[EMAIL PROTECTED] wrote:
Date: Mon, 06 Jun 2005 12:45:56 +0300
From: Fredrik Nyberg DC <[EMAIL PROTECTED]>
Subject: [Mimedefang] MIMEDefang with round-robin DNS
To: [email protected]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="utf-8"
Hello!
I'm thinking about running MIMEDefang via milter on two seperate
scanning hosts. I would be doing this with round-robin DNS. Does anyone
know if it will work/not work?
Thanks,
Fredrik Nyberg
Fredrik:
Yes, it will. I already use a similar configuration where I work, the
basics of which are....
Machines:
real names: spam1a and spam1b
common name: spam1
DNS:
; For each filter machine, a real name
spam1a IN A x.x.x.36
spam1b IN A x.x.x.38
; A records for common pointing to each filter machine
spam1 300 IN A x.x.x.36
spam1 300 IN A x.x.x.38
; PTR records for each machine's real name
36.x.x.x.in-addr arpa IN PTR spam1a.example.com.
38.x.x.x.in-addr arpa IN PTR spam1b.example.com.
; PTR records for each machine's IP referring to the common name
36.x.x.x.in-addr arpa 300 IN PTR spam1.example.com.
38.x.x.x.in-addr arpa 300 IN PTR spam1.example.com.
; For each domain example2.com that is being sent thru the filter...
example2.com. IN MX 20 spam1.example.com.
Final delivery locations for the filter machines are defined by IP
entries in the Sendmail mailertable. The TTLs on the A and PTR records
for the common entry are intended to reduce the possibility of the
entries being cached for very long somewhere, shifting the load too much
to one server or the other; the dual PTR records are for those servers
that will reject messages because the forward and reverse entries
differ. Be aware that DNS round-robin will only roughly divide the load
in half, so at times you may see the load higher on one machine than the
other.
I would suggest that, as closely as feasible, that the machines have the
same versions of the software (A/V scanner, SA, MD, perl, modules,
etc.). I would also suggest that if you are not doing so already that
you look at the option of using either a SQL database or LDAP datastore
for maintaining user-level preferences, white/black lists, etc., as this
will make it much easier for you to maintain than having to go between
multiple servers and remember to make changes everywhere.
There may be some details I have missed in our systems' configuration,
but hope that at least helps confirm what you were looking for. Good luck.
-Albert C.
_______________________________________________
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list
[email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
