On Fri, Aug 19, 2022 at 03:35:25PM +0530, Durga Prasad Malyala wrote:
> > I had a very high I/O load on process tlsmgr because the smtp_scache and
> > smtpd_scache files are written to often (smtp_scache.db ~70mb) .
> >
> > data_directory = /var/lib/postfix
> > smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
> > smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
> >
> > moving /var/lib/postfix to a tmpfs filesystem solved my problem for now,
> > but i am looking for a better solution.
> > I noticed that postfix also supports memcache as lookup table
> > (http://www.postfix.org/DATABASE_README.html)
> > is this also supported for smtp_tls_session_cache_database ? Can anyone
> > show me a config example?
>
> memcache should work just fine. Specify memcache:/configfile instead
> of btree:/pathname. The contents of the configfile are documented
> in memcache_table(5). There is no need to change the default ttl
> of 3600 seconds.
>
> In main.cf, set smtpd_tls_session_cache_timeout=0 and
> smtp_tls_session_cache_timeout=0. Expiration is done in the memcache
> server.
> " Unquote
>
> Will the below lines do? Is the configfile literally a name or do we
> put any name we like? how does it work?
>
> smtp_tls_session_cache_database = memcache:/configfile
> smtpd_tls_session_cache_database = memcache:/configfile
The content of smtp_tls_session_cache_database is highly sensitive,
anyone who can read the database can decrypt your recent TLS traffic.
How do you secure access to "memcache"? I would not recommend this
configuration. Do you really suffer throughput issues with the
cache in a disk file?
--
Viktor.
