* Wietse Venema <postfix-users@postfix.org>: > Patrick Ben Koetter: > > * Wietse Venema <postfix-users@postfix.org>: > > > Wietse Venema: > > > > Unlike DNS lookups, the access map lookup is a blocking operation, > > > > and if your tcp map takes 80ms to complete (a typical trans-atlantic > > > > query), then you can handle only 12 connections per second, and > > > > make postsceen the largest performance bottleneck on the system. > > > > > > After starting work on postscreen by the middle of 2009, I soon > > > realized that I might have to add some postscreen-policy interface > > > for things that are too complex or that take too much time compared > > > to a quick access map lookup. Perhaps the time has come. > > > > > > Basically this would be a very small subset of the SMTP server > > > policy protocol with just the network 5-tuple (source/destination > > > address/port, protocol, client concurrency), enough to do some > > > simple reputation work.
Seems like you had fleshed out a simliar idea a few years before, too: https://www.mail-archive.com/postfix-devel@postfix.org/msg00258.html > > > Perhaps it also makes sense for postscreen to make a postscreen-policy > > > call based on the information that it has collected with its dummy > > > SMTP engine. > > > > That's great news! The reason Christian is using tcp tables is that there's > > no > > postscreen API to call external policy services at the moment. If there was > > he/we would be eager to use that instead. > > Yes, I wanted the discussion to end on an optimistic note. Something to > work on in the train. I was just perusing the Change Log for the upcoming Postfix 3.3 release looking for a note referring to a postscreen policy delegation protocol. Did I miss the note? Did you loose interest? Missed the train? ;) p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Schleißheimer Straße 26/MG,80333 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief Aufsichtsratsvorsitzender: Florian Kirstein
