OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Jeremy Howard (jh_listsfastmail.fm)
Date: Thu May 09 2002 - 19:51:27 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Wietse Venema wrote:

    >OK, what about updated examples that have no DNS lookup as well as
    >"no virtual mapping" for pre-filter mail?
    >
    >
    Would that basically mean removing virtual_maps and alias_maps from
    main.cf and adding them as -o lines to the 'scan' smtp entry?

    It might actually be better to use the maps on the pre-filter mail, and
    not run again on the post-filter smtp. That way the content filter has
    access to the rewritten addresses, which is handy for per-user
    customisation.

    What about local_recipient_maps? That should only be run on the front
    smtpd, so I assume that the content filter smtpd line should have '-o
    local_recipient_maps='?

    >Victor.Duchovnimorganstanley.com:
    >
    >
    >>The instructions suggest "-o disable_dns_lookups" for the post
    >>content_filter smtpd. This is not quite right as "disable_dns_lookups" is
    >>used by the "smtp" client, not the "smtpd" server.
    >>
    >>To get high throughput via a content_filter that is low_latency (runs
    >>locally) but low concurrency (uses lots of CPU) one needs to avoid DNS
    >>lookups in the sending "smtp" (content filter transport). Without this
    >>setting the sending "smtp" substantially compounds the latency and
    >>decreases throughput (for outbound mail whose destination domains may take
    >>time to resolve). [This is not needed for low volume sites where average
    >>content_filter concurrency is low.]
    >>
    >>Since "-o disable_dns_lookups" is a *must* for the final "smtp" delivery
    >>(not into the content_filter), the performance tweak requires to instances
    >>of "smtp" in the master.cf with the "-o disable_dns_lookups" applied only
    >>to the instance used by the content_filter.
    >>
    >>For example:
    >>
    >> /etc/postfix/master.cf:
    >> smtp unix - - n - - smtp
    >> scan unix - - n - - smtp
    >> -o disable_dns_lookups=yes
    >>
    >> /etc/postfix/main.cf
    >> content_filter = scan:[127.0.0.1]:10025
    >>
    >>This also allows one to defer the "scan" transport in an emergency
    >>(until signature updates are available) without delaying delivery of
    >>delay notices, bounces and already scanned deferred mail.
    >>
    >> # Uncomment to wait for signature updates:
    >> #defer_transports = scan
    >>
    >>--
    >> Viktor.
    >>
    >>-
    >>To unsubscribe, send mail to majordomopostfix.org with content
    >>(not subject): unsubscribe postfix-users
    >>
    >>
    >>
    >>
    >
    >-
    >To unsubscribe, send mail to majordomopostfix.org with content
    >(not subject): unsubscribe postfix-users
    >
    >
    >

    -
    To unsubscribe, send mail to majordomopostfix.org with content
    (not subject): unsubscribe postfix-users