[Mimedefang] Semi OT: Best configuration for two servers to handle > 20,000msgs/day
Michael Sims
michaels at crye-leike.com
Tue May 4 10:50:43 EDT 2004
Hi...
Shayne Hardesty wrote:
> Our current server can no longer keep up with the volume of mail -
> it spends most of its time > 1.00 load avg defanging and uvscaning
> messages...
Just as an aside, I don't necessarily think that just because your load average
tends to stay above 1 that your box is overloaded. Of course, you know the
performance of your machine, but I have a mail server here that tends from 2-4 and
is quite responsive...but that's beside the point...
> 1) New server becomes primary MX, has sendmail, mimedefang,
> spamassassin, and uvscan. Any incoming email gets scanned by new
> server then handed off to current server (via SMTP) for storage.
This is the option that I recommend. When I first deployed MD I tried a couple of
different configurations, and with the help of the list I ended up settling with
that you describe in your option (1).
> Cons: Does not scan user to user (inter-company) email.
It can, with some work. Our internal mail server runs two separate instances of
sendmail. The first instance runs on the normal port, and the second instance (the
delivery instance) runs on a high, non-standard port. The first instance is
configured to use our MX server (which runs MD/SpamAssassin/etc.) as a smart host.
All mail from the first instance goes to the other server for scanning. On the
other server I've defined a custom mailer in my sendmail.mc called "alt_esmtp" which
uses the non-standard port of the delivery instance. I then use a mailertable on
the MX box so that mail to my domain is directed BACK to my main mail server on that
non-standard port. The second instance of sendmail is configured to deliver mail
straight to the local delivery agent.
The only problem with it is that it's a little tricky to set up. I got some help
with it from various places (including this mailing list), and I also consulted the
following:
http://www.netsys.com/cgi-bin/display_article.cgi?1132
If you decided to go this route I'd be more than happy to share my config files,
experiences, etc.
> Does not
> scan outbound email, unless current mail server is reconfigured to
> pass email to new server, or user clients are reconfigured to use new
> server as outgoing smtp server.
The above configuration (two instances of sendmail) will take care of outbound
scanning too, and none of your users will have to reconfigure their mail clients...
> Does not handle unknown users in
> SMTP session unless virtusertable is maintained from SQL database via
> perl scripts, or LDAP.
True. It took a little work, but I went the perl script/virtusertable route and I'm
happy with the results.
> Hard to use graphdefang - must collect stats
> from two different maillogs.
If you use the two instance method, all mail will pass through your external MX, so
you can gather all the relevant information there.
HTH...
___________________________________________
Michael Sims
Project Analyst - Information Technology
Crye-Leike Realtors
Office: (901)758-5648 Pager: (901)769-3722
___________________________________________
More information about the MIMEDefang
mailing list