From owner-freebsd-isp Sun Feb 25 16: 0:51 2001 Delivered-To: freebsd-isp@freebsd.org Received: from corey.datafast.net.au (corey.datafast.net.au [203.123.67.4]) by hub.freebsd.org (Postfix) with SMTP id 88BAA37B4EC for ; Sun, 25 Feb 2001 16:00:45 -0800 (PST) (envelope-from corey.ralph@datafast.net.au) Received: (qmail 77603 invoked by uid 1000); 26 Feb 2001 00:00:43 -0000 From: "Corey Ralph" Date: Mon, 26 Feb 2001 11:00:43 +1100 To: Len Conrad Cc: freebsd-isp@freebsd.org Subject: Re: Dedicated smtp relay box Message-ID: <20010226110043.A31259@corey.datafast.net.au> References: <20010220133048.A91585@corey.datafast.net.au> <5.0.0.25.0.20010225114033.027eca50@mail.Go2France.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <5.0.0.25.0.20010225114033.027eca50@mail.Go2France.com>; from LConrad@Go2France.com on Sun, Feb 25, 2001 at 12:10:56PM +0100 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, Feb 25, 2001 at 12:10:56PM +0100, Len Conrad wrote: > > Amazing!! 1.5 gb consumed by just 200 processes ? > > For comparison, I've seen postfix load up nearly 300 SMTP and 100 > SMTPD processes in a 512 mb machine. Sounds like Wietse V has > outcoded Daniel J there :))) Is that with the antivirus? It is also running the remotes, as well as many pop3, imap, apache for web mail etc. > postfix is fast and easy to set up. I can send you my config files > and the sysctl params you need to open up FreeBSD to handle 200+ > SMPT/D processes. Wietse has also updated the postfix FAQ with my > sysctl tuning info. Again, is that with the antivirus there slowing it down? My existing setup would do that without a problem if it weren't for the antivirus software. Looking at my hardware on hand, I could put together a box as large as 1 or 2 p3 800's, and 512MB or 1GB of RAM. How much do you think would be necessary? > yes, postfix. I've setup over 30 ISP's with IMGate, and all are > extremely pleased with the results. For some, adding a mail has > transformed their ISP's mail environment and their users' love the > 90% reduction in SPAM. They learned the tremendous advantages of not > putting all your baby 'roos in one pouch. :)) Have you ever had any problems with that filtering spam? I would like something like that, but wouldn't do it if it filters any mail that isn't spam. > 1. border mail hub, or two for MX redundancy. Try to > export/duplicate your list of known mail users to this box so it can > stop harvesting and other crap without DoS-sing the mailbox server to > query for valid mail accounts. > > 2. AV scanner (block internet access to this box's port 25) > > 3. mailbox server (no longer in DNS MX records, and in some cases you > can block access from Internet to its port 25) Try to block port 25 > access from Internet to all you boxes so the border relay hub becomes > the SMTP choke point(s) where you concentrate your defenses. Sounds great, but here's where I am stuck: all our users already point their mail clients to mail.datafast.net.au (and others), for smtp/pop3/imap. I can't change that. So I am going to need to do it with port redirection on the firewall, or something like that. Changing the MX's is fine, but I will need the redirection to force all of our customer's mail through the antivirus. I am thinking of setting up one box to do 1 & 2. If the load grows too large, I will add more boxes and load balance, as somebody on the list suggested to me last week. So, in summary, I would like to do this, how much hardware should I throw at it? It is delivering about 2.5GB a day, running AVP. > > Len > Cheers. Corey > http://BIND8NT.MEIway.com : Binary for ISC BIND 8.2.3 for NT4 & W2K > http://IMGate.MEIway.com : Build free, hi-perf, anti-spam mail gateways > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message