Does anyone here have any good experience to share on
building large scale quarantines?
I'm looking at the possibility of having to figure out
some way to do quarantining for the following
scenario:
*. Per-user, for a possible 200k users, but must scale
to much more. The ramification here being that
messages would have to be parsed frequently when an
user comes in and wants to see a list of messages (via
some web page)
*. Centralized, so the quarantine would have to live
on NFS, instead of having to check on 10+ servers each
time a user want to look up their quarantined messages
*. Would receive about 350k messages into the
quarantine a day, of which 99% are certainly spam, so
I wouldn't want to just freeze it and leave it in the
spool and gunk up the works
Does anyone have any best practices on this? My two
thoughts have been:
1. Freeze them and use move_frozen_messages and have
Fmsglog/Finput be symlinks to NFS mounts.
Unquarantining would just be a case of moving files
back to input/msglog. Judging by list archives and
google, the move_frozen_messages is pretty rarely
touched. Does exim take kindly to having messages like
that suddenly reappear in the queue? And I presume
that I'll need to futz with the times so it doesn't
hit the retry limit immediately? BTW, I'm not
suggesting that the regular input/msglog dirs would be
on NFS.
2. Save each message in a bsmtp format all on an NFS
mount, then simply reinject the message if it's
unquarantined.
I know neither of these are rocket science solutions,
but I figure that someone on our illustrious list has
probably already tackled this before and might have
some interesting points like "doing #1 will make for
easier parsing than #2 when the user requests a list
of messages, but for #2 you can keep users' bsmtp
files in separate dirs" or "be sure to keep some sort
of index file" or anything else pertinent.
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail