On Tue, 2008-08-26 at 07:04 -0400, Sam Varshavchik wrote: > Svetozar Mihailov writes: > > > Hello all, > > > > I'm building Courier Cluster and have few questions. > > > > Hardware details: > > 4 core quad servers with 8GB ram, iscsi storage with gfs2. Full cluster > > will have total 8 servers. > > > > Questions: > > > > 1. Sam, This cluster will offer free hosting ( mail and www ) services > > for our customers which already pay for internet connectivity. Do I need > > some kind of license for courier suite? Is this changes if this hosting > > also offer payed services? > > No and no. > > > 2. DNS: Which dns structure is allowed/better: > > > > 2.1 One MX record for mail.example.com and 8 A records for each server. > > OR > > 2.2 Eight MX records with equal priority to c(1-8).mail.example.com for > > smtp and additional eight A records for mail.example.com for pop/imap. > > I would suggest a combination, 4 MX records with two A addresses for each > one. > > > 2.2 I do not want to use load balancer because if load balancer dies > > everything stop. I will implement monitoring (ping?) daemon, which will > > add/remove servers to dns if some of them dies. Is there recomended > > minimal TTL for dns records in this case? > > With eight servers, I wouldn't even bother, and leave the default TTL set to > one day. > > > 3. Do I need special care of file locking? All servers have consistent > > view of file system, and is possible one user to login to few servers at > > same time via pop/imap. > > Locking is used very minimally, only in the IMAP server. No special > consideration is necessary. > > > 4. What about MAXPERIP setting? It is possible to make this cluster > > aware? Otherwise each user can login up to MAXPERIP times on each server > > at same time. > > No, MAXPERIP is per-server. > > > 5. I think to place /etc/courier and /etc/authdaemon on iscsi/gfs2 so > > all servers will see same configs all time. Modifying configs and > > running make* scripts will be done on one separate server. I'm thinking > > to create additional daemon, which will fam monitor this two folders and > > issue 'courier restart' and 'service authdaemon restart' on change. Is > > this will be ok? > > This is ok, but you should carefully set each server's hostname. Each server > needs to know its own FQDN. > > > 5.1 /var/spool/courier will be also on iscsi/gfs2, but as I know it is > > not possible to share this over servers? > > Correct. > > > 5.2 It is possible at compile time to move certificates > > from /usr/lib/courier/share to /etc/courier/share? Or just to symlink > > certificates to /etc/courier/share? > > Use a symlink. > > > 7. I use mysql backed with services separation like this > > (/etc/courier/imapd): > > > > ADDRESS=0 > > PORT=143,127.0.0.1.144 > > AUTHSERVICE143=imap > > AUTHSERVICE144=imapl > > AUTHSERVICE993=imaps > > > > It is possible to setup imap:143 to issue 'imaps' if user send STARTTLS > > before authentication? Or implement something like AUTHSERVICESSLADD=s' > > which depends only on connection status (clear/ssl|tls)? Same thing with > > pop3. > > No, but that's a good point. >
Thanks for quick answer. I have few more question which was in first email blocked because wrong from address ( delete it please ). 5.x Is courier needs write access to /etc/courier and/or /etc/authdaemon? Is safe to mount them as read-only? 8. I have idea to implement 'ONFAILSQL' and/or 'ONFAILSCRIPT' to authdaemon. Now I parse maillog file to catch spammers and add them to local rbl dns server. It will be nice if authdaemon logs directly to script/sql ip address of failed authentications attempts. Realtime local blacklist will be very easy with this information. But this will need a lot of source modification because now authdaemon do now know client ip address. Similar logging can be implemented in filter to catch positive spamd/clamd results ( python filter? ). Best regards, Svetozar Mihailov ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
