--On 27 September 2010 11:07:41 -0400 "John R. Levine" <[email protected]> wrote:
> > That seems an awful lot of work to do with the connection open to deal > with what is unlikely to be more than a rare misconfiguration. You recommend a particular course of action (discarding) for dealing with ADSP/MLM problems. I think you're almost exactly right except that the action should be to deny instead of discarding. The rarity of the misconfiguration would be an argument for ignoring the case entirely: it doesn't speak to whether one should discard rather than deny once you've gone to the trouble to detect the case. That's the only disagreement that I have with your message. > When you > made these changes to your MTA, how much work was it? How much effect > did it have on overall MTA performance? If you haven't implemented them, > why not? I already know when I have a good DKIM signature because SpamAssassin checks this at SMTP time. I already know when I'm delivering a message to a locally hosted list, because I couldn't route the message otherwise. I haven't implemented ADSP checks yet, because the community is still discussing the best way to do this. However, it's just another DNS lookup. We already do several of those for every message that we handle. Exim (our MTA) is designed to do *all* message checking at SMTP time. It uses ACLs that can run at any point in the SMTP session limited only by the availability of information. It's trivial to move an ACL from one part of the SMTP process to another. The alternative is to pipe the message to an external process which would then deliver it back. It's *much* easier to simply do this in an ACL, and there is no ACL that runs after the SMTP session is closed. Exim documentation gives instructions for running anti-spam software like SpamAssassin, and anti-malware software like ClamAV during the SMTP session. After the SMTP session, you'd have to route the messages through a secondary server to perform those functions. It would be arcane, and less flexible. We've been running SpamAssassin and ClamAV during the border SMTP session for many years now, and introduced DKIM checks about two years ago with zero impact on performance (because spamassassin and ClamAV already do a heck of a lot more DNS lookups and content processing). Here's the hardware that I'm running it on. We've got four of these machines for resilience (two each in two data centres). Any one of the machines can handle peak loads on its own: They're specced to handle our IMAP load, but don't perform that role any longer, because OSX has an artificial limit on simultaneous process numbers. XServe G5 (purchased in 2004) 2x Power PC G5 2.0GHz processors, with typical load averages of about 1.0 6GB RAM (that was for IMAP processes). Currently they use about 1GB, and I'd be happy with 2GB per machine. DNS servers are local to the machines, to reduce network accesses. Really, performance isn't a problem. > And since this group seems to be obsessed with arcane corner cases, what > do you do with a discardable message if it's sent to two addresses, one > of which is a mailing list and one of which isn't? It'll remain an arcane corner case only if you're successful in preventing uptake of ADSP. Either way, the correct solution is worth discovering. Our configurations deal with a lot of corner cases already. > R's, > John -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
