Re: Ldap queries optimization
El 17/02/12 17:18, Viktor Dukhovni escribió: Some queries are repeated, this should have no significant impact. Focus on overalll performance rather than optimizing non-critical paths. Postfix is not monolithic, so cleanup(8) repeats some queries made by smtpd(8), and in smtpd(8) some queries are repeated because this makes the code more modular. This works well enough for a large number of Postfix sites, it will work for you too if you don't sweat the small stuff. I know it needs to repeat queries. But, in this case, why not implementing a cache for such maps? If I remember well in previous versions it did. And it did for other maps, like the one for address_verify_map. And I know I should focus on the real problem with my ldap server. But I would like postfix to make things better (and it doesn't mean it doesn't do well) -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica_(___V Tfo: 868887590 Fax: 86337
Re: Ldap queries optimization
Angel L. Mateo: Some queries are repeated, this should have no significant impact. Focus on overalll performance rather than optimizing non-critical paths. Postfix is not monolithic, so cleanup(8) repeats some queries made by smtpd(8), and in smtpd(8) some queries are repeated because this makes the code more modular. This works well enough for a large number of Postfix sites, it will work for you too if you don't sweat the small stuff. I know it needs to repeat queries. But, in this case, why not implementing a cache for such maps? If I remember well in previous If you believe this is a problem, contribute a solution. Wietse
Re: Ldap queries optimization
On Fri, Feb 17, 2012 at 08:41:31AM +0100, Angel L. Mateo wrote: El 16/02/12 16:35, Viktor Dukhovni escribi?: On Thu, Feb 16, 2012 at 10:49:10AM +0100, Angel L. Mateo wrote: If your LDAP tables contain no bare (just the local part) address lookup keys, you may consider using %u@%d instead of %s in the query definition. That could also avoid some unneeded lookups, otherwise Postfix performs the lookups it needs to, and unless you've failed to index your LDAP attributes appropriately, Postfix is unlikely to be a significant burden on LDAP, nor is LDAP likely to noticeably slow down Postfix. Although I could refine this configuration changes, problem is not ldap indexes. I have all indexes created, openldap is answering all the queries postfix makes. The problem I'm trying to fix is that postfix is making lot of repeated queries. In the transactions I sent in my first email, in one transaction it makes 8 queries, 5 of then was the same query. Some queries are repeated, this should have no significant impact. Focus on overalll performance rather than optimizing non-critical paths. Postfix is not monolithic, so cleanup(8) repeats some queries made by smtpd(8), and in smtpd(8) some queries are repeated because this makes the code more modular. This works well enough for a large number of Postfix sites, it will work for you too if you don't sweat the small stuff. -- Viktor. http://idioms.thefreedictionary.com/don%27t+sweat+the+small+stuff
Re: Ldap queries optimization
On Thu, Feb 16, 2012 at 10:49:10AM +0100, Angel L. Mateo wrote: My config is: virtual_alias_maps = hash:/etc/postfix/alu-aliases, hash:/etc/postfix/dif-aliases, proxy:ldap:/etc/postfix/ldap-sysaliases.cf relay_recipient_maps = hash:/etc/postfix/relaydomains, hash:/etc/postfix/alu-aliases, hash:/etc/postfix/dif-aliases, proxy:ldap:/etc/postfix/ldap-vmail.cf, proxy:ldap:/etc/postfix/ldap-sysaliases.cf There is no need to list virtual alias lookup tables in relay_recipient_maps. Postfix performs that lookup automatically, therefore, the relay_recipient_maps setting should be just: relay_recipient_maps = hash:/etc/postfix/relaydomains, proxy:ldap:/etc/postfix/ldap-vmail.cf In my tests I have found that during a smtp transaction the next searches are done: If your LDAP tables contain no bare (just the local part) address lookup keys, you may consider using %u@%d instead of %s in the query definition. That could also avoid some unneeded lookups, otherwise Postfix performs the lookups it needs to, and unless you've failed to index your LDAP attributes appropriately, Postfix is unlikely to be a significant burden on LDAP, nor is LDAP likely to noticeably slow down Postfix. mydestination = $myhostname, localhost.\$mydomain, localhost That \ is unlikely to be what you want. mynetworks = 127.0.0.0/8, 155.54.0.0/16, 10.54.0.0/16, 10.56.0.0/16, 10.64.0.0/28, 172.19.0.0/16, 155.54.212.160/28 With the entire class 155.54/16 listed, no need for the final /28. smtpd_banner = $myhostname NO UCE ESMTP Don't, or at least make it $myhostname ESMTP NO UCE, that ESMTP is not semantically valid unless it immediately follows the hostname. smtpd_client_restrictions = reject_rbl_client rbl.um.es, permit_sasl_authenticated, check_client_access hash:/etc/postfix/whitelist_um, reject_unknown_reverse_client_hostname, check_client_access cidr:/etc/postfix/client_checks.cidr, smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_end_of_data_restrictions = $(smtpdEndOfDataRestrictions) smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/helo_checks smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, check_recipient_access hash:/etc/postfix/verified_recipient_checks, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_maps, permit You don't need these last two, they are implicit. smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_access pcre:/etc/postfix/sender_checks.pcre Otherwise nothing else to do in Postfix, make sure your LDAP tables are properly indexed. -- Viktor.
Re: Ldap queries optimization
El 16/02/12 16:35, Viktor Dukhovni escribió: On Thu, Feb 16, 2012 at 10:49:10AM +0100, Angel L. Mateo wrote: My config is: virtual_alias_maps = hash:/etc/postfix/alu-aliases, hash:/etc/postfix/dif-aliases, proxy:ldap:/etc/postfix/ldap-sysaliases.cf relay_recipient_maps = hash:/etc/postfix/relaydomains, hash:/etc/postfix/alu-aliases, hash:/etc/postfix/dif-aliases, proxy:ldap:/etc/postfix/ldap-vmail.cf, proxy:ldap:/etc/postfix/ldap-sysaliases.cf There is no need to list virtual alias lookup tables in relay_recipient_maps. Postfix performs that lookup automatically, therefore, the relay_recipient_maps setting should be just: relay_recipient_maps = hash:/etc/postfix/relaydomains, proxy:ldap:/etc/postfix/ldap-vmail.cf In my tests I have found that during a smtp transaction the next searches are done: If your LDAP tables contain no bare (just the local part) address lookup keys, you may consider using %u@%d instead of %s in the query definition. That could also avoid some unneeded lookups, otherwise Postfix performs the lookups it needs to, and unless you've failed to index your LDAP attributes appropriately, Postfix is unlikely to be a significant burden on LDAP, nor is LDAP likely to noticeably slow down Postfix. mydestination = $myhostname, localhost.\$mydomain, localhost That \ is unlikely to be what you want. mynetworks = 127.0.0.0/8, 155.54.0.0/16, 10.54.0.0/16, 10.56.0.0/16, 10.64.0.0/28, 172.19.0.0/16, 155.54.212.160/28 With the entire class 155.54/16 listed, no need for the final /28. smtpd_banner = $myhostname NO UCE ESMTP Don't, or at least make it $myhostname ESMTP NO UCE, that ESMTP is not semantically valid unless it immediately follows the hostname. smtpd_client_restrictions = reject_rbl_client rbl.um.es, permit_sasl_authenticated, check_client_access hash:/etc/postfix/whitelist_um, reject_unknown_reverse_client_hostname, check_client_access cidr:/etc/postfix/client_checks.cidr, smtpd_data_restrictions = reject_unauth_pipelining, permit smtpd_end_of_data_restrictions = $(smtpdEndOfDataRestrictions) smtpd_helo_restrictions = permit_mynetworks, check_helo_access hash:/etc/postfix/helo_checks smtpd_recipient_restrictions = reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_recipient_access pcre:/etc/postfix/recipient_checks.pcre, check_recipient_access hash:/etc/postfix/verified_recipient_checks, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, check_recipient_maps, permit You don't need these last two, they are implicit. smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, check_sender_access pcre:/etc/postfix/sender_checks.pcre Otherwise nothing else to do in Postfix, make sure your LDAP tables are properly indexed. Although I could refine this configuration changes, problem is not ldap indexes. I have all indexes created, openldap is answering all the queries postfix makes. The problem I'm trying to fix is that postfix is making lot of repeated queries. In the transactions I sent in my first email, in one transaction it makes 8 queries, 5 of then was the same query. -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica_(___V Tfo: 868887590 Fax: 86337
