Loading ...
Sorry, an error occurred while loading the content.

Re: avoiding overload on port 587

Expand Messages
  • Reindl Harald
    ... it is no problem with linux on ESXi divider=10 clocksource=hpet with current ESXi5 und HW8 but i have running since 2008 a lot of virtual machines and
    Message 1 of 54 , Dec 1, 2012
    • 0 Attachment
      Am 01.12.2012 02:21, schrieb Stan Hoeppner:
      > On 11/30/2012 6:08 PM, Wietse Venema wrote:
      >> Stan Hoeppner:
      >>> That said, given the ongoing clock issues that all the guest/hypervisor
      >>> combos have always experienced to some degree, and will forever
      >>> experience no matter how good the mitigation hacks, it is my opinion,
      >>> and Wietse's, and many others, that mail is not really a suitable
      >>> application for most virtual environments. I'm sure you'll now write at
      >>
      >> Um, I have pointed out failures. I do not claim that all virtualization
      >> environments fail to meet the requirements
      >
      > My apologies for the mis-attribution Wietse. I agree not all virtual
      > environments have clock problems serious enough to avoid deploying mail
      > servers. I stated "most", which may likely be better described today as
      > "many". It's still a problem with Linux on ESX though not as bad as it
      > once was

      it is no problem with linux on ESXi

      "divider=10 clocksource=hpet" with current ESXi5 und HW8
      but i have running since 2008 a lot of virtual machines and since
      2009 two mailservers with postfix and even without "clocksource=hpet"
      which is bot supported in virtual hwardwre below v8 there wo NO timedrift
      at all, a "distribute-command.sh date" shows the same time on any machine
      in the list independent on which host or phsyical or even on
      what location it is running

      so if time drift is your only problem with virtualization there
      is no problem at all at least with recent fedora guests and RHEL6
    • /dev/rob0
      ... Or better yet: replace it with postscreen. ... To clarify, I meant that if those Outlook Expresses are not yet compromised by malware, they will be, soon.
      Message 54 of 54 , Dec 4, 2012
      • 0 Attachment
        On Tue, Dec 04, 2012 at 07:46:10AM -0600, /dev/rob0 wrote:
        > On Tue, Dec 04, 2012 at 11:59:01PM +1300, Peter wrote:
        > > I would still also set up port 587 on the mail.example.com
        > > IP as submission as well and try to encourage your users (at
        > > least the ones you can) to use port 587 from now on.
        >
        > What I would do, on Linux with IPv4 only, is create the submission
        > port and use an iptables redirect for the alternate IP address:
        >
        > # iptables -vt nat -A PREROUTING -p tcp --dport smtp -d \
        > mail.example.com -j REDIRECT --to-port submission
        >
        > This saves the overhead (system and administrative) of running
        > another smtpd on [mail.example.com]:25; he can leave his "smtp ...
        > smtpd" service alone in master.cf.

        Or better yet: replace it with postscreen.

        > I should also add as a reply to Stan in the other subthread: look
        > above at the first quoted paragraph: "Outlook Expresses setup with
        > ... default configuration."
        >
        > Yikes, bad news, very bad. If not doing content filtering nor
        > policy limitation of submission now, he will be soon. And possibly
        > losing his job in any case. Tomas is not in a good place right now.

        To clarify, I meant that if those Outlook Expresses are not yet
        compromised by malware, they will be, soon.
        --
        http://rob0.nodns4.us/ -- system administration and consulting
        Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
      Your message has been successfully submitted and would be delivered to recipients shortly.