|
Thread Index [isp-dns] Re: Concerns about high Load
--On 25/11/2002 17:34 +0100 Len Conrad eloquently addressed isp-dns@isp-dns.com regarding [isp-dns] Re: Concerns about high Load : There's a quite highly used webmail interface on the mail storage server (Mirapoint). This uses the local smtpd to deliver. Although we have thought about setting the smarthost to be the gateway server. Also even though the external gateway will be doing most the work the smtpd on the storage server will still have to do local deliveries to mailboxes. This wasn't a cold hard statistic, just an estimation.I am currently configuring a server that will act as a mail gateway/hub for a another load stricken server.I've just installed IMGAte for an ISP whose sendmail mailbox server was submerged trying to do anti-abuse and take care of the users. IMGate fixed his wagon immediately.The setup is as follows. We have one P3 500 Mirapoint appliance (www.mirapoint.com) which is acting as a mailstore and admin interface to mail accounts using roughly 1100 domains. This is struggling with smtp delivery, virus scanning and filtering for the whole network (5000+ users). We are intending to split this traffic by placing it behind a mail gateway that will handle 80% of smtp delivery.best config, but why not 100% ? We have already got Mailscanner working with Sophos, spamassassin and RBL checking. But thanks for the tip I will have a look.There were only a few options regarding methods of making sendmail aware of the domains that is responsible for. In the end we came down to 2 methods one of which is using best_mx_is_local. The documentation suggests that the function should only be used on small to medium networks. So what I need from you guys is some tips on how to make the name server (bind 9.2.1) more efficientLook at IMGate.MEIway.com for your anti-abuse SMTP proxy. pre-configured, proven, and free. Is it, do have a URL which shows statistics and benchmarks as a comparison between the 2. Besides we are using views from Bind9.If you really think you have problems with BIND through put (HIGHLY doubtful), then run BIND 8.3.4, which 30 or 40% more efficient than BIND9. We have 3 authoritative nameservers on our network which do most external query responses, this would only be a fall back for root server delegation. No machines have this box set as their resolver (apart from the gateway itself.)Put BIND on the MX gateway as caching only NS. What a good guess =] That's exactly what it is using. 2x ATA100 40gb IBMs in a software mirrored RAID config. I think we could find some pennies for ram.and perhaps some opinions and/or experience of using this method in moderately high usage environment. It is running on the mail gateway which is a dual p3 1.13ghz, 512mb Ram, serverworks chipset.I suppose you've already spent the $$$, but that is horribly overpowered, money down the tubes. A single CPU of 1+ GHz is fine, put the $$$ in 1 Gb RAM (to allow room for 100's of SMTP/D processes plus DNS cache), and above all in the disks, which you didn't even mention and which is the limiting factor of an SMTP relay. You don't even need SCSI, two ATA100+ disks of 7200 RPM and 40 Gb is sufficient. Also in answer to the next question (see next thread) the gateway IS the firewall. The mailstore is on a NAT'd private address range and this box port forwards the non-local services (e.g. pop3, imap, webmail, etc)... So to round up this box will be... a MTA for 5000 users, Virus scanning/Spam filtering for those 5000 users, Firewall/masq server for internal mailstore, authoritative NS as well as resolver for demanding sendmail config. Sorry about lack of clarity the first time around. M Len
Thread Index |
|
