Cyrus and Postfix question

Kendrick Vargas ken at hudat.com
Fri Jan 9 22:41:32 EST 2004


On Fri, 9 Jan 2004, Joakim Ryden wrote:

> And if one is happy and things are working one should stick with it of 
> course. :)
> 
> I was just trying to point out that if you're handling a fairly large 
> amount of e-mail and from Postfix are calling wrapper+spamc+running 
> spamd+deliver chances are you wouldn't be that happy. ;)

Gotta agree with that one. My personal little box tends to take a beating,
and I've been looking for ways to streamline it. This has tended to take a
path away from spawning processes :-) My biggest concern was always with
dropping email, and that seemed to be the most common problem with using
wrappers over an smtp filter setup, so I used the spamc/spamd pair
thinking it'd be the least likely to drop things.

It's so much easier now that I've got postfix (almost) set up just how I 
want it on my new machine. I've been using spampd and I hacked in the code 
to enable loading of SQL preferences per user. The only thing I'm not too 
happy about is running two instances of postfix to do what I want to do, 
but it seems to be running fine so I'm not giving it a second thought.

My new setup has the primary postfix instance filter everything through 
the filtering instance of postfix. This allows me to pass ALL traffic 
through at least a virus filter. Then, locally deliverable mail uses a 
mysql transport map to decide whether to go through the spamassassin 
filter or straight through to cyrus. Now spam can be turned off per user 
(or per domain), which is something my users have been asking for. 

I'm thinking this is gonna be a bit sweeter than my last setup. To the 
original poster for the opinions on cyrus + postfix: It's a sweet setup, 
but it's even sweeter when you introduce good virus and spam filtering :-) 

Using sockets to deliver mail instead of wrapping around a deliver program 
is gonna reduce your overhead by a fair amount, especially if you deliver 
a fair amount of email. I've heard that using unix domain sockets is 
faster than tcp, but I've got no numbers to back that up. In the end, I 
think the unix: option is the way to go. The only gotcha to worry about is 
getting the permissions on the path right.
			-peace

-- 
Let he who is without clue kiss my ass






More information about the Info-cyrus mailing list