Hello, I run a mailing list with approximately 200 subscribers. To combat abuse on the open-registration mail server, I am trying to use policyd to impose various restrictions on outgoing mail.
The trouble comes in with my mail server. It seems every message is being delayed by one second when policyd is enabled. This means that for 200 subscribers, a message will take around 3:20 to deliver. Here are logs demonstrating: /var/log/maillog: > Apr 3 01:35:54 (snip) postfix/local[26564]: CD5A526111C: > to=<[email protected]>, relay=local, delay=0.52, delays=0.4/0.02/0/0.1, > dsn=2.0.0, status=sent (delivered to command: /usr/lib/mailman/mail/mailman > post mailman) > Apr 3 01:35:54 (snip) postfix/virtual[26235]: BA64B261124: > to=<(snip)@cock.li>, relay=virtual, delay=1.2, delays=1/0.02/0/0.11, > dsn=2.0.0, status=sent (delivered to maildir) /var/log/cbpolicyd.log > [2015/04/03-01:53:42 - 31020] [CORE] INFO: 2015/04/03-01:53:42 CONNECT TCP > Peer: "[::ffff:127.0.0.1]:54825" Local: "[::ffff:127.0.0.1]:10031" (not the line for the same email, but the same contents) This is much longer than the list is used to waiting for messages, and is causing a lot of confusion. This list posts as many as 8500 messages in a month, so the 200 subscribers are pretty actively posting and monitoring the list. This has been enough for me to disable policyd in the past, but abuse is increasing and I really do need policyd to help. There are two ways I see to resolve this problem: 1. Rapidly speed up policyd performance 2. Provide mailman with a means to bypass policyd altogether. For 1, I've tried profiling MySQL queries, but it doesn't seem that's the bottleneck here as nothing shows up in slowlog with long_query_time = 0.1. CPU usage also does not spike during this time, so it doesn't seem to be too computationally expensive. The only policyd settings I have set are "Policies -> Main", and "Policies -> Groups" at their default values. Everything else (Access Control, HELO/EHLO Checks, SPF Checks, Greylisting, Quotas, and Amavis Integration) is either deleted or disabled. For 2, I tried setting up another line in master.cf with an alternate port that reset the smtpd_recipient_restrictions and smtpd_end_of_data_restrictions variables. This doesn't seem to have worked. Any help on this issue would be very much appreciated. Let me know if there's anything else I can provide to give more insight into this. Thanks, Vincent Canfield -cock- 5CB4 9CDC EAC7 97FB F8BD C074 FD71 AD27 71A5 CC1B _______________________________________________ Users mailing list [email protected] http://lists.policyd.org/mailman/listinfo/users_lists.policyd.org
