Sendmail vs Quail. The battle continues

[Robert Meyer]

--- James Simmons <jsimmons at acsu.buffalo.edu> wrote:
> 
> > OK, now what does PITA mean?
> 
> Pain in the %$@&$
> 
> > You got a root access to a machine with sendmail.  How did you get
> in
> > and did you identify a fix for the problem?  Was it a configuration
> > error or an inherent problem in sendmail?
> 
> A inherit problem with sendmail. This was with a version of sendmail
> that
> is now a year old.

Ok, how long did it take for the fix to the problem to be generated and
did you use a known exploit for which there was already a fix?
 
> 
> > I can use a .forward on sendmail to handle redirection of email. 
> This
> > is documented in ANY unix book around.
> 
> Thats not what I mean. I was talking about sendmails numerous
> features.
> Their was once a roach in my office. I first hit it with my qmail
> book.
> The roach scrambled aways. Then I picked up the sendmail book. The
> roach
> was then a mess.

Well, yeah, I'll agree that sendmail's a bear if you want to start
writing rulesets.  Most of the time, I use the M4 configuration files
and make minor tweaks if I have a non-standard configuration (yeah,
what's a standard configuration?! :-)
> 
> > If you're trying to build a monolithic Email server for tens of
> > thousands of users, then you have a point. When designing a system
> for
> > that quantity of users, the cost of the hardware grows at a
> geometric
> > rate, rather than linearly in a
> > monolithic implementation.  If the system is distributed, the
> hardware
> > costs come down, the use of more common hardware is possible,
> enabling
> > easier and faster recovery from failure and a failure affects a
> much
> > smaller percentage of the population using the service.
> 
> No. I'm talking about chek.com which at the time I left had 1/2
> million
> users on one mail machine.

Again, I'm not a big fan of making monolithic mail servers because of
all of the trouble that entails.  The machine cost goes up
geometrically because you're getting into more and more specialized
hardware to be able to support the user base.  Maintenance becomes more
of an issue due to the number of people affected and a crash of the
single huge machine will take that much longer to put back together.  I
have seen the results of this kind of crash and it's not pretty.

Generally for a user base of that magnitude, I'd be looking into a
cluster approach.  Have a large number of smaller Email servers, each
with it's own backup system and disk space.  You then designate a few
machines as "traffic cops" with a table of user aliases and a single
service name to get the Email forwarded to the right machine.  Then
make a few machines serve as 'IMAP forwarders' (software on freshmeat)
to make sure the users get routed to the correct backend machine to
handle their Email.  If you lose any of the forwarders or traffic cop
machines, you can simply pull them from the DNS service name while
they're being fixed.  If you lose a backend machine, the percentage of
the user base that's affected is 100/number of machines.  Since the
machines are smaller, its easier to keep spares available and since
each machine has it's own full backup and a relatively current
incremental, pull the tape, stick it in the backup machine, reload the
few gig (as opposed to terabytes) that the machine contained, change
it's name and IP and you're back in business in less than 1/2 hour from
the detection of the failure.

I had written a treatise on this design philosophy with a couple of
implementation examples some time ago (I'm thinking Jan '99 or so). 
DANG!, now I have to go poking through some backup tapes that I have
'cuz it's going to bother me now. 

Another question about chek.com: How many ACTIVE users were there?  I
have seen systems that had some large numbers of users of which only
somethin on the order of 10% were actually using the accounts more than
once a week.  What kind of machine were they using to support 500K
users?  That's gotta be a BIG hunk 'o hardware...

Parry...Reposte'



=====
Bob Meyer
Knightwing Communications
36 Cayuga Blvd
Depew, NY 14043
Phone: 716-308-8931 or 716-681-0076
Meyer_RM at Yahoo.com

__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com