Gary wrote: > Pete wrote:
>> On Fri, 2005-07-22 at 16:58, Gary V wrote: >>> Pete wrote: >>> >>> > Personally I'd set 1/2 the domains to have one of the 1Us as primary and >>> > the other 1U as secondary and the other 1/2 domains the other way round, >>> > and have the main server only accept mail from the 2 1Us. >>> > Rgds >>> > Pete >>> >>> I don't mean to speak for Matt here, but I think you have >>> misunderstood, Pete. The way I read it, this IS how it is going to be >>> set up. Both 1U's will filter everything (half and half), then relay to >>> the LDA. Each 1U is set as a backup for the other. Then I would assume >>> that after a couple weeks (to give time for external name servers to >>> clear their cache), the LDA will be reconfigured to only accept mail >>> from the two 1U's. If the LDA is currently only accepting mail from >>> Postini, then it would be configured to accept mail from Postini and >>> the 2 1U's for a couple weeks (or longer if desired), then drop Postini >>> after that. >>>"....I'm going to setup MX records for the 500+ domains we have. Half >>>of them will have relay1 as their primary and half of them will have >>> relay2 as their primary. The remaining server will be set as secondary >>> MX....." >> Depends what Matt meant by 'the remaining server' ie the 'other' 1U, or >> the LDA... > Good point, I glossed right over that and made an assumption he was > talking about the other 1U, but it appears it refers to the LDA. In > that case, all your comments are 100% correct. The LDA will get > slammed if it is set up as secondary. Most notably by dictionary > attacks. My own setup is an example. I have two MX (gateway) servers, I have all my domains set to use server1 as primary and server2 as secondary. These machines receive an EQUAL number of delivery attempts! 83% of which are addressed to nonexistent users (and are rejected by Postfix). I'm sure you are aware of this Matt, but on your 2 gateway servers, you MUST reject mail to nonexistent users. I don't know if or how you are doing this now, but I've heard that use of a relay_recipients map may be more efficient than LDAP queries, but of course this means that programs have to be written to extract email addresses from LDAP and load them into the map(s), and of course, this would have to automatically happen on a regular basis. Gary V ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
