Tobias, > Yeah, I thought of differentiate an in- and outbound server for > troubleshooting purpose. > My outbound traffic is really low, so I thought here of a virtual > machine for the outbound machine, if a central amavisd makes sense.
It still makes sense to have separate mail paths for inbound and outbound traffic, but they can both reside on the same host. No need for virtualization. Not even a need for running two postfix instances (although some may prefer it that way). But do provide a separate mail submission entry. Either just a dedicated standard mail submission port 587 -- or if you prefer allowing mail submission from inside without authentication (SASL) on port 25, this can still be made separate from inbound mail (MX) by giving the host two IP addresses (IP alias), and running a postfix smtpd service on each, resticting the MSA smtpd instance to connections from inside only. Regardless of having two IP addresses or not, do provide *separate* service names (host names). Let your users configure their mailers to submit mail to one (e.g. mail.example.com), and configure your MX record to point to the other name (e.g. mx.example.com) - this name is of no concern to users). If you later decide to move services around, there won't be any need to reconfigure MUAs. Having separate paths simplies assigning a different amavisd policy bank on each. You may not need it immediately, but keeping mail submission separate from inbound mail (MX) adds flexibility or future growth to more complex setups. > Well, now I'm going to plan with decentralized amavisd-new setup on 2 > machines for in- and outbound. I agree with this plan for your needs. Mark
