Re: A quick question
From: Cody Baker (cody_at_wilkshire.net)
Date: 03/19/05
- Previous message: Marcin Jessa: "Re: A quick question"
- In reply to: Ed Stover: "A quick question"
- Next in thread: Vlad GALU: "Re: A quick question"
- Reply: Vlad GALU: "Re: A quick question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 18 Mar 2005 23:58:21 -0500 To: estover@nativenerds.com, freebsd-isp@freebsd.org
We're using a setup with net-qmail, qmail-scanner, clamd, spamassassin,
vpopmail/mysql, courier-imap, and some home brew message processing.
We've been using qmail for almost 5 years now, and could feasibly use it
for another 5+ without looking back. The 2 beauties of qmail are its
configurablity and its reliability.
Qmail is divided in to nearly 20 separate small special purpose
programs. The advantage to this system is that messages can be directed
through qmail in almost unlimited ways. For example, our virus scanning
boxen use the "smtproutes" configuration to proxy clean mail to our
storage server rather than attempt to deliver it local users on that
box. On that main mail server we modify the default delivery
configuration to insert our homebrew spam sorting script before delivery.
The reliability of qmail is unmatched. Many people are kind of confused
by the lack of qmail updates. The latest release, 1.03 was put out in
the mid 90s. Quite simply there aren't bugs or exploits in qmail so why
bother releasing newer versions. The only maintenance we really need to
do for our servers is related to other packages. We spend about an hour
a month doing a makeworld on all of our mail machines, and portupgrading
for courier-imap, mysql, spam assassin, and clamscan. The only real
down time is the reboot for the make world, and the time during a mysql
update where the database is offline.
The other dimension of qmail's reliability is it's toughness. We push
about a million messages per day through qmail without it flinching, but
that should be expected of any MTA. What I really like about qmail is
that it's reasonably forgiving. A messages life time in qmail is
essentially divided in to two portions. The first of these portions is
during its arrival. Only once a message has fully arrived and has been
written successfully in to the queue will qmail-smtpd mark the message
as being accepted. Once the message is in the queue it is processed for
delivery. If the message is bound for a local user, qmail-local reads
the message from the queue and attempts to delivery it. If it's
unsuccessful, for example the user database was down, it marks a
temporary failure and instructs qmail to try again in a few minutes.
Only after the message is successfully in the users Maildir is the
message removed from the queue. This queue system guarantees that no
mail will EVER be lost. Last week we updated our mail storage/pop/imap
server to a SATA RAID setup. Our virusproxying servers mentioned above
queued nearly 300,000 messages while the master server was down. As
soon as their destination on the master server was available the
messages were delivered and removed from the queue. We were able to
pull a central server out of operation for 6 hours without losing a
single message.
The one issue commonly mentioned with qmail is the patching process.
This is problem is largely obsolete with the advent of net-qmail.
Net-qmail is essentially stock qmail, patched with a few blessed
additions. By itself qmail has pretty much everything you could need,
there are a few patches for example to add SMTP-AUTH or TLS support.
Simply apply the patch and wallah features. At the same time, if you
don't need TLS support, then why incorporate it in your MTA.
As for setting it up with NIS or LDAP, vpopmail and courier-imap offer
an LDAP authentication module. That should be all you need. We use a
mysql backend for vpopmail and courier-imap, but essentially all of the
AuthDB stuff is hidden behind vpopmail and courier-imap. Qmail's
support for authentication comes through checkpassword programs. This
is where vpopmail's vchkpw fits in. Therefore, your authentication DB
is essentially abstracted behind vpopmail.
Thank You,
Cody Baker
cody@wilkshire.net
http://www.wilkshire.net
Ed Stover wrote:
>I am in the process of designing a server to be used as a "pop toaster"
>type deal. Basically, I have experience with sendmail and imap-uw but
>knowing the limitations of that combination I am wondering what you
>FreeBSD-ISP guys & gals use as your combinations on your high traffic
>environments. Also, what is your opinion on using OpenLDAP vs FreeBSD's
>built in NIS infrastructure in combination with those other your MTA MDA
>set ups. Although with a some research on the net I have found that ISPs
>and other large organization are drifting toward qmail. If you use qmail
>+NIS or LDAP what was your experience like when replacing sendmail with
>qmail on FreeBSD? Any response with be greatly appreciated.
>
>PS Any ideas on filtering inappropriate content from emails aside from
>procmail?
>
>_______________________________________________
>freebsd-isp@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-isp
>To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
>
>
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Marcin Jessa: "Re: A quick question"
- In reply to: Ed Stover: "A quick question"
- Next in thread: Vlad GALU: "Re: A quick question"
- Reply: Vlad GALU: "Re: A quick question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
