Richard Wilson wrote: >All, > >I have recently run into a 2nd example of an issue that *may* impact >some of you, so I thought I'd pass it along. I also am trying to look >out for other "offending" applications and thought this group might know >of some. > >Background: I help manage a large number of sendmail servers (running >on Linux) for a large corporation. Our servers are the "gateway" >systems that funnel email from all internal sources to the Internet and >vice-versa. Message volumes are substantial. > >Occasionally one or more of our mail relay servers will reach a limit >and start refusing further incoming connections, thanks to spammers this >is all too common. Since we have a large number of relays, the overall >effect wouldn't be a big deal except for the following: > >Our relays accept outbound mail from most of our Web Servers and they >refer to our relays using a single DNS alias (the alias is the "smart >host" for the web servers) -- ideally if their server gets a "busy" >signal from one of our relays, they will try the next one (DNS Round >Robin, a decent load balancing trick). We discovered the hard way that >a recent Java Mail applet that's become very popular with Web developers >doesn't use the built in mail applications that *should* be running on >the web servers but tries to manage the SMTP "conversation" directly. >While this is good from the perspective of Web Server system load, the >applet doesn't handle timeouts from the mail relays gracefully -- it >instead throws the mail away. The applet has no retry mechanism, no >queuing and furthermore latches on to the first IP address it gets when >it starts and resolves the DNS alias. Thus the DNS round robin does not >come into play at all. > >Our answer has been to configure the Java Mail Applet to send to a local >sendmail instance (configured to only accept mail from the local system) >which will then send it on to our relays with retries, queuing, and >correct DNS behavior. The Java Mail Applet gets an immediate response >and is happy, the mail does get delivered reliably. > >We recently found the same thing with Veritas' VCS Notifier and had to >use the same solution. > >I thought some of you might find this information useful. We could >double the number of relays we have and we would still see this problem >thanks to the spammers. > >Does anyone on this distribution know of any other applications that try >to handle their own mail in a similar fashion? > >I know some of you may object to sendmail on religious or other grounds, >but we've put in a lot of our own extensions to it and it handles very >well what we need it to do -- we're not looking for a replacement. > >Thanks in advance. > > Perhaps you've considered this idea, but... What is you dedicated 1 (or a few) mail relays for use only by your web servers, allowing no other connections at all. No spam on that (those) relay(s), so no throttling problems. -- Darrin Chandler dwchandler@stilyagin.com http://www.stilyagin.com/ --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss