Re: sendmail gateway overrunning my internal mailhost

---

• From: Matej Vela <mvela@xxxxxx>
• Date: Sat, 13 Aug 2005 17:39:50 +0000 (UTC)

---

On 2005-08-13, Fred Oo <foo@xxxxxxxxxx> wrote:
> My external mail gateway (sendmail 8.11.6) is over running my
> internal SMTP and POP hosts. The sendmail server is opening connections
> faster than the internal one can handle the requests. As the internal
> machine slows, it takes longer to respond, sendmail opens another connection
> and the cycle continutes. Is there a sendmail option to limit the number of
> outbound connections sendmail will make. I think I would be better off,
> having my mqueue grow during peaks and then drain, rather than having all
> the connections hit my internal sever real time.

(Please upgrade to Sendmail 8.12.10 or better; 8.11.6 has several
security problems.)

The general recipe is to set DeliveryMode to "queue", and limit the
number of concurrent queue runners, either through MaxQueueChildren or
via queue group definitions. The devil is in the details though; some
questions first:

* Does your gateway accept recipients regardless of whether they exist
on the internal host? Nowadays spammers undertake massive dictionary
attacks looking for valid addresses. Rejecting these attempts at the
perimeter cuts down on a *lot* of traffic.

* Are the internal hosts under your control, and if so, what software
are they running? Restricting the number of connections on the
incoming side is both simpler and more efficient, especially if you
have more than one gateway host.

* Does the gateway handle both incoming and outgoing traffic?

* Are separate limits needed for each host/group of hosts?
.

---

• References:
  • sendmail gateway overrunning my internal mailhost
    • From: Fred Oo

• Prev by Date: Re: Missing Email
• Next by Date: Re: How to keep/reject messages based on more than one test return?
• Previous by thread: Re: sendmail gateway overrunning my internal mailhost
• Next by thread: How to keep/reject messages based on more than one test return?
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Restrict connections ... This server needs to accept connections from the ... The Exchange servers simply do not allow "illegal" hosts to start an SMTP ... Sendmail allows anyone to establish an SMTP connection. ... (comp.mail.sendmail) Re: cannot telnet port 25 from other hosts ... > mylinux 25 from other hosts?? ... the Sendmail mail transport agent does not accept network ... connections from any host other than the local computer. ... network devices (or comment out this option entirely using the dnl comment ... (Fedora) Re: Troubleshooting SMTP/TELNET ... My SMTP is unable to accept connections from non-local subnets. ... assume you're running sendmail till you say otherwise;-) ... From the internet or LAN ... (comp.os.linux.networking) RE: problems receiving e-mail to my server redux ... Sendmail being the default MTA that is installed ... > to accept external port 25 connections has been discussed on ... > inbound e-mail in your mailbox, ... > Steve Cowles ... (RedHat) Re: Reasons behind defaulting atd and sendmail ... The port on the local machine for the outgoing ... firewall to allow incoming port 25 connections, ... the stock setup of Sendmail will send mail to the Internet. ... No regular desktop Fedora user will even thinkg about su'ing, vi'ing, or even consider needing an MTA. ... (Fedora)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

newsgroups.derkeiler.com  > Archive  > Comp  > comp.mail.sendmail  > 2005-08