Earlier this year me and my team rolled out the largest email system in Europe for $UK_ISP (not BT).
It caters for 4 million current users and can scale to an estimated 10 million.
We use Openwave MX software to do this - it was the only thing that would scale. I mean the *only* thing, nothing else could cope. We looked, trust me.
You need *lots* of hardware. This isn't a full list, but to give you an idea:
24 MTA machines 12 FEP (front end processing) machines 16 queue machines 48 mail storage machines 16 virus-scanning machines 2 dedicated DNS boxes 4 directory servers (to look up mailboxes) 16 webmail machines
Numerous other boxes including logservers, terminal servers and a jumpstart environment for quick rebuilds.
Typical box stats: SunFire V440/480, quad processor, 8gb / 16gb RAM where possible. All run Solaris 8/9.
These are hooked up by fibre to a couple of enormous EMC arrays, and a bunch of HP EVA storage also. Total capacity? currently ~48tb.
It's a massive project, and it's not perfect, or (ever) completely finished, but it works!
Good luck with your project, if I could give you one bit of advice it would be to take whatever spec you think you need and double it.
I worked for a firm that used Javacards to do a simliar thing. You set a debit limit via the intranet, and your food, gym, purchases and the car valet were all taken from your wages each time you swiped.
It came off gross too, for great tax efficiency, plus no banking details were ever transmitted.
Administrators could call the lift (elevator) when they swiped in to work in the morning:)
a: vulnerability identified b: patches released to fix vulnerability
all done *without* publishing a proof of concept / exploit for would-be skript0rs. There are no known exploits in the wild that abuse this vulnerability. Also bear in mind that user rights already need to be in place.
>Support? I dont need no stinkin support. You telling me your head admins cannot troubleshoot hardware? >You dont have a backup system ready so a hardware failure just is an inconvienence? Software is a whole different issue.
We aren't talking about a few PC's in the basement, or your home ftp server here. For those of us that admin hundreds of machines in production environments, support is absolutely essential - and Sun do it well.
Over the last few weeks this argument has been raging. I've lost count of the number of IRC conversations I've had on ircnet #openbsd, and here's my take on the options presented to the OBSD developers.
1:If the OpenBSD crowd want the docs, sign the NDA. Linux developers did this. It's not that big a deal.
2: Look at the Linux source for hints. This surely isn't too difficult.
Why are Sun not willing to make the relevant docs fully-disclosed to anyone who wants them, sans NDA? In part, the answer is simple: The USIII / III* proc is still pretty new. Solaris doesn't yet fully implement all the chipset features, but will do in future releases. Is it a good idea for Sun to open the proc docs to any Tom, Dick or Harry, including other chip manufacturers, at this stage? Probably not.
There's been a lot of negative talk propagated by the OBSD community regarding this issue. Classic "blame the faceless multinational" diatribe that most of us grew out of in our teenage years.
Access to the information the OBSD developers have requested is a privilege, not a right. They want to build a kernel around the USIII, which is great, but the rules have been set by Sun, and are quite clear. Deal.
Recently I have often thought about opening a sandwich shop, or a restaurant, and kissing the I.T world goodbye forever. There seems to be something intrinsically honourable about providing real physical goods in return for payment - sometimes I feel like a vulture in the line of work I do, as if I am just adding percieved value, not anything tangible.
Because most of what I do is completely abstract - and I suppose this applies to most tech workers - sometimes I feel as if I am not providing any "real" value. After all, how can you measure, in physical terms, the analysis of a kernel panic,the securing of a network, or a chunk of code?
Ideally I think I would like to be a lumberjack - get up, chop wood, sleep. This kind of life really appeals to me right now, especially as my curent "skillz" will be obsolete within 2 years.
Making a business from selling food, clothes, even chopping wood is not innovative or daring. However, everybody needs to eat, everybody needs to dress, and we all need wood products. Maybe what I am feeling is my first realisation that I am not invulnerable - the last 18 months has taught me that *nobody* is indespensible - especially in the service industry we work in.
I watched 3/4 of one episode of Battle Bots (on ch5 iirc)and the only comment I could make before throwing a kebab at the screen was "WTF"?
UK Robot Wars focusses on the *actual* fighting - a half-hour episode usually includes 6 fights plus bonus games. "Battle" "Bots" managed to show 2 fights in 45 mins!!!
I hope when Robot Wars goes to the states it's not sanitised down from being an amateur geek-battle fest into the usual candystat shit the yanks have to put up with. That would completely spoil the whole spirit of the show:( American TV networks have a habit of raping the genius from UK shows - see Ab Fab, only fools etc.
Just needs to be pointed out - Britain consists of Scotland, Wales, Northern Ireland and England, plus outlying islands.
Too many bloody foreigners (including the poster of the original article) consider Britain to consist of England alone.
I work in the I.T section of my university, which is located in the Library and Information Services building.
Users blatantly abusing the "no mobile phones" rule are simply ejected from the building by security. Their student I.D is noted, and 2 abuses in one semester = banishment from the library.
We find that not many people abuse the system more than once : their education is at stake if they do!
The script kids may be justifiably vilified for their actions; however admins MUST be held partly to blame for DoS launched from their networks.
I tend to do my idling on IRCNet, and DoS attacks are a constant threat. What happens when you alert an admin to a compromised box however? Here's my personal experience, and i paste from an actual email:-
to: abuse@****.ac.uk
from: root@****.ms
cc: abuse@ja.net
Dear abuse team
It seems the host bingo.****.ac.uk has been compromised and is being used to launch DoS attacks on our network. Over the last 5 hrs our border routers have been receiving constant traffic from this host peaking at a rate of over 18mbps, and this is understanderbly causing us some severe service difficulties. It would also appear that someone is running IRC bots from this host, compromising the JA.NET use of computers code. Please rectify this situation as soon as possible.
Thanks for your time
root@****.ms
We never recieved a reply, and the box (and bots) stayed up for well over a fortnight. With lax admins in charge of serious amounts of bandwidth, is it any wonder that kids hack boxes on their network and use them for DoS attacks?
I've used 2k pro since about mid-jan 00. I've also used (in the last year or
so) rh 6.1. suse 6.3, caldera "e-desktop" (is this a *real* linux distro?) and
turbolinux 6.0. Here are my observations and conclusions.
1:) 2K seems to crash more often than any of the nix distros i have installed,
though it doesnt take out the whole OS, which is a refreshing change in a m$
environment. This may well have a lot do do with all the crap i install though.
2:) If my house experiences a power cut, and my UPS fails, 2K can be rebooted
without any heartache. IME, Linux (any distro) tends to fall on its arse. This
will be disputed I am sure, but as I said, its all IME.
3:) When I download a file, I want to click it, and it installs. I don't want
to have to type "gcc etc" or "tar -xvf etc", then make etc. Especially when
I come home from the pub.
4:) As a server 0S, yes, I see the advantage of a nix distro. It is efficient
and stable, and will run on most "old" hardware, without too much trouble. However,
as a workstation environment, I prefer 2K tbh. It "feels" softer, more malliable.
I *know* it isn't in real terms, but no matter how much I tweak Gnome or KDE,
the "feel" isn't quite there.
5:) It's nice when my box stays up for months at a time. But as a workstation
environment, it's not critical to be honest. 2K on this box stays up for weeks
at a time without hassle, and that satisfies my needs. I guess if I was running
a leet 0-day juarez ftp, I would want the box to be up for years on end, but
i'm not.
6:)Quake 3 Arena runs better under 2K (with the latest voodoo drivers) than
it does on my nix distros. Perhaps it's me being lame, but thats what i have
observed.
7:) Having grown up to use the paradigm of the win(32) environment, 2K feels
natural and familiar to use. This, I should imagine, is part of the reason many
sysadmins choose the win* route over *nix. It's comfortable, point-and-click
computing.
I suppose a direct comparison between the two OS's is a bit ambiguous; it
depends on what you use it for (or what your users demand) in a real-life situation.
Also, are we comparing 2k adv serv as a web server against nix/apache?; 2k pro
against say redhat 6.2 as a dtop OS? Both are scaleable, to a degree, and both
depend on how *you* set them up, with regards to stability and security.
I have no loyalties to either camp. If it's not broken, don't break it, i reckon,
which is why I will stick to 2K as a workstation environment. cheers:::://///NOMEX flame retardant posting pants \\\\\ = ON
Slashdot Mirror
IBM pseries are nice, but they don't run solaris
Earlier this year me and my team rolled out the largest email system in Europe for $UK_ISP (not BT).
It caters for 4 million current users and can scale to an estimated 10 million.
We use Openwave MX software to do this - it was the only thing that would scale. I mean the *only* thing, nothing else could cope. We looked, trust me.
You need *lots* of hardware. This isn't a full list, but to give you an idea:
24 MTA machines
12 FEP (front end processing) machines
16 queue machines
48 mail storage machines
16 virus-scanning machines
2 dedicated DNS boxes
4 directory servers (to look up mailboxes)
16 webmail machines
Numerous other boxes including logservers, terminal servers and a jumpstart environment for quick rebuilds.
Typical box stats: SunFire V440/480, quad processor, 8gb / 16gb RAM where possible. All run Solaris 8/9.
These are hooked up by fibre to a couple of enormous EMC arrays, and a bunch of HP EVA storage also. Total capacity? currently ~48tb.
It's a massive project, and it's not perfect, or (ever) completely finished, but it works!
Good luck with your project, if I could give you one bit of advice it would be to take whatever spec you think you need and double it.
cheers
Apart from more technical things like the e450 has no sound card, and requires quite a bit of juice to even turn on, notice this:
:)
It's still on it's trolley wheels.
Funny though
I worked for a firm that used Javacards to do a simliar thing. You set a debit limit via the intranet, and your food, gym, purchases and the car valet were all taken from your wages each time you swiped.
It came off gross too, for great tax efficiency, plus no banking details were ever transmitted.
Administrators could call the lift (elevator) when they swiped in to work in the morning
Of course it is. In cases such as this, fuck your "freedom of speech", and fuck your "rights".
You don't have the right to watch children being abused, and peddlers don't have the right to publish their filth.
Deal.
You could always carry a Taser
They are of course totally illegal in the UK, but then so is mugging.
Hear here. 2 billion can buy virtually anything :)
Usually 'snoop' on a per-box basis or if I'm looking for specific packet. (Free with Solaris)
Or ethereal (The windows build works ok too)
Or 'iris' if booted into windows, from http://www.eeye.com. Not the cheapest, but it works well.
cheers
Let's not overreact here:
a: vulnerability identified
b: patches released to fix vulnerability
all done *without* publishing a proof of concept / exploit for would-be skript0rs. There are no known exploits in the wild that abuse this vulnerability. Also bear in mind that user rights already need to be in place.
>Support? I dont need no stinkin support. You telling me your head admins cannot troubleshoot hardware?
>You dont have a backup system ready so a hardware failure just is an inconvienence? Software is a whole different issue.
We aren't talking about a few PC's in the basement, or your home ftp server here. For those of us that admin hundreds of machines in production environments, support is absolutely essential - and Sun do it well.
Over the last few weeks this argument has been raging. I've lost count of the number of IRC conversations I've had on ircnet #openbsd, and here's my take on the options presented to the OBSD developers.
1:If the OpenBSD crowd want the docs, sign the NDA. Linux developers did this. It's not that big a deal.
2: Look at the Linux source for hints. This surely isn't too difficult.
Why are Sun not willing to make the relevant docs fully-disclosed to anyone who wants them, sans NDA? In part, the answer is simple: The USIII / III* proc is still pretty new. Solaris doesn't yet fully implement all the chipset features, but will do in future releases. Is it a good idea for Sun to open the proc docs to any Tom, Dick or Harry, including other chip manufacturers, at this stage? Probably not.
There's been a lot of negative talk propagated by the OBSD community regarding this issue. Classic "blame the faceless multinational" diatribe that most of us grew out of in our teenage years.
Access to the information the OBSD developers have requested is a privilege, not a right. They want to build a kernel around the USIII, which is great, but the rules have been set by Sun, and are quite clear. Deal.
(Yes, I do work for Sun btw)
Recently I have often thought about opening a sandwich shop, or a restaurant, and kissing the I.T world goodbye forever. There seems to be something intrinsically honourable about providing real physical goods in return for payment - sometimes I feel like a vulture in the line of work I do, as if I am just adding percieved value, not anything tangible.
Because most of what I do is completely abstract - and I suppose this applies to most tech workers - sometimes I feel as if I am not providing any "real" value. After all, how can you measure, in physical terms, the analysis of a kernel panic,the securing of a network, or a chunk of code?
Ideally I think I would like to be a lumberjack - get up, chop wood, sleep. This kind of life really appeals to me right now, especially as my curent "skillz" will be obsolete within 2 years.
Making a business from selling food, clothes, even chopping wood is not innovative or daring. However, everybody needs to eat, everybody needs to dress, and we all need wood products. Maybe what I am feeling is my first realisation that I am not invulnerable - the last 18 months has taught me that *nobody* is indespensible - especially in the service industry we work in.
I watched 3/4 of one episode of Battle Bots (on ch5 iirc)and the only comment I could make before throwing a kebab at the screen was "WTF"?
:( American TV networks have a habit of raping the genius from UK shows - see Ab Fab, only fools etc.
UK Robot Wars focusses on the *actual* fighting - a half-hour episode usually includes 6 fights plus bonus games. "Battle" "Bots" managed to show 2 fights in 45 mins!!!
I hope when Robot Wars goes to the states it's not sanitised down from being an amateur geek-battle fest into the usual candystat shit the yanks have to put up with. That would completely spoil the whole spirit of the show
Just needs to be pointed out - Britain consists of Scotland, Wales, Northern Ireland and England, plus outlying islands. Too many bloody foreigners (including the poster of the original article) consider Britain to consist of England alone.
I work in the I.T section of my university, which is located in the Library and Information Services building. Users blatantly abusing the "no mobile phones" rule are simply ejected from the building by security. Their student I.D is noted, and 2 abuses in one semester = banishment from the library. We find that not many people abuse the system more than once : their education is at stake if they do!
now all those packetkiddies can run ./smurf from their 9x desktops :(
The script kids may be justifiably vilified for their actions; however admins MUST be held partly to blame for DoS launched from their networks. I tend to do my idling on IRCNet, and DoS attacks are a constant threat. What happens when you alert an admin to a compromised box however? Here's my personal experience, and i paste from an actual email :-
to: abuse@****.ac.uk
from: root@****.ms
cc: abuse@ja.net
Dear abuse team
It seems the host bingo.****.ac.uk has been compromised and is being used to launch DoS attacks on our network. Over the last 5 hrs our border routers have been receiving constant traffic from this host peaking at a rate of over 18mbps, and this is understanderbly causing us some severe service difficulties. It would also appear that someone is running IRC bots from this host, compromising the JA.NET use of computers code. Please rectify this situation as soon as possible.
Thanks for your time
root@****.ms
We never recieved a reply, and the box (and bots) stayed up for well over a fortnight. With lax admins in charge of serious amounts of bandwidth, is it any wonder that kids hack boxes on their network and use them for DoS attacks?
I've used 2k pro since about mid-jan 00. I've also used (in the last year or so) rh 6.1. suse 6.3, caldera "e-desktop" (is this a *real* linux distro?) and turbolinux 6.0. Here are my observations and conclusions.
1:) 2K seems to crash more often than any of the nix distros i have installed, though it doesnt take out the whole OS, which is a refreshing change in a m$ environment. This may well have a lot do do with all the crap i install though.
2:) If my house experiences a power cut, and my UPS fails, 2K can be rebooted without any heartache. IME, Linux (any distro) tends to fall on its arse. This will be disputed I am sure, but as I said, its all IME.
3:) When I download a file, I want to click it, and it installs. I don't want to have to type "gcc etc" or "tar -xvf etc", then make etc. Especially when I come home from the pub.
4:) As a server 0S, yes, I see the advantage of a nix distro. It is efficient and stable, and will run on most "old" hardware, without too much trouble. However, as a workstation environment, I prefer 2K tbh. It "feels" softer, more malliable. I *know* it isn't in real terms, but no matter how much I tweak Gnome or KDE, the "feel" isn't quite there.
5:) It's nice when my box stays up for months at a time. But as a workstation environment, it's not critical to be honest. 2K on this box stays up for weeks at a time without hassle, and that satisfies my needs. I guess if I was running a leet 0-day juarez ftp, I would want the box to be up for years on end, but i'm not.
6:)Quake 3 Arena runs better under 2K (with the latest voodoo drivers) than it does on my nix distros. Perhaps it's me being lame, but thats what i have observed.
7:) Having grown up to use the paradigm of the win(32) environment, 2K feels natural and familiar to use. This, I should imagine, is part of the reason many sysadmins choose the win* route over *nix. It's comfortable, point-and-click computing.
I suppose a direct comparison between the two OS's is a bit ambiguous; it depends on what you use it for (or what your users demand) in a real-life situation. Also, are we comparing 2k adv serv as a web server against nix/apache?; 2k pro against say redhat 6.2 as a dtop OS? Both are scaleable, to a degree, and both depend on how *you* set them up, with regards to stability and security.
I have no loyalties to either camp. If it's not broken, don't break it, i reckon, which is why I will stick to 2K as a workstation environment. cheers :::: /////NOMEX flame retardant posting pants \\\\\ = ON