How often do you run cleanup script ?
How long do you set the triplet expiry ?
Try selecting a triplet from MySQL and see how long does it take ..
My other suggestion :
- Make sure that policyd is called after recipient verification / after
blacklist.
- run DNS cache locally
- run RBL locally and combine the zone file so postfix only do 1 lookup
for various RBL.
- Run policyd database on dedicated machine.
- separate incoming mail and outgoing mail server.
- Try using following DNS_Whitelist. It will help you cut down the
number of triplet in your DB and also, allow almost 80% of email
coming from proper mail server:
----------------------------+-------------------------------------------------------------+---------+
| _whitelist |
_description | _expire |
+----------------------------+-------------------------------------------------------------+---------+
| bigfish.com | # bigfish.com has smtp servers behind
multiple ips | 0 |
| %mail% | mail
server | 0 |
| %smtp% | mail
server | 0 |
| %.server-web.com | webcentral web
servers | 0 |
| %.iserver.net | Verio
Webhosting | 0 |
| %.messagelabs.net |
MessageLabs | 0 |
| %.ev1servers.net | # ev1 hosting
company | 0 |
| %hosting% | # big possibility of running proper mail
server | 0 |
| %mx%.% | # big possibility of running proper mail
server | 0 |
| %server% | # big possibility of running proper mail
server | 0 |
| %post% | # big possibility of running proper mail
server | 0 |
| %exchange% | # big possibility of running proper mail
server | 0 |
| %return% | # big possibility of running proper mail
server | 0 |
| ns1% | # big possibility of running proper mail
server | 0 |
| ns2% | # big possibility of running proper mail
server | 0 |
| %google.com | #
Google | 0 |
| %yahoo.com% | #
Yahoo | 0 |
| %hotmail.com% | #
Hotmail | 0 |
| %mta% | # likely to e a proper mail
server | 0 |
| %pobox.com | #
pobox | 0 |
| %smarthost% | # big possibility of running proper mail
server | 0 |
| %relay% | # big possibility of running proper mail
server | 0 |
| %proxy% | # big possibility of running proper mail
server | 0 |
| %list% | big possibility of mailing list
server | 0 |
| %bounce% | big possibility of mailing list
server | 0 |
| %.shared.server-system.net | # ATO outgoing mail
server | 0 |
| %www% | # big possibility of running proper mail
server | 0 |
| ns3% | # big possibility of running proper mail
server | 0 |
| %.lnk.telstra.net | # Telstra business IP
address | 0 |
| %gw1% | # big possibility of running proper mail
server | 0 |
| %gw2% | # big possibility of running proper mail
server | 0 |
| %gw-% | # big possibility of running proper mail
server | 0 |
| %outbound% | # big possibility of running proper mail
server | 0 |
| %filter% | # big possibility of running proper mail
server | 0 |
Hope this help.
Regards,
Rianto Wahyudi
--- "Adela Putri Tirta Belek"
Leon de Jager wrote:
Hi,
I have a setup of 6 MX servers, each running policyd and a database
server with approximately 9 million records in the triplet table.
Recently every now and then the MX's starts timing out when attempting
smtp connections to it and on closer inspection I can see the default
maxproc of postfix has been reached.
Postfix config is pretty standard with virtual mailboxes etc, policyd
has the following enabled;
FAILSAFE
DATABASE_KEEPALIVE
DAEMON
WHITELISTING
BLACKLIST_HELO
HELO_CHECK
GREYLISTING
I've set the maxproc to 500 for now and closely monitoring the server
and database server.
mx03:~# ps aux | grep smtpd | wc -l
297
Has anyone here come across this behaviour? Any suggestions?
Previously I had postfix-gld running and never came across this...
Many thanks in advance.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
policyd-users mailing list
policyd-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/policyd-users
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
policyd-users mailing list
policyd-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/policyd-users
