On 27/08/2014 11:00, Simon Hobson wrote:
Andrea Carpani <[email protected]> wrote:
If I understand correctly the mysql schema, I'm suppsed to include all domains
into policy_group_members.
No
Define default policies, and only add domains that are exceptions to the
defaults - no need to add 25k domains to the table !
Ok, but I need to have different default for inbound and outbound: how
would cluebringer know which are internal domains ?
Personally I had trouble with inheritance, so I made my policies mutually exclusive. So for
example, a policy for normal outbound mail (anything where the user used SASL but the address used
wasn't in the hi-vol users list), a policy for high volume senders (SASL used is in a table of
allowed users), and inbound (no SASL and not a locally generated message). The only tabel that has
any "per user" or "per domain" entries is the member group for the high volume
senders.
Ok, so you used SASL to discriminate between outgoing and incoming?
Now, what will scale up with 25k domains (and assuming normal traffic patterns)
is the number of connections/messages to track. That's automatic in that
Policyd generates the various tracking table entries automatically as required.
My worry here was some sort of internal SQL JOIN with 25k rows.
Apart from sizing the DB server to cope with the load, the only other issue that comes to
mind is that of cleanups. You'll need to run "cbpadmin --cleanup" periodically,
and I suspect you may run into locking issues if it has to cleanup a huge number of
entries in one go. Running it more frequently should help, and possibly some server/db
engine config tweaks.
Thanks: this task is running one every hour.
.a.c.
AndreC
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
