OT postfix multiple instances and recipient verification
glenn.steen at gmail.com
Wed Oct 6 08:53:49 IST 2010
On 5 October 2010 15:11, Jason Ede <J.Ede at birchenallhowden.co.uk> wrote:
>> On 28 September 2010 10:13, Jason Ede <J.Ede at birchenallhowden.co.uk>
>> > I'm thinking of using multiple postfix instances to split up emails
>> > with multiple recipients (to make sure blacklisting and whitelisting
>> > works
>> > properly) and maybe to sign some outbound emails using domain keys...
>> > From what I've read on the postfix documentation I'll have an inbound
>> > postfix instance that just passes all email on internally via a port I
>> > specify to the next instance where MS does its work and then sends it
>> > on to the destination server. All of this seems relatively straightforward so
>> > However, I use recipient verification to make sure we only accept
>> > emails that can be delivered. As the inbound postfix will not have any
>> > direct SMTP out then will this still work as it won't be able to check
>> > where the emails are going to as it just passes all emails on to
>> > another port? I could put a transports file in place, but surely that
>> > would contradict a relayhosts setting in main.cf?
>> Eric is correct... The first instance has to know how the second instance will
>> route things, but without actually using that route information... So that too
>> is pretty straightforward:-).
>> > Also have others used multiple instances like this before with MS and
>> > what is the performance hit in having multiple instances? Are there
>> > any gotchas that I need to be aware of?
>> Well... The use of a second instance was the norm in the old days:-).
> When I started using MS, which was quite a few years back then we did have 2 instances and it was noticeable the resources freed up when moving back to a single instance, but I can't remember the figures now.
As I remember it, mostly larger (ISP type) installs would notice, but
I may be ... far... off on that:-).
>> What you get there is a "static overhead" sort of, plus a per-message
>> overhead, but ... those are minor compared to the overhead incurred by
>> actually splitting mails/recipient (as long as the memory use doesn't mak you
>> start swaping, at least... No Alex, this is not the time to reiterate the old "MS
>> = swapping" joke...:).
> I'd prefer to leave the emails batched as they are, but then it won't correctly respect black/whitelisting if it is done on addresses. It'd be nice if MS could check against each address, but that could easily involve MS needing to split the mail into multiple copies depending on the rules applied. (i.e. someone whitelists an address to them, but someone else doesn't want address whitelisted and an email is over the spam score)
If you check the ML archives from back then, I think you'll find that
Jules was rather against that notion back then... It'd kind of mess
with the notion that "MailScanner is not an MTA", and the splitting is
indeed an MTA job... So I wouldn't start retaining air in any major
fashion, expecting this to happen:-D.
>> I don't have any comparative statistics for you, but ... if you use MailWatch,
>> you should be able to deduce the impact on your gateways and mailstore(s)
>> by some smart use of SQL;-). The impact for a single-store mailstore (like
>> Exchange) can be huge, since the split messages will be _new_ messages
>> with new Message-IDs.
>> But as said, you can probably get a good picture of what impact it has via log
> That used to be the case, but Exchange 2010 has ditched Single Instance Storage anyway so it will become less of an issue esp as the limit per Exchange store is now (I think) 2TB and can have upto 5 stores for a standard exchange licence. MS's argument is that now storage is cheap so don't need the space saving measures of before.
... Just goes to show how old our M-Sexchange(s) are:-). Thanks for the info.
>> I haven't had the time to ... freshen ... this up, and unfortunately will
>> probably not have any time to spend on it, in the near future at least. Would
>> be great if you could spruce up the wiki page a bit, when you're done;-).
> I'll have a go at that once we've got it all working. It looks like the new postmulti command in postfix (ver 2.6 and later, which is nice cos the new RH6/CentOS 6 when it comes out has postfix 2.6.5 included) just provides a neater way of doing the configuration that was done in the wiki. I also like the idea of having the capability to sign the outbound emails with domain keys or the like and that obviously needs to be done post MS.
Just keep a bit of the old stuff there, so that someone stuck in "pre
2.6" can still make something work:-).
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner