koffiejunkie wrote:
That's odd. Someone who would go through the time/effort to set up
qmail didn't secure their box? Weird.
Well, it's like this. I work for a hosting company, a lot of our
clients use a certain hosting panel whose name I won't mention. This
Smells like Plesk. (GRIN)
There, you didn't have to say it. :-)
I get at least one box that's compromised in one of the above ways per
day. Clients call saying their mail isn't going out. This is usually
because there are tens of thousands of mails in the queue and the box is
paralised.
Ick. Do you monitor port 25 outbound at your border for spikes in
traffic? Seems like in some cases that would be the only way you'd ever
see it when dealing with the low-end ultra-clueless hosted customers.
Ever had your entire netblock dumped into one of the major spam
"fighting" sites... have seen that many years ago at a large
datacenter... sure pissed off the other customers.
The "spam-fighters" were their usual unresponsive, uncaring selves and
didn't care that they'd been overzealous in their "crusade" against
spam. Little discipline in many of those groups... but a lot of emotion.
I hate spam, but engaging in such a way as to cause mass collateral
damage to real businesses and people trying to make a living to "make a
point"? Give me a break. It's like someone coming to your
brick-and-mortar store and pointing a gun at you and saying, "Get the
guys next door to stop selling XYZ product! And if you don't we stand
here and you're out of business until you do!" It's retarded.
(We had already found the problem in the original customer's server and
stopped it from happening with them. But getting an entire Class-C that
was properly SWIP'ed and reverse-DNS tagged as NOT just being that one
customer, off the spam lists, was a long and annoyingly difficult
process, even when I could prove the other problem was gone, and that
there WERE people overseeing that netblock who weren't criminal or
insane spammers.)
The real answer has been, and always will be... a method to authenticate
both servers and end-users of e-mail, end to end. Until that day, spam
reigns supreme, no matter how hard anyone tries.
Take note, I'm talking about undeliverable mail. qmail doesn't deal
well with this. It is pretty fast if all the mail can be delivered
without problems.
Yep. It sucks at that. Ties up tons of resources. The way the place I
saw using it heavily dealt with that is that they had separate inbound
and outbound servers... and more than one outbound... what a waste of
time... but it worked for them.
Postfix is quite a different beast. The one and only time I saw it
straining under load, a client phoned and complained that his mail was
slow. Turns out he set up a mysql backend, but couldn't get smtp
authentication working with it (forgot to install pam_mysql) and instead
decided to just allow relay for 0.0.0.0. Let your imagination do the
rest. His humble little server (I think it was a duron with 512MB ram
and a single IDE disc) had over a million mails in the queue, but was
still spitting out mail, just not as fast as he was used to.
LOL!
What made this a pleasure to work with, was that after fixing the relay
issue, I could move all the mail in the active queue to the hold queue,
so mail was instantly flowing as normail, which gave me all the time in
the world to delete the spam and requeue the legitimate mail. qmail (to
the best of my knowledge) doesn't have a way to do this.
Yeah. Managing mail via moving files is far more sane than dealing with
specific mail queue commands, different on every system. Moving files
seems much more "Unix-like" to me.
Never seen a queue quite that high, but I would assume the box would
get both CPU and I/O bound for most values of "box". (GRIN)
Yeah, it gets to them. Another silly thing with qmail is that when you
restart it, it doesn't kill existing outgoing smtp sessions. So if your
remoteconcurrency is set to 100, you'll now have 200 sessions, until the
first 100 all timed out.
Hahaha, I don't think I ever noticed that, but makes sense!
Well, maybe after reading along here, the original poster (if he's even
still here or paying attention to the list...) is thoroughly scared off
of qmail now. Which probably isn't a Bad Thing(TM), since there's just
better options available... and have been for quite a while...
Nate WY0X
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
