Carrier class email security recommendation

joel jaeggli joelja at
Mon Apr 12 11:21:45 CDT 2010

On 4/12/2010 10:22 AM, Suresh Ramasubramanian wrote:
> The man did say "carrier class" .. not "small webhost for four
> families and dog".   You're talking multiple mailservers + filtering
> gateways / appliances etc, clustered .. rather tough to do that with
> one pizzabox 1U running a linux that's not updated in years and
> configured with webmin.

I build basically the same mail-system where is collapsed into a single 
box or spread out across a cluster.

sendmail + clamav milter + milter graylist -> procmail -> spamd -> 
maildir delivery -> dovecot imap.

When you need to scale the front end you deploy a load balancer and fire 
up more smtp boxes...

When you need to scale the filestore you move it to nfs and divide and 

When you need to scale imap you shift it in front of the load balancer 
and deploy more boxes.

For load balancer we used LVS back in the day.

can replace sendmail with postfix or exim, it's mostly a place to hang 
the various on-connect filter regimes.

> And have you used / deployed any of those devices to claim they don't
> support NTP?  Or whether that's a bigger constraint than an
> underpowered linux box? :)
> On Mon, Apr 12, 2010 at 7:48 PM, todd glassey<tglassey at>  wrote:
>> Yes William, but realize that was an "easiest method" solution. There
>> are any number of others as well.
>> The point is that integrating an appliance type functionality is pretty
>> easy if you bother to take the time.
>> What I really wanted to point out is how many of the devices dont allow
>> authenticated NTP meaning they are worthless from an evidence
>> perspective, something that we as network engineers are constrained by
>> as well.

More information about the NANOG mailing list