Just wondering - have you tried greylisting? Why or why not?
-Ben
On Tuesday 25 October 2005 15:42, replies-lists-centos@listmail.innovate.net wrote:
you are correct. setting the ordinals to be the same (whatever value you select) will cause the entries for the two machines to rotate. failover works mostly (it depends on how the first machine fails and related timeout issues).
i would actually suggest a somewhat different setup.
the problem with multiple external mail hosts is that the more you have the more spammers have to hit. [they don't care about mx record ordinals, etc.] with your spam stuff on these front-end machines (if i understand your configuration correctly), the spammers are just eating up your resources.
so, instead, set up one or more (depending on load/needs) front-end machines. use DNSBL in sendmail/postfix (whichever you feel more comfortable configuring) to cut down on the junk. [when i last checked, dnsbl blocking dynamic IPs (dialup/cable modems) cut the basic trash down by 60-70%.]
then, put your anti-spam stuff on one (or more if necessary) back-end machines that only accept mail from the front-end machines. that way your anti-spam stuff is only going to see mail that's gone through the dnsbl and won't be taking up resources of the basic mail handling on the front-end machine(s).
after the anti-spam machine(s), pass the mail on to your pop/imap server.
i suspect that with this setup you could have one front-end machine, load-balance (with two A-records for the same name but different ipnumbers (aka DNS shuffle-A)) for two anti-spam machines and you'll be ok.
if you want a second front-end machine, for fail-over, you have to realize that it will get just about as much spam as the first machine, regardless of your mx-record settings. it's good to have it, just realize you're provide a second door that the spammers will *always* try.
in short, put the resource intensive anti-spam stuff back a level from the external SMTP server(s). that will let the SMTP servers do their job without getting high load from the anti-spam stuff.
- Rick------------ Original Message ------------
Date: Tuesday, October 25, 2005 03:03:55 PM -0700 From: Benjamin Smith lists@benjamindsmith.com To: centos@centos.org Subject: [CentOS] Load balancing email?
Currently, we have two mail relays for inbound messages, and a third for POP.
The inbound messages go thru all the CPU-intensive anti-spam stuff, and then they relay it to the POP server for pickup.
Currently, one of these is the "primary", and the other is "secondary", and I'd like them to be considered more or less as equals, since the "primary" system is getting beaten pretty hard.
The DNS zone file says something like this:
############################### @isp.com
<SNIP> IN MX 100 mx1.isp.com. IN MX 1100 mx2.isp.com. <SNIP ################################
I seem to recall that I make them act as "equals" by simply changing this to
############################### @isp.com
<SNIP> IN MX 100 mx1.isp.com. IN MX 100 mx2.isp.com. <SNIP ################################
so that they both get about the same amount of inbound messages. Has anybody here actually done this? How well does this work as far as failover if either system fails?
-Ben
"The best way to predict the future is to invent it."
- XEROX PARC slogan, circa 1978
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
---------- End Original Message ----------
-
Benjamin Smith