On 6/21/2010 4:41 PM, Alex wrote:
Hi,
by default, our appliances don't do outbound spam scanning (they scan for
virus, banned attachments). they have to enable outbound scanning, which has
more relaxed rules.
How do you control rules based on whether it's inbound or outbound?
Two different spamd ports?
We use separate servers. Not only does this make configuration
much simpler but it divides the mail load between systems. I would
strongly recommend this route. You do not need a very powerful
server for an outbound mail relay because it does not get the
mail load the inbound one does, and the clients that are
sending it mail are often doing it from slow connections. You
also do not need to load the CPU of the server down with scanning
software and you need practically nothing for disk space since
the clients don't save anything on it.
If you want to centralize auth then use PAM, and tie pam into
mysql. Then the sasl2 libraries can be compiled and configured
to query pam. Here's a link explaining how to do this with
postfix at the mta:
http://enc.com.au/myscripts/postfixmysql.html
The same instructions would work for sendmail. And on the POP3
server side of things a lot of those - like uw-imap for example -
can also be configured to use pam for authentication.
Of course, we are also using FreeBSD so setting up a server costs next
to nothing. You could for example pick up a used HP G4 with dual
Xeons and a raid5 disk array populated with 30GB disks and dual power
supplies for probably about $250, and serve at least 10,000
outbound-only mail clients with it, assuming they are hitting
the server an average of once an hour.
during it's heyday, that's what ftp.cdrom.com used and they supported
around 5,000 SIMULTANEOUS ftp transfers. Of course, this -wasn't-
on Windows. With Windows, you might be lucky to get 100 simultaneous
ftp transfers before the system melted down.
Ted
