Mail Issue and Question

[Darrin Chandler]

Richard Wilson wrote:

>All,
>
>I have recently run into a 2nd example of an issue that *may* impact
>some of you, so I thought I'd pass it along.  I also am trying to look
>out for other "offending" applications and thought this group might know
>of some.
>
>Background:  I help manage a large number of sendmail servers (running
>on Linux) for a large corporation.  Our servers are the "gateway"
>systems that funnel email from all internal sources to the Internet and
>vice-versa.  Message volumes are substantial.
>
>Occasionally one or more of our mail relay servers will reach a limit
>and start refusing further incoming connections, thanks to spammers this
>is all too common.  Since we have a large number of relays, the overall
>effect wouldn't be a big deal except for the following:
>
>Our relays accept outbound mail from most of our Web Servers and they
>refer to our relays using a single DNS alias (the alias is the "smart
>host" for the web servers) -- ideally if their server gets a "busy"
>signal from one of our relays, they will try the next one (DNS Round
>Robin, a decent load balancing trick).  We discovered the hard way that
>a recent Java Mail applet that's become very popular with Web developers
>doesn't use the built in mail applications that *should* be running on
>the web servers but tries to manage the SMTP "conversation" directly.
>While this is good from the perspective of Web Server system load, the
>applet doesn't handle timeouts from the mail relays gracefully -- it
>instead throws the mail away.  The applet has no retry mechanism, no
>queuing and furthermore latches on to the first IP address it gets when
>it starts and resolves the DNS alias.  Thus the DNS round robin does not
>come into play at all.
>
>Our answer has been to configure the Java Mail Applet to send to a local
>sendmail instance (configured to only accept mail from the local system)
>which will then send it on to our relays with retries, queuing, and
>correct DNS behavior.  The Java Mail Applet gets an immediate response
>and is happy, the mail does get delivered reliably.
>
>We recently found the same thing with Veritas' VCS Notifier and had to
>use the same solution.
>
>I thought some of you might find this information useful.  We could
>double the number of relays we have and we would still see this problem
>thanks to the spammers.
>
>Does anyone on this distribution know of any other applications that try
>to handle their own mail in a similar fashion?
>
>I know some of you may object to sendmail on religious or other grounds,
>but we've put in a lot of our own extensions to it and it handles very
>well what we need it to do -- we're not looking for a replacement.
>
>Thanks in advance.
>  
>
Perhaps you've considered this idea, but...

What is you dedicated 1 (or a few) mail relays for use only by your web 
servers, allowing no other connections at all. No spam on that (those) 
relay(s), so no throttling problems.


-- 
Darrin Chandler
dwchandler at stilyagin.com
http://www.stilyagin.com/