Patrick Ben Koetter:
> * Wietse Venema <postfix-users@postfix.org>:
> > Patrick Ben Koetter:
> > > * Wietse Venema <postfix-users@postfix.org>:
> > > > Wietse Venema:
> > > > > Unlike DNS lookups, the access map lookup is a blocking operation,
> > > > > and if your tcp map takes 80ms to complete (a typical trans-atlantic
> > > > > query), then you can handle only 12 connections per second, and
> > > > > make postsceen the largest performance bottleneck on the system.
> > > >
> > > > After starting work on postscreen by the middle of 2009, I soon
> > > > realized that I might have to add some postscreen-policy interface
> > > > for things that are too complex or that take too much time compared
> > > > to a quick access map lookup. Perhaps the time has come.
> > > >
> > > > Basically this would be a very small subset of the SMTP server
> > > > policy protocol with just the network 5-tuple (source/destination
> > > > address/port, protocol, client concurrency), enough to do some
> > > > simple reputation work.
>
> Seems like you had fleshed out a simliar idea a few years before, too:
> https://www.mail-archive.com/postfix-devel@postfix.org/msg00258.html
>
>
> > > > Perhaps it also makes sense for postscreen to make a postscreen-policy
> > > > call based on the information that it has collected with its dummy
> > > > SMTP engine.
> > >
> > > That's great news! The reason Christian is using tcp tables is that
> > > there's no
> > > postscreen API to call external policy services at the moment. If there
> > > was
> > > he/we would be eager to use that instead.
> >
> > Yes, I wanted the discussion to end on an optimistic note. Something to
> > work on in the train.
>
> I was just perusing the Change Log for the upcoming Postfix 3.3 release
> looking for a note referring to a postscreen policy delegation protocol.
>
> Did I miss the note? Did you loose interest? Missed the train? ;)
Lack of time. It's no more complex than the way that postscreen
communicates with dnsblog processes. Maybe in the Postfix 3.4 cycle.
Wietse
