On Dec 4, 2011 10:10 AM, "Michael Orlitzky" <mich...@orlitzky.com> wrote: > > On 12/03/2011 09:48 PM, Pandu Poluan wrote: >> >> >> >> Thanks! Very helpful resources. >> >> You mentioned amavisd-new. What's their relationship? I mean, if I >> deploy postscreen, how will it affect amavisd-new? >> > > Postscreen sits in front of smtpd, and handles all incoming connections. It hands the "good" connections off to the real smtpd daemon. Amavisd-new (in both before/after-queue configurations) interacts with the real smtpd, so postscreen doesn't directly affect it at all. > > What was I talking about? > > With amavisd-new, a before-queue filter is generally nicer, because you can reject spam, notifying the sender, rather than discarding it or backscattering. But, amavisd-new is a hog, and with a before-queue filter, an amavis process gets used every time ANY connection is made. Since 95% of your connections will be crap (that is a technical term), you waste tons of resources creating/killing amavisd-new processes for botnets and other scum that will be rejected quickly. > > On a busy server, it will kill you. > > Postscreen only passes the "good" connections to a real smtpd, so with postscreen running, new amavis processes only get used for those good connections. If postscreen can get reject 90% of the incoming connections, you'll use an order of magnitude less resources doing before-queue filtering than you would without postscreen. > > So, in essence, postscreen is what allows you to run the before-queue filter with comparable resources to the after-queue filter. >
Thanks for all the information. You really should write a wiki.g.o article about the new setup :-) Rgds,
