On 10/30/2009 9:05 PM, Stan Hoeppner wrote:
Robert Lopez put forth on 10/30/2009 6:57 PM:
It is not clear to me what the benefit of multiple files is beyond
this association.
Organization and ease of management for one. For example:
smtpd_client_restrictions =
check_recipient_access hash:/etc/postfix/access
check_client_access hash:/etc/postfix/access
pcre:/etc/postfix/check_client_fqdn.pcre
hash:/etc/postfix/coolsavings.access
hash:/etc/postfix/richk-1.access
cidr:/etc/postfix/cidr_files/china.cidr
cidr:/etc/postfix/cidr_files/korea.cidr
cidr:/etc/postfix/cidr_files/russia.cidr
cidr:/etc/postfix/cidr_files/ukraine.cidr
cidr:/etc/postfix/cidr_files/malaysia.cidr
cidr:/etc/postfix/cidr_files/belarus.cidr
cidr:/etc/postfix/cidr_files/indonesia.cidr
cidr:/etc/postfix/cidr_files/hongkong.cidr
cidr:/etc/postfix/cidr_files/africa.cidr
cidr:/etc/postfix/cidr_files/romania.cidr
cidr:/etc/postfix/cidr_files/thailand.cidr
cidr:/etc/postfix/cidr_files/poland.cidr
cidr:/etc/postfix/cidr_files/spammer.cidr
cidr:/etc/postfix/cidr_files/hurricane-electric.cidr
cidr:/etc/postfix/cidr_files/richk-1.cidr
pcre:/etc/postfix/access.pcre
It's poor form to omit the check_client_access in front of
each map name.
All these cidr maps are a great example of separate tables
that should be combined into a single table with a Makefile.
Maintain the separate input files from different sources for
easy management, then combine them into one table for postfix
to use.
My access file contains some whitelist email addresses, some whitelist
domains, some blacklist domains, and some whitelist and blacklist IP
addresses, so I do have some consolidation in the one file and I use it
in multiple restriction classes.However, it's by far my smallest table
file. Some of my cidr files are pretty large. Note that I'm using the
IPdeny (http://www.ipdeny.com) data and rejecting entire countries' smtp
connections. Some of those files have thousands of entries. Note also
that I'm using multiple table types, hash, cidr, and pcre. It's better
to use multiple files in this kind of setup.
large cidr tables can use huge amounts of memory. If you
really feel you need these, 1) consolidate them into one
table, and 2) use proxymap to open the table once per postfix
instance rather than once per smtpd process.
If the data is available in multiple forms, hash: or cdb:
tables scale much better than cidr, and a local DNSBL running
rbldnsd scales even better.
http://www.corpit.ru/mjt/rbldnsd.html
-- Noel Jones
