On Apr 16, 2008, at 2:57 PM, Gary V wrote: > On 4/16/08, jeff donovan <[EMAIL PROTECTED]> wrote: >> greetings >> >> i am using amavis to forward to an internal relay. >> $forward_method = 'smtp:10.10.10.1' >> I have recently setup 2 new smtp relays running SSL only port 465 >> >> i have setup round robin DNS names >> >> can i use a this config ? >> >> $forward_method = 'smtp:smtp.example.com:465' >> >> or do I have to use an IP address ? >> > > Well, since the test brelow shows a delivery attempt was made, it > appears you can use a hostname. Now, whether round robin works or not > I couldn't say. I have no idea whether an MX lookup will occur or not. > >> first test: >> >> amavis29122: (29122-09) mail_via_smtp: 530 5.5.0 Rejected by MTA: 530 >> Must issue a STARTTLS command first, id=29122-09 >> >> okay,..this tells me I'm missing something. ssl Authentication from >> amavis to the internal smtp relay. >> is there a better way to do this ? >> help>? >> >> tia >> >> -j > > Is Postfix running on the machine that amavisd-new is running on? yes > > Hopefully amavisd-new is not facing the Internet "in the raw" no i have 2 MX servers handling the brunt of the garbage. they then forward to a machine dedicated to scanning, ClamAv/SA assortment of cocktails. > so to > speak. More details of your traffic flow (before amavisd-new) might be > of use. If Postfix is running on the same machine, one option might be > to forward to localhost and then configure Postifx as a sasl client. > Because amavisd-new is usually the bottleneck, it's a bit rare to have > an amavisd-new process feeding more than one host. It's less rare the > other way around.
the server will then pitch off to an internal set of relay boxes that knows in detail about my clients. >> $forward_method = 'smtp:10.10.10.1' instead of a local delivery. ( this method is working now ) looking to load balance incoming traffic. > > > If you trust all the mail that comes from the amavisd-new host, and if > you can use a hostname in the $forward_method, simply open a special > port (like 2525 or something - something that does not use sasl auth) k-- yes i do trust the scanned data. so your saying " tell postfix on the relay systems accept connections on another port ? or do I have to run another instance of postfix? > > on the two downstream servers that only allows connections from the > amavisd-new host. Send the mail there and observe what happens. Either > they will both get mail, or only one will get mail. > > Sorry for the incomplete answer. Of course, Mark knows how this stuff > actually works, whereas I just try stuff and draw conclusions from > observation. > > nah thanks for the reply,.. it helps me a great deal when i get stuck. I wish i knew everything, .....but then what would i do all day? -jeff ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ AMaViS-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
