> What modules, tables and rules to use to optimize iptables for this type volume? All of the mail is sent on the standard port 25. We need to optimize for quick deliverability. (I've read the man page and looked at TOS with the mangle table. I read somewhere that this only for udp.)
>
> Is there a way to estimate how much hardware we would need for a given volume of mail?
This all really depends on the number of new connections and packets per
time, rather than the number of emails.
Assuming that you'll be sending the 1 million email per day on one
machine, and that you only need one connection per email, we are
talking about 11 cps and maybe 20 times as many packets on
average (or possibly higher, you should measure that).
If you'd just be doing connection tracking, that would not
even heat the CPUs of your standard of the shelf dual core server
with, for instance, 2 good e1000e NICs, very much, let
alone lead to bottlenecks in the near future (2 cores only because
each NIC interrupt usually can only be bound to one core).
We've been running 80.000+ pps / 8000+ cps on such machines
without any problems. Iptables beats all other free software
firewalls by orders of magnitude in terms of raw
forwarding speed (There was a test in a German IT mag a
couple of years ago that established this).
Now whether or NATing changes these relationships much
I do not know, but I'd doubt it.
Thomas
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
