--On 27 September 2010 11:07:41 -0400 "John R. Levine"
<johnl(_at_)iecc(_dot_)com>
wrote:
That seems an awful lot of work to do with the connection open to deal
with what is unlikely to be more than a rare misconfiguration.
You recommend a particular course of action (discarding) for dealing with
ADSP/MLM problems. I think you're almost exactly right except that the
action should be to deny instead of discarding. The rarity of the
misconfiguration would be an argument for ignoring the case entirely: it
doesn't speak to whether one should discard rather than deny once you've
gone to the trouble to detect the case. That's the only disagreement that I
have with your message.
When you
made these changes to your MTA, how much work was it? How much effect
did it have on overall MTA performance? If you haven't implemented them,
why not?
I already know when I have a good DKIM signature because SpamAssassin
checks this at SMTP time. I already know when I'm delivering a message to a
locally hosted list, because I couldn't route the message otherwise. I
haven't implemented ADSP checks yet, because the community is still
discussing the best way to do this. However, it's just another DNS lookup.
We already do several of those for every message that we handle.
Exim (our MTA) is designed to do *all* message checking at SMTP time. It
uses ACLs that can run at any point in the SMTP session limited only by the
availability of information. It's trivial to move an ACL from one part of
the SMTP process to another. The alternative is to pipe the message to an
external process which would then deliver it back. It's *much* easier to
simply do this in an ACL, and there is no ACL that runs after the SMTP
session is closed.
Exim documentation gives instructions for running anti-spam software like
SpamAssassin, and anti-malware software like ClamAV during the SMTP
session. After the SMTP session, you'd have to route the messages through a
secondary server to perform those functions. It would be arcane, and less
flexible. We've been running SpamAssassin and ClamAV during the border SMTP
session for many years now, and introduced DKIM checks about two years ago
with zero impact on performance (because spamassassin and ClamAV already do
a heck of a lot more DNS lookups and content processing).
Here's the hardware that I'm running it on. We've got four of these
machines for resilience (two each in two data centres). Any one of the
machines can handle peak loads on its own: They're specced to handle our
IMAP load, but don't perform that role any longer, because OSX has an
artificial limit on simultaneous process numbers.
XServe G5 (purchased in 2004)
2x Power PC G5 2.0GHz processors, with typical load averages of about 1.0
6GB RAM (that was for IMAP processes). Currently they use about 1GB, and
I'd be happy with 2GB per machine.
DNS servers are local to the machines, to reduce network accesses.
Really, performance isn't a problem.
And since this group seems to be obsessed with arcane corner cases, what
do you do with a discardable message if it's sent to two addresses, one
of which is a mailing list and one of which isn't?
It'll remain an arcane corner case only if you're successful in preventing
uptake of ADSP. Either way, the correct solution is worth discovering. Our
configurations deal with a lot of corner cases already.
R's,
John
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html