'Re: performance question'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postfix-users
Subject:    Re: performance question
From:       Viktor Dukhovni <postfix-users () dukhovni ! org>
Date:       2018-06-25 16:04:10
Message-ID: 733627F5-21DE-44AD-B291-7C1B19BFB09B () dukhovni ! org
[Download RAW message or body]



> On Jun 25, 2018, at 9:39 AM, Olaf313 <olaf.lindner@ineos.com> wrote:
> 
> for a period of time we need to route ~ 2.000 mail addresses to our old
> system.
> I would add those addresses into the transport file like
> 
> name1@domain.com smtp:system.fqdn.com
> ....
> name2000@domain.com smtp:system.fqdn.com
> 
> Will the larger transport file now affect the performance of the Postfix
> server ?

I generally prefer to do traffic splitting via address
rewriting, rather than per-user transport entries.
This enables the use of remote data sources (LDAP, SQL, ...)
without creating a performance bottleneck.  If your transport
table stays *local* (an indexed file) you can of course
use that and it'll perform very well.  Consider "cdb"
rather than "hash" or "btree" (more stable on disk
format and API).

To this with rewriting I use:

 virtual:
   user1@example.com  user1@store1.example
   user2@example.com  user2@store2.example

 generic:
   user1@store.example user1@example.com
   user2@store.example user2@example.com

 main.cf:
  indexed = $default_database_type:$config_directory/
  virtual_alias_maps = ${indexed}virtual
  relay_generic_maps = ${indexed}generic

 transport:
   store1.example relay
   store2.example relay

 master.cf:
   relay unix ... smtp
     -o smtp_generic_maps=$relay_generic_maps

Note, that enabling "smtp_generic_maps" causes header
rewriting on output, which can affect DKIM signature
validity when the headers are out of spec.  Presumably,
if you use DKIM signing at all, it happens in the
outbound direction, and does not use the "relay"
transport.  On the inbound direction, DKIM is normally
verified at the edge, and Authentication-Results added.

However, if you're then forwarding to an external mailbox
provider, and it is necessary to avoid avoidable DKIM
signature breakage, then "smtp_generic_maps" may not be
suitable.  Unfortunately, we don't yet have an
"smtp_generic_classes" to restrict output rewriting to
just envelope recipients.


-- 
	Viktor.

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic