dlostboy (at) lostinfo (dot) com 
Home | Journal | Multimedia | Files | Other | Links | About
      FreeBSD Postfix/Cyrus Performance Upgrades

Alrighty, so you thought your 400Mhz with 128MB of ram could handle 100,000 messages a day after you turned on your virus filtering. Yeah, that'd be wrong. Here's some things I done in my own configuration that has helped let the spice flow (Dune reference if you didn't know). I will document the relavent entries. If you have something different, you'd need to comment those out and replace them with these:

/usr/local/etc/postfix/main.cf additions/modifications 

	maximal_queue_lifetime = 1d
	bounce_size_limit = 50000
	
	mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
	fallback_transport = cyrus
	
	smtpd_hard_error_limit = 3
	
	in_flow_delay = 0
	smtpd_error_sleep_time = 0s
	default_process_limit = 500
	smtp_connect_timeout = 20s
  • The queue lifetime describes how long messages will stick in the queue that can't be delivered. Mostly spam-bounces will inhabit your queue greater than a day so that's what we'll throw them out at. Be careful tho' because this also sets how long your server will hold mail for ETRN clients.
  • The bounce size limit prevents you wasting time returning a 3MB email cause it bounced.
  • The transport lines change it from delivering through the "cyrus" entry in /usr/local/etc/postfix/master.cf to delivering through the lmtp socket. I've had far greater throughput using this method. We'll fallback to cyrus even though if lmtp isn't working, "cyrus" probably isn't either.
  • The hard error limit prevents SPAM dictionary attack. If they create 3 errors while sending email, it breaks the connection. RCPT TO: addresses that don't exist, trigger a hard error.
  • The others are just to keep postfix from wasting time or being scared to use resources. We'll assume that you are putting a fair amount of horsepower and ram into your all important mail server.

    After that's done, well make it so that you can virus scan more emails at a time than just 2 (default amavisd configuration) We do that by changing the /usr/local/etc/amavisd.conf entries as such: 

    	 $max_servers  = 15;   # number of pre-forked children          (default 2)
	 $max_requests = 15;   # retire a child after that many accepts (default 10)
    Use your tools like "top" to make sure you're not overloading the machine. My machine does well at 15, yours might do more or less depending on it's configuration. This allows my server to simultaneously process 15 emails at once through the SpamAssassin and F-Prot scanners. We're not done yet though because we have to let postfix know that we intend on going up to 15 from 2.

    /usr/local/etc/postfix/master.cf changes 
    	 smtp-amavis unix -      -       n     -       15  smtp
    We find the line that has "2" as it's max-process limit and change it to 15. This allows postfix to take advantage of the extra virus scanners we're now running.
  • postfix reload

    • and enjoy!
     

      ©2000, ©2001 LostInformation