On Aug 25, 2006, at 12:57 PM, Brett Glass wrote:
A company for whom I do consulting has a FreeBSD mail server.
Because they're being deluged with connections from spammers (who
have responded to the increasing use of "graylisting" by ordering
their armies of bots to try again and again even when spam is
rejected), they've subscribed to some DNS blacklists and set
Sendmail to limit the number of processes it can spawn at any one
time. This reduces the load on the system due to spamming, but also
prevents internal users from getting the mail server's attention
when they want to send legitimate outgoing mail.

What's the best way to set things up so that more trusted, internal
users can access their own instance of Sendmail (with less
restrictive process limits, no blacklist checks, etc.) while the
outside world sees an instance of Sendmail with blacklisting,
process limits, connection limits, load limits, etc.? Will there be
problems with file locking, queues, etc. if a third instance of
Sendmail is started on a standard FreeBSD install (which normally
runs two)?

I totally agree with what Chuck Swiger has suggested here:

You could also configure an external and an internal mailservers,
have the internal mailserver be entirely firewalled from outside so
that internal users and internal email are handled there without
issues, and just worry about tuning the external mailserver which
will then only need to do SMTP relaying and anti-spam stuff for the
external mail traffic rather than serve dual-duty as a reader box.

To help you with sendmail architecture, take a look at page 547 of the
"UNIX system administration handbook, 3rd edition" by Nemeth, Snyder,
Seebass and Hein. Don't be fooled by the funny images on this book,
it's very clear and quite possibly the best UNIX administration book
around with real world examples. You can find it at

Aside from the huge bat book, O'Reilly also publishes "sendmail
Cookbook" which is great when it comes to configure sendmail. Check it
out at http://www.oreilly.com/catalog/sendmailckbk/.

Have fun,

David Robillard
UNIX systems administrator & Oracle DBA
CISSP, RHCE & Sun Certified Security Administrator
Montreal: +1 514 966 0122
freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to