On Jan 23, 2011, at 9:04 AM, Matthew Barr wrote: > 1. Outsource: Postini, or other providers. I'm open to suggestions - do > people like them? Do they price based on inbound address, or domain, or > volume? > (I've got very few actual addresses, but that's mostly because there are a > bunch of aliases. Aliases will likely show up as email addresses to them, > though.)
My virtual domain provider uses Postini. From a user access perspective, I have been unimpressed. They limit the number of envelope sender addresses you can whitelist, and once I hit that maximum number then I found I couldn't even edit the whitelist and remove old addresses to make room for new ones. And they only allow you to search on either sender, recipient, or subject -- nothing else. I have also found that there is a significant amount of ham that gets caught as a false positive, and that there is a significant amount of spam that gets through as a false negative. I have not been impressed. However, although I don't have any direct experience with any of the other outsourcing firms, I get the impression that none of them are significantly better. At UT Austin, we used a fleet of Ironport E-mail Security Appliances, and I can tell you that those things are absolutely unbelievable. We rejected or throttled millions and millions of delivery attempts per day based on reputation and other envelope information, rejected another few hundred thousand messages per day based on after-the-fact content scanning, and allowed a very nearly pure spam-free flow through the system on the order of millions of messages per day. We literally had less than five confirmed cases of false-positive hits over the multi-year period of time that the system had been in operation, and once we moved a customer behind the fleet of Ironport ESAs, all the spam complaints simply stopped. They're expensive, but very well worth it. If you can find an outsourcing provider that uses them, then I would seriously consider that option. > 2. Do it myself. I'm fairly happy to do it myself, and will need most of > it anyways - but am trying to figure out which policy daemon to use for > postfix. Have people started using the multi instance postfix support? > Milters? or just use amavisd-new, etc. Or maybe Mailscanner.. > > I suspect that dovecot is the way I'll go, just for a change from Courier on > the old server. In my experience, the biggest issue is going to be the scale of your operations. The more messages you've got to process on daily basis, the more complex your processing system is going to need to be. For python.org where we handle hundreds of thousands to millions of messages per day (mostly mailing list messages, but also some individual traffic), we've done pretty much the same stuff you're talking about doing. I used to be more up-to-date on all the configuration stuff we're doing, but I managed to draft in my friends Ralf Hildebrandt and Patrick Koetter (authors of the "Book of Postfix") to take over the day-to-day configuration and operations. If you're interested, I'll be glad to put you in touch with Ralf & Patrick, and they can give you more details regarding the current configuration we're running on python.org. -- Brad Knowles <b...@shub-internet.org> LinkedIn Profile: <http://tinyurl.com/y8kpxu> _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
