Andrea Carpani <[email protected]> wrote: > If I understand correctly the mysql schema, I'm suppsed to include all > domains into policy_group_members.
No Define default policies, and only add domains that are exceptions to the defaults - no need to add 25k domains to the table ! Personally I had trouble with inheritance, so I made my policies mutually exclusive. So for example, a policy for normal outbound mail (anything where the user used SASL but the address used wasn't in the hi-vol users list), a policy for high volume senders (SASL used is in a table of allowed users), and inbound (no SASL and not a locally generated message). The only tabel that has any "per user" or "per domain" entries is the member group for the high volume senders. Now, what will scale up with 25k domains (and assuming normal traffic patterns) is the number of connections/messages to track. That's automatic in that Policyd generates the various tracking table entries automatically as required. Apart from sizing the DB server to cope with the load, the only other issue that comes to mind is that of cleanups. You'll need to run "cbpadmin --cleanup" periodically, and I suspect you may run into locking issues if it has to cleanup a huge number of entries in one go. Running it more frequently should help, and possibly some server/db engine config tweaks. _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
