Quey wrote:

We have sendmail boxes as front line, that do all the pre-connect tests easily without adding in 35 patches like we have to make qmail modern-ish and then anti virus/spam/phishing/etc tests, one important factor is the milter smf-sav which asks the database server (we call) "qmaster" (a vpopmail/mysql db server) if user exists to avoid backchatter, if it does, then sendmail sends to "qrouter" which is a simple qmail/vpopmail install that accepts the mail and puts it into the users dir (which are NFS attached) all the nfs stuff and qmaster and qrouter all operate on pvt address space, on second gbit port for added protection, but of course could be run on live net interfaces if you dont have the option of dual ethernet.

(we tried postfix with its remote recipient verification, but it cant handle the loads and even its author recommends not to use on very busy systems, we dont use qmail on the front line boxes because we dont have to fear breaking patches trying to incorporate RBL, SPF, SAV, DNS checks, badmx zone checks, bad helo, force helo, and milter-regex to stop all home users etc etc etc, sure we might end up geting qmail to do all these, but after how many hours, when with sendmail its just there and adding a milter after another milter cant break patching like with qmail :) )

We do the same thing but with Bill Shupp's qmail toaster (and no additional patches). Each external MX talks to two SA servers in round robin and then the mail is delivered to the end user pop/smtp server (soon to be delivered directly by the external MX's, whoot!).

It's all mounted NFS on a netapps and we use MySQL as a backend Auth running on two sql servers mounted iSCSI on the netapps for the databases.

Works well.

Just my $0.02 CAD.




Reply via email to