On Thu, 2007-11-08 at 18:50 +0100, tonix (Antonio Nati) wrote: > Rick Romero ha scritto: > > On Thu, 2007-11-08 at 17:20 +0100, [EMAIL PROTECTED] wrote: > > > > > > On Thu, 08 Nov 2007 08:52:57 -0600 > > > > Rick Romero <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > Not entirely, If the main issue is timeouts during SMTP, he can move > > > > > his scanning to '127.0.0.1', and remove it from his external IP. That > > > > > will ensure he can receive an email from the outside in its entirety. > > > > > He can throttle connections to 127.0.0.1 to prevent overload, and he > > > > > won't bounce mail due to SMTP timeouts. > > > > > > > > > > You don't want to lose a/v scanning on your external IP, so another > > > > > qmail install, with spam-only qmail-scanner, would be the cheapest > > > > > solution. > > > > > > > > > Why not? Moving it to a pool of AV scanning boxes would be a good idea. > > > > I'm not suggesting that the caller be moved, but the work is moved. So > > > > the MX gets the mail, but uses the clam client to talk to a clam server > > > > that's in a pool... somewhere. > > > > > > > > That would seem to be a good use of resources to me. > > > > > > > > The resource pool could be a loadbalancer for example, if one works > > > > with an office LAN that would be a good use of boxes that are doing > > > > nothing more than running a xscreensaver. > > > > > > > > -- > > > > The SCSI Controller to Toshi Station is sending 1111111111 because of > > > > the newbie thinking 'halt' means 'exit'. Valve Software is RNA. > > > > :: http://www.s5h.net/ :: http://www.s5h.net/gpg > > > > > > > > > > > Hi! > > > > > > Perhaps I should have said that this server will be housed and that I > > > can't set more than one server because of the cost... so I needed to do > > > something as this... but don't know if it would work or could have > > > problems... I assume not.. because is the same way than setting a ssl smtp > > > on port 465.. it shares everything with qmails 25 port server... but I > > > needed to know if any of you have tested if this works... > > > > > > > > > > Yes, basically: > > > > Do an alternate qmail install (qmail2) > > Install your qmail-scanner on qmail2 with only antivirus scanning. > > > > Assuming you're running supervised: > > create a /service/smtp2/run that only binds to your external IP (correct > > the paths) > > create a /service/send2/ like /service/send, but with correct paths > > change/add /var/qmail2/control/smtproutes to contain only: > > :127.0.0.1 > > > > modify your /service/smtp/run so it only binds to 127.0.0.1 > > > > > > What you did was install a blank qmail (make sure the basics are there > > so you don't have an open relay, etc) into qmail2. All it does is bind > > to your external IP, recieve email, a/v scan it, and forward it to > > 127.0.0.1. Since 127.0.0.1 is your original qmail install, it will > > handle everything as it did before. > > > > It can get confusing - so make sure you backup everything before you > > accidentally edit/delete something in /var/qmail instead > > of /var/qmail2 :) > > > > > What about qmail users? Usually qmail "cd" according to user's home > directory.
If everything is smtproute forwarded to 127.0.0.1 your qmail2 need not know about any users - as long as it's not using chkuser. All he should need is qmail2/control/rcpthosts to contain the domains he's receiving for. /var/qmail would do the actual user check (either with chkuser during smtp or during the actual delivery) and bouce it back to /var/qmail2, which should send bounce back out through /var/qmail :P So if there are a ton of 'fake' user deliveries, qmail2 should be setup using chkuser... but I moved /var/qmail onto only 127.0.0.1 for the example so he wouldn't have to worry about duplicating individual user info... Rick !DSPAM:473350d232002423038714!
