Re: avoiding overload on port 587
- Stan Hoeppner:
> On 12/1/2012 2:26 PM, Wietse Venema wrote:I don't know the fine details, but I do know that these systems
> > Stan Hoeppner:
> >> ...and I have no experience and pay no
> >> attention to what Oracle is doing with Solaris virtualization,
> >> "containers" I believe they call it.
> > Solaris containers are descendants from FreeBSD jails: they provide
> > different userland namespaces(*) on top of a shared OS kernel.
> > Hardware virtualization on the other hand provides different hardware
> > namespaces(*) on top of a shared hypervisor.
> > These are basically sandboxing methods with different levels of
> > isolation and performance. I would not expect that jails/containers
> > introduce new challenges with respect to missing interrupts.
> > Wietse
> > (*) Not just file or device names, but also
> > memory addresses, disk blocks, and so on.
> Wietse you work in a "small corner" of IBM and may not know, but if you
> do or know who to ask, I'd like to know how IBM handles Linux guest
> clocks on zSeries, and pSeries for that matter. Is there an IBM
> document on this maybe?
have have very mature hardware support for virtualization and
There are many IBM documents, too many for me to make a quick
selection for you.
- On Tue, Dec 04, 2012 at 07:46:10AM -0600, /dev/rob0 wrote:
> On Tue, Dec 04, 2012 at 11:59:01PM +1300, Peter wrote:Or better yet: replace it with postscreen.
> > I would still also set up port 587 on the mail.example.com
> > IP as submission as well and try to encourage your users (at
> > least the ones you can) to use port 587 from now on.
> What I would do, on Linux with IPv4 only, is create the submission
> port and use an iptables redirect for the alternate IP address:
> # iptables -vt nat -A PREROUTING -p tcp --dport smtp -d \
> mail.example.com -j REDIRECT --to-port submission
> This saves the overhead (system and administrative) of running
> another smtpd on [mail.example.com]:25; he can leave his "smtp ...
> smtpd" service alone in master.cf.
> I should also add as a reply to Stan in the other subthread: lookTo clarify, I meant that if those Outlook Expresses are not yet
> above at the first quoted paragraph: "Outlook Expresses setup with
> ... default configuration."
> Yikes, bad news, very bad. If not doing content filtering nor
> policy limitation of submission now, he will be soon. And possibly
> losing his job in any case. Tomas is not in a good place right now.
compromised by malware, they will be, soon.
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: