Recipient Validation & Design Opinions

Fri, 24 Apr 2009 06:00:29 -0700 

Hello,
We are putting together an OpenBSD-based border email server to replace an aging Linux box. On the current system, Postfix performs a call ahead to two internal boxes for recipient validation. I'm interested in recommendations on how to perform validation with the base sendmail. 


The two internal servers use several different domains and accept a 
variety of different name formats.  In addition, some users have one or 
more aliases.  Furthermore, only the primary address is published in 
LDAP.  One server serves approximately 1k users and the other 
approximately 20.



I have been researching milters to perform this task, specifically Eland 
System's scam-backscatter.  Our current average load, though I expect it 
to decrease with the use of spamd, is approximately 270k connections per 
day, 115k of which are rejected as invalid.  Does anyone have experience 
with scam-backscatter or are there other solutions we should be 
investigating?



I'm also interested in opinions on the overall design of the solution 
thus far.  As stated previously, our current system is a Linux box 
running Postfix, amavis, clamav and spamassassin.  Due to the nature of 
the store and scan system, we've noticed a tendency for the system to 
become swamped under heavy load and take several hours to clear out. 
Furthermore, we're quarantining viruses and and obvious spam in the 
neighborhood of 89k a day, which I would rather leave at the door.



The OpenBSD system would be running spamd, the base sendmail, 
smtp-vilter, clamav and spamassassin.



To prevent outgoing email from being tagged as spam and to conserve 
resources, I had planned to run sendmail on two different ports.  The 
standard port would handle incoming connections and a second, 
non-standard port, would be restricted with pf for outgoing email.  We 
would then run two instances of smtp-vilter, one which ran spamassassin 
and one which did not.  Use of sendmail's DAEMON_OPTIONS 
InputMailFilters would determine which vilter to run.



In our test environment, using smtpsend, we're seeing approximately 45 
messages/second through smtp-vilter with clamd.  The smtp-vilter 
instance which adds spamassassin is running 5-6 messages/second.



Any recommendations for recipient validation or suggestions on improving 
the system are greatly appreciated.


Thank you,
Mario























					Reply via email to