Rick Macdougall wrote:
Quey wrote:
We have sendmail boxes as front line, that do all the pre-connect
tests easily without adding in 35 patches like we have to make qmail
modern-ish and then anti virus/spam/phishing/etc tests, one important
factor is the milter smf-sav which asks the database server (we call)
"qmaster" (a vpopmail/mysql db server) if user exists to avoid
backchatter, if it does, then sendmail sends to "qrouter" which is a
simple qmail/vpopmail install that accepts the mail and puts it into
the users dir (which are NFS attached) all the nfs stuff and qmaster
and qrouter all operate on pvt address space, on second gbit port for
added protection, but of course could be run on live net interfaces
if you dont have the option of dual ethernet.
(we tried postfix with its remote recipient verification, but it cant
handle the loads and even its author recommends not to use on very
busy systems, we dont use qmail on the front line boxes because we
dont have to fear breaking patches trying to incorporate RBL, SPF,
SAV, DNS checks, badmx zone checks, bad helo, force helo, and
milter-regex to stop all home users etc etc etc, sure we might end up
geting qmail to do all these, but after how many hours, when with
sendmail its just there and adding a milter after another milter
cant break patching like with qmail :) )
We do the same thing but with Bill Shupp's qmail toaster (and no
additional patches). Each external MX talks to two SA servers in
We have several other anti-lamer connection tests, and i've never seen
one qmail patch with the lot that we need, like I said i'm sure they are
out there to mix and match if we have the time to manually apply them,
but cant be bothered with wasting hours doing it :)
its not very productive to take 3 hours to search out and find, then
manually apply and get everything working in co-operation.
round robin and then the mail is delivered to the end user pop/smtp
server (soon to be delivered directly by the external MX's, whoot!).
Yep, we find that we can use 8 front lines to one qmail "mail router" as
the front-lines do all the hard work, we could possible even double that
amount.
It's all mounted NFS on a netapps and we use MySQL as a backend Auth
running on two sql servers mounted iSCSI on the netapps for the
databases.
Yep NetApps FAS's are unbeatable in performance, and price isn't too bad
either :)
Works well.
Surely does.
!DSPAM:47339fd232001351018053!
