cmikk <[EMAIL PROTECTED]> writes:
> I've considered that, but unfortunately it's not that simple: these
> servers are also primary MXes for some domains (historical accident --
> fixing this is on my list ;-). Thus, denying smtp connections from
> anywhere is out of the question.
Ahh... okay, that's a good reason. :)
I have an ulterior motive in pursuing this; I'm considering switching our
primary user SMTP server for PC and Mac clients over to ofmipd from
sendmail and I'm wondering if people have decided not to use it for
reasons that would affect us.
Our bounce and vacation autoresponder server will likely be running qmail
by sometime next week. We're looking at what MTA to use for our POP and
IMAP servers currently, since we've finally offloaded the rewriting and
forwarding logic and they can now be much simpler.
The mail routers are doing both LDAP and special CNAME lookups to route
incoming mail and having persistant LDAP connections to the LDAP servers
(rather than opening and closing connections for each message) is a
requirement long-term due to load (particularly since we're doing Kerberos
binds), so right now we're looking at either Postfix or staying with
sendmail (which is supposed to have persistant LDAP connections soon) for
those systems. I'd like to consider qmail for those systems too, but it
doesn't support LDAP natively and I'm extremely nervous about the idea of
running a production mail system long-term on top of third-party patches.
(And yeah, before anyone asks, having changes in the LDAP directory be
immediately reflected in changes in the user mail forwarding is a
requirement so I can't just dump LDAP into something fastforward can use.)
--
Russ Allbery ([EMAIL PROTECTED]) <URL:http://www.eyrie.org/~eagle/>
