Victor Duchovni put forth on 12/1/2010 5:06 PM: > On Wed, Dec 01, 2010 at 04:50:20PM -0600, Stan Hoeppner wrote:
>> Are LDAP queries still simpler and cheaper once all recipient addresses >> are cached in $data_directory/verify_cache? > > Yes, because the vast majority of "RCPT TO" commands are dictionary > attacks, if not all the time, at least at peak loads when it matters. > Sending an SMTP probe is much more expensive than making an LDAP query. So a remote LDAP query is cheaper than a local table lookup? Interesting. I would have assumed lookups to the local RAV cache file would be infinitely faster than a remote LDAP query. I would guess that for many/most organizations the RAV cache would be populated within a few days max, if not a few hours. After that point, all lookups are to a local table, which again, I'd assume would be much faster than an LDAP query. But you're saying the remote LDAP query is "cheaper" in this case, Viktor? >> Do you disagree with my other 4 points Viktor? You know this stuff far >> better than I, so if I'm wrong on the other points I'd like to be >> corrected, so as not to make the same recommendations in the future. > > My comment is about LDAP table lookups vs. RAV (Recipient Address > Validation). I don't recall what your other points were, if it is not > critical, we probably don't need to revisit them. I don't know about being "critical", but I think they are valid points supporting the use of RAV. > LDAP tables are supported and not discouraged, but high volume sites > may want to dedicate some LDAP replicas to MTA queries. I'm not discouraging anyone from using LDAP queries. I merely made the case that many times RAV is a better choice, and stated some reasons why. I know of one Canadian company with 40K+ users worldwide and a few million MX connections a day that uses strictly RAV on their two MX relays. Their reasons for doing so have much more to do with ease and consistency of management than performance though. Mainly that the dozes of departmental mail servers run a mix of different MTAs (Exchange, Groupwise, Notes, etc) and directory services (AD, eDirectory, etc), making it too difficult to try managing a single LDAP master directory for the MX servers to query. Thus, they use RAV, and it works extremely well for them, from both a management and performance perspective. -- Stan
