|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: BMITU
> >that nothing can equal, much less beat, sendmail. This is especially > >true when you start talking about filtering for spam or viruses via > >the milter interface. Well, considering that milter is sendmail's, yes, wanting to use the milter method gives sendmail an advantage. There are plenty of other options if you choose the filter method suited to each mail server. > What are people using for network based anti-virus? A friend of mine > started a company www.raeinterent.com/rav and claims to have an industrial broken link btw. probably meant raeinternet.com? They no longer claim anything except to have been acquired by M$. > anti-virus app that plugs into Communigate Pro. Any experience with network > based anti-virus & mail systems? I sure wouldn't call an antivirus scanner that runs on the most common target platform an ideal solution. In terms of high-performance anti-virus, go to Trend Micro. While they have their problems, the vscan interface is the quickest and most scalable scanner I've found. 500k users is one thing. Being able to handle the unpredictable traffic (mail volume over time) for those users is another. Being able to open each message, recursively open up containering file formats (zip, tar, rar, et al) and scan the actual file for viruses is still another. I don't particularly care for their sendmail replacement solution, but vscan is a solid component solution. Admittedly, my own experience is limited to about 1 million messags/hr, so depending on your actual mail traffic, it may not hold up as well. Ignore the data you have on sending mail, or at least put it in its place. It's much easier to keep up your own outbound traffic rate than it is to deal with the same quantity of inbound traffic (sendmail can easily flood an identical sendmail configuration, or at least render it unable to talk to anyone else due to being busy -- yes, you can rate limit senders, but that is not scaling your own ability to accept traffic now, is it?). While none of the unix options are stellar at it, windows options tend to be even more inefficient at I/O operations, rather critical when you're dealing with a lot of small files, such as in a mail server. Unix options generally have an easier time dividing traffic across spindles as well, which is one way to buy yourself more throughput. I've had very encouraging results with Postfix over the years, and it fails the most gracefully and consistently of any common server I've tried. This is quite valuable in designing a reliable and scalable solution, imho. It's fairly easy to plug in modifications as needed, and extremely easy to handle routine configuration changes. Parallelized management works as well as nearly anything. Qmail can be bent to do many things, but was intended to be small, so adding features gets increasingly painful with each addition. If you have made the religious decision that only Windows based servers can do the job for you, your only hope would be Domino. Call IBM, then setup a postfix relay box in front of it to fix the (outbound) headers. :-\ Every other windows-based mail server I've seen fails (often dramatically) at 20k or so users, or smaller. Domino fails too, but at least tends to parallelize well. It also has a path upwards in the event you choose your underlying platform poorly. Whatever it is, you're in for some, umm, interesting times. I still remember my own experiences quite vividly. :) -- Ray Wong [email protected]
|