Lefteris Tsintjelis:
> On 22/6/2019 10:18, Durga Prasad Malyala wrote:
> > Hi
> > Does anyone have best practices link for postscreen implementation.
>
> http://rob0.nodns4.us/postscreen.html
> http://www.postfix.org/POSTSCREEN_README.html
>
> It is a start but I would also like to see more examples and
> recommendations in more advanced setups like multiple MXs sharing the
> same cache map for example, together with additional IPs in multiple
> servers to permanently block invalid attempts.
Sharing a non-persistent cache (memcache) is the only option because
it can respond with low latency both for old and new queries. But
that of course limits the cache size.
Sharing a persistent cache is not an option because that requires
a DBMS with milliscond query latency (with a query latency of 50ms,
one postscreen instance would handle at most 20 clients per second).
You could try to combine a shared memcache and a shared persistent
cache, but that will only improve the best case where most connections
come from a limited set of clients. The memcache will not improve
the worst case, for example a backscatter scenario where most clients
are clients new. In that case the postscreen performance would be
exactly as bad as in the previous paragraph.
With Internet services, it would be a mistake to optimize the best
case only; especially if it makes worst-case behavior worse.
Wietse
