Hey Len how are you doing postfix pop-before-smtp relaying? Are you using the LDAP server on the IMail box or something and postfix interfaces with that?
On Fri, 04 Jul 2003 16:00:44 -0500, you wrote: > >>1 Will Declude still scan the messages? > >yes, but since the postfix box (I assume IMGate) will reject 70+% of the >incoming, declude and friends will have tons less work to do. That will >your biggest improvement. > >>2 If so, when a message is Virus Positive, will Imail still forward the >>email to the gateway pf server? > >it better not > >>3 In your opinion, is this a good alternative? > >yes > >>The idea is to have the PostFix server as a SMTP Gateway only for Imail, >>our users will have to send the mails to imail, and imail to the postftix. > >You can run auth relay through Imail, or you can use postfix do to >pop-before-smtp relaying, off-loading the outbound mail from Imail (but you >lose the AV scanning of Declude). postfix can be configured to block >dangerous attachments, so your outbound will still have significant >infection blocking. > >If your Imail box is still sluggish after adding the SMTP gateway box >(which would be a surprising first occurrence), the next step would be to >use another box dedicated to AV scanning. An big IMGate user in NJ does >the 3-level solution, for several 100K msgs/day. > >> As i see it, Imail still manages the Relay Rules, SMTP Auth, Etc, > >yes > >> cause the PostFix server will only relay from Imails Server IP, so >> Internet delivery process wont consume resources and time at the imail server. > >but your biggest traffic is not outbound, but inbound, by probably 8 to 1, >so the biggest assist you get from IMGate would be rejecting 70% of the >inbound traffic and keeping it off the Imail machine. > >Secondarily, Imail, if its version 7 queue doesn't get screwed up, will be >drop its outbound on postfix at high speed with no DNS queries, meaning a >lot of long-lived Imail SMTP processes will not be needed, liberating CPU >and memory and disk i/o (no deferrals in Imail queue). > >You should run BIND on the postfix box. > >> Is this scheme good? > >It's worked very well for everybody. I can think of references in 3 >Spanish-speaking countries (Puerto Rico, Bolivia, and Florida) that had >exactly your problem and have recovered excellent Imail performance by >doing exactly what you're talking about. > >Len > > >_____________________________________________________________________ >http://MenAndMice.com/DNS-training: Seattle; Chicago; San Jose; Wash DC >IMGate.MEIway.com: anti-spam gateway, effective on 1000's of sites, free > > >To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html >List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
