-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, Oct 25, 2006 at 10:39:33AM -0500, Alex Palenschat wrote:
One other thing that it may be good to point out is the course that the postfix group seems to be taking which is sanity checking incoming email before the DATA state. This is well worth checking out and I would guess that any well-maintained MTA would support this type of thing. So your rbl checks/helo checks/hostname and mx checks happen before the mail is received. This greatly reduces the amount of processing time on the MTA and allows it to handle far more mail in these spam-predominant times. You don't want to block most of your spam with a perl script IMHO.
True. I particually enjoy Exim ACLs for this kind of job. For bigger setups (10000+ mailboxes), I usually split my mail cluster on a backend/frontend setup, which also helps a lot.
Greylisting can be pretty tricky to implement, if you need speed. Constant updates of your database (filebased or dbms based) can slow you hard, so having some good rules when (and when not) to update is a must.
Sanity checks are, of course, a must. The sooner you can drop the message (and the connection, in some cases), the faster you can handle valid e-mail.
- -- Rodrigo Barbosa "Quid quid Latine dictum sit, altum viditur" "Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)