|
Sure. The backup server just runs MS SMTP with ORF (ORF works within
MS SMTP). I use the address blacklist in ORF to limit just addresses
that match what I give, and it will accept wildcards for the domains
that I don't currently have complete address lists for. ORF loads the
config from an INI file when the server starts, so updating the config
is just a matter of overwriting the file and restarting the ORF
service. I also have IMail and Declude on this server sitting dormant
with my config from the master server so that I can turn it on in the
case of a prolonged failure and still provide gateway scanning (hosted
E-mail would be spooled). MS SMTP is set up to send all E-mail to my
master server on port 587 which IMail listens on. On my master server, I have MS SMTP with ORF installed and listening on port 25, and IMail with Declude listening on port 587. In order to provide connectivity to my hosted clients, I have a port redirection for the proper IP so that traffic to port 25 is redirected to port 587 using a router to do this, and when it goes out, it also redirects 587 back to port 25 on this IP. This port is the RFC specified SMTP Auth port, and while IMail doesn't support Auth only on this port, it does give me the ability to let hosted clients configure themselves on port 587 in order to avoid being blocked by providers like MSN, Earthlink, Comcast, etc, and it works over port 25 just the same. The MS SMTP with ORF installation on the master server is the same as that on the backup gateway. If the E-mail has valid recipients, it is passed onto IMail running on the same box with port 587. All of my MX records point to the MS SMTP with ORF IP's and not the IMail with Declude IP. I'm running dual 3 GHz Xeons on both the backup and master servers with 6 and 5 15,000 RPM Cheetahs, both in RAID 5, albeit one less drive and less cash on the RAID controller for the backup, but I doubt that will be an issue. For the standard traffic that gets to IMail, I figure it can handle about 500,000 messages a day with dual virus scanners, Sniffer, and a lean but capable set of custom Declude filters. By digging through the logs on both ORF and Declude, I am fairly certain that I can blacklist IP's with +99.999% confidence and extend the message capacity to over 1 million when you consider what may be blocked, but for now the only thing that needs to be blocked are the invalid addresses from multiple long-running dictionary attacks that are generating significant volume on their own. It takes next to no processing power to block an invalid address with ORF. I'm currently working on the processes that will allow for customers to export their user lists to us. I'm using DTS packages in MS SQL on a separate server to take in the data and only update the gateways when changes are detected so that I don't have to stop and start the ORF service unnecessarily. I plan on creating scripts for customers with different systems that will output these files and upload when changes are detected on their end, and there will be a Web interface that will provide manual configuration with exclusions and additions separate from the flat file uploads. This is a lot of work, but it's something that I've been working towards for a while now and now have the capabilities to support. One additional benefit to this is that MS SMTP has a much better spool, with customizable settings per instance. I can limit the number of connections per domain so that I am protected from being completely taken down by things like loops and other attacks running through my server, and limit the total connections across all domains so that I don't overwhelm IMail with Declude causing virus scanners to time out. IMail also seems to hang on to incomplete connections for 15 to 30 minutes and there were constantly over 100 messages in the IMail spool, but now my spool is only active stuff, and I have MS SMTP set to kill connections after 1 minute of inactivity. I believe that MS SMTP and ORF being services will take precedence to Declude, so even if Declude is chugging the server, it should still accept E-mail in MS SMTP and retry delivery to IMail until it is ready to handle the load, so the server is more stable under heavy loads as compared to IMail with Declude alone. I would much rather Declude act with just MS SMTP so that this could be simplified, but this isn't so overwhelmingly kludgey that it is difficult to administrate. If you have any more specific questions, ask away, although I've just given away a very hard thought out environment design and probably already said too much :) I am definitely interested in doing simple address validating gatewaying for other Declude users though, and I wouldn't be offering if I thought that there wasn't a huge cost benefit to others leveraging my system in certain instances, but of course if you enjoy this stuff and have the cash, building this for yourself isn't difficult except for automating the address lists. Matt Darrell ([EMAIL PROTECTED]) wrote: Matt, Can you give a rough overview on how you integrated ORF on your boxes?Thanks Darrell ------------------------------------------- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, MRTG Integration, and Log Parsers. ----- Original Message ----- From: "Matt" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, October 12, 2004 9:36 PM Subject: Re: [OT] RE: [Declude.JunkMail] 6.3 Acting as a gateway for domains on other servers -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== |
- RE: [OT] RE: [Declude.JunkMail] 6.3 Acting as a ... Matt
- RE: [OT] RE: [Declude.JunkMail] 6.3 Acting ... Troy Hickerson
- RE: [OT] RE: [Declude.JunkMail] 6.3 Acting ... John Tolmachoff \(Lists\)
- Re: [OT] RE: [Declude.JunkMail] 6.3 Act... Dave Doherty
- RE: [OT] RE: [Declude.JunkMail] 6.3 Acting ... Mark Smith
- Re: [OT] RE: [Declude.JunkMail] 6.3 Act... Dave Doherty
