cgi-bin Scripts w/Multiple Mail Servers

P David Schaub dschaub@dschaub.com
Thu Oct 3 18:57:27 UTC 2002


--On Thursday, October 03, 2002 12:03:58 PM -0600 Vernon Schryver 
<vjs@calcite.rhyolite.com> wrote:

>> From: P David Schaub <dschaub@dschaub.com>
>
>> I'm curious how folks with multiple mail servers are handling whitelisting
>> using the cgi-bin scripts provided in the DCC distribution.
>
> Is anyone using those scripts?  I'd like to think so, but I've no evidence.

Well count me in as soon as I can reconcile two mail servers separated both by router 
distance as well as physical distance. It may not be the straight cgi-bin scripts but 
I'm not a proud person...you provide me a framework and I'll tweak it for my needs ;)

>
>>                                                              The way I
>> understand it when using sendmail w/dccm each client needs to have access
>> to a common set of whitelist files.  If that is correct then I see three
>> possible options:
>>
>> -> Run one dccm for all sendmail instances - downside here is that you
>> can't use a unix socket for your milter...you have to use an inet socket.
>> Also the entire message is passed across the network to the dccm daemon as
>> opposed to simple checksums from dccm to dccd.  On the plus side, managing
>> client whitelists is quite simple.
>>
>> -> Run a cronjob to periodically move a master list of whitelist files from
>> a single instance of dccm running the cgi-bin scripts to all of the other
>> dccm clients.
>>
>> -> Mount the userlist directory across an NFS mount so it can be shared by
>> all systems.  I'm not sure what implications this has on file locking...
>>
>> Have I missed something.  Is there a much better way of doing business?
>
> NFS mounting the log directories on computers running dccm should be ok,
> because the worst that would happen even on systems such as Solaris that
> don't understand fcntl() locking over NFS would be the loss or corruption
> of an occassional log file.  I strongly recommend against NFS mounting
> the binary whiteclnt.dccw files on system like Solaris because dccm and
> dccproc need write-access to whiteclnt.dccs.  Even on systems such as IRIX
> that supports file locking over NFS, lock-daemon chatter would be
> irritating if not necessarily a performance problem.  Dccm only reads the
> ASCII whiteclnt files and only occassionally, so having a single HTTP
> server write it and several dccm running computers read it should be
> tolerable, if the operating system tolerates the fcntl()s.

Thanks for filling in an area of my ignorance.  The MTAs that I admin are running 
Solaris and I knew there were issues with NFS and Solaris...just not sure how they 
would impact dccm as it works with the whiteclnt files and log files.  Right now the 
implemetation direction that I'm headed is using DCC to mark messages as bulky.  If 
they are bulky my end users can request and I can implement SIEVE rules which will 
autofile these bulky messages in a "BulkMail" folder rather than their inbox.  Since 
I'm not blocking/dropping any mail the log files are less important, but the whiteclnt 
files are still an essential piece for the enduser experience.

> If your total DCC traffic is low enough to use a single instance of dccm
> and if your MX servers are close enough that milter/TCP/IP packets would
> not traverse the Internet, then the first alternative may be best.  The
> sendmail milter mechanism involves a large number of round trips between
> the filter process (e.g. dccm) and sendmail, but I doubt that number is
> large enough to matter if you can use a single dccm process.

Unfortunately, I think my traffic is going to be high enough (180,000 - 200,000/day) 
and the server separation great enough to rule out a single instance of dccm.  I 
believe I'm going to be stuck w/either NFS (yuck) or batch pull/push (double yuck)...

David



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.