[bitfolk] Control your own reverse DNS

Αρχική Σελίδα

Reply to this message
Συντάκτης: Andy Smith
Ημερομηνία:  
Αντικείμενο: [bitfolk] Control your own reverse DNS
--IPDFAagvJKOirP/Y
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJVvyOIJm2TL8VSQsRAnmvAJ9u+qYH/lPO1Dna7w2Qx3t4WKRJCgCg0Fgu
RN5gFGu+gdRWh8n8hLCEWAE=
=Vbmb
-----END PGP SIGNATURE-----

--IPDFAagvJKOirP/Y--


From andy@??? Sun Dec 28 16:46:58 2008
Received: from andy by bitfolk.com with local (Exim 4.63)
    (envelope-from <andy@???>) id 1LGyn3-0003ha-PC
    for users@???; Sun, 28 Dec 2008 16:46:58 +0000
Date: Sun, 28 Dec 2008 16:46:57 +0000
From: Andy Smith <andy@???>
To: users@???
Message-ID: <20081228164657.GY29527@???>
References: <20081228041158.GU29527@???>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
    protocol="application/pgp-signature"; boundary="8hDNj9fSINGAam3K"
Content-Disposition: inline
In-Reply-To: <20081228041158.GU29527@???>
OpenPGP: id=BF15490B; url=http://strugglers.net/~andy/pubkey.asc
X-URL: http://strugglers.net/wiki/User:Andy
User-Agent: Mutt/1.5.13 (2006-08-11)
X-Virus-Scanner: Scanned by ClamAV on bitfolk.com at Sun,
    28 Dec 2008 16:46:57 +0000
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: andy@???
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
    admin.kwak.bitfolk.com
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=AWL,NO_RELAYS
    autolearn=unavailable version=3.2.5
X-Spam-Report: * -0.0 NO_RELAYS Informational: message was not relayed via SMTP
    *  0.0 AWL AWL: From: address is in the auto white-list
X-SA-Exim-Version: 4.2.1 (built Tue, 09 Jan 2007 17:23:22 +0000)
X-SA-Exim-Scanned: Yes (on bitfolk.com)
Subject: Re: [bitfolk] centralised clamav - a sticking point
X-BeenThere: users@???
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
List-Unsubscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
    <mailto:users-request@lists.bitfolk.com?subject=unsubscribe>
List-Archive: <http://lists.bitfolk.com/lurker/list/users.html>
List-Post: <mailto:users@lists.bitfolk.com>
List-Help: <mailto:users-request@lists.bitfolk.com?subject=help>
List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
    <mailto:users-request@lists.bitfolk.com?subject=subscribe>
X-List-Received-Date: Sun, 28 Dec 2008 16:46:59 -0000



--8hDNj9fSINGAam3K
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

On Sun, Dec 28, 2008 at 04:11:58AM +0000, Andy Smith wrote:
> The only thing I can think of is configuring each clamav box to use
> a different port range and mapping all those ports on the load
> balancer to the correct boxes. That's really horrible. Anyone got
> any better ideas?


Someone asked offlist why I don't use clamav-milter. This is not
for me, this is for all customers. Not everyone can or wants to use
clamav-milter. For example I have not found a way that Exim can use
clamav-milter, so I myself would have to continue running my own
clamd. If I've missed something there, please do let me know
though..

Someone else suggested I configure the load balancer to make sure
sessions from one client always go to the same back end. That is not
the problem.

The problem is that the back end replies, inside the protocol, to
advise of a *new* port that it is listening upon (like FTP). The
client then will make a new connection to this port on the load
balancer. The port is not open on the load balancer, it is open on
the back end. The ClamAV stream protocol does not include the IP
address, so the client cannot know to connect to the back end and
not the load balancer. Since the ports are in a dynamic range, I
cannot make the load balancer balance them either. I would need to
statically forward every single port in the ranges from the load
balancer to the back ends.

FWI