Postfix: July 2008 Archives

for my dual (My)SQL-Server Postfix graylisting policy service mentioned in
this blog entry about the two-node redundant SQL postfix graylisting service
are available:

• mailgrey-policy.pl
• mailgrey-periodic.pl

You will need an MySQL Database Version 5 or greater (for InnoDB performance), perl with DBD::mySQL and Digest::MD5, and Postfix capable of using Policy servers.

With this update, changes to the whitelist databases (postmap) are detected automatically. The literal script in the former blog article was updated also.

As mentioned before, I set up a graylisting combo on two incoming mailservers using Postfix, MySQL and Perl (on Solaris 10). This solution runs now for 19 days and I took the time to analyze the database a little bit. Here's a plot of the number of positive graylisted entries since the beginning (X-axis represents the number of days since the beginning):

First:

On our running Postfix-Graylisting Setup, the two MySQL nodes are quite loaded:

Uptime:                 1 day 8 hours 54 min 29 sec

Threads: 320  Questions: 20519246  Slow queries: 15205  Opens: 522  Flush tables: 1  Open tables: 516  Queries per second avg: 173.204

And this is the result of implementing graylisting:



But let's start from the beginning.

The scenario was like that:
Two mail servers are acting like an MX for an educational institution. 1.2 million spam mails came in per day. The two Ironport appliances behind did their best to sort them out, but in that institution spam cannot be deleted, there are laws against that. So the central cyrus mail server sorts them out via sieve scripts and puts them in the Spam boxes of every user, wasting disk space and - more important - disk i/o.

So I had the idea to implement a graylisting setup.

Each of the two Postfix nodes has its own MySQL database server running. But how to replicate data between them?