MailScanner + Zimbra...anyone done it before?

Alex Neuman van der Hans alex at nkpanama.com
Sun Sep 9 14:33:13 IST 2007 

James Gray wrote:
> Thanks for the suggestions folks.  The consensus seems to be "run a 
> separate box" but the problem is we have a number of people who work 
> remotely and that would introduce a whole raft of new custom-hacks to 
> get authenticated SMTP relaying going for the remote users via the 
> separate box (assuming it becomes the "Internet-facing" part of the 
> SMTP chain).  Then the remote users would (probably) need a different 
> mail config when the venture into the office.  The way things stand at 
> the moment the roaming users can use EXACTLY the same mail setup 
> externally as those in the office without the need for VPN,  making 
> the transition seamless (management LOVE that crap...personally, I 
> don't care).  So long story short - it's gotta run on a single box 
> with Zimbra being the MTA.  Not a big deal, I've already set Zimbra up 
> with a couple of RBL's and MTA-level anti-spam measures and it's doing 
> fine.
>
There *are* alternatives. One would be to have your inward-facing DNS 
point to an internal (behind the firewall) IP address that belongs to 
the Zimbra box, and outside the office port 25 gets forwarded to 
MailScanner. Pros - no changes (if you have the same users & passwords 
or authenticate against the same thing) to your clients. Cons - features 
that require messages to be processed by MailScanner (archive messages = 
comes to mind) will not work.

Another alternative would be to virtualize Zimbra inside a box running 
MailScanner since you have such a "big" box. Stuff comes in to the 
MailScanner instance in "the real world" and then gets stuffed inside 
Zimbra in it's "virtual form". Zimbra can then use the resources (as you 
point out in the next paragraph) of the "real world" (LDAP, MYSQL, etc.) 
as if it were another server.
> As for the resources Zimbra chews up, yes, it is VERY hungry.  
> However, its constituent components can be separated as the system 
> grows.  The OpenLDAP, MySQL, Tomcat and Postfix/MTA components are 
> completely separable thus spreading the love amongst different 
> machines etc.  It's actually kinda neat :)  However, we are running 
> everything on the one machine for the time being but it's a bit of a 
> beast: dual Xeon's, 6GB ECC RAM, couple-of-hundred GB U320 SCSI RAID 
> 5, dual gigabit (bonded) Ethernet....and we only have 30 mailboxes! 
> :P  I think it will handle the 4-5 MailScanner children and Mailwatch 
> running along side.
>
> Worst case scenario: I mount/export the Postfix spools via NFS and do 
> the opposite on a "filter" box running MS+MW.  That introduces a new 
> set of "what if's" the first that springs to mind is file locking.  So 
> Postfix guru's: can you think of anything that would barf on either 
> the MailScanner or Postfix sides by using NFS for the mail spool?  
> What would be better: mounting the spools on a MailScanner box 
> (exporting from the Postfix box), or the other way around?  I'd be 
> using a RAM disk for the MailScanner children's scratch space so I 
> can't see performance being a show-stopper.
>
> I'm trying to keep the Zimbra box as close to standard as possible, so 
> hacking the bejeezus out of it is off the cards.  Minor changes to the 
> operating system (CentOS) such as NFS frufru wouldn't be a big problem 
> as this is all handled through our configuration management system :)  
> Unfortunately, most of the config for Zimbra is stored in its LDAP 
> directory making it very difficult to manage that with a file-based 
> configuration management system.  See the problem? *sigh* Nothing is 
> ever easy ;)
>
> Thanks again folks!
>
> James

More information about the MailScanner mailing list