Loading ...
Sorry, an error occurred while loading the content.

Re: avoiding overload on port 587

Expand Messages
  • Stan Hoeppner
    ... Wietse you work in a small corner of IBM and may not know, but if you do or know who to ask, I d like to know how IBM handles Linux guest clocks on
    Message 1 of 54 , Dec 1, 2012
    • 0 Attachment
      On 12/1/2012 2:26 PM, Wietse Venema wrote:
      > Stan Hoeppner:
      >> ...and I have no experience and pay no
      >> attention to what Oracle is doing with Solaris virtualization,
      >> "containers" I believe they call it.
      >
      > Solaris containers are descendants from FreeBSD jails: they provide
      > different userland namespaces(*) on top of a shared OS kernel.
      >
      > Hardware virtualization on the other hand provides different hardware
      > namespaces(*) on top of a shared hypervisor.
      >
      > These are basically sandboxing methods with different levels of
      > isolation and performance. I would not expect that jails/containers
      > introduce new challenges with respect to missing interrupts.
      >
      > Wietse
      >
      > (*) Not just file or device names, but also
      > memory addresses, disk blocks, and so on.

      Wietse you work in a "small corner" of IBM and may not know, but if you
      do or know who to ask, I'd like to know how IBM handles Linux guest
      clocks on zSeries, and pSeries for that matter. Is there an IBM
      document on this maybe?

      --
      Stan
    • /dev/rob0
      ... Or better yet: replace it with postscreen. ... To clarify, I meant that if those Outlook Expresses are not yet compromised by malware, they will be, soon.
      Message 54 of 54 , Dec 4, 2012
      • 0 Attachment
        On Tue, Dec 04, 2012 at 07:46:10AM -0600, /dev/rob0 wrote:
        > On Tue, Dec 04, 2012 at 11:59:01PM +1300, Peter wrote:
        > > I would still also set up port 587 on the mail.example.com
        > > IP as submission as well and try to encourage your users (at
        > > least the ones you can) to use port 587 from now on.
        >
        > What I would do, on Linux with IPv4 only, is create the submission
        > port and use an iptables redirect for the alternate IP address:
        >
        > # iptables -vt nat -A PREROUTING -p tcp --dport smtp -d \
        > mail.example.com -j REDIRECT --to-port submission
        >
        > This saves the overhead (system and administrative) of running
        > another smtpd on [mail.example.com]:25; he can leave his "smtp ...
        > smtpd" service alone in master.cf.

        Or better yet: replace it with postscreen.

        > I should also add as a reply to Stan in the other subthread: look
        > above at the first quoted paragraph: "Outlook Expresses setup with
        > ... default configuration."
        >
        > Yikes, bad news, very bad. If not doing content filtering nor
        > policy limitation of submission now, he will be soon. And possibly
        > losing his job in any case. Tomas is not in a good place right now.

        To clarify, I meant that if those Outlook Expresses are not yet
        compromised by malware, they will be, soon.
        --
        http://rob0.nodns4.us/ -- system administration and consulting
        Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
      Your message has been successfully submitted and would be delivered to recipients shortly.