On Tue, Sep 03, 2002 at 01:14:04PM +0100, Tony Finch wrote: > "Suresh Ramasubramanian" <mallet@???> wrote:
> >
> >I'd farm the load of virus scanning off to a separate box with fastish hard
> >disks (heck, you could just build a fairly cheap pentium machine with a
> >large scsi hard disk), rather than burden your mailhubs.
>
> One machine is not going to have enough CPU or reliability for this job.
> It makes sense to do it on the mail hubs because you want to scan all
> mail for viruses (incoming and outgoing) and all mail goes through the
> hubs. No point in duplicating functionality.
My thoughts exactly. We can add more hub machines if needed (currently
got 2). These hubs then deliver to a number of machines behind the firewall.
currently my plan is to continue to do the virus checking on the hubs as
this is not optional - all users have to have their email virus checked
but to farm the spamassasin off to another machine if the user registers
to have their email spamchecked (and therefore accepts a possible delay).
This would mean that we could fairly easily increase the spam checking
capacity by adding more machines. The main question is what virus software
we should be using!
> >To reduce the load on your machines, I'd suggest running something like LDAP
> >or MySQL so that your mailhubs have a reasonable view of your userdb
> >@ukc.ac.uk (need not have access to the actual LDAP server - but replication
> >could be considered...).
>
> That's not possible if the mail hubs are forwarding other domains' mail
> to other mail servers run by other people, so the hubs can't know which
> local-parts are valid. However call-forward recipient checking comes to
> the rescue.
Not a problem. The mail hubs have access to the entire userdb for all
domains that we host or relay for.
Since asking this morning I have been looking at Sophie - this seems
to have a few plus points but I'm not sure if our license for sophos
covers the library - has anyone else here gone down that route (exim4
+ exiscan + sophie)?