fault tolerance/redundancy/load balancing

William Burns William.Burns at AEROFLEX.COM
Sat May 15 00:05:54 IST 2004 

Mack Ragan wrote:

>Hi, all:
>
>
>I have the opportunity to get another PowerEdge 4600 for use with the email
>system, and would like to redo everything with fault
>tolerance/redundancy/load balancing in mind between the two servers.  My
>plan is to install Gentoo/Sendmail/MailScanner on both boxes.  I have my own
>ideas about some possible scenarios to achieve fault
>tolerance/redundancy/load balancing, but I wanted to give the list an
>opportunity to make suggestions and to offer any similar solutions you
>currently have in place.
>
>
Mack:

I currently have a set of 3 SuSE 9 machines (previously RH7.2) running
Sendmail and MailScanner. They've got balanced MX records pointing to
them for a single domain. All 3 machines are antivirus/mail-routing
gateways. We call these "mail switches".

They're configured to do LDAP routing, each querying it's own directory
server. The 3 replicated directory servers tell the mail switches what
address to redirect each piece of mail to. This allows us to hide
multiple mail servers behind the switches. The various "mailbox" servers
can be (and are) running sendmail, MS-Exchange, Groupwise, etc. Each
back-end mailbox server has it's own set of administrators, familiar w/
the users of that system.

Aside from allowing us to have multiple mailbox servers, in multiple
locations, the switches (due to the LDAP queries) will refuse to accept
mail for bogus usernames, so that they aren't saddled w/ the task of
sending out undeliverable messages to the forged sender addresses of
every piece of SPAM that comes along.

Each mailbox server (transparently to the end users) is locally
delivering mail to a subdomain of the "real" domain served by the
switches. One nice feature here is that the /etc/mail/mailertable file
can be used to "hide" these subdomains from the rest of the world.

For example, mail for the domain called subdomain1.mydomain.com might be
delivered locally by the server mail1.mydomain.com. The data in the LDAP
directory would cause the switches to re-address mail for
user1 at mydomain.com to user1 at subdomain1.mydomain.com.

If I had MX records that listed mail1.mydomain.com as a server for for
subdomain1.mydomain.com, then  spammers would  be able to see this data,
and they would try to send SPAM to random names
@subdomain1.mydomain.com. Viruses might also attempt to reach those
addresses directly.
To avoid this, I can instead list my MX records under a "false"
subdomain like this:
 > fakedomain1.mydomain.com  MX  10  mail1.mydomain.com
 > fakedomain1.mydomain.com  MX  20  mail1backup.mydomain.com

Then, on each switch, I can have a mailertable entry like this:
 >subdomain1.mydomain.com   smtp:fakedomain1.mydomain.com

Now, for each subdomain, I can have a mailbox machine, as well as a
backup mail relay. The backup mail relay can be configured very simply
(without much security in mind) because no MX records on the internet
point directly to it. (or the mailbox machine, either)

For increased manageability of multiple domains and/or subdomains w/ a
mailscanner gateway, I'm now experimenting w/ sendmail queue-groups.
I've found them to be very useful on sendmail systems in the past, but
still need to do testing in conjunction w/ mailscanner.

>.... We have an in-house web app that reads the mail logs
>to generate email stats, and allows access to the quarantine.
>
Cute.
Can individual mail users access and release mail from the quarantine?
If so, I'd like to see it.

Someone recently asked a question about sharing a single quarantine
directory between a pair of machines running mailscanner. My only
suggestion was to schedule a file-transfer to a third machine, so that
no failure of  single machine would deprive either mailscanner of a
quarantine filesystem.

I have yet to see a really good "CPU/cabinet level" solution for
redundancy of a mailbox server's  message store. For a while I was
playing w/ DRBD, but found it to be unstable on dual CPU machines. For
drive redundancy you've already got RAID-5.

Did I miss anything? I can't think of any other redundancy issues.

-Bill

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list