobody cares if the replication server is behind.  Even if it takes
> an hour to run once per day instead of 30 minutes every hour, that is
> much better IMO.

We receive more emails per day and we run our policyd database on an old 2 x
P3 1Ghz, 1GB ram, raid5 3x15K SCSI.
Cleanup process took around 0.3 seconds which run every minutes.

I think the holy grail of effective greylisting is whitelisting!  and I
think this is the cheapest and the most effective technique.
We used to have our policyd database on 2x2.8Ghz xeon with 4gb ram
and we did cleanup every night which took around 30 to 50 minutes to
complete.

Since we implement following whitelist_dns we manage to whitelist 85% of
proper mail server. The number of triplet and helo data dropped drastically.
We were able to downgrade policyd database to old server and use the newer
server to do content scanning.


+----------------------------+
| _whitelist                 |
+----------------------------+
| %.edu.au                   |
| %.ev1servers.net           |
| %.gov.au                   |
| %.iserver.net              |
| %.lnk.telstra.net          |
| %.mailguard.com.au         |
| %.messagelabs.net          |
| %.netregistry.net          |
| %.planetdomain.com         |
| %.server-web.com           |
| %.shared.server-system.net |
| %.sun.com                  |
| %bounce%                   |
| %exchange%                 |
| %filter%                   |
| %google.com                |
| %gw-%                      |
| %gw1%                      |
| %gw2%                      |
| %hosting%                  |
| %list%                     |
| %mail%                     |
| %mta%                      |
| %mx%.%                     |
| %outbound%                 |
| %pobox.com                 |
| %post%                     |
| %proxy%                    |
| %relay%                    |
| %return%                   |
| %server%                   |
| %smarthost%                |
| %smtp%                     |
| %www%                      |
| %yahoo.com%                |
| ns1%                       |
| ns2%                       |
| ns3%                       |
+----------------------------+

I think setting up replication for policyd is overkill and unnecessary.
We do mysqldump of our policyd tables every night and export it to different
server.
If policyd database ever goes down then its a manual process of reviving the
database from 1-day old dump file.
In the mean time FAIL_SAFE=1 will allow all message to pass. Not a big
problem for my case since the content
scanner will take care of the spam / virus.




Regards,
Rianto Wahyudi


--- adela putri tirta belek
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
policyd-users mailing list
policyd-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/policyd-users

Reply via email to