Configure postfix in big env

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Configure postfix in big env

sebastien.dicque
Hello,
I do some research to install postfix on big env (30 000 mailbox) with
cyrus and I have somes questions.
Can I install postfix on each cyrus-aggregator front end with amavis, clamd
and procmail?
What is the best configuration to postfix (cluster? loadbalancer?)

Regards,

Sébastien Dicque



Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Configure postfix in big env

Brian Evans - Postfix List
[hidden email] wrote:
> Hello,
> I do some research to install postfix on big env (30 000 mailbox) with
> cyrus and I have somes questions.
> Can I install postfix on each cyrus-aggregator front end with amavis, clamd
> and procmail?
> What is the best configuration to postfix (cluster? loadbalancer?)
>  
Load balancers are generally not the best idea for any SMTP processing
due to the fact they are often poorly configured and hide the
originating IP which is helpful for logging and spam checking.

The most common setup for a larger organization is to have 1 or more MXs
running your recipient validation and (spam|virus) check.
These then forward by (recipient|domain) to internal-only Postfixs which
will deliver the mail via cyrus|procmail

Brian
> Regards,
>
> Sébastien Dicque
>  
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Configure postfix in big env

Jason Ledford
Not all load balancers.  http specific load balancers (pen, haproxy, ...) do only forward the load balancer ip.  But you can using lvs (linux virtual server) and it can forward the originating ip.  Lvs-nat could be compared to cisco local director (except in price), others can do similar things, like f5 and zeus load balancers, all come at a price except lvs.  I am doing smtp load balancing right now with lvs-nat and its working like a champ.  The outside and the real servers have  no clue that the load balancer even exists.


-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Brian Evans
Sent: Friday, May 09, 2008 9:30 AM
To: Postfix users
Subject: Re: Configure postfix in big env

[hidden email] wrote:
> Hello,
> I do some research to install postfix on big env (30 000 mailbox) with
> cyrus and I have somes questions.
> Can I install postfix on each cyrus-aggregator front end with amavis, clamd
> and procmail?
> What is the best configuration to postfix (cluster? loadbalancer?)
>
Load balancers are generally not the best idea for any SMTP processing
due to the fact they are often poorly configured and hide the
originating IP which is helpful for logging and spam checking.

The most common setup for a larger organization is to have 1 or more MXs
running your recipient validation and (spam|virus) check.
These then forward by (recipient|domain) to internal-only Postfixs which
will deliver the mail via cyrus|procmail

Brian
> Regards,
>
> Sébastien Dicque
>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Configure postfix in big env

Bill Cole-3
At 9:43 AM -0400 5/9/08, Jason Ledford wrote:
>Not all load balancers.  http specific load balancers (pen, haproxy,
>...) do only forward the load balancer ip.  But you can using lvs
>(linux virtual server) and it can forward the originating ip.
>Lvs-nat could be compared to cisco local director (except in price),
>others can do similar things, like f5 and zeus load balancers, all
>come at a price except lvs.

FWIW, the F5 Big-IP can go either way.

I wouldn't put load balancers of any sort on the public-facing side
of any mail system, but load balancing can be very useful when done
robustly (i.e. the load balancers are themselves redundant rather
then a single one being a SPOF) to coddle naive/stupid/simple systems
that want to send mail but can only handle a single smarthost model.

>  I am doing smtp load balancing right
>now with lvs-nat and its working like a champ.  The outside and the
>real servers have  no clue that the load balancer even exists.

That begs the question: why?

For all but the very largest mail systems, DNS-based load sharing via
multiple same-value MX records pointing at names that may have
multiple A records gets the load balance and availability jobs done
without the extra layer.

--
Bill Cole
[hidden email]

Loading...