slightly OT - my freebsd email topology
nvidican at wmptl.com
Thu Apr 5 18:26:16 UTC 2007
Jonathan Horne wrote:
> currently, my email server is just a single box, accepting and sending
> from and to the internet. spamassassin and sendmail, and so far, it
> i would like to change it up, so that i have a pair of servers doing
> MX from the
> internet, which then passes to an internal server for delivery. if i
> do that, i
> could remove spamassassin from the internal server, and run it on just
> the 2
> external. all those configurations is really not my issue here...
> what im
> really pondering is how would external servers that are seperate from
> where the
> target mailboxes are, know which addressess are acceptable and which
> to return a
> does anyone have any setups that are similar to this, and could advise
> me or
> point me in the right direction?
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
There's really too many variables in your question to provide a good
ideally, the 'internal' server should be configured as normal, but not
exposed on a public interface; sendmail should not be listening for
incoming connections from anything other than your two 'outside' boxes
if it has a valid public IP address.
If the previous sceenario is true, then all you've really gotta do on
the 'outside' boxes, is add the domain names for which the 'inside' box
is going to relay mail for, and set the two outside boxes as MX hosts in
your public DNS records, while they receive internally the
hostname/address of the internal MX host.
You could go a step further, by using virtusertable within sendmail to
redirect incoming mail for a domain to a specific host on the inside
instead of just relaying, which could provide a more flexible filtering
mechanism; something like:
@whatever.com %1 at inside-only.server.hostname
Essentially instructing sendmail on the external machine to forward
along 'fu.bar at whatever.com' to 'fu.bar at inside-only.server.hostname' ...
or you could go beyond that to only filter specific addresses and error
out everything else. Well, you get the idea - there's more than one way
to do this.
You need to really specify your goals more clearly: Are you trying to
simply offset the load? Are you trying to make a redundant setup for a
failover setup? Are you trying to be more secure by filtering before
handling email? Are you trying to avoid having all your eggs in one
basket? Do you desire a single point of configuration, or are you
expecting to configure each new account on all servers? These are all
things you have to consider.
Bottom line is, you need to really sit down and put to thought exactly
what you're trying to accomplish. If the load created by spamassassin is
your sole problem - then you can run just spamassassin's filtering
daemon on another machine - it is capable of running spamd over a
network (see: spamd/spamc:
http://spamassassin.apache.org/full/3.0.x/dist/spamd/README for more info).
My advice would be to decide exactly what you want to accomplish, then
come back and ask for further suggestion from this list. There are many
talented, experienced administrators here - who chances are, have come
accross an almost exact case that could help you out - they all just
need a little more to go on before they can tell you what they'd do in
your case. Ultimately, it's up to you and RTFM'ing the heck out of it
before you implement it in production is always a good choice.
P.S. - sorry if this double-posts, realized I sent from the wrong
account and tried to cancel - not sure if it did, so figure better two
copies than none.
nvidican at wmptl.com
Windsor Match Plate & Tool Ltd.
More information about the freebsd-questions