Wietse Venema:
> Unlike DNS lookups, the access map lookup is a blocking operation,
> and if your tcp map takes 80ms to complete (a typical trans-atlantic
> query), then you can handle only 12 connections per second, and
> make postsceen the largest performance bottleneck on the system.
After starting work on postscreen by the middle of 2009, I soon
realized that I might have to add some postscreen-policy interface
for things that are too complex or that take too much time compared
to a quick access map lookup. Perhaps the time has come.
Basically this would be a very small subset of the SMTP server
policy protocol with just the network 5-tuple (source/destination
address/port, protocol, client concurrency), enough to do some
simple reputation work.
Perhaps it also makes sense for postscreen to make a postscreen-policy
call based on the information that it has collected with its dummy
SMTP engine.
Wietse
