Re: Ldap queries optimization

Angel L. Mateo Thu, 16 Feb 2012 23:42:13 -0800

El 16/02/12 16:35, Viktor Dukhovni escribió:

On Thu, Feb 16, 2012 at 10:49:10AM +0100, Angel L. Mateo wrote:

        My config is:

virtual_alias_maps = hash:/etc/postfix/alu-aliases,
        hash:/etc/postfix/dif-aliases,
        proxy:ldap:/etc/postfix/ldap-sysaliases.cf

relay_recipient_maps = hash:/etc/postfix/relaydomains,
        hash:/etc/postfix/alu-aliases,
        hash:/etc/postfix/dif-aliases,
        proxy:ldap:/etc/postfix/ldap-vmail.cf,
        proxy:ldap:/etc/postfix/ldap-sysaliases.cf


There is no need to list virtual alias lookup tables in
relay_recipient_maps. Postfix performs that lookup automatically,
therefore, the relay_recipient_maps setting should be just:

        relay_recipient_maps = hash:/etc/postfix/relaydomains,
                proxy:ldap:/etc/postfix/ldap-vmail.cf

        In my tests I have found that during a smtp transaction the next
searches are done:


If your LDAP tables contain no "bare" (just the local part) address
lookup keys, you may consider using "%u@%d" instead of "%s" in the
query definition. That could also avoid some unneeded lookups,
otherwise Postfix performs the lookups it needs to, and unless
you've failed to index your LDAP attributes appropriately, Postfix
is unlikely to be a significant burden on LDAP, nor is LDAP likely
to noticeably slow down Postfix.

mydestination = $myhostname, localhost.\$mydomain, localhost


That "\" is unlikely to be what you want.

mynetworks = 127.0.0.0/8, 155.54.0.0/16, 10.54.0.0/16, 10.56.0.0/16, 
10.64.0.0/28, 172.19.0.0/16, 155.54.212.160/28


With the entire class 155.54/16 listed, no need for the final /28.

smtpd_banner = $myhostname NO UCE ESMTP


Don't, or at least make it "$myhostname ESMTP NO UCE", that ESMTP is not
semantically valid unless it immediately follows the hostname.

smtpd_client_restrictions =
        reject_rbl_client rbl.um.es,
        permit_sasl_authenticated,
        check_client_access hash:/etc/postfix/whitelist_um,
        reject_unknown_reverse_client_hostname,
        check_client_access cidr:/etc/postfix/client_checks.cidr,
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_end_of_data_restrictions = $(smtpdEndOfDataRestrictions)
smtpd_helo_restrictions =
        permit_mynetworks,
        check_helo_access hash:/etc/postfix/helo_checks
smtpd_recipient_restrictions =
        reject_non_fqdn_recipient,
        reject_unknown_recipient_domain,
        check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
        check_recipient_access hash:/etc/postfix/verified_recipient_checks,
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination,
        check_recipient_maps,
        permit


You don't need these last two, they are implicit.

smtpd_sender_restrictions = reject_non_fqdn_sender,
        reject_unknown_sender_domain,
        check_sender_access pcre:/etc/postfix/sender_checks.pcre


Otherwise nothing else to do in Postfix, make sure your LDAP tables
are properly indexed.

Although I could refine this configuration changes, problem is not ldapindexes. I have all indexes created, openldap is answering all thequeries postfix makes. The problem I'm trying to fix is that postfix ismaking lot of repeated queries. In the transactions I sent in my firstemail, in one transaction it makes 8 queries, 5 of then was the same query.


--
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información       _o)
y las Comunicaciones Aplicadas (ATICA)      / \\
http://www.um.es/atica                    _(___V
Tfo: 868887590
Fax: 868888337

Re: Ldap queries optimization

Reply via email to