| 1 |
On Dec 4, 2011 10:10 AM, "Michael Orlitzky" <michael@××××××××.com> wrote: |
| 2 |
> |
| 3 |
> On 12/03/2011 09:48 PM, Pandu Poluan wrote: |
| 4 |
>> |
| 5 |
>> |
| 6 |
>> |
| 7 |
>> Thanks! Very helpful resources. |
| 8 |
>> |
| 9 |
>> You mentioned amavisd-new. What's their relationship? I mean, if I |
| 10 |
>> deploy postscreen, how will it affect amavisd-new? |
| 11 |
>> |
| 12 |
> |
| 13 |
> Postscreen sits in front of smtpd, and handles all incoming connections. |
| 14 |
It hands the "good" connections off to the real smtpd daemon. Amavisd-new |
| 15 |
(in both before/after-queue configurations) interacts with the real smtpd, |
| 16 |
so postscreen doesn't directly affect it at all. |
| 17 |
> |
| 18 |
> What was I talking about? |
| 19 |
> |
| 20 |
> With amavisd-new, a before-queue filter is generally nicer, because you |
| 21 |
can reject spam, notifying the sender, rather than discarding it or |
| 22 |
backscattering. But, amavisd-new is a hog, and with a before-queue filter, |
| 23 |
an amavis process gets used every time ANY connection is made. Since 95% of |
| 24 |
your connections will be crap (that is a technical term), you waste tons of |
| 25 |
resources creating/killing amavisd-new processes for botnets and other scum |
| 26 |
that will be rejected quickly. |
| 27 |
> |
| 28 |
> On a busy server, it will kill you. |
| 29 |
> |
| 30 |
> Postscreen only passes the "good" connections to a real smtpd, so with |
| 31 |
postscreen running, new amavis processes only get used for those good |
| 32 |
connections. If postscreen can get reject 90% of the incoming connections, |
| 33 |
you'll use an order of magnitude less resources doing before-queue |
| 34 |
filtering than you would without postscreen. |
| 35 |
> |
| 36 |
> So, in essence, postscreen is what allows you to run the before-queue |
| 37 |
filter with comparable resources to the after-queue filter. |
| 38 |
> |
| 39 |
|
| 40 |
Thanks for all the information. You really should write a wiki.g.o article |
| 41 |
about the new setup :-) |
| 42 |
|
| 43 |
Rgds, |
Archives