From owner-freebsd-questions@FreeBSD.ORG  Fri Aug 25 19:57:57 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@freebsd.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C5C4916A4DF
	for <questions@freebsd.org>; Fri, 25 Aug 2006 19:57:57 +0000 (UTC)
	(envelope-from brett@lariat.net)
Received: from lariat.net (lariat.net [65.122.236.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1B80E43D60
	for <questions@freebsd.org>; Fri, 25 Aug 2006 19:57:55 +0000 (GMT)
	(envelope-from brett@lariat.net)
Received: from Anne (IDENT:ppp1000.lariat.net@lariat.net [65.122.236.2])
	by lariat.net (8.9.3/8.9.3) with ESMTP id NAA07568
	for <questions@freebsd.org>; Fri, 25 Aug 2006 13:57:52 -0600 (MDT)
X-message-flag: Warning! Use of Microsoft Outlook renders your system
	susceptible to Internet worms.
Message-Id: <7.0.1.0.2.20060825134436.0a366aa0@lariat.net>
X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0
Date: Fri, 25 Aug 2006 13:57:57 -0600
To: questions@freebsd.org
From: Brett Glass <brett@lariat.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Cc: 
Subject: "Hostile" vs. "Friendly" instances of Sendmail
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Aug 2006 19:57:57 -0000

A company for whom I do consulting has a FreeBSD mail server. 
Because they're being deluged with connections from spammers (who 
have responded to the increasing use of "graylisting" by ordering 
their armies of bots to try again and again even when spam is 
rejected), they've subscribed to some DNS blacklists and set 
Sendmail to limit the number of processes it can spawn at any one 
time. This reduces the load on the system due to spamming, but also 
prevents internal users from getting the mail server's attention 
when they want to send legitimate outgoing mail.

What's the best way to set things up so that more trusted, internal 
users can access their own instance of Sendmail (with less 
restrictive process limits, no blacklist checks, etc.) while the 
outside world sees an instance of Sendmail with blacklisting, 
process limits, connection limits, load limits, etc.? Will there be 
problems with file locking, queues, etc. if a third instance of 
Sendmail is started on a standard FreeBSD install (which normally 
runs two)? And where's the option that tells Sendmail to listen 
only on a particular interface? (This should be on the man page, but isn't.)

--Brett Glass