From owner-freebsd-questions@FreeBSD.ORG Fri Apr 6 20:50:18 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3E21016A404 for ; Fri, 6 Apr 2007 20:50:18 +0000 (UTC) (envelope-from doug@fledge.watson.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by mx1.freebsd.org (Postfix) with ESMTP id BB91413C4B9 for ; Fri, 6 Apr 2007 20:50:17 +0000 (UTC) (envelope-from doug@fledge.watson.org) Received: from fledge.watson.org (localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.13.8/8.13.8) with ESMTP id l36KTASV038499; Fri, 6 Apr 2007 16:29:10 -0400 (EDT) (envelope-from doug@fledge.watson.org) Received: from localhost (doug@localhost) by fledge.watson.org (8.13.8/8.13.8/Submit) with ESMTP id l36KT9bc038496; Fri, 6 Apr 2007 16:29:10 -0400 (EDT) (envelope-from doug@fledge.watson.org) Date: Fri, 6 Apr 2007 16:29:09 -0400 (EDT) From: doug To: Derek Ragona In-Reply-To: <6.0.0.22.2.20070405131910.024eedd8@mail.computinginnovations.com> Message-ID: <20070406160240.Q18358@fledge.watson.org> References: <56576.192.168.125.142.1175794565.squirrel@webmail.dfwlp.org> <6.0.0.22.2.20070405131910.024eedd8@mail.computinginnovations.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (fledge.watson.org [127.0.0.1]); Fri, 06 Apr 2007 16:29:10 -0400 (EDT) Cc: freebsd-questions@freebsd.org Subject: Re: slightly OT - my freebsd email topology X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: doug@safeport.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Apr 2007 20:50:18 -0000 On Thu, 5 Apr 2007, Derek Ragona wrote: > At 12:36 PM 4/5/2007, Jonathan Horne wrote: >> currently, my email server is just a single box, accepting and sending emails >> from and to the internet. spamassassin and sendmail, and so far, it works >> satisfactory. >> >> i would like to change it up, so that i have a pair of servers doing MX from >> the internet, which then passes to an internal server for delivery. if i do >> that, i could remove spamassassin from the internal server, and run it on >> just the 2 external. all those configurations is really not my issue here... >> what im really pondering is how would external servers that are seperate from >> where the target mailboxes are, know which addressess are acceptable and >> which to return a 550? >> >> does anyone have any setups that are similar to this, and could advise me or >> point me in the right direction? >> >> thanks, >> jonathan > > > Generally you want to filter and bounce mail at the point of origin, so your > mail server that first accepts the mail. As long as you have the bandwidth on > that server you would spam check, virus check there, bouncing any bad ones. > Then forward to your internal server only clean mail for delivery. > > However unless you have terribly underpowered servers, or a lot of email (like > >50,000 messages a day) running on two servers should not be necessary. > > -Derek Our expedience suggests the number is at least 100,000 before you would see any problems and perhaps, if you have limited bandwidth as we do, that would be your first constraint. We run three mail servers with all customer emails coming to one server. Over the last several months we average about 30,000 messages/day. We have had 4 unusual pikes getting as many as 310,000 messages. This was a DoS attack from several hundred sources. The main problem this caused was slowing down the delivery of valid mail. We had one 90,000 message day in our current configuration that went unnoticed. We now use spamcop and greylisting on the customers server, offering bogofilter backed with spamassassin for users who want content filtering. On our internal server we use spamcop and bogofilter under duress adding duls.dnsbl.sorbs.net when a similar attack filled /var. We forward email for about half of our customers which would sorta be similar to having a mail gateway for these clients. Content filtering for this set has caused more problems than it solves. I hope my experience gives you some guidance. Doug