Re: Architecture design for frontend postfix server

[bsd]

Le 9 nov. 2011 à 11:43, Patrick Ben Koetter a écrit :

> * bsd <b...@todoo.biz>:
>> I am trying to figure out what is the best solution in order to filter
>> incoming e-mail on a front-end relay server quite heavily loaded (100.000
>> messages / day). 
> 
> Even if you assume that all those messages will be sent within 8 hours
> (business time) it will boil down to ~ 3.5 msg/sec. Server hardware can do
> that easily.
> 
> 
>> We are using LDAP querry in amavisd-new in order to check if the e-mail
>> account exists in our LDAP DB. 
> 
> Bad idea.

That was also my feeling about this… 

> 
>> Internet <--> Relay [Postfix + Amavisd-new] <--> Internal postfix 
>>                      |                               |
>>                      |                               |
>>                      --------[LDAP database]----------
>> 
>> 
>> 
>> Since update of our amavisd-new server to version 2.7.0 we are having
>> problem with the LDAP lookup. 
>> 
>> I was wondering if It was not better to do this lookup before delivering the
>> e-mail to the amavisd process ? 
> 
> Good idea. Reject any message that can't be delivered immediately. That's
> cheap. It takes place in the SMTP session before the payload has been sent and
> before a content filter, such as amavis, does ressource intensive filtering.

Shall I do that using the "Postfix Before-Queue Content Filter", if so is It 
feasible or do you advise me to do that in the normal SMTP server using the 
classic "virtual_alias_maps"


That would give smthg like : 



Unfiltered -> before Q   ->     smtpd -> cleanup -> postfix Q -> smtpd 
(filtered)
                                 ^            |
                                 |            v
                           smtpd 10026       smtp
                                 ^            |
                                 |            v
                              Amavisd filter 10025









> 
>> If the answer is positive, should I use the "local_recipient_maps" parameter
>> or is there another more efficient method to be used  ?
> 
> Depends on the namespace the recpient domain is in.

recipient would be in smthg like 

user@mydomain(s) 

where domains = less than 10 domains. 


> 
> p@rick
> 
> -- 
> All technical questions asked privately will be automatically answered on the
> list and archived for public access unless privacy is explicitely required and
> justified.
> 
> saslfinger (debugging SMTP AUTH):
> <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>


––––––––––––––––––––––––––––––––––––––––––––––
---------> Grégory Bernard Director <---------
---------------> www.osnet.eu <---------------
--> Your provider of OpenSource appliances <--
––––––––––––––––––––––––––––––––––––––––––––––
OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO