At 02:32 PM 8/25/2006, Chuck Swiger wrote: >You should consider configuring a firewall to limit the number of >incoming SMTP connections permitted to something less than the max >number of sendmail processes you want to run in parallel, so internal >users will always have some sendmail instances available to service >their requests.
I've been looking at an IPFW "limit" rule to do this. The only issue here is that turning on "statefulness" in IPFW introduces extra overhead, and the last time I tried a "limit" rule (admittedly, it was in FreeBSD 4.x or 5.x), it didn't seem to work correctly. Besides, I want to do more than set a connection limit. >You could also configure an external and an internal mailservers, That's sort of the idea. But I'd do it on one machine. And the advantage would be that I could have very different Sendmail options (not just connection limits) on the internal and external server processes. For example, the external one could have REALLY heavy safeguards against spam. >There is no issue with setting up as many additional queue groups and >queue runners as you need to; I don't want to set up many queue groups and queue runners, necessarily. I really just want two SMTP servers: inward-facing, for outgoing mail, and outward-facing, for incoming mail. If the messages dropped into a single queue for delivery, that would be OK; I just want the SMTP server that faces internal clients to have different settings than the one that faces the slime pit known as the Internet. ;-) >>And where's the option that tells Sendmail to listen only on a >>particular interface? (This should be on the man page, but isn't.) > >The complete docs for sendmail don't really fit into even the 1044 >page O'Reilly book; surely you jest if you expect to find complete >docs within the manpage. I don't. But the man page for ANY daemon should always include certain basic things, such as a list of the command line arguments and options; information on how to get it to listen on a specific address, port, or interface; and how it responds to signals. Other things can be in other documentation, but these are essential in the man page for a daemon, IMHO. --Brett Glass _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"