Dear Matthias: I completely agree with you. My only contention is that some times simple solutions with simple assumptions are good enough, instead of developing a nuclear silo for something that can be tested in an hour and then tested with public tools. Reminds me of the "email regex" vs "send that email already" debate, plus all the jokes on "automate it" or "just do it". No need to get into details there. Let's move on from this point, because I have a feeling we'll never agree here. Apologies if I'm sounding too naive. Anyway, it seems that using HAProxy's proxy protocol circumvented all the networking issues, and now Postfix and Dovecot can recognize all clients properly. It seems that so far everything is going according to the plan. :-) About your great loud thought, my containers are versioned but there's no CI in there, and every launch for them recreates them. They're all based on either Debian or Ubuntu (depending on support for my applications), which means they'll be updated automatically. I don't use random images from untrusted sources. There's even plan to run apt update/upgrade on every launch to ensure everything is up to date even if I forget to recreate a container for any reason, and I'm planning cron jobs that'll restart the containers daily. I really appreciate your loud thoughts, keep 'em coming, and I hope I have it covered that one with my plan. I wouldn't call this a complex setup. In fact, I don't even know what a simple setup would be... bare-metal? This is the problem I'm solving for actually. Done that for a decade already. Bare-metal is stateful and whenever I have an issue with the physical server I have to start over, work for a week, and potentially misconfigure things because of details I forget, again and again and again? I disagree, this setup is only "complex" the first time, and I'll understand its intricate details over time (like everything else in system administration). Once it works, all I need to do is to pipe the proxy lines to the containers' open ports and I'm done... possibly for life; realistically for 5-20 years (depending on how big Debian changes over the years will be). Even if my server needs to be moved, no problem. I just tar the images and data, send them over to another physical server, change the proxy destination, and done. A plus is, no worries about malware, because things get rebuilt, and whenever I have a suspicion, I just wipe everything physical and restart with minimal effort. The merit of this setup is priceless. This abstraction is a whole another level. I'll do my best to learn everything I can in this vacation to cover all my basis. And please, let's not pretend that VMs are simpler than containers (in case that's the answer to that question about simplicity)... oh, my... vSphere and/or KVM are a whole other monster that need resources and management and introduce their own problems. Nothing is simple. Postfix itself is one of the most complicated pieces of software I dealt with in my entire life... it with dovecot and all the machinery around it... wow. There's no plan that won't take me a couple of weeks of learning to get started, and maybe mess up somewhere. I agree with everything you said, except the assumption that this setup is strictly complex. I would call it unusual, but it's the optimum solution for the problem I have, portability. If you have any further scrutiny for my setup in mind, please go ahead. I appreciate your input. Cheers, Sam On 23/12/2022 1:51 PM, Matthias Andree
wrote:
Am 23.12.22 um 03:19 schrieb Samer Afach: |
- Re: Spammer succeeded in relaying through my server Jaroslaw Rafa
- Re: Spammer succeeded in relaying through my server Matthias Andree
- Re: Spammer succeeded in relaying through my server mailmary
- Re: Spammer succeeded in relaying through my server postfix
- Re: Spammer succeeded in relaying through my server raf
- Re: Spammer succeeded in relaying through my server Phil Stracchino
- Re: Spammer succeeded in relaying through my server raf
- Re: Spammer succeeded in relaying through my server Samer Afach
- Re: Spammer succeeded in relaying through my server Phil Stracchino
- Re: Spammer succeeded in relaying through my server Matthias Andree
- Re: Spammer succeeded in relaying through my server Samer Afach
- Re: Spammer succeeded in relaying through my server raf
- Re: Spammer succeeded in relaying through my server Samer Afach
- Re: Spammer succeeded in relaying through my server raf
- Re: Spammer succeeded in relaying through my server Samer Afach
- Re: Spammer succeeded in relaying through my server raf
- Re: Spammer succeeded in relaying through my server mailmary
- Re: Spammer succeeded in relaying through my server raf
- Re: Spammer succeeded in relaying through my server Peter
- Re: Spammer succeeded in relaying through my server Dan Mahoney
- OT: OpenDKIM (was: Re: Spammer succeeded in relaying throu... Peter