Andrea Carpani <[email protected]> wrote:
>>> If I understand correctly the mysql schema, I'm suppsed to include all
>>> domains into policy_group_members.
>> No
>> Define default policies, and only add domains that are exceptions to the
>> defaults - no need to add 25k domains to the table !
>
> Ok, but I need to have different default for inbound and outbound: how would
> cluebringer know which are internal domains ?
>
>> Personally I had trouble with inheritance, so I made my policies mutually
>> exclusive. So for example, a policy for normal outbound mail (anything where
>> the user used SASL but the address used wasn't in the hi-vol users list), a
>> policy for high volume senders (SASL used is in a table of allowed users),
>> and inbound (no SASL and not a locally generated message). The only tabel
>> that has any "per user" or "per domain" entries is the member group for the
>> high volume senders.
>
> Ok, so you used SASL to discriminate between outgoing and incoming?
That's not the only way.
In my case, any sent mail (other than locally generated on the machine)
*should* come from SASL auth'd clients. If they don't auth, then the mail is
treated as incoming and will normally get rejected with "relay denied".
If (say) you have a bunch of internal machines that send mail for these
domains, then you could define them by ip address/mask.
>> Now, what will scale up with 25k domains (and assuming normal traffic
>> patterns) is the number of connections/messages to track. That's automatic
>> in that Policyd generates the various tracking table entries automatically
>> as required.
>
> My worry here was some sort of internal SQL JOIN with 25k rows.
>From memory looking at the debugging some time ago, the queries are of the
>form "<something> [=|matches] <something>". So if you did do a list of 25k
>entries, the query would be something along the lines of "select * from <some
>table>where sender_domain=${sender_domain}" - ie it does a select and looks to
>see how many rows are returned (0=not a member, >0=a member).
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
