Postfix email firewall/gateway with two internal smarthosts

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Postfix email firewall/gateway with two internal smarthosts

jcarminati-2
Hi all!

We're using Postifx as described in the configuration examples [1] for an
email firewall/gateway delivering the emails to an internal non-Postfix
smarthost.

Now we're updating our internal core infrastructure by installing two new
smarthosts for failover and load balancing, but as far as I understand
it's not possible to configure transport_maps with more than one gateway
for the same destination.

As I understand the options we have here are: (1) switch from
transport_maps to relay_domains which introduces the problem that it'll
also accept mail for 'anything.example.com' (as described in the
documentation) or (2) install bind in the Postifx relay server as
described here http://marc.info/?l=postfix-users&m=118254039015052&w=2 due
that we don't have a name server in our dmz.

Do we have any other option ? I'd like to keep our current configuration
without installing bind for just this purpose.
Thanks in advance for any advice.
JC.

PS: any chance of adding support in transport_maps for multiple smarthosts
with same destination ?

[1] http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall
Reply | Threaded
Open this post in threaded view
|

Re: Postfix email firewall/gateway with two internal smarthosts

Barney Desmond
2009/6/23  <[hidden email]>:

> Do we have any other option ? I'd like to keep our current configuration
> without installing bind for just this purpose.

Based on my understanding, there's no better way then letting DNS
round-robin handle it. I fully expect someone to say "installing bind
is easy anyway" (I can't comment). Actually, having a local caching
resolver is apparently good for Postfix performance, so that wouldn't
be a bad thing either.

> PS: any chance of adding support in transport_maps for multiple smarthosts
> with same destination ?

Then what? Make a new override table to sidestep *those* DNS lookups..?
Reply | Threaded
Open this post in threaded view
|

Re: Postfix email firewall/gateway with two internal smarthosts

Wietse Venema
In reply to this post by jcarminati-2
[hidden email]:

> Hi all!
>
> We're using Postifx as described in the configuration examples [1] for an
> email firewall/gateway delivering the emails to an internal non-Postfix
> smarthost.
>
> Now we're updating our internal core infrastructure by installing two new
> smarthosts for failover and load balancing, but as far as I understand
> it's not possible to configure transport_maps with more than one gateway
> for the same destination.

You can use /etc/hosts if your system supports multiple entries
with the same hostname, or run an internal DNS server that resolves
the smarthost name into multiple MX or A records.

> As I understand the options we have here are: (1) switch from
> transport_maps to relay_domains which introduces the problem that it'll
> also accept mail for 'anything.example.com' (as described in the

No. You need transport_maps otherwise mail loops back to your primary MX.

> PS: any chance of adding support in transport_maps for multiple smarthosts
> with same destination ?

That would complicate the concurrency scheduler, but I might eventually
budge.

        Wietse