From owner-freebsd-questions@FreeBSD.ORG Mon Aug 28 15:37:48 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 591FB16A4DE for ; Mon, 28 Aug 2006 15:37:48 +0000 (UTC) (envelope-from david.robillard@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.189]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5842D43D77 for ; Mon, 28 Aug 2006 15:37:47 +0000 (GMT) (envelope-from david.robillard@gmail.com) Received: by nf-out-0910.google.com with SMTP id n29so1410290nfc for ; Mon, 28 Aug 2006 08:37:46 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:mime-version:content-type:content-transfer-encoding:content-disposition; b=QsfQnq+SjroCVDZsvl8JZrMmvw6AGkT+LLHb2TzYbQPrZXryr2GOM3iAJ5pw5jj1aiSnPFKuSSruXJpbDPtHNwJS6B3pTwdg8MbE9uAtGUaLhWkZ3Tql8f+UtFF4wSiFyZGwWxYjvn3AWskN/u0cGBg5Bd7i1XzlL8VG5bgWbYw= Received: by 10.66.216.6 with SMTP id o6mr3812402ugg; Mon, 28 Aug 2006 08:37:46 -0700 (PDT) Received: by 10.67.106.17 with HTTP; Mon, 28 Aug 2006 08:37:46 -0700 (PDT) Message-ID: <226ae0c60608280837q3eaf2089s4f34350872511100@mail.gmail.com> Date: Mon, 28 Aug 2006 11:37:46 -0400 From: "David Robillard" To: "Brett Glass" MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Cc: FreeBSD Questions Mailing List Subject: Re: "Hostile" vs. "Friendly" instances of Sendmail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Aug 2006 15:37:48 -0000 >On Aug 25, 2006, at 12:57 PM, Brett Glass wrote: >> A company for whom I do consulting has a FreeBSD mail server. >> Because they're being deluged with connections from spammers (who >> have responded to the increasing use of "graylisting" by ordering >> their armies of bots to try again and again even when spam is >> rejected), they've subscribed to some DNS blacklists and set >> Sendmail to limit the number of processes it can spawn at any one >> time. This reduces the load on the system due to spamming, but also >> prevents internal users from getting the mail server's attention >> when they want to send legitimate outgoing mail. > >> What's the best way to set things up so that more trusted, internal >> users can access their own instance of Sendmail (with less >> restrictive process limits, no blacklist checks, etc.) while the >> outside world sees an instance of Sendmail with blacklisting, >> process limits, connection limits, load limits, etc.? Will there be >> problems with file locking, queues, etc. if a third instance of >> Sendmail is started on a standard FreeBSD install (which normally >> runs two)? I totally agree with what Chuck Swiger has suggested here: > You could also configure an external and an internal mailservers, > have the internal mailserver be entirely firewalled from outside so > that internal users and internal email are handled there without > issues, and just worry about tuning the external mailserver which > will then only need to do SMTP relaying and anti-spam stuff for the > external mail traffic rather than serve dual-duty as a reader box. To help you with sendmail architecture, take a look at page 547 of the "UNIX system administration handbook, 3rd edition" by Nemeth, Snyder, Seebass and Hein. Don't be fooled by the funny images on this book, it's very clear and quite possibly the best UNIX administration book around with real world examples. You can find it at http://www.admin.com/Pages/USAH.html. Aside from the huge bat book, O'Reilly also publishes "sendmail Cookbook" which is great when it comes to configure sendmail. Check it out at http://www.oreilly.com/catalog/sendmailckbk/. Have fun, David -- David Robillard UNIX systems administrator & Oracle DBA CISSP, RHCE & Sun Certified Security Administrator Montreal: +1 514 966 0122