Re: [Dspam-user] Dspam errors.
Brought to you by:
paulcockings,
sbajic
From: Steve <ste...@gm...> - 2009-07-31 17:14:21
|
> Hallo Steve, > Hallo Julian, > Le vendredi 31 juillet 2009 à 08:50 +0200, Steve a écrit : > [...] > > > > > > The pipe command used with the FILTER command is very prone to > break > > > > > > when you deliver messages to it which have some special > characters. > > > > > > The SMTP or LMTP method to send mails to DSPAM for inspection is > > > much, > > > > > > much, much more solid. > > > > > > > > > > That's clear, but when using relay mode with Postfix, using FILTER > is > > > > > the only solution I am aware of to avoid scanning outgoing > (relayed) > > > > > email. Any possible alternatives are welcome, that was a question > I > > > > > wanted to ask shortly ;) > > > > > > > > > What do you mean with relay mode? Relaying from where? > > > > > > I mean relaying mail from authenticated users not part of the local > > > network (using the smtp or smtps tranports, hence, not possible to > user > > > the content_filter). > > > > > > > And allow me to ask: Where is the user info about your users? Inside > > > > Postfix? Outside Postfix? > > > > > > In a MySQL database on the same host. > > > > > > > Where do you create them? How do you create them? How do you > maintain > > > > them? With what (manually, automated, tool, etc)? > > > > > > Well, I haven't created any user for some time now, but if I would > need > > > to to it, I would do it through phpMyAdmin I guess ;) > > > > > 1) Why don't you run DSPAM in "opt in" mode and each time a user is > created you opt in that user to DSPAM? > > Honestly, I am not sure I would thought of it. Actually, I refer to my > personal setup but I always try and think as if I had more users (just > in case I have to replicate this setup for someone one day). > > > 2) You could use the new Lookup module in DSPAM to check for valid users > instead of doing it with a PCRE /./ and FILTER. > > This would cause extra MySQL requests > Yes. > and DSPAM would be called for each > outgoing mail which would use more resources, > Yes. > am I right? > Yes. > Maybe not more > than a FILTER, not sure about this. > No. More then just plain FILTER. But lets be honest/pragmatic here: 1) DSPAM is already running (using resources). 2) MySQL is already running (using resources). 3) DSPAM keeps an open connection to MySQL (using resources). Compared to pure FILTER the "Opt in" method would use more CPU (compared to FILTER and evaluating with a PCRE the sender) and it would use more RAM (message has to travel from Postfix to DSPAM, looked up in the DSPAM user table if the user is opted in (involving MySQL) and injected back by DSPAM into Postfix. This all takes RAM (for a short period of time)). But that RAM is allocated and in a bunch of seconds (mostly even below 1 second) deallocated and it will mostly be a very low amount per message. I don't think that this should kill your setup. But as with everything in IT: It could be. I can't with 100% confidence deny that your setup is going to handle that extra load and memory requirement. > I run my SMTP setup on a Linode > virtual server hence try and limit things a bit. > I understand that. > Btw, I haven't had any problem with FILTER for years but have already > read people did not like this workaround, hence just trying to > understand what others do/would do. > The FILTER is command is a wild thing to handle. It's not the filter command that I (personally) don't like. It's the "pipe" service that is heavy to handle. I mean that I can handle the restrictions/limitations of the FILTER command but I have no control over what data is going to get pushed to that pipe. And since some mails with their content break the delivery with "pipe" I try as hard to avoid using "pipe" when I have to transport the whole message to the pipe. Don't get me wrong. Pipe is good and it has a reason to be there but not everything is best done with the "pipe" service. One thing where I use "pipe" daily is for Postfix Policy Delegation or for vacation services etc... But for delivering the whole message content I prefer something more robust. > I will give a try to other solutions anyway. If anybody has other > suggestions, they'd be more than welcome. > I really think that LMTP or even SMTP delivery from Postfix to DSPAM is the better and more robust solution here. Give it a try. You will be surprised how well it works and you will love the extended error messages (compared to pipe) you get when using those transport methods. > Cheers, > Julien > Steve -- Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3 - sicherer, schneller und einfacher! http://portal.gmx.net/de/go/atbrowser |