Re: [AMaViS-user] FINAL DECISION: Will our machine handle it?

On Fri, Jul 22, 2005 at 12:35:04AM -0400, Matt Juszczak wrote:
> OK, I think I've made a final decision on what I'd like to do.
>
> I think I'm going to setup two of the 1U boxes we have (the 3.06 ghz
> machines with IDE drives). I'm going to call one "relay1" and one "relay2".
>
> I'm going to setup MX records for the 500+ domains we have. Half of them
> will have relay1 as their primary and half of them will have relay2 as
> their primary. The remaining server will be set as secondary MX.
>
> These two 1U boxes will be IDENTICAL and have support for ALL domains.
> Upon processing of spam and antivirus, each box will then relay the mail
> directly to the mail server. All the mail server will do is receive the
> processed emails and deliver them.

Excellent plan; this is pretty much optimal. If I'd realized you had
two machines to spare, I would have recommended this.

> The reason I decided this is for a few reasons:
....

All good reasons.

> Please let me know what all of you think about this final idea. In the
> end it leaves me with a three server setup but at least things will be a
> bit more spread out, and I'll have nice backup processing servers.

The one catch in this suggestion is that the more sophisticated
variety of both viruses and spammers will try to go around your spam
filter servers to hit your mailserver directly. This can mean getting
totally hammered during a major virus outbreak. Several strong
suggestions:

1) Don't list your end mailserver as an MX record; use Postfix
transports to route directly it from your antispam filter to your
mailserver.

2) Once everything is working right, firewall inbound SMTP connections
from outside your IP space or restrict them via an access list.

3) Optionally, name your mailserver something other than "mail", "mta",
"mx", etc. because those names are part of what they will look for in
DNS.
-- Clifton

--
Clifton Royston -- cliftonr@tikitechnologies.com
Tiki Technologies Lead Programmer/Software Architect
"My own personal theory is that this is the very dawn of the world.
We're hardly more than an eyeblink away from the fall of Troy, and
scarcely an interglaciation removed from the Altamira cave painters. We
live in extremely interesting ancient times.
I like this idea. It encourages us to be earnest and ingenious and
brave, as befits ancestral peoples; but keeps us from deciding that
because we don't know all the answers, they must be unknowable and thus
unprofitable to pursue." -- Teresa Nielsen Hayden, 1995


-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/...fo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/