Richard Wilson wrote:
>All,
>
>I have recently run into a 2nd example of an issue that *may* impact
>some of you, so I thought I'd pass it along. I also am trying to look
>out for other "offending" applications and thought this group might know
>of some.
>
>Background: I help manage a large number of sendmail servers (running
>on Linux) for a large corporation. Our servers are the "gateway"
>systems that funnel email from all internal sources to the Internet and
>vice-versa. Message volumes are substantial.
>
>Occasionally one or more of our mail relay servers will reach a limit
>and start refusing further incoming connections, thanks to spammers this
>is all too common. Since we have a large number of relays, the overall
>effect wouldn't be a big deal except for the following:
>
>Our relays accept outbound mail from most of our Web Servers and they
>refer to our relays using a single DNS alias (the alias is the "smart
>host" for the web servers) -- ideally if their server gets a "busy"
>signal from one of our relays, they will try the next one (DNS Round
>Robin, a decent load balancing trick). We discovered the hard way that
>a recent Java Mail applet that's become very popular with Web developers
>doesn't use the built in mail applications that *should* be running on
>the web servers but tries to manage the SMTP "conversation" directly.
>While this is good from the perspective of Web Server system load, the
>applet doesn't handle timeouts from the mail relays gracefully -- it
>instead throws the mail away. The applet has no retry mechanism, no
>queuing and furthermore latches on to the first IP address it gets when
>it starts and resolves the DNS alias. Thus the DNS round robin does not
>come into play at all.
>
>Our answer has been to configure the Java Mail Applet to send to a local
>sendmail instance (configured to only accept mail from the local system)
>which will then send it on to our relays with retries, queuing, and
>correct DNS behavior. The Java Mail Applet gets an immediate response
>and is happy, the mail does get delivered reliably.
>
>We recently found the same thing with Veritas' VCS Notifier and had to
>use the same solution.
>
>I thought some of you might find this information useful. We could
>double the number of relays we have and we would still see this problem
>thanks to the spammers.
>
>Does anyone on this distribution know of any other applications that try
>to handle their own mail in a similar fashion?
>
>I know some of you may object to sendmail on religious or other grounds,
>but we've put in a lot of our own extensions to it and it handles very
>well what we need it to do -- we're not looking for a replacement.
>
>Thanks in advance.
>
>
Perhaps you've considered this idea, but...
What is you dedicated 1 (or a few) mail relays for use only by your web
servers, allowing no other connections at all. No spam on that (those)
relay(s), so no throttling problems.
--
Darrin Chandler
dwchandler@stilyagin.com
http://www.stilyagin.com/
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)