[CentOS] Recommend Mail Server

Ian Forde ianforde at gmail.com
Tue Nov 24 02:35:35 UTC 2009

On Nov 23, 2009, at 5:34 PM, Christopher Chan <christopher.chan at bradbury.edu.hk 
 > wrote:

> Les Mikesell wrote:
>> You probably really want ldap for that sort of thing.
> You probably really want to reconsider using ldap for anything that  
> gets
> loads of changes daily.

In the case of a mail relay, at one point  years back I decided to  
drop (not bounce) all email to bogus recipients at the relay level  
rather than let it get to (yuck) Exchange, which would bounce it. The  
trick was having an updated recipient list. My first thought was to  
query Active Directory for each user, thus getting an up-to-date result.

This turned out to be a *bad* idea for a couple of reasons. 1) if I  
can't reach AD, mail won't queue up on the relays, which is one of  
their major functions. 2) I'm making the relays directly dependent on  
AD latency. 3) any flood of email from outside can cause a large  
amount of queries against AD, causing a DOS that the relays are  
supposed to shield the internal network from.

So instead, I found a script to gather the list of users from AD, did  
some modifications and wrote some wrappers. The result? A script that  
runs from cron to get the list of valid addresses, convert them into  
an access file that sendmail (or postfix, in the first case years ago)  
can use instead. There's a little more latency, but as long as I do  
some sanity checking (too many changes? Send an alert and don't change  
the access file) it works just fine. Ldap-based, yes. But loosely  
coupled. A good compromise in my experience...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20091123/b46c2e66/attachment.html>

More information about the CentOS mailing list