Re: SPF support in opendkim?

From: Steve Jenkins <>
Date: Sun, 14 Aug 2011 10:57:47 -0700

On Sat, Aug 13, 2011 at 9:58 AM, Alessandro Vesely <> wrote:
> On 12.08.2011 01:20, Murray S. Kucherawy wrote:
>>> -----Original Message-----
>>> From: Steve Fatula []
>>> Sent: Thursday, August 11, 2011 2:54 PM
>>> To: Murray S. Kucherawy; Opendkim
>>> Subject: Re: SPF support in opendkim?
>>> On higher volume postfix servers, all those processes being separate
>>> significantly reduces emails per hour one can handle.
>> I'd like to see some data to back that up.  In the analysis I've done,
>> both of them spend most of their time waiting for DNS replies, not
>> cranking through analysis steps or talking back and forth with postfix.
>> And if that's true, then combining the two into one won't save you much of
>> anything in the long run; the I/O delay of having to talk to two filters
>> instead of one will be noise compared to how long you're waiting for DNS
>> servers on far away networks to answer your queries for SPF policies and
>> DKIM keys.
> Although I cannot produce supporting data, I have the same hunch that DNS is
> the bottleneck.  An SPF filter which does not reject right away on failures
> can start queries at an earlier SMTP stage than DKIM, and thus take less time
> for each message.  Consider an SMTP extension that provides for declaring
> DKIM's domain(s) and selector(s) before sending DATA.  Could that better the
> throughput noticeably?
> Just conjecturing...

For high volume mailers, the easiest way to speed up Postfix delivery
is to install a local recursive DNS cache/resolver. I recommend
Unbound. Sub 5-minute install and configure. Give it a shot.

Received on Sun Aug 14 2011 - 17:58:01 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:19 PST