I need to setup an environment made up of multiple MTAs to accept incoming mail, in load balance configuration. One of the requirements is bandwidth quotas for sasl users; due to the fact that we can't predict which server the user will submit mail to, every MTA must perform policy delegation against one single backend. What is the best way to accomplish this task? I thought about 2 possibilities:1) x MTAs + x policyd daemons (one for every MTA server) + 1 external db 2) x MTAs + 1 external policyd daemon (used by all MTAs) + 1 external db
Both of these should work. The load levels really depend on how complex policies you setup, how many of them ... etc.
I personally would start off with 1 policyd server and monitor the CPU usage, should policyd be munching quite a chunk one may want to try optimize the policies or maybe even put a policyd instance on each machine.
AFAIK, possibility n.1 could lead to a race condition on the db: each policyd daemon could overwrite results previously written by others about the current cumulative size of mail submitted by a user. Am I right?
As far as I recall this *could* affect only an insert, not an update. The chances are you'll get a mail from the same sender, to the same recipient from the same IP both at the exact instant on 2 servers is rather remotely. One instance may generate a DEFER due to a DB insert error.
If so, is possibility n.2 the only viable option? How will a single policyd daemon deal with the load of multiple (let's say 5) high-traffic (>20.000 mail/day/mta) MTAs? Of course I'll set the number of policyd concurrent threads accurately.
It really depends on how complex your rules are as per above, I'd try it out if I were you with 1 server and see how the load goes. I don't foresee a problem, on a pretty standard install with about 1M message a day I've seen a policyd server run with maybe 5% CPU on a dual Xeon with 4Gb RAM.
-N
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users
