-----BEGIN PGP SIGNED MESSAGE-----
Hello Mark,
Saturday, May 05, 2001, 6:44:36 PM, you wrote:
> NFS is fairly insecure. You would need to run it over a private
network.
Any internal communication should be done on private networks, IMHO
(and not even that is completely secure, machines with access to
internal net can get cracked[1]). If WAN connections are involved,
then
encryption is a must (for reasons pointed out above, I often use SSL
tunnels even inside private nets).
> even better solution would be to use something like a Network
Storage Device
> on a separate back plane or a RAID device which could be accessed by
all the
> servers.
I still didn't see any affordable NAS systems which aren't seriously
flawed as to being a single point of failure (and the security risk
doesn't get solved at all, IMHO, as a cracked machine still can access
everything). IMHO, one would be better off with a distributed
replication system on different machines being able to serve on their
own (for short term at least).
> That would allow any of the servers to be able to read or write to
> the person's maildir under vpop.
IIRC, vpopmail was designed to run under NFS.
> You would also be able to run popd or imapd on all the servers as
well.
Exactly.
> You would also want to run Linux Virtual Server
> or a Load Balancing Switch. This will allow the next free server in
you
> cluster to respond to the incoming SMTP, IMAP or POP request.
I prefer to build upon FreeBSD for this stuff. The Linux NFS code
isn't nearly as stable as FreeBSD's.
> Ah ya to increase the transist of outgoing mail you could run qmtp
on all
> the nodes or on a separate farm of outgoing mail servers.
Outgoing mail can easily be made running load balanced using simple L4
switching. I can't think of any reason why this shouldn't work, as
outgoing mail is normally totally independent of each other but
again the queue should be running on RAID devices.
[1] I wouldn't have my job without crackers ;-)
Best regards,
Gabriel
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2i
iQEVAwUBOvQkl8Za2WpymlDxAQGiKAf+O3rVh/BtuTBu3Psh92xNEFy0o6PhzRzf
p9I5ItcSz7NrOGKqnmtI1C2pBnCt5tclaHFUsPvI3xIINknCbumxVjA58ydu1/ki
G3EugorumjoO9zIrqt9PlAC6+/iM/YqTSjBqdR4NDfiYwKmDJwe5dywSAI4e+Cac
rDR4WtUuaRIWKtND0D01oFoK85aHXL6GC19x12rqfHtVOJepoNRgDMQQljmBapaq
HHhbMOu2HRFjB9BvTGJ2V71o79I317xpkq5gUA5hjMPjQBC6Qg3t8PUpjrRZSKJ9
g5vj9nuRYsBlDHlbRqBfq+gpT0FcXNG9QUINj65+fetu9GmzfVRAbg==
=H7LD
-----END PGP SIGNATURE-----
