On Thu, 1 Feb 2007 6:56 am, John Peacock wrote:
Bryan Scott wrote:
Forkserver maxes at 30 on the 2 filters and 15 on the primary (which
is mostly answering to machines using stale DNS records, i.e. dynamic
zombie hosts).
That is almost precisely our current configuration (except that the
inbound servers are ~450MHz Pentium-equivalent!). I actually refuse
any non-AUTH traffic on the primary server, since it has never been an
MX record. I can't use greylisting because too many people here get
all freaked out if a message doesn't appear instantly in their inbox.
:(
My users had that same concern about inbound mail latency, but it went
away somewhat after I implemented it and their most common senders were
whitelisted. Right now greylisting is the only thing keeping my box
(and users) from drowning right now. Spamassassin blocks a lot of
stuff, but aside from going with a commercial system, greylisting is the
best defense against the zombies that I've found.
