"Hostile" vs. "Friendly" instances of Sendmail
Brett Glass
brett at lariat.net
Fri Aug 25 19:57:57 UTC 2006
A company for whom I do consulting has a FreeBSD mail server.
Because they're being deluged with connections from spammers (who
have responded to the increasing use of "graylisting" by ordering
their armies of bots to try again and again even when spam is
rejected), they've subscribed to some DNS blacklists and set
Sendmail to limit the number of processes it can spawn at any one
time. This reduces the load on the system due to spamming, but also
prevents internal users from getting the mail server's attention
when they want to send legitimate outgoing mail.
What's the best way to set things up so that more trusted, internal
users can access their own instance of Sendmail (with less
restrictive process limits, no blacklist checks, etc.) while the
outside world sees an instance of Sendmail with blacklisting,
process limits, connection limits, load limits, etc.? Will there be
problems with file locking, queues, etc. if a third instance of
Sendmail is started on a standard FreeBSD install (which normally
runs two)? And where's the option that tells Sendmail to listen
only on a particular interface? (This should be on the man page, but isn't.)
--Brett Glass
More information about the freebsd-questions
mailing list