Re: Domain MX record vs SMTP Loadbalancer

2015-11-27 Thread Wietse Venema 
Zalezny Niezalezny:
> Hi,
> 
> thank You for Your feedback.
> 
> Does this solution is also described by RFC ?

Load balancers are not described in the SMTP RFC. Nor does the RFC
say how an MTA must be implemented. The RFC gives requirements for
how different SMTP implementations can communicate with each other.

What I described are requirements so that an MTA can provide SMTP
service behind a load balancer:

- The server must know the remote SMTP client address so that it
  can maintain an audit trail of service requests. and so that
  it can make decisions about what service it will provide.

- The server must know the external SMTP server IP address, so that
  it can correctly implement MX preferences without looping.

> I reviewed RFC but I see that SMTP loadbalancing should be done
> using DNS with proper setup MX records.

The RFC does not *require* that SMTP receivers have MX records, but
it requires that SMTP senders do MX lookups before doing A lookups.
You can do SMTP with just A records, for example:

example.com IN A 192.168.1.1
example.com IN A 192.168.1.2

"should" work as well as:

example.com IN MX 10 mail.example.com
mail.example.com IN A 192.168.1.1
mail.example.com IN A 192.168.1.2

Wietse

> With kind regards
> 
> Zalezny
> 
> 
> On Fri, Nov 27, 2015 at 2:10 PM, Wietse Venema  wrote:
> 
> > Zalezny Niezalezny:
> > > Hi,
> > >
> > > I have a question regarding Domain MX record and physical SMTP
> > Loadbalancer.
> > >
> > > In my infrastructure we have several Postfix machines with local
> > mailboxes.
> > > Each system sending messages to relay servers using internal relay
> > domains
> > > with MX records. My team colleague told me that we will not use anymore
> > > local relay domains with MX records but Virtual host (with preconfigured
> > > relay systems behind) and F5 loadbalancer to transfer message from
> > Postfix
> > > servers to the relay hosts.
> > >
> > > I would like to know Your opinion about it ? I know that MX record has
> > been
> > > designed to avoid problems like E-mail loop etc.etc. Till now its working
> > > perfect for me.
> > >
> > > Does loadbalancer will not affect smtp communication ?
> >
> > The load balancer MUST provide Postfix with the remote SMTP client
> > IP address. Postfix has support for doing that with:
> >
> > - HAproxy protocol (uses the Postfix smtpd_upstream_proxy_protocol
> >   and smtpd_upstream_proxy_timeout features).
> >
> > - nginx (uses the XCLIENT protocol).
> >
> > If your load balancer does not support one of the above protocols
> > then Postfix will not work properly, because all SMTP connections
> > will have the IP addres of the load balancer instead of the real
> > client.
> >
> > To prevent mailer loops, configure:
> >
> > /etc/postfix/main.cf:
> > proxy_interfaces = the loadbalancer external IP address(es)
> >
> > With these things taken care of, load balancers should work.
> >
> > Wietse
> >

Re: Domain MX record vs SMTP Loadbalancer

2015-11-27 Thread Wietse Venema 
Zalezny Niezalezny:
> Hi,
> 
> I have a question regarding Domain MX record and physical SMTP Loadbalancer.
> 
> In my infrastructure we have several Postfix machines with local mailboxes.
> Each system sending messages to relay servers using internal relay domains
> with MX records. My team colleague told me that we will not use anymore
> local relay domains with MX records but Virtual host (with preconfigured
> relay systems behind) and F5 loadbalancer to transfer message from Postfix
> servers to the relay hosts.
> 
> I would like to know Your opinion about it ? I know that MX record has been
> designed to avoid problems like E-mail loop etc.etc. Till now its working
> perfect for me.
> 
> Does loadbalancer will not affect smtp communication ?

The load balancer MUST provide Postfix with the remote SMTP client
IP address. Postfix has support for doing that with:

- HAproxy protocol (uses the Postfix smtpd_upstream_proxy_protocol
  and smtpd_upstream_proxy_timeout features).

- nginx (uses the XCLIENT protocol).

If your load balancer does not support one of the above protocols
then Postfix will not work properly, because all SMTP connections
will have the IP addres of the load balancer instead of the real
client.

To prevent mailer loops, configure:

/etc/postfix/main.cf:
proxy_interfaces = the loadbalancer external IP address(es)

With these things taken care of, load balancers should work.

Wietse

Re: Domain MX record vs SMTP Loadbalancer

2015-11-27 Thread Zalezny Niezalezny 
Hi,

thank You for Your feedback.

Does this solution is also described by RFC ?
I reviewed RFC but I see that SMTP loadbalancing should be done using DNS
with proper setup MX records.

With kind regards

Zalezny


On Fri, Nov 27, 2015 at 2:10 PM, Wietse Venema  wrote:

> Zalezny Niezalezny:
> > Hi,
> >
> > I have a question regarding Domain MX record and physical SMTP
> Loadbalancer.
> >
> > In my infrastructure we have several Postfix machines with local
> mailboxes.
> > Each system sending messages to relay servers using internal relay
> domains
> > with MX records. My team colleague told me that we will not use anymore
> > local relay domains with MX records but Virtual host (with preconfigured
> > relay systems behind) and F5 loadbalancer to transfer message from
> Postfix
> > servers to the relay hosts.
> >
> > I would like to know Your opinion about it ? I know that MX record has
> been
> > designed to avoid problems like E-mail loop etc.etc. Till now its working
> > perfect for me.
> >
> > Does loadbalancer will not affect smtp communication ?
>
> The load balancer MUST provide Postfix with the remote SMTP client
> IP address. Postfix has support for doing that with:
>
> - HAproxy protocol (uses the Postfix smtpd_upstream_proxy_protocol
>   and smtpd_upstream_proxy_timeout features).
>
> - nginx (uses the XCLIENT protocol).
>
> If your load balancer does not support one of the above protocols
> then Postfix will not work properly, because all SMTP connections
> will have the IP addres of the load balancer instead of the real
> client.
>
> To prevent mailer loops, configure:
>
> /etc/postfix/main.cf:
> proxy_interfaces = the loadbalancer external IP address(es)
>
> With these things taken care of, load balancers should work.
>
> Wietse
>

Re: Domain MX record vs SMTP Loadbalancer

2015-11-27 Thread Zalezny Niezalezny 
Thank You once again for Your support !

We can close that topic, I got all informations.

I really appreciate that mailing list and people which doing support on it
! :)




On Fri, Nov 27, 2015 at 3:48 PM, Wietse Venema  wrote:

> Zalezny Niezalezny:
> > Hi,
> >
> > thank You for Your feedback.
> >
> > Does this solution is also described by RFC ?
>
> Load balancers are not described in the SMTP RFC. Nor does the RFC
> say how an MTA must be implemented. The RFC gives requirements for
> how different SMTP implementations can communicate with each other.
>
> What I described are requirements so that an MTA can provide SMTP
> service behind a load balancer:
>
> - The server must know the remote SMTP client address so that it
>   can maintain an audit trail of service requests. and so that
>   it can make decisions about what service it will provide.
>
> - The server must know the external SMTP server IP address, so that
>   it can correctly implement MX preferences without looping.
>
> > I reviewed RFC but I see that SMTP loadbalancing should be done
> > using DNS with proper setup MX records.
>
> The RFC does not *require* that SMTP receivers have MX records, but
> it requires that SMTP senders do MX lookups before doing A lookups.
> You can do SMTP with just A records, for example:
>
> example.com IN A 192.168.1.1
> example.com IN A 192.168.1.2
>
> "should" work as well as:
>
> example.com IN MX 10 mail.example.com
> mail.example.com IN A 192.168.1.1
> mail.example.com IN A 192.168.1.2
>
> Wietse
>
> > With kind regards
> >
> > Zalezny
> >
> >
> > On Fri, Nov 27, 2015 at 2:10 PM, Wietse Venema 
> wrote:
> >
> > > Zalezny Niezalezny:
> > > > Hi,
> > > >
> > > > I have a question regarding Domain MX record and physical SMTP
> > > Loadbalancer.
> > > >
> > > > In my infrastructure we have several Postfix machines with local
> > > mailboxes.
> > > > Each system sending messages to relay servers using internal relay
> > > domains
> > > > with MX records. My team colleague told me that we will not use
> anymore
> > > > local relay domains with MX records but Virtual host (with
> preconfigured
> > > > relay systems behind) and F5 loadbalancer to transfer message from
> > > Postfix
> > > > servers to the relay hosts.
> > > >
> > > > I would like to know Your opinion about it ? I know that MX record
> has
> > > been
> > > > designed to avoid problems like E-mail loop etc.etc. Till now its
> working
> > > > perfect for me.
> > > >
> > > > Does loadbalancer will not affect smtp communication ?
> > >
> > > The load balancer MUST provide Postfix with the remote SMTP client
> > > IP address. Postfix has support for doing that with:
> > >
> > > - HAproxy protocol (uses the Postfix smtpd_upstream_proxy_protocol
> > >   and smtpd_upstream_proxy_timeout features).
> > >
> > > - nginx (uses the XCLIENT protocol).
> > >
> > > If your load balancer does not support one of the above protocols
> > > then Postfix will not work properly, because all SMTP connections
> > > will have the IP addres of the load balancer instead of the real
> > > client.
> > >
> > > To prevent mailer loops, configure:
> > >
> > > /etc/postfix/main.cf:
> > > proxy_interfaces = the loadbalancer external IP address(es)
> > >
> > > With these things taken care of, load balancers should work.
> > >
> > > Wietse
> > >
>

Domain MX record vs SMTP Loadbalancer

2015-11-27 Thread Zalezny Niezalezny 
Hi,

I have a question regarding Domain MX record and physical SMTP Loadbalancer.

In my infrastructure we have several Postfix machines with local mailboxes.
Each system sending messages to relay servers using internal relay domains
with MX records. My team colleague told me that we will not use anymore
local relay domains with MX records but Virtual host (with preconfigured
relay systems behind) and F5 loadbalancer to transfer message from Postfix
servers to the relay hosts.

I would like to know Your opinion about it ? I know that MX record has been
designed to avoid problems like E-mail loop etc.etc. Till now its working
perfect for me.

Does loadbalancer will not affect smtp communication ?
 Does it really working the same like DNS MX records ?
Does Postfix will be able to work properly with Virtual Host and
loadbalancer ?



Thanks in advance for any opinion.


With kind regards

Zalezny