On Fri, Jun 09, 2006 at 02:24:11PM +0200, Joachim Schipper wrote: > On Fri, Jun 09, 2006 at 07:07:19AM -0400, Pancho Cole wrote: > > I have been building and testing some postfix mail server > > configurations recently, and I am looking for advice. > > I currently have postfix authenticating against the password file, > > but I think I want to use SQL (PostgreSQL) or LDAP, though I have > > limited SQL experience and only some LDAP admin experience. > > Any particular reason? I've found a properly scripted password file > works quite acceptably, and less complexity means less problems down the > road.
When I worked for a small ISP that had 5000 domains, we found the best thing to do was use passwd for auth as anything else was too slow. When an account was added via the website, a perl script would pull data from SQL, generate passwd, postfix confs & reload postfix. You could have cron run the script every 15 mins and only generate config files if there was new data/accounts to remove. > > I > > would like to enable quotas to limit the folks who don't delete > > messages, > > Wietse believes this cannot be adequately solved in the mailer, and is > likely to be right. Some third-party patches exist, though. > > This might have been solved since I last looked, but some kind of charge > for large mailboxes might be the way to go. Found that in practice unix quotas on maildir acounts, even with NFS work well with postfix. Because you have more than a few accounts, if some are a wee bit over, some other users will not use much of their space, so it averages out across your disks. > > Also, some sort of greylisting scheme might help. Be aware that there > are very real downsides to greylisting - most notably, mail server > admins would need *much* more spool space if everyone used it. > > However, this is on the other side. On your side, people seem to expect > e-mail to be a near-instant, reliable bulk data transfer service. While > it *is* reliable in the sense that it usually tells you when it fails to > deliver a message (though that only helps for people sufficiently > clueful to actually read it), it's neither instant nor good at > transferring bulk data. Good luck getting anyone to recognize that, > though. > > Greylisting is the most effective way to reduce spam. Filtering engines are heavy users of memory & cpu cycles, so your machines will bog. You can solve this by thowing money at it: more cpus, more machines, more rack space, etc, etc. It might be easier to explain that spamd is your first line of defence. Spamd -g is much better than the postfix postgrey system. -- Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED]
