mailscanner, queue & nfs

Alessandro Dentella sandro at e-den.it
Tue Mar 18 16:47:33 GMT 2008 

On Tue, Mar 18, 2008 at 12:55:26PM +0100, Glenn Steen wrote:
> On 18/03/2008, Alessandro Dentella <sandro at e-den.it> wrote:
> > Thanks Glenn for your suggestions, but I haven't understood some of yor
> >  hints...
> >
> Thats OK, sometimes I have trouble following my own line of reasoning:-):-)
> 
> >
> >  > I'm pretty certain it is the "wrong" way to go. Much better to make
> >  > the new one act as a GW to the old one, disable MS on the old one,
> >  > config/enable MS on the new one... Less risks, less time spent on
> >  > solving "the wrong" type of problems.
> >
> >
> >
> > not sure what you mean here when you say one box being gw to the other.
> >
> Simple "sketch":
> Prior to change you basically have an SMTP "chain" something like
> (very simplistic example):
> "Remote host(s)" (possibly <-> "Your perimeter firewall") <-> "Your mailserver"
> 
> What you want to do is to "insert" the new mail gateway before your
> old mailserver (called mailstore below), so the "chain" looks like:
> "Remote host(s)" (possibly <-> "Your perimeter firewall") <-> "mail
> gateway" <-> "mailstore"
> 
> To make this so, you can do several things:
> - For outbound traffic to be made to go through the new box, set
> "relayhost = {address.of.gateway]" in main.cf, or use a transport map
> like:
> yourdomain.com  :
> .yourdomain.com :
> *                       smtp:[address.of.gateway]
> 
> - For inbound traffic, you need change the public MX records (or
> firewall NAT, or ...) so that mail is sent to the new gateway host. On
> that host you then have a transport map that point to the mailstore
> host, and you enable relaying for the relevant domain(s) perhaps as
> simple as "relay_domains = yourdomain.tld" and "relay_recipient_maps =
> hash:/etc/postfix/relay_recipients", where the latter is simply a
> textfile with all your recipients (one/line, format something like
> "user1 at yourdomain.tld 1")... Postmap that, and don't forget the
> transport map:
> yourdomain.com smtp:[address.of.mailstore]
> .yourdomain.com smtp:[address.of.mailstore]
> 
> ... and you're pretty much set to go. One could use a split view DNS
> setup instead, but... we'll go there if needed:-).
> 
> With this setup, your new box will be the acting gateway for the old box.
> Of course you need setup and configure a lot more on the new box (more
> anti-UCE postfix things, like the things mentioned by Jason... and
> me:-)... Most notably MailScanner itself.
> On the mailstore, MailScanner shouldn't be needed, unless you really
> don't trust your users... Hm. Perhaps best to keep it there too, users
> being as they are:-):-).
> 
> For more verbose and well-explained examples, please do check the
> postfix site... Especially
> http://www.postfix.org/STANDARD_CONFIGURATION_README.html has some
> really relevant and nicely explained examples... I think it's pretty
> obvious which apply:).


Thanks to all of you for the very helpfull remarks on my setup. I have now
a system that is reacting *much* better and I'm more relaxed and can think
to tune the anti-spam features.

I'll open a new thread to comment on some performance issues since "NFS" is
no longer the point.



sandro
*:-)

More information about the MailScanner mailing list