On 8/21/2014 5:33 PM, Ronald F. Guilmette wrote: > In message <53f664fe.1030...@megan.vbhcs.org>, > Noel Jones <njo...@megan.vbhcs.org> wrote: > >> amavisd-new has a "penpals" feature that integrates nicely with >> postfix as a pre-queue smtpd_proxy_filter, or a post-queue >> content_filter. I don't use this particular feature, but amavisd-new >> is solid software. >> http://www.ijs.si/software/amavisd/ > > Hummm... What I had in mind was something rather a lot less > "heavyweight". > > I'd prefer not to have to install a whole separate (sizable) monster > whose primary purposes isn't even related to the kind of whitelisting > I asked about.
amavisd-new isn't the monster, but SpamAssassin is. amavisd-new by itself is fairly light, and most of the other stuff is optional. Don't be too quick to dismiss a ready-made robust solution. > >> As an alternative, I don't suppose it would be much trouble to >> convince fail2ban to add outbound email addresses to a database to >> use as a postfix check_sender_access map. > > OK. > > Not that this is at all relevant to me personally, or to my own (small) > local mail setup, but... > > Question: Assuming that something like that was built, and then deployed > on a server with thousands or tens of thousands of e-mail users... How > well would it scale? (Just curious.) If you used an *SQL backend, it should scale pretty well. Using SQL would also let you easily expire addresses that you deem too old. A small server could get away with a cdb: or hash: that gets rebuilt with postmap after updates. No locking problems. That should work up to a few hundred users, maybe more depending on how active they are. Expiring old users with cdb: or hash: would be more complex, but a small server might not care about expiring. The size of the database is of no particular concern; hash: easily scales to hundreds of thousands records, cdb: to millions. My wild guess is that there wouldn't be very many whitelist updates after an initial training period, and you could scrape old logs for a starting list. I expect most folks communicate with a fairly static group of people. -- Noel Jones
