From owner-freebsd-isp Mon Feb 26 2:56:19 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75]) by hub.freebsd.org (Postfix) with ESMTP id 0EFD237B65D for ; Mon, 26 Feb 2001 02:56:15 -0800 (PST) (envelope-from LConrad@Go2France.com) Received: from sv.Go2France.com (sv.meiway.com [212.73.210.79]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 55B9D16B1B for ; Mon, 26 Feb 2001 12:07:13 +0100 (CET) Message-Id: <5.0.0.25.0.20010226115308.034e3030@mail.Go2France.com> X-Sender: lconrad%Go2France.com@mail.Go2France.com X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Mon, 26 Feb 2001 11:53:35 +0100 To: freebsd-isp@freebsd.org From: Len Conrad Subject: Re: Dedicated smtp relay box Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Is that with the antivirus? no, just smtp/smptd processes >It is also running the remotes, as well as many pop3, imap, apache >for web mail etc. > > > postfix is fast and easy to set up. I can send you my config files > > and the sysctl params you need to open up FreeBSD to handle 200+ > > SMPT/D processes. Wietse has also updated the postfix FAQ with my > > sysctl tuning info. > >Again, is that with the antivirus there slowing it down? no, strictly an SMTP border/relay-only hub >Looking at my hardware on hand, I could put together a box as large as >1 or 2 p3 800's, and 512MB or 1GB of RAM. How much do you think would >be necessary? For SMTP relay, P500 / 512 megs as SMTP relay-only can handle maybe 30K - 50K msgs/hour (FreeBSD + postfix + anti-abuse settings). For an AV box, it's a whole 'nother ballgame, much more intensive, can't say what it would take, depends on your volume. >Have you ever had any problems with that filtering spam? I would say all the IMGate machines are running all three databases at mail-abuse.org, plus up to several dozen expressions in header_checks and body_checks (straight RegEx string matching, no decompression or MIME decoding) on incoming, plus delivering all outgoing. >Sounds great, but here's where I am stuck: all our users already point >their mail clients to mail.datafast.net.au but the mail clients do an A record lookup for that, not an MX lookup. >(and others), for smtp/pop3/imap. To provide for flexibility in the future for splitting various mail functions off from the initial do-it-all mail machine, I strongly recommend that mail-related hostnames be defined for every zone, something like: @ mx 10 mx1.domain.com. mx1 mx 10 mx1.domain.com. smtp A ip.ad.re.ss ; mail client sends outbound here, maybe with SMTP AUTH or POP B4 SMTP mail A ip.ad.re.ss ; this is wht your client use now, no need to change it pop A ip.ad.re.ss ; read pop boxes here webmail A ip.ad.re.ss ; do http webmail here mx1 A ip.ad.re.ss ; internet severs send mail here As you grow, your users keep their well-known hostnames, but you can change the ip addresses "underneath" as you add specialized boxes. >I can't change that. So I am going to need to do it with port redirection >on the firewall, or something like that. Changing the MX's is fine, but >I will need the redirection to force all of our customer's mail through >the antivirus. Well, another way would be like we do: mail hub fowards incoming, per-domain (AV is payable option per-domain), to AV box which forwards to mailbox server. mailbox server outgoing forwarded to AV box that forwards to mail hub for delivery to Internet. downstream mailservers (on leased lines, dial-ups, ETRN stuff) forward their outbound to AV box. no ip routing involved, only SMTP routing in postfix's relay_domains and transport tables. >I am thinking of setting up one box to do 1 & 2. If the load grows too >large, I will add more boxes and load balance, as somebody on the list >suggested to me last week. > >So, in summary, I would like to do this, how much hardware should I >throw at it? It is delivering about 2.5GB a day, running AVP. If you're scanning 2.5 gb of mail now with AVP, you have a much better feel than I do. We have an old P300 with 64 megs doing AVP scanning with AvpFreeBSDDaemon under Amavis PERL 10 but only 3k msgs, a few 100 megs/day. Len http://BIND8NT.MEIway.com : Binary for ISC BIND 8.2.3 for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-spam mail gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message