From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1PhGWH-0002fJ-Jc for garchives@archives.gentoo.org; Mon, 24 Jan 2011 07:07:21 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 440DBE0794; Mon, 24 Jan 2011 07:05:51 +0000 (UTC) Received: from mail-wy0-f181.google.com (mail-wy0-f181.google.com [74.125.82.181]) by pigeon.gentoo.org (Postfix) with ESMTP id F02AAE0794 for ; Mon, 24 Jan 2011 07:05:50 +0000 (UTC) Received: by wyf22 with SMTP id 22so5158115wyf.40 for ; Sun, 23 Jan 2011 23:05:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:from:to:subject:date:user-agent:cc:references :in-reply-to:mime-version:content-type:content-transfer-encoding :message-id; bh=qbl4/GIbzRZNCI3DTz1aMC3GIxczhdnNPxlC8DrjCg0=; b=T5lCDfjHrOSgzDrvyjmxwqkT/aXDu6I3O7Yu00rc2H02/EF1OE9agdlwUSRV5bvNJH 8iPhYCkQ+YITOnW4a+tC6hzbHDb9RlLBGY+lVqt6YsfKpgRqG1niNkqzkJVeBArCi9s/ xmxFpxNKBey219fMQH2+aS3jeCcnrr1TsPmVI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:cc:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; b=VQDUYbaPlppuCr95ibi0g+ppV0gs0/R0IVJOucw+3BFkIm9AySy/lsSASM8Cw4KIkM dviV+jvvhC5mGCI5wT0SRgC2uVI6o1lfhym04Fefc6yCAG/33PNh0U1yq8LH0LGB099d sqOcU5K1ZnrAIKgg8e4m7x6n4zHwcFGJsa+gA= Received: by 10.227.133.81 with SMTP id e17mr3814816wbt.176.1295852750176; Sun, 23 Jan 2011 23:05:50 -0800 (PST) Received: from nazgul.localnet (dustpuppy.is.co.za [196.14.169.11]) by mx.google.com with ESMTPS id h39sm2355943wes.29.2011.01.23.23.05.48 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 23 Jan 2011 23:05:49 -0800 (PST) From: Alan McKinnon To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Setting up SMTP relay Date: Mon, 24 Jan 2011 09:06:21 +0200 User-Agent: KMail/1.13.5 (Linux/2.6.37-ck; KDE/4.5.5; x86_64; ; ) Cc: kashani References: <4D3B4D53.7000209@wonkology.org> <201101240226.24738.alan.mckinnon@gmail.com> <4D3CD441.6010206@badapple.net> In-Reply-To: <4D3CD441.6010206@badapple.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Message-Id: <201101240906.22848.alan.mckinnon@gmail.com> X-Archives-Salt: X-Archives-Hash: 0e8e246c2b9265197c8787658ad85a35 Apparently, though unproven, at 03:22 on Monday 24 January 2011, kashani did opine thusly: > > There's lots more examples, but they all follow a similar theme. > > Thanks for the extra detail, I found what you're describing very > interesting. I've never dealt with Postfix with more than a couple > hundred internal users and more often as spam our customers system. > Other than the occasional Nagios blasts I haven't had to deal with much > of this. > In regards to controlling what users send is it feasible to use a > policy server for rate limiting them? The ability to use an extra lookup > service to decide whether to access main, filter it, allow relay, etc is > one of the things I think Postfix does well. However I suspect the > management and hand holding of a rate limit system would create more > overhead than cleaning out the queue periodically. Your last sentence is the right one. Dealing with issues arising only when they arise is infinitely easier than trying to maintain some arb list of $STUFF just in case a minority of users misconfigure their boxes. On the whole, our users send only valid mail and all of it must be allowed to pass. The problems come in when a automated system mail goes beserk, usually causing loops. Not spam though, there's a rather large Cisco Ironport in front of my MTAs which deals with that. -- alan dot mckinnon at gmail dot com