Our current server can no longer keep up with the volume of mail - it spends most of its time > 1.00 load avg defanging and uvscaning messages... This is just with SpamAssassin enabled on about 70 of the accounts - we want to deploy it on all accounts. We have a new Dell PE 1750 to help offset the load from our primary server and I'm going back and forth on the best way to integrate it. Here are the two options I'm considering:
1) New server becomes primary MX, has sendmail, mimedefang, spamassassin, and uvscan. Any incoming email gets scanned by new server then handed off to current server (via SMTP) for storage.
Pros: Easy configuration/setup/management, somewhat scalable (just add more primary servers)
Cons: Does not scan user to user (inter-company) email. Does not scan outbound email, unless current mail server is reconfigured to pass email to new server, or user clients are reconfigured to use new server as outgoing smtp server. Does not handle unknown users in SMTP session unless virtusertable is maintained from SQL database via perl scripts, or LDAP. Hard to use graphdefang - must collect stats from two different maillogs.
2) New server becomes primary MX, runs sendmail, mimedefang and spamassassin. Current server runs imap/pop-3 and exports mail spool via NFS (or NFS-like protocol) to new server.. New server stores email on NFS mounted mail spool after scanning/processing.
Pros: all bouncing/unknown user problems handled in SMTP session. Scalable - just drop new servers in a primary MX's. sendmail/Spamassassin/mimedefang only run on primary server(s), not on mail store server.
Cons: setup/management is difficult. Must overcome NFS security/locking issues. Is 100baseT too slow for NFS access to mail spool? Does new server have to have user accounts in /etc/passwd to bounce unknown users? Users' outbound smtp server must be changed to new server name, or old server must run minimal sendmail configured to pass mail to new server.
I think we are leaning towards scenario two, but I've heard horror stories about NFS. Is the setup recommended, or is it as troublesome as I've always heard? Both servers will be RH Linux 9, and I am comfortable compiling kernels and daemons from scratch, so if a custom NFS (v3 maybe) install would get around problems with older NFS's, I can do that.
Thanks in advance for any advice. If anyone is interested I'd be glad to write up a whitepaper on these options and documentation on which scenario we choose once we have it implemented. Advice on any other scenario's would be appreciated, just keep in mind my primary goals are: a) not to have to reconfigure 1200 clients and b) to handle bounces/failures in the SMTP session so I don't have to deal with double-bounces flying all over the place.
Shayne _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
