Mail Issue and Question

Craig White craigwhite at azapple.com
Tue Nov 29 15:04:37 MST 2005 

On Mon, 2005-11-28 at 20:17 -0700, Richard Wilson wrote:
> All,
> 
> I have recently run into a 2nd example of an issue that *may* impact
> some of you, so I thought I'd pass it along.  I also am trying to look
> out for other "offending" applications and thought this group might know
> of some.
> 
> Background:  I help manage a large number of sendmail servers (running
> on Linux) for a large corporation.  Our servers are the "gateway"
> systems that funnel email from all internal sources to the Internet and
> vice-versa.  Message volumes are substantial.
> 
> Occasionally one or more of our mail relay servers will reach a limit
> and start refusing further incoming connections, thanks to spammers this
> is all too common.  Since we have a large number of relays, the overall
> effect wouldn't be a big deal except for the following:
> 
> Our relays accept outbound mail from most of our Web Servers and they
> refer to our relays using a single DNS alias (the alias is the "smart
> host" for the web servers) -- ideally if their server gets a "busy"
> signal from one of our relays, they will try the next one (DNS Round
> Robin, a decent load balancing trick).  We discovered the hard way that
> a recent Java Mail applet that's become very popular with Web developers
> doesn't use the built in mail applications that *should* be running on
> the web servers but tries to manage the SMTP "conversation" directly.
> While this is good from the perspective of Web Server system load, the
> applet doesn't handle timeouts from the mail relays gracefully -- it
> instead throws the mail away.  The applet has no retry mechanism, no
> queuing and furthermore latches on to the first IP address it gets when
> it starts and resolves the DNS alias.  Thus the DNS round robin does not
> come into play at all.
> 
> Our answer has been to configure the Java Mail Applet to send to a local
> sendmail instance (configured to only accept mail from the local system)
> which will then send it on to our relays with retries, queuing, and
> correct DNS behavior.  The Java Mail Applet gets an immediate response
> and is happy, the mail does get delivered reliably.
> 
> We recently found the same thing with Veritas' VCS Notifier and had to
> use the same solution.
> 
> I thought some of you might find this information useful.  We could
> double the number of relays we have and we would still see this problem
> thanks to the spammers.
> 
> Does anyone on this distribution know of any other applications that try
> to handle their own mail in a similar fashion?
> 
> I know some of you may object to sendmail on religious or other grounds,
> but we've put in a lot of our own extensions to it and it handles very
> well what we need it to do -- we're not looking for a replacement.
> 
> Thanks in advance.
----
handoff to local MTA seems to be the most logical choice for your usage
and thus the best solution.

Craig

More information about the PLUG-discuss mailing list