|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: disconnect on rejected client connection
From: L. Mark Stone (lmstone
rnome.com)
Date: Tue Jun 06 2006 - 08:14:29 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 2006-06-06 at 13:25 +1000, Joshua Goodall wrote:
> On a very high throughput server we may see peaks of hundreds of inbound
> connections rejected due to RBLs.
>
> Our prime concern in that case is to dump the connection as fast as
> possible to free up smtpd processes. I'm not interested in any other
> details of the connection; I want them gone, ASAP.
Joshua,
We put a SonicWall Pro 2040 in front of our Postfix server. The 2040
does RBL checking, which enabled us to remove all RBL checking from our
Postfix configuration, considerably reducing the load on our Postfix
server. Having been an early purchaser of Ralf's book and a daily
lurker on this list, we had already tightened up the error limits,
hard/soft connection fail limits, etc. but still saw a large number of
open connections waiting to die. Upgrading Postfix as Wietse suggests
is not an option for us presently on this box.
For us, offloading RBL checking to a box in front of the Postfix server
has served us well and proved to be quite cost effective too. The cost
of the SonicWall was a lot less than the cost in hardware and internal
labor to upgrade the Postfix server.
Mark
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]