Quey wrote:
ed wrote:
I think you should off load the processing work. Look into running a
remote clamd/spamassing, or setup multiple mail hubs jms has a guide on
that at http://qmail.jms1.net

I agree he needs to offload, but the jms1 way seems very cumbersome.

We have sendmail boxes as front line, that do all the pre-connect tests easily without adding in 35 patches like we have to make qmail modern-ish and then anti virus/spam/phishing/etc tests, one important factor is the milter smf-sav which asks the database server (we call) "qmaster" (a vpopmail/mysql db server) if user exists to avoid backchatter, if it does, then sendmail sends to "qrouter" which is a simple qmail/vpopmail install that accepts the mail and puts it into the users dir (which are NFS attached) all the nfs stuff and qmaster and qrouter all operate on pvt address space, on second gbit port for added protection, but of course could be run on live net interfaces if you dont have the option of dual ethernet.

What do you use for recipient verification on sendmail?

(we tried postfix with its remote recipient verification, but it cant handle the loads and even its author recommends not to use on very busy systems, we dont use qmail on the front line boxes because we dont have to fear breaking patches trying to incorporate RBL, SPF, SAV, DNS checks, badmx zone checks, bad helo, force helo, and milter-regex to stop all home users etc etc etc, sure we might end up geting qmail to do all these, but after how many hours, when with sendmail its just there and adding a milter after another milter cant break patching like with qmail :) )

That is odd. At Outblaze where I ripped out an inhouse custom sendmail (let's forget about the security holes that require immediate attention), I believe that, even if the sendmail mysql patch had some form of mysql pooling like postfix and thus not kill the mysql server with hundreds of connections (sendmail was configured to spawn up to 600 child processes but mysql connections are only opened after mails get past the filter rules), it would still not handle the load that postfix can (configured to handle 800-1000 connections depending on whether there is a flood of sorts, lower number when more ham is coming in) since 600 is the maximum we can configure for sendmail before the box starts swapping and load average was also higher when sendmail was running. Interesting that you find a complete opposite experience.

Where does postfix fail? Large queues due to perhaps a larger ham to spam ratio in your environment? OB had something like minimum 90% spam so they managed with just dual PIII 800Mhz, 1G, dual scsi boxes on the frontends. Around 30 or so before I left.

Wietse recommend that postfix not be used in very busy systems? That I find hard to believe. Perhaps you can post a link to his post.


Reply via email to