#1  
Old 5th May 2010, 07:57
freesqrt freesqrt is offline
Member
 
Join Date: Dec 2007
Posts: 82
Thanks: 7
Thanked 1 Time in 1 Post
Default What about Mail gateway?

Hi There,

Recently I heard about separating the mail gateway from the MTA and installing two different mail servers for security and performance issues.
Can anyone give me some perspective about why and how we may do that?!

With Regards,
__________________
freesqrt
Reply With Quote
Sponsored Links
  #2  
Old 5th May 2010, 08:42
matty matty is offline
Member
 
Join Date: Apr 2010
Location: Australia
Posts: 85
Thanks: 2
Thanked 12 Times in 11 Posts
Default

Quote:
Originally Posted by freesqrt View Post
Hi There,

Recently I heard about separating the mail gateway from the MTA and installing two different mail servers for security and performance issues.
Can anyone give me some perspective about why and how we may do that?!

With Regards,
We used to do this at a large company I worked at. We had quite a few mail servers.

On the incoming side, we had a server at multiple geographic locations. That gave us some ability to both deliver mail closer to users in those areas, cutting down on internal traffic, and give us some redundancy in case of failures. We'd balance the traffic to preferred sites using MX records. For example, if the servers that hosted user accounts for particular domains were located in one city, we'd give those domains an MX preference of 10, and the servers in other locations MX 20, and so on.

On the outbound side, you can do some interesting things to help deal with load. One of the things to keep your primary outbound gateway snappy is to keep your queue processing quickly. The last thing you need is mail that has a very low probability of being delivered hanging around and being processed over and over. We used to use sendmail's FallbackMX feature to deal with this. It basically works by adding a fake MX record of your own choosing to all mail. What happens is, the gateway does an MX lookup when trying to deliver mail. If it fails (incorrectly addressed mail, for example), or can't deliver to the listed preferences, it will "fallback" and deliver to the server you chose. That has the effect of being able to push your "slow queue" to another gateway, and the primary machine can deal with the fast queue.

Don't forget that for most of us in hosting environments, we may use a "smart host" gateway. If on your other servers you use the name of the smarthost rather than an IP, you should be able to benefit from using MX records against the smart host, just like a normal domain. That means if the highest preference gateway is down, your server can try a different gateway. Or, you may use multiple gateways with the same MX preference to create a cheap fault tolerant, load balanced solution.

There's more, but hopefully that will give you some ideas.

Last edited by matty; 5th May 2010 at 08:44.
Reply With Quote
  #3  
Old 5th May 2010, 09:49
freesqrt freesqrt is offline
Member
 
Join Date: Dec 2007
Posts: 82
Thanks: 7
Thanked 1 Time in 1 Post
Default

Thank you very much matty for quick and neat answer,

but I want to analyze such system:

incoming mails --> | MAIL GATEWAY | --> |MTA (1, 2 or ... qmail)|
| (Postfix for instance) |
| (spam filter, secure gards and ...) |

what you think about jointing these two or more servers to make "Gateway" as a protective queue?

the matter is not how to balance the MTAs traffic here, matter is how and why we may separate filtering as a queue in front of the main server?

Thank you again,
__________________
freesqrt
Reply With Quote
  #4  
Old 11th May 2010, 03:24
matty matty is offline
Member
 
Join Date: Apr 2010
Location: Australia
Posts: 85
Thanks: 2
Thanked 12 Times in 11 Posts
 
Default

Quote:
Originally Posted by freesqrt View Post
what you think about jointing these two or more servers to make "Gateway" as a protective queue?

the matter is not how to balance the MTAs traffic here, matter is how and why we may separate filtering as a queue in front of the main server?
Sorry about the delay in answering. I've been doing a bit of work on the road lately.

If you get plenty of traffic and it suits your environment, I think it's a great idea. Filtering email can be high load, so it removes it from your application servers, such as your web/mysql/email hosting boxes. Using two or more filtering boxes lets you split the load, and gives you some redundancy, which will allow you to keep mail flowing in while you perform maintenance on one.

It's not all smiles and rainbows, however. You'll find that you need some way to test if mailboxes exist if you don't want to accept all mail addressed to domains you host, including that for non-existant addresses. Otherwise you'll find you're bouncing junk mail back to probably faked sender addresses, causing backscatter issues.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Postfix problem and few questions Gimly Installation/Configuration 12 7th July 2009 16:27
Postfix + postfixadmin = SMTP errors... Rashef Server Operation 4 25th June 2009 16:12
just the last step...and it works. Postfix...need help config. ubuntusr Installation/Configuration 1 5th January 2009 09:50
Problem with dcc-client installation (Postfix) swap-as Installation/Configuration 9 18th September 2008 20:47
Core 4: Error Messages on Fresh Install re CTX/SSL jjw Installation/Configuration 30 6th September 2006 12:16


All times are GMT +2. The time now is 01:45.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.