Hi Chad It sounds as though your situation may be quite different to mine, probably because I sit in a relatively quiet neighborhood of the IPv4 network. My secondary public mailserver (if needed) only feeds mail into the primary public mailserver before passing it off to a very protected Exchange server. I have found this solution to be absolutely perfect for me. Both public MX boxes are using spamd. Because I don't have a huge volume of mail, it was easy for me to cross-log my spamd, daemon and maillog logs to each box through syslog.conf.
This allows spamd to pick up white listed entries but I'm not sure about grey ones. However, I haven't run into any problems yet. I keep my own blacklist file (/var/mail/myblack.txt) on each MX box that I manually sync on each box every day or so. Cheers Phillip -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad M Stewart Sent: Sunday, 15 May 2005 10:09 AM To: [email protected] Subject: horizontal scaling of spamd -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm wondering/brainstorming about how to setup a pool of boxes running spamd and having the contents of /var/db/spamd replicated to all of the boxes in the pool. Has anyone tackled this issue? How did you do it? Using carp and pfsync would get the pf tables replicated. But the tuple info of spamd is not. In sites with more than one box, this could cause delays for incoming mail, beyond simply blocking botnets. A remote MTA could hit each box at the incoming site and thus have a single entry in each host, yet by the 3rd connection attempt the connection should have been given to the real MTA for delivery. I've thought about things like rsync, or using udp to send out updates, or maybe something like pfsync. Anyone else thinking about this issue? Care to share your thoughts? - -Chad _\|/_ (o o) - ----------------------------------------------oOO-(_)-OOo------ Chad M Stewart [EMAIL PROTECTED] "If you don't do it right the first time, you'll just have to do it again." -- Jack T. Hankins - --------------------------------------------------------------- iQEVAwUBQoaTGswnQbCQDKPRAQKtQQf8Dl/m3lqj7vlLav9snIGxCH4IzgNtZ6n3 XgYVuPw6jMucgPq1pgbGhf0aESypS/1U+/ent4jUDGpP+D9ouxPAD9osC0rhHXe1 J7/spDbHqP6VkWcS8Bm4Lt9GE0E2ZE+zRW8gFvc+IbxNYGVfXjUU1fOP97EXc42K orN4AZEV8RM/e8G0O6ejx9krZVYqXbzVwCOwxwu9bmhW9ZFExBMIsQrL1RCOxIcK 9hSKte5qSeD/7M0iWJVQgwUA0n3jQ5X31WyxqV+0LsrsVStIhxgEGtuMiYUiIks8 I2NtNe/rvyDiGr29TbQNV5lDDr3zVnIw82kZMHbED8ynOZl8N0ON7Q== =GFSq -----END PGP SIGNATURE-----
