John Hill via Postfix-users: > I'm concerned most about postfix reloads. I have a small system only 4 > users. (Retired Hobby)
On a lightly server, reload is quick. On a busy server, a reload interrupts deliveries and requires a queue scan to find messages that are ready for delivery. That is relatively slow. > I average nearly 500 failed login attempts from around the world every > 24 hours. In that case, "best" would lean more towards "convenient to live with" and less towards "able to support planet-scale infrastructure'. > Fail2ban sees errors and I add the ip to posctscreen.cidr or nftables > depending, but then I do a reload. > > Nftables offers an "atomic" reload. I use MariaDB for the virtual > user info. I wondered if maps or cdir could read be read from it > and eliminate the reload. Maybe a way to do a map read while still > in process? There's a third option, Michael Tokarev's rbldnsd. This implements a private DNS reputation service instead of a postscreen access table. Like nftables, this avoids the need to reload Postfix. It's currently maintained by Spamhaus: https://github.com/spamhaus/rbldnsd rbldnsd automatically checks if data files have changed (by default once per minute), but you can also send it a SIGHUP signal to reload "now". It's desigined to handle a large query load. Wietse _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
