On Sat, Oct 17, 2020 at 02:05:57PM -0400, Demi M. Obenour wrote:
> > Postfix 3.4 and later grudgingly do some event-driven work because
> > TLS connection reuse with OpenSSL is not possible out-of-process.
> > So the tlsproxy(8) process context switches between multiple TLS
> > connections, but the rest of the SMTP delivery agent is one
> > connection per process and performs just fine. The architecture is
> > however more robust and secure.
>
> Good point. I have wondered if something like s2n would be a better
> choice, although I would probably use the OpenBSD Postfix packages
> built against LibreSSL.
Postfix does not support LibreSSL, and LibreSSL does not make it
possible to move SSL connections between processes, it is just a stale
fork of OpenSSL. There's no advantage in using LibreSSL and Postfix
depends on features of the real OpenSSL.
> If one is Google or Microsoft and need to process hundreds of millions
> of messages per day, then Postfix might not work. But if one needs
> to handle that much mail, then one can probably afford to write a
> bespoke MTA.
IIRC Hotmail originally ran on Postfix, sendming and receiving email
scales horizontally, just field more hardware as needed. But that was
some time ago, and by now I am sure that they did replace it with
something built inhouse. The thing that really needs custom scaling is
the IMAP and webmail frontends, they surely have interesting storage
management designs to support O(1 billion) users with O(1Gb) of email
each.
--
Viktor.
