Currently, we have two mail relays for inbound messages, and a third for POP.
The inbound messages go thru all the CPU-intensive anti-spam stuff, and then they relay it to the POP server for pickup.
Currently, one of these is the "primary", and the other is "secondary", and I'd like them to be considered more or less as equals, since the "primary" system is getting beaten pretty hard.
The DNS zone file says something like this:
############################### @isp.com <SNIP> IN MX 100 mx1.isp.com. IN MX 1100 mx2.isp.com. <SNIP ################################
I seem to recall that I make them act as "equals" by simply changing this to
############################### @isp.com <SNIP> IN MX 100 mx1.isp.com. IN MX 100 mx2.isp.com. <SNIP ################################
so that they both get about the same amount of inbound messages. Has anybody here actually done this? How well does this work as far as failover if either system fails?
-Ben
Benjamin Smith wrote:
Currently, we have two mail relays for inbound messages, and a third for POP.
The inbound messages go thru all the CPU-intensive anti-spam stuff, and then they relay it to the POP server for pickup.
Currently, one of these is the "primary", and the other is "secondary", and I'd like them to be considered more or less as equals, since the "primary" system is getting beaten pretty hard.
The DNS zone file says something like this:
############################### @isp.com
<SNIP> IN MX 100 mx1.isp.com. IN MX 1100 mx2.isp.com. <SNIP ################################
I seem to recall that I make them act as "equals" by simply changing this to
############################### @isp.com
<SNIP> IN MX 100 mx1.isp.com. IN MX 100 mx2.isp.com. <SNIP ################################
so that they both get about the same amount of inbound messages. Has anybody here actually done this? How well does this work as far as failover if either system fails?
-Ben
I actually recommend using a Cyrus system. We are able to handle about 20,000 accounts with the following servers:
3 front ends (Horde, IMAP, Spam Assassin, SMTP, etc load-balanced at the firewall) 2 storage servers (actually stores the e-mails) 1 MySQL server (Used for Horde) 1 list server (for MailMan)
This can easily be added to. We use it a lot so that we can remove a system from the load balance and upgrade one server at a time. We can eventually take all but one out and have them upgraded and then swap the last one with all of the new servers. It appears to be seamless to the users and sure helps with being able to do maintenance at any time of day and you don't have to have overly powerful servers to get it working well.
-- Nathaniel Hall, GSEC
On Tue, 2005-10-25 at 17:17 -0500, Nathaniel Hall wrote:
Benjamin Smith wrote:
Currently, we have two mail relays for inbound messages, and a third for POP.
The inbound messages go thru all the CPU-intensive anti-spam stuff, and then they relay it to the POP server for pickup.
Currently, one of these is the "primary", and the other is "secondary", and I'd like them to be considered more or less as equals, since the "primary" system is getting beaten pretty hard.
The DNS zone file says something like this:
############################### @isp.com
<SNIP> IN MX 100 mx1.isp.com. IN MX 1100 mx2.isp.com. <SNIP ################################
I seem to recall that I make them act as "equals" by simply changing this to
############################### @isp.com
<SNIP> IN MX 100 mx1.isp.com. IN MX 100 mx2.isp.com. <SNIP ################################
so that they both get about the same amount of inbound messages. Has anybody here actually done this? How well does this work as far as failover if either system fails?
-Ben
I actually recommend using a Cyrus system. We are able to handle about 20,000 accounts with the following servers:
3 front ends (Horde, IMAP, Spam Assassin, SMTP, etc load-balanced at the firewall) 2 storage servers (actually stores the e-mails) 1 MySQL server (Used for Horde) 1 list server (for MailMan)
This can easily be added to. We use it a lot so that we can remove a system from the load balance and upgrade one server at a time. We can eventually take all but one out and have them upgraded and then swap the last one with all of the new servers. It appears to be seamless to the users and sure helps with being able to do maintenance at any time of day and you don't have to have overly powerful servers to get it working well.
---- Let me see if I get this straight - OP asks about multiple MTA & dns/MX records and your answer is about MUA's and delivery agents. Good thing at least we all speak English.
OP - your logic is good - should work. I hesitated to answer since I have no first hand experience with multiple MX records of same value for priority.
Craig
Craig White wrote:
On Tue, 2005-10-25 at 17:17 -0500, Nathaniel Hall wrote:
Benjamin Smith wrote:
Currently, we have two mail relays for inbound messages, and a third for POP.
The inbound messages go thru all the CPU-intensive anti-spam stuff, and then they relay it to the POP server for pickup.
Currently, one of these is the "primary", and the other is "secondary", and I'd like them to be considered more or less as equals, since the "primary" system is getting beaten pretty hard.
The DNS zone file says something like this:
############################### @isp.com
<SNIP> IN MX 100 mx1.isp.com. IN MX 1100 mx2.isp.com. <SNIP ################################
I seem to recall that I make them act as "equals" by simply changing this to
############################### @isp.com
<SNIP> IN MX 100 mx1.isp.com. IN MX 100 mx2.isp.com. <SNIP ################################
so that they both get about the same amount of inbound messages. Has anybody here actually done this? How well does this work as far as failover if either system fails?
-Ben
I actually recommend using a Cyrus system. We are able to handle about 20,000 accounts with the following servers:
3 front ends (Horde, IMAP, Spam Assassin, SMTP, etc load-balanced at the firewall) 2 storage servers (actually stores the e-mails) 1 MySQL server (Used for Horde) 1 list server (for MailMan)
This can easily be added to. We use it a lot so that we can remove a system from the load balance and upgrade one server at a time. We can eventually take all but one out and have them upgraded and then swap the last one with all of the new servers. It appears to be seamless to the users and sure helps with being able to do maintenance at any time of day and you don't have to have overly powerful servers to get it working well.
Let me see if I get this straight - OP asks about multiple MTA & dns/MX records and your answer is about MUA's and delivery agents. Good thing at least we all speak English.
OP - your logic is good - should work. I hesitated to answer since I have no first hand experience with multiple MX records of same value for priority.
Craig
His e-mail, as stated in the Subject and implied in the message was about load balancing. I gave a summary of my current setup that is almost completely load balanced and redundant. As a security administrator, I partially based my recommendation on the fact that you can (fairly easily) upgrade systems without taking the mail system down. I also see that as being part of load balancing (if one isn't there, the other takes over the load).
-- Nathaniel Hall, GSEC
Benjamin Smith wrote:
Currently, we have two mail relays for inbound messages, and a third for POP.
The inbound messages go thru all the CPU-intensive anti-spam stuff, and then they relay it to the POP server for pickup.
Currently, one of these is the "primary", and the other is "secondary", and I'd like them to be considered more or less as equals, since the "primary" system is getting beaten pretty hard.
<snip>
so that they both get about the same amount of inbound messages. Has anybody here actually done this? How well does this work as far as failover if either system fails?
-Ben
I'm using a similar setup at work, two identical Linux boxes (with a pair of equal-priority MX records pointing to them) running Postfix/Amavisd/SpanAssassin/anti-virus feeding to another box acting as the POP/IMAP server. The DNS round-robin stuff does a fair job of load balancing but it's not perfect, I'm still looking into alternatives for that.
In order to make the two servers redundant I'm using the LinuxHA heartbeat stuff to make one of the servers take over the IP address used by the other server for mail. So far it's survived several single-server failures without a hiccup.
Just my $.02
On Tuesday 25 October 2005 17:09, Jay Leafey wrote:
The DNS round-robin stuff does a fair job of load balancing but it's not perfect, I'm still looking into alternatives for that.
What do you mean by "not perfect" - it's bad enough that alternatives are needed?
-Ben
On 10/26/05, Benjamin Smith lists@benjamindsmith.com wrote:
On Tuesday 25 October 2005 17:09, Jay Leafey wrote:
The DNS round-robin stuff does a fair job of load balancing but it's not perfect, I'm still looking into alternatives for that.
What do you mean by "not perfect" - it's bad enough that alternatives are needed?
Rpound Robin DNS keeps on handing out the IP addresses even if a system is down/unresponsive.
-- Leonard Isham, CISSP Ostendo non ostento.
Leonard Isham wrote:
On 10/26/05, Benjamin Smith lists@benjamindsmith.com wrote:
On Tuesday 25 October 2005 17:09, Jay Leafey wrote:
The DNS round-robin stuff does a fair job of load balancing but it's not perfect, I'm still looking into alternatives for that.
What do you mean by "not perfect" - it's bad enough that alternatives are needed?
Rpound Robin DNS keeps on handing out the IP addresses even if a system is down/unresponsive.
He's not really using round robin DNS, if he has mx1 *and* mx2 listed with different IP addresses, though they have the same priority.
So if one of the servers goes down, any sane mail system (which seems to exclude qmail in this case - no flamwars please) should try the other MX, if the one which had been chosen first is not reachable, as this is seen as a temporary error.
Sure, if he had only *one* hostname with two IPs, this could be a problem.
Ralph
Benjamin Smith wrote:
What do you mean by "not perfect" - it's bad enough that alternatives are needed?
-Ben
The volume processed will differ by as much as 50% between the boxes, but since either box will easily handle the entire volume it's not really an issue. I just feel it's a bit inelegant, but it does have the virtue of simplicity.
Jay Leafey wrote:
I'm using a similar setup at work, two identical Linux boxes (with a pair of equal-priority MX records pointing to them) running Postfix/Amavisd/SpanAssassin/anti-virus feeding to another box acting as the POP/IMAP server. The DNS round-robin stuff does a fair job of load balancing but it's not perfect, I'm still looking into alternatives for that.
In order to make the two servers redundant I'm using the LinuxHA heartbeat stuff to make one of the servers take over the IP address used by the other server for mail. So far it's survived several single-server failures without a hiccup.
How do you keep the storage synced up? NFS, drdb, GFS, ...?
Thanks, Ajay
Ajay Sharma wrote:
How do you keep the storage synced up? NFS, drdb, GFS, ...?
Simple... I don't. There is no common storage between the two as it's not needed, each has an independent mail spool. All the mail routing information is stored in LDAP on ANOTHER redundant pair of machines. No mail is stored on these systems, it all goes to other systems that serve up the mailboxes via POP or IMAP.
On Tue, 2005-10-25 at 17:03, Benjamin Smith wrote:
Currently, we have two mail relays for inbound messages, and a third for POP.
The inbound messages go thru all the CPU-intensive anti-spam stuff, and then they relay it to the POP server for pickup.
Currently, one of these is the "primary", and the other is "secondary", and I'd like them to be considered more or less as equals, since the "primary" system is getting beaten pretty hard.
You might be better off trying to make the reception more efficient. MimeDefang http://www.mimedefang.org does a good job and techniques to improve efficiency are discussed on the mailing list.
Does your 'outside' box have access to the user names or does it blindly relay everything to the inside box?
On Wed, 2005-10-26 at 16:43, Benjamin Smith wrote:
On Tuesday 25 October 2005 18:41, Les Mikesell wrote:
Does your 'outside' box have access to the user names or does it blindly relay everything to the inside box?
Blind as bats. Why?
Look at your logs to see how much you are accepting on the outside box with corresponding CPU work only to have the inside box reject the recipient and force a bounce. Aside from having a lot of ex-users, I get hit with dictionary type attacks on several domain names (thousands of users that have never existed). If you have the same issues, you might fix your efficiency problem by rejecting unknown recipients early in the conversation. That not eliminates the spam/virus scan, but someone else has to construct the bounce.
If you can't directly access the valid user/alias names or convert them to virtual users on the outside box, MimeDefang has a method to check recipients over smtp against the real destination host as part of the milter operation.
-- Les Mikesell lesmikesell@gmail.com
Quoting Benjamin Smith lists@benjamindsmith.com:
I seem to recall that I make them act as "equals" by simply changing this to
############################### @isp.com
<SNIP> IN MX 100 mx1.isp.com. IN MX 100 mx2.isp.com. <SNIP ################################
Yup, that's the way to do it.
so that they both get about the same amount of inbound messages. Has anybody here actually done this? How well does this work as far as failover if either system fails?
As long as your DNS server is serving them in round-robin fashion, they'll get about equal load. Depending on default TTL, it might take some time to really see load spread evenly (many remote systems probably have cached copy of old information where mx1 was prefered MX). So don't think it doesn't work if you don't see same load on both server the second you change your DNS settings. You might also consider lowering TTL on your MX records, however it is doubtfull how helpfull it is going to be.
If one system fails, everything should still work. Incomming connections hitting the failed server would timeout, and remote MTA would try next MX from the list. So you are fine there.
---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
-
Ajay Sharma -
Aleksandar Milivojevic -
Benjamin Smith -
Craig White -
Jay Leafey -
Leonard Isham -
Les Mikesell -
Nathaniel Hall -
Ralph Angenendt