Best way to put spam on hold queue?
in [Postfix]
|
From: Jozsef Kadlecsik on 23 Jan 2010 08:48 Hello, We plan to add the possibility for our users to choose that messages categorized as spam are put on the hold queue instead of the default reject. Thus it'll be possible to release the false positives, which can make life easier for them. Currently I can see two ways to accomplish it, both have got pros and cons. a. Single postfix instance with large enough queue partition. Easier, simpler, however if the queue partition becomes full, the normal traffic is blocked as well. b. Two postfix instances, the first one sends the messages to be held to the second one via a selected transport. (Two policy daemons are required as well.) The first instance handles all the good traffic and diverts the bad one to the second instance, which has the single job to put messages onto its hold queue and release from there. That way the hold queue can be separated and moved to a second partition. Still, if the second instance stops working for whatever reason, the messages to be held will stuck at the first instance. How could one achieve that the held messages are separated from the normal traffic (i.e. hold queue on another partition), but if the messages cannot be held, then those gets rejected instead of queued? Best regards, Jozsef - E-mail : kadlec(a)blackhole.kfki.hu, kadlec(a)mail.kfki.hu PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
From: Wietse Venema on 23 Jan 2010 09:09 Jozsef Kadlecsik: > Hello, > > We plan to add the possibility for our users to choose that messages > categorized as spam are put on the hold queue instead of the default > reject. Thus it'll be possible to release the false positives, which > can make life easier for them. > > Currently I can see two ways to accomplish it, both have got pros and > cons. > > a. Single postfix instance with large enough queue partition. Easier, > simpler, however if the queue partition becomes full, the normal > traffic is blocked as well. > > b. Two postfix instances, the first one sends the messages to be held > to the second one via a selected transport. (Two policy daemons are > required as well.) The first instance handles all the good traffic > and diverts the bad one to the second instance, which has the single > job to put messages onto its hold queue and release from there. > That way the hold queue can be separated and moved to a second > partition. Still, if the second instance stops working for whatever > reason, the messages to be held will stuck at the first instance. > > How could one achieve that the held messages are separated from the normal > traffic (i.e. hold queue on another partition), but if the messages cannot > be held, then those gets rejected instead of queued? Given Postfix's architecture, a loosely-coupled pipeline without global feedback, there is no obvious way to build global feedback into Postfix itself. I suggest that you run an email monitoring system. When the secondary system stops accepting mail for more than some minimum amount of time (allowing enough time for the system to reboot), update the configuration on the primary system. Wietse
From: Jozsef Kadlecsik on 23 Jan 2010 09:52 On Sat, 23 Jan 2010, Wietse Venema wrote: > Jozsef Kadlecsik: > > > > How could one achieve that the held messages are separated from the normal > > traffic (i.e. hold queue on another partition), but if the messages cannot > > be held, then those gets rejected instead of queued? > > Given Postfix's architecture, a loosely-coupled pipeline without > global feedback, there is no obvious way to build global feedback > into Postfix itself. > > I suggest that you run an email monitoring system. When the secondary > system stops accepting mail for more than some minimum amount of > time (allowing enough time for the system to reboot), update the > configuration on the primary system. Yes, monitoring is inevitable. And that imply you would prefer the two instances setup :-). Just as a theoretical question, would it fit somehow into Postfix to support the hold queue *alone* in a separated partition? The flow would look like - normal smtpd processing of incoming request - if the action is HOLD and hold queue on a separate partition by config, ask cleanup to forget about the queue entry in incoming and request a new one in the hold queue - if message cannot be queued successfully, report it to the client Of course it might mean too much violation of the Postfix internals. Best regards, Jozsef - E-mail : kadlec(a)blackhole.kfki.hu, kadlec(a)mail.kfki.hu PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary
From: Wietse Venema on 23 Jan 2010 11:51 Jozsef Kadlecsik: > On Sat, 23 Jan 2010, Wietse Venema wrote: > > > Jozsef Kadlecsik: > > > > > > How could one achieve that the held messages are separated from the normal > > > traffic (i.e. hold queue on another partition), but if the messages cannot > > > be held, then those gets rejected instead of queued? > > > > Given Postfix's architecture, a loosely-coupled pipeline without > > global feedback, there is no obvious way to build global feedback > > into Postfix itself. > > > > I suggest that you run an email monitoring system. When the secondary > > system stops accepting mail for more than some minimum amount of > > time (allowing enough time for the system to reboot), update the > > configuration on the primary system. > > Yes, monitoring is inevitable. And that imply you would prefer the two > instances setup :-). > > Just as a theoretical question, would it fit somehow into Postfix to > support the hold queue *alone* in a separated partition? The architecture requires Postfix can move messages between queues without having to make copies. Wietse
From: mouss on 25 Jan 2010 18:11 Jozsef Kadlecsik a �crit : > Hello, > > We plan to add the possibility for our users to choose that messages > categorized as spam are put on the hold queue instead of the default > reject. Thus it'll be possible to release the false positives, which > can make life easier for them. > > Currently I can see two ways to accomplish it, both have got pros and > cons. > > a. Single postfix instance with large enough queue partition. Easier, > simpler, however if the queue partition becomes full, the normal > traffic is blocked as well. > > b. Two postfix instances, the first one sends the messages to be held > to the second one via a selected transport. (Two policy daemons are > required as well.) no policy daemons are required, unless I don't understand where you're heading... passing messages to the quarantine instance may be based on headers (X-Spam-*), recipient address (user+spam(a)domain)... > The first instance handles all the good traffic > and diverts the bad one to the second instance, which has the single > job to put messages onto its hold queue and release from there. > That way the hold queue can be separated and moved to a second > partition. Still, if the second instance stops working for whatever > reason, the messages to be held will stuck at the first instance. > so what? if you think this will happen often, redesign. if not, monitor. if no enough, add redundancy... > How could one achieve that the held messages are separated from the normal > traffic (i.e. hold queue on another partition), but if the messages cannot > be held, then those gets rejected instead of queued? > optimise for the common case, not for a corner case.
|
Pages: 1 Prev: smtp auth over ssl for smartrelay configuration Next: 451 4.3.0 Error: queue file write error |