Hi,For a GNU GPLv3 open source project I'm working on - the ELSE - and about which I posted some time ago there, I've studied greylisting and various open source tools like PostGrey, or GLD (that seems to not be maintained any more), or policyd. I've also read http://www.postfix.org/SMTPD_POLICY_README.html
Then, re-using some code of the author of GLD (<sa...@gasmi.net> <http://www.gasmi.net>), I tried to make, let's say, an experimental version of a "Postfix SMTP access policy delegation" implementation in a daemon. I've called this module, the "GreyLSE". Yeah... Probably there are better names...
In short, the GreyLSE is: - a daemon made with C/C++ - needs the PostgreSQL database of the ELSE because works only with that- should be able to handle a lot of Postfix policy delegation requests per second, due to the fact it creates a child (with a max limit) for each Postfix request, but, and this is maybe where I could see a difference with GLD for instance, using only a unique database connection (the greylse spawn a database child only for this purpose). For instance in GLD, and if I don't do mistake, a connection to the database was created for each Postfix request, then closed. So the GreyLSE can, in theory, process much more Postfix requests per second (according tests for a big worldwide ORG, it was rated at 20 requests/second opening and closing each time a new DB connection, and now it is rated as high as 900 requests/second, but it depends of course of your server). - the GreyLSE in conjonction with the Web interface used to define rules and control it (in the ELSE), can manage also: auto-cleaning, whitelists, blacklists, holdlists, and in the futur what I call the RTAAM. Probably other things in the futur (SPF, ...) - the GreyLSE can also works with the ELSEMC (User's personnal messaging center) that is another web interface allowing users to control their personnal black/white/grey lists - several instances of the GreyLSE installed on various servers in an ISP type infra can work together - all the logic is processed by the database. In fact, the GreyLSE is just an interface waiting for Postfix connections, spawning processes, calling the SQL method in the database that is in charge of all the decision logic, then provides the answer of the SQL method to Postfix.
Now, I don't have any comparison base with other existing softwares to be able to see if 900 requests/second in the conditions of our tests is good or not. And it's probably difficult to ask here what you may think about that... I should make a lab to test GLD, postgrey, and the GreyLSE to have relevant data...
I wanted to ask to this Postfix community if you think it would be better to provide the GreyLSE as a standalone tiny software with its DB schema doing only greylisting, or if having it as an add-on like today, useable with the ELSE and its big database, integrated in the ELSE Web UI, and integrating more features, would be something that could have the preference of the community potentially using this kind of software... Maybe not a question for this mailing-list... I don't know.
A question for the community here: What would be your expectations or interest in this kind of software? A question on Postfix (and sorry if it is an idiot one):For now, the GreyLSE wait a Postfix connection, read the data related to "a unique recipient", and provides the answer to postfix for this recipient then close the TCP connection. I've seen in SMTPD_POLICY_README.html, that Postfix can continue to send data (keeping the same instance name) to the same TCP connection if the policy server don't close it. May I ask this: if we consider the policy server keep the connection opened and don't close it by itself, will Postfix use the connection to send any policy requests to the policy server for all recipients related to the same email (same instance name) and THEN close the connection to the policy server, or will it continue to use the same connection until eventually it is closed by the policy server, whatever is the email in processing (so the same TCP connection is used for multiple unrelated emails)?
I don't known if I understood the SMTPD_POLICY_README correctly, but my own answer to my question would be that Postfix continue to use a TCP connection that is maintained by the policy server (and this is up to the policy server to check if the instance variable "change" at some point... i could test all of that in a lab but if it's faster to get an answer from there...
Best regards, -- Nicolas HAHN
<<attachment: hahnn.vcf>>
